control mechanism is not configured to completely deny access but instead is configured
to allow for the reading of the file but not for the writing of changes. Also, as with confi
-
dentiality, it is very important to correctly identify the individual seeking to make a
change. This can only be performed through the use of identification and authentication.
The use of computer file access controls works well if the files reside on a single com
-
puter system or a network within the control of the organization. What if the file is to be
copied to other parties or organizations? In this case, it is clear that the access controls on a
single computer system or network are insufficient to provide protection. Therefore,
there must be a mechanism that can identify when an unauthorized change has been
made to the file. That mechanism is a digital signature (see Chapter 12 for more detail on
digital signatures). A digital signature on a file can identify if the file has been modified
since the signature was created. In order to be worthwhile, the digital signature must be
identified with a particular user; thus, the integrity service must work with the identifica
-
tion and authentication function.
Integrity of Information Transmission
Information can be modified during transmission. However, it is extremely difficult to
modify traffic without performing an interception attack. Encryption can prevent most
forms of modification attacks during transmission. When coupled with a strong identifi-
cation and authentication function, even interception attacks can be thwarted (look back
to Figure 3-2).
Attacks That Can Be Prevented
The integrity service can prevent successful modification and repudiation attacks. While
any modification attack may change a file or information in transit, modification attacks
cannot be successful if the integrity service is functioning properly as the unauthorized
change will be detected. When coupled with a good identification and authentication ser
-
vice, even changes to files outside of the organization can be detected.
Successful repudiation attacks cannot be prevented without both a good integrity ser

-
cessing, access to information, or communications) by an automatic process through the
use of redundant hardware.
Fail-over is often thought of as an immediate reconstitution but it does not need to be
configured in that manner. A redundant system could be located on-site to be readied for
use if a failure occurs on the primary system. This is a much less expensive alternative to
most immediate fail-over systems.
Disaster Recovery
Disaster recovery protects systems, information, and capabilities from extensive disas-
ters. Disaster recovery is an involved process that reconstitutes an organization when en-
tire facilities or important rooms within a facility become unavailable.
Attacks That Can Be Prevented
Availability is used to recover from denial-of-service attacks. There is no way to prevent a
DoS attack, but the availability service can be used to reduce the effects of the attack and
to recover from it by bringing systems and capabilities back online.
ACCOUNTABILITY
The accountability service is often forgotten when we speak of security. The primary rea
-
son is that the accountability service does not protect against attacks by itself. It must be
used in conjunction with other services to make them more effective. Accountability by
itself is the worst part of security; it adds complications without adding value. Account
-
ability adds cost and it reduces the usability of a system. However, without the account
-
ability service, both integrity and confidentiality mechanisms would fail.
34
Network Security: A Beginner’s Guide
Identification and Authentication
Identification and authentication (I&A) serves two purposes. First, the I&A function
identifies the individual who is attempting to perform a function. Second, the I&A func

world, there is no guarantee of the physical presence of the individual. That is why
two-factor authentication is advocated for use with computer systems. It provides a
stronger authentication mechanism.
I&A obviously provides assistance to the computer file access controls that provide
confidentiality and integrity of electronic files on computer systems. I&A is also impor
-
tant with regard to encryption and digital signatures. However, the I&A in this case must
be transmitted to a remote user. The remote user proves his identity to the local mecha
-
nism and provides proof to the far end of the connection. For example, Figure 3-4 shows
how a digital signature is used for I&A when sending a message. The user first must au
-
thenticate to the mechanism that protects the signature on his local machine. The local
machine then allows the use of the signature mechanism and sends the authenticated
message. The user who receives the message then uses the digital signature as proof that
the sender was the author of the message.
In many ways the I&A mechanism becomes the key to the other security services
within an organization. If the I&A mechanism fails, integrity and confidentiality cannot
be guaranteed.
Chapter 3: Information Security Services
35
36
Network Security: A Beginner’s Guide
Audit
Audits provide a record of past events. Audit records link an individual to actions taken
on a system or in the physical world. Without proper I&A, the audit record is useless as
no one can guarantee that the recorded events were actually performed by the individual
in question.
Audits in the physical world may take the form of entrance logs, sign-out sheets, or
even video recordings. The purpose of these physical records is to provide a record of ac

TEAMFLY