There are some fundamental processes in network security that you should be aware of as you begin your journey to a Cisco Certified Technician. Some of these processes are obvious, while others are not so obvious. This blog post intends to make each one very simple to understand.
The fundamental processes you should know are as follows:
Identification is the process of being able to recognize a user of the network. Typically, we do this in modern networks by ensuring the individual can present some unique information that only they know. We also try to ensure they present this information in such a way that a computer criminal cannot capture it.
Authentication is the process where a network user proves or verifies certain information. At this point, you might be wondering what is the difference between identification and authentication. With identification, a network user is able to demonstrate they are a unique entity, while with authentication we might not have such uniqueness. You might have an area of the network setup where many different users will call upon shared authentication credentials to merely prove they are part of a group.
Authorization is the process of establishing exactly what a network user should be able to do. Perhaps you are a network administrator and you have just identified and authenticated yourself on the network. Now the network provides authorization and dictates you can pass traffic through a particular router as well as make configuration changes to the router. Another user of the network might only be authorized to pass traffic through the device, while other users might be restricted from using the device at all.
Integrity is the process of ensuring that network data has not changed at all during the transmission of this data through any part of the network. We obviously cannot trust data that we receive if there is a chance that it is not the original data that was intended we receive.
Confidentiality is the most famous process regarding network security fundamentals. It is the art and science of keeping data a secret. Most students correctly think of encryption the moment they think of confidentiality. Encryption of data intends to make it unreadable by computer criminals if they are to capture the information.
Non-repudiation is the process of ensuring that a network entity cannot deny doing something. In the network security arena, non-repudiation can be carried out through a digital signature and a digital timestamp. These electronic mechanisms can ensure that a particular entity sent data, and they sent it at a certain time. In network systems today, administrators often employ accounting processes to track who is doing what on the network and exactly how long they are doing it.
I certainly hope this post helps "set the stage" for you as you begin your studies of Cisco network security.