IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [availability]

Availability is the property of ensuring that an asset can be used when it is needed. In other words, availability protects against the threat of denial of service. It is one of the three key security properties of an asset, along with confidentiality and integrity.

Availability is the property of an asset that states that it is always accessible when needed. In other words, it requires that attackers cannot prevent legitimate access by committing a . It is one of the three elements in the classic CIA triad of security properties, alongside and .

36 questions
26
votes
5 answers

Is unauthorised deletion an integrity or availability issue?

During a web application test I have discovered a parameter tampering issue that allows a user to delete comments left by other users. They can't modify the content of other users' comments, and they can only view them where this is intentional. I'm…
paj28
  • 32,736
  • 8
  • 92
  • 130
23
votes
10 answers

In Healthcare IT, is a "break glass" mode to bypass access controls commonly required?

I've seen referenced in literature the need to have a "break glass" mode in Healthcare IT applications. In this mode, the access controls in an application can be bypassed for an emergency when it is critical for a user to gain access to imaging…
Steve Wranovsky
  • 488
  • 1
  • 4
  • 9
22
votes
3 answers

New denial-of-service vulnerability in TLS protocol, based on shooting down other users' sessions?

I think I have a new denial-of-service attack on TLS, and I'd like you to check whether this is a real vulnerability. I recently learned about the proper way to drop an authenticated client session (see this question). According to RFC 5246 & RFC…
Trueblacker
  • 393
  • 2
  • 6
15
votes
4 answers

How can a service like Fastly have such an impact on the Internet?

Fastly WAF service was down a while ago, and it has affected a lot of major internet platforms and sites such as Amazon, PayPal, eBay, Spotify, HBO Max, the UK's main government website - Gov.uk, and many more. This has affected dozens of countries…
DxTx
  • 1,403
  • 2
  • 9
  • 20
14
votes
5 answers

Is there a digital "safety deposit box" equivalent?

Digital safety deposit boxes: do they exist? if yes, are (any|they) trustworthy? There are many bricks and mortar financial institutions where one can rent a locked box in a locked room and be assured the contents are secure, that access is…
matt wilkie
  • 501
  • 3
  • 12
13
votes
1 answer

Who is the creator of the CIA triad?

The Information Security goals - Confidentiality, Integrity and Availability (CIA) - are often referenced to as the CIA triad. As I am writing my master thesis, I am wondering to which resource I should put my reference on the CIA triad?! I've done…
Anna Völkl
  • 253
  • 2
  • 7
13
votes
3 answers

How does Diaspora work?

I hear all this hype about Diaspora being decentralized, but the only information I can find on their official website and the Wikipedia article is that several people can run Diaspora servers. The main advantages of such decentralization are…
user1633
13
votes
3 answers

Webserver DDOS protection without giving away private keys (https, tls, ssl)

What are the possible ways to protect an organization's web servers from a DDoS attack without giving away your web server's https private keys? Many of the common solutions for DDoS protection of a web server (eg CloudFlare) require you to give a…
Michael Altfield
  • 826
  • 4
  • 19
7
votes
4 answers

Safest way for multiple users post to a single social networking account

Suppose I have a team or organization managing a single twitter account and a single facebook page. Different users need to be able to post content to the same account. How can I minimize the risk of this account being compromised? In my opinion,…
That Brazilian Guy
  • 521
  • 5
  • 14
7
votes
2 answers

How should backups be tested in large offices?

I always hear people say "test your backups", but I have no idea how that is done in practice when you have to deal with complex infrastructures. For personal backups it's easy to rely on something like checksums, because all you have to recover is…
reed
  • 15,398
  • 6
  • 43
  • 64
6
votes
4 answers

How do you guarantee that you don't lose a keyfile?

I am toying with the idea of adding keyfiles to various things that I encrypt. However what's been keeping me from adopting them is guaranteeing that I don't lose the keyfile while still keeping security. My issues is that with passwords if you…
TheLQ
  • 1,239
  • 1
  • 12
  • 21
4
votes
1 answer

Practice question for Security+ that I think is wrong. Integrity vs availability

There is the following question on a practice test: Which service are you addressing by installing a RAID array and load balancer? A. Confidentiality B. Availability C. Accountability D. Integrity The correct answer according to practice test is…
IT_User
  • 212
  • 1
  • 9
4
votes
1 answer

Security requirement disk quotas

When reading about security measures for operating systems I found the recommendation that disk quotas should be used. I thought that is just a general IT requirement to ensure everybody got the same space, hence this requirement targets…
Wh0V1an
  • 149
  • 1
  • 2
  • 5
4
votes
1 answer

Authentication as CIA triad

As we all know, information security principles are stated as CIA triad, i.e., confidentiality, integrity, and availability. I wonder why authentication is not a part of CIA triad as being an important factor in information security. Does it belong…
Katherine
  • 67
  • 1
  • 5
3
votes
2 answers

iOS Unicode Notification Bug

Evidently, someone has discovered a Unicode bug in iOS, where if an app receives a specific Unicode sequence (infinitely-repeating Unicode code point), the OS will kill the Springboard as it allocates too much memory, restarting it immediately. I…
Chris Cirefice
  • 1,460
  • 2
  • 13
  • 21
1
2 3