Security Week Part 1: The Three Pillars of Defense

Before we start configuring firewalls or locking down switch ports, we should probably understand the “Philosophy of Security.” In the Network+ world, every decision we make is designed to support one of three core goals.

1. The CIA Triad

No, Not the Central Intelligence Agency (CIA), This CIA Triad stands for Confidentiality, Integrity, and Availability.

• Confidentiality: Ensuring that only authorized people can see the data.
  • Tool: Encryption (like SSL/TLS or WPA3).
• Integrity: Ensuring that the data hasn’t been changed during transit.
  • Tool: Hashing (SHA-256).
• Availability: Ensuring that authorized users can actually get to the data when they need it.
  • Tool: Redundancy (Like Load Balancers or UPS backups).

2. AAA: The “Security Gatekeeper”

How would we actually manage who gets in? We use the AAA Framework. This is the standard for professional networks (like your businesses Active Directory system).

• Authentication: “Who are you?” (Username/Password, Biometrics, MFA).
• Authorization: “What are you allowed to do?” (Can you access the financial drive? no, you can only access the assistant drive).
• Accounting: “What did you do?” (Keeping a log of every time someones logs in or changes a file).

3. Non-Repudiation

This is a fancy term for “No Take-Backs.” It ensures that a sender cannot deny having sent a message, and a recipient cannot deny having received it.

• The Tool: Digital Signatures
• Real-World Use: When you sign a digital contract or send an encrypted email, non-repudiation proves that you were the one who did it, and the data hasn’t been tampered with since.

4. The “Support Associate” Reality: Least Privilege

As you work through your tickets this week, keep the Principle of Least Privilege in mind.

• Definition: Give users only the minimum level of access they need to do their job and nothing more.
• Example: A teacher needs to see student grades, but they don’t need “Domain Admin” rights to the entire server. By limiting access, you limit the “Blast Radius” if that teacher’s account ever gets compromised.

🧪 The “Exam Tip” for Network+

From my study material it seems that CompTIA loves to test on Hashing vs. Encryption.

• Encryption is a two-way street (Scramble -> Unscramble). It’s for Confidentiality.
• Hashing Is a one-way street (Data -> Unique Fingerprint). You can’t “un-hash” something. it’s for Integrity. If the fingerprint changes, the data was messed with.

What’s Next?

Now that we have the mindset, we’re going to get physical. Tomorrow, we move into Physical Security & Social Engineering. We’ll talk about badges, man-traps, and why the most dangerous person in your office might just be someone holding a box of donuts and asking you to hold the door open.