Hello, in this lesson I'm going to talk about fundamental concepts in security. Specifically, we're going to go over the three objectives of security which are, confidentiality, integrity, and availability. Then we're going to talk about threat modeling, what it is, and why it's useful. After this lesson, you'll be able to describe the security objectives of confidentiality, integrity, and availability. So let's get started. Confidentiality, according to ISACA is preserving authorized restrictions on access and disclosure Including means for protecting privacy and proprietary information. In other words, we want to keep valuable data and it should only be available to those who need to know about or use it. An example of a threat to confidentiality is the following. You want to download some data off the Internet but on your network, a malicious system sits between you and the network gateway. Then, when you go and download that data, the data is not encrypted and the malicious system snoops on the data before it gets to your system. There are ways to meet our objective of confidentiality. One way is to encrypt data as it flows from one system to another. In other words, encryption in transit but that's not enough if we want to be able to encrypt data where it's going to be stored. In other words, encryption at rest. We also want to, for example, use access control lists to allow only certain users access, to certain types of data. Next, we're going to talk about integrity. Data integrity according to ISACA is the property that data meet with an expectation of quality and that the data can be relied on. In other words, we want to make sure that data and system resources are consistent and accurate. Now an example of a threat to integrity is the following. You want to download some data off of the internet but on your network, a malicious system sits between you and the network gateway. Then, when you go and download that data, your system doesn't perform any integrity checks during the download and the malicious system tampers with the data before it reaches your system. We could in order to meet the objective of integrity use a message authentication code to verify that what we downloaded off the internet was what we expected. An example of that is using the HMac algorithm. To summarize, both the message and sender and the message receiver have the same secret key in order to perform authentication. But for now we're going to accept that they already know or have the same secret key and later on in the lessons we'll go over how the sender and the receiver agree on a secret key to begin with. Anyway, the message sender uses a MAC signing algorithm, for example, HMac and gives the MAC signing algorithm the secret key and the message. The output of using that signing algorithm is a tag which is a fixed length piece of data. Now the message sender sends the message and the tag to the receiver. The message receiver receives that data and uses a Mac verifying algorithm and gives that algorithm as input. The secret key and the message plus the tech, the output of this verifying algorithm is a yes or no answer. Basically saying yes this data has not been tampered with, so it's okay for us to use or no, don't use this data because it has been modified. Last, our third security objective is availability. It's because definition of that is ensuring timely and reliable access to and use of information. In other words, we want users of system resources or data to be able to access them in a reliable and timely manner. An example of the threat to availability is a DDoS attack. In other words, a DDoS vulnerability exists, that is then attacked. For example, you host your web application on a system that has limited resources and you connect it to the internet. Then, a flood of requests come at a short time interval and your system no longer has the ability to keep up with serving those requests. Now, one way to mitigate the DDoS attack that I had just mentioned earlier is to use a content delivery network or otherwise known as a CDN to serve your web app traffic for you instead of your own server. Basically the content delivery network, caches, or in other words stores your web application data and it is now given the burden of serving the web app data to clients who requested. This leaves your web app server less burden to serve those requests. The clients reached the content delivery caches instead of your web app servers. CDN's are built take a large amount of traffic so your system doesn't have to. Now we're going to switch gears and talk about threat modeling. Threat modeling is a process with three main goals. The first, is to be able to understand the system that is being proposed. Specifically, we want to be able to understand what assets were trying to protect, how data flows through that system and any trust boundaries that exist. We're going to talk about trust boundaries as a concept in a later lesson. The next goal is to find potential threats due to those system vulnerabilities that may exist in the proposed system design. Then the third goal is to prioritize those vulnerabilities so that we can go ahead and fix the most important ones in a timely manner. Now, a great resource on threat modeling is a book called Threat modeling, Designing for Security by Adam Shostack. Now I'm going to switch gears and talk about a threat modeling from a personal experience. Several years ago, I started off my career as a software developer. In one of my previous companies that I had worked for when I started they asked me to learn this large codebase written in C++ They wanted me to learn it as quickly as I could. Because I had just gotten out of school and not that long ago, I didn't have as much experience in this arena. So I thought maybe, there must already be a methodology that more experienced software developers use in order to learn large code bases as quickly as possible. So I did some research and I came upon this concept of threat modeling. When I learned some of the techniques that were proposed in threat modeling, I applied it to this large code base. Two things came out of that experience as a result. First, I was able to learn that large code base relatively quickly and I gained a deeper understanding of how that system worked. Second, I was able to find a piece of vulnerability and go ahead and fix it. So in summary, not only do you get the ability to find system vulnerabilities and prioritize them to fix them, you also can use threat modeling as a process to quickly learn a new codebase. In conclusion, we talked about the three fundamental objectives of security; confidentiality, integrity, and availability. Then we chatted a little bit about what threat modeling is and why it's useful. Thank you.