Module Four Assignments

CCNA Wireless Guide Reading

Professor Messer on Security+

Security Reading

Professor Messer on Security+

Professor Messer covers a number of topics in his CompTIA Security+ video series, and this assignment will focus on his Confidentiality, Integrity, Availability, and Safety video.

In this video, Professor Messer introduced some fundamentals of information security, which are often bundled together into a set of principles known as the AIC Triad, which stands for Availability, Integrity, and Confidentiality.


Availability means that information is always accessible to authorized users whenever it is needed, and systems and networks must be up and running as consistently as possible. This can be achieved through a few methods:

  • redundancy - create backups of services such as multiple servers, switches, routers, etc., so that if one device or service fails, there is another to take its place.
  • fault tolerance - when a failure does occur, the system is still able to run. It may run at a slower speed or lower capacity, but services needed will still be available
  • patching - this ensures that services are not brought down by vulnerabilities or bugs. It provides additional stabilty and closes security holes.

Integrity means that messages cannot be modified without detection, ensuring that data is stored and transferred as intended. If any change is made without authorization, it is able to be detected. This can be achieved through:

  • hashing - creates a fixed-length value of whatever message or data is being stored or transmitted that can be compared by the receiver in order to verify its integrity. Any change to any character within the data will result in a different hash value, so if the hashes do not match, the user will known that the data has been compromised. The following image demonstrates the hashing process.
  • digital signature - a mathematical scheme serves as the signature for the sender transmitting the data. This signature can then be checked in order to verify the integrity of the data.
  • certificates - these combine with digital signatures in order to verify the individual creating the signature. They are issued by certificate authorities (CAs).
  • non-repudiation - a concept in which a person who sends the data is not able to say that anything has been changed within that; they cannot repudiate what you say you have received.

Confidentiality prevents the disclosure of information to unauthorized individuals or systems. This means that certain information should only be known to certain people. It can be achieved through:

  • encryption - encoding a message so that only certain people can read it. It involves encrypting data with an algorithm which can only be encrypted by a key and decrypted by that same key. The image below gives a simple example of the encyprtion process.
  • access controls - selectively restrict access to a resource. For example, one can set rights and permissions to a file or resource, so that only certain groups or individuals with those permissions available to them can view it.
  • steganography - the method of hiding information within another piece of image. A common example of this is hiding information within a picture - the image appears normal, but actually includes text hidden within its image data that can be extracted by those who know of its existence.