What are the basic attributes of network security?

The basic attributes of network security are: 1. Confidentiality, information in the network cannot be obtained and used by unauthorized entities; 2. Integrity, ensuring that data and information are in a complete and undamaged state ; 3. Availability, the ability to use information or resources as expected; 4. Controllability, people have the ability to control the dissemination and content of information; 5. Non-repudiation.

Network security has five basic attributes, namely confidentiality, integrity, availability, controllability and non-repudiation. These five attributes apply to a wide range of areas such as education, entertainment, medical care, transportation, national security, power supply, and communications in the national information infrastructure.

Confidentiality

The characteristic that information is not disclosed to, or exploited by, unauthorized users, entities, or processes.

Confidentiality means that information in the network cannot be obtained and used by unauthorized entities (including users and processes, etc.). This information includes not only state secrets, but also business secrets and work secrets of enterprises and social groups, as well as personal information. When people apply the network, they naturally require the network to provide confidentiality services, and the confidential information includes both the information transmitted in the network and the information stored in the computer system. Just like telephone calls can be eavesdropped, information transmitted over the Internet can also be eavesdropped. The solution is to encrypt the transmitted information. The confidentiality of stored information is mainly achieved through access control, and different users have different permissions for different data.

Integrity

The characteristic that data cannot be changed without authorization. That is, the information remains unmodified, destroyed and lost during storage or transmission. Data integrity refers to ensuring that data and information on a computer system are in a complete and undamaged state, which means that the data will not be changed or lost due to intentional or unintentional events. In addition to the fact that the data itself cannot be destroyed, the integrity of the data also requires that the source of the data is correct and credible. That is to say, it is necessary to first verify that the data is authentic and credible, and then verify whether the data has been destroyed. The main factor that affects data integrity is deliberate destruction by humans, as well as damage to data caused by equipment failures, natural disasters and other factors.

Availability

Availability refers to the expected ability to use information or resources, that is, the characteristics that authorize entities or users to access and use the information as required. Simply put, it is to ensure that information can be used by authorized persons when needed and to prevent system denial of service due to subjective and objective factors. For example, denial of service in a network environment, damage to the normal operation of the network and related systems, etc. are all attacks on availability. Internet worms rely on large-scale replication and spread on the network, taking up a lot of CPU processing time, causing the system to become slower and slower, until the network collapses, and users' normal data requests cannot be processed. This is a typical "denial of service" attack. Of course, data unavailability may also be caused by software defects, such as Microsoft Windows where defects are always discovered.

Controllability

Controllability is the ability of people to control the dissemination path, scope and content of information, that is, not allowing harmful content to pass through the public network Transmit so that the information is under the effective control of legitimate users

Non-repudiation

Non-repudiation is also called non-repudiation. In the process of information exchange, the true identity of the participants must be ensured, that is, no participant can deny or repudiate the completed operations and commitments. Simply put, the party sending the information cannot deny sending the information, and the recipient of the information cannot deny receiving the information. The use of information source evidence can prevent the sender from denying that the information has been sent, and the use of receipt evidence can prevent the receiver from denying that it has received the information afterwards. Data signature technology is one of the important means to solve non-repudiation.

The above is the detailed content of What are the basic attributes of network security?. For more information, please follow other related articles on the PHP Chinese website!