Question

Information security and network security each serve a specific purpose in your security infrastructure.

Differentiate information security and network security in terms of confidentiality, integrity and availability and give a suitable example of both securities

Answer 1

Information security in terms of Confidentiality, Integrity, and Availability (CIA) with a suitable example of this security:
As a basic of Information security and in this context, confidentiality is a set of rules limiting access to information safeguarding secrecy of the information; integrity being the assurance of the information being trustworthy, original, and accurate; and availability is a guarantee of the information to be accessed reliably by authorized people. For example for confidentiality, encryption services protect one's data at rest or in transit and prevent any unauthorized access to the protected data. An example of availability would be a hacker who has deleted an important file and the file is no more available for the actual innocent user to access and work on it. Also, as example encryption protects information's integrity from a hacker modifying the data in a file containing information.

Network security in terms of Confidentiality, Integrity, and Availability (CIA) with a suitable example of this security:
In network security, availability is the ability of authorized users to freely access the systems, networks, and data required to perform their daily tasks. Example: To keep systems up and available it is required and is important to resolve hardware and software conflicts, along with regular maintenance. An example of an attack hampering the availability of a network is through a Distributed Denial-of-Service (DDoS) attack malicious attempt disrupting normal traffic of a targeted network overwhelming the target with illegitimate or spam network or Internet traffic requests or connections. Confidentiality example is protecting the password of Wi-Fi networks and LAN network (Ethernet) router.

Integrity is the consistency of networks. It addressed mitigation and proactive measures for restricting unapproved changes and at the same time can recover data that has been lost or compromised. Any discrepancies indicate the network integrity has been compromised by hardware or software failure, network intrusion, or other factors. Example: DNS spoofing and or DNS cache poisoning, where corrupt Domain Name System (DNS) data is introduced into the DNS resolver's cache resulting in the name server returning an incorrect result record.

Confidentiality, Integrity, and Availability (CIA) are the principles of Cyber or IT security, which includes network security as well in protecting an organization from unintentional disclosures. Anyone of these when compromised will compromise the entire security of a network or system. There have been cases where a single and a very small miss in either of these three pillars- Confidentiality, Integrity, and Availability (CIA) has resulted in security breaches, attacks, hacks, password cracking, network intrusion, network malfunction, network unavailability, data theft, unavailability of data, altered data, and data disclosures, causing huge money and data loss, and other damages to the IT infrastructure, data, people, reputation, revenue, business, etc.

Confidentiality in network security makes sure sensitive information on a network is accessed only by authorized people or users and kept away from those who are not authorized who want to possess or access them. Confidentiality ensures that only authorized individuals or systems are able to view and access sensitive or classified information. The data sent over a network should not be accessed by unauthorized individuals. Thus, encryption techniques and Virtual Private Network (VPN) tunnels (encapsulation) are used to safeguard data sent over a network.

Integrity makes sure information is in a format true and correct to its original purposes, without it being altered, modified, or manipulated.
An example of a threat to network integrity is corruption of data sent over a network, which is a failure in maintaining data integrity. An example security measure that can be taken is using a hash function.

Data integrity, in the context of networking, refers to the overall completeness, accuracy, and consistency of data. Data integrity must be imposed when sending data through a network. As a network security measure, This is achieved using error checking and correction protocols.

Network integrity security should be applied to the entire network with network-discoverable resources. Examples of network security attacks as a whole: Network intrusions, Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks. Examples of how integrity can be implemented in network security are through network optimization, data encryption, hardware maintenance, and software patching.

Availability makes sure information and systems on a network, the network itself, its configurations, settings, etc., and network resources are available to those authorized people or users who need them for access. Hence, all these three conditions must be met directly or indirectly for the security and safety of IT infrastructure, systems, servers, computers, software, hardware, network, applications, services, accounts, data, devices, components, etc. Availability issues examples are faulty hardware, no upgrades, updates, or patches applied, or at least not applied recently, no plan for fail-over, presence of bottleneck, or single point of failure.

Availability guarantees systems, networks, applications, and data are available to users when they need them to access. An example of the most common attack that impacts the availability of a network is Denial-of-Service in which the attacker or hacker interrupts access to information on the network, system, devices, or other network resources.

Availability problems in networking can be avoided, as an example of network security measures and it is necessary to include redundancy paths and failover strategies in the design stage, as well as to include Intrusion Prevention Systems (IPSs) that can monitor network traffic pattern, determine if there is an anomaly and block network traffic when needed.