Now let's look at some specifics here or a little bit more specific. Essentially, when we look at the availability, one of the primary controls and one of the primary ways that we give ourselves that is through something called redundancy. For example, if this web server goes down, there's another web server that's waiting to take its place and serve that data out to us right away. There's also integrity. We want to make sure that when I pull that data from the website, remember that web server could be sitting in another state or another country. When I pull that data down, how do I know that the data that I'm looking at on my computer is as it were when they posted it on that website for my consumption. Well, the way we know that is because for a lot of websites, you can literally go look on the website and they'll have something called the hash, that says here's the hash that represents this data. Well, what does that mean? Let's look at an example. If I go out to, let's just look at Kali Linux. I want to download Kali Linux to do pin testing because you'll learn about Kali Linux a lot as you go into cybersecurity. Notice of all the downloads here, on the right, there's a sha256sum. That long weird string over to the right, that's called a hash. The purpose of that is so that when I download this, I can run the same mathematical process that these creators run against us download. To get that number, I can run that same process once I downloaded, and if that download is good and has been modified, I should get that exact same number. That's how I will know that that file has been modified and I can trust it. This is where the integrity comes in, and that string that you see is a hash that is reproducible. But the only way it can be produced again ever is if I run the same math against this download that they ran to generate it. That's where the integrity actually comes in, and that's how you use integrity in hashing. Now the last one on the list here is confidentiality. What confidentiality is, is making sure that our data stays to where only the people that are authorized to see it or consume it can do that. We generally get that through some type of encryption or authentication. Now, encryption simply means we take the data and we scramble it. Think about when you do word scramble. When you're doing word scramble, that is actually a form of encryption. Now, if you don't scramble it well enough, someone can easily look at it and figure out what that word was. We just saw that when we looked at the words earlier and then when we talked about the typoglycemia complex. The point is to make it scrambled enough that it's impossible or infeasible to unscramble it. This is where you get into the different levels of encryption, good encryption versus bad encryption. We'll have some more discussion around that a little bit later. The other way that we control confidentiality is through something called authentication. We might have the data sitting here, but we don't encrypt it because we know that the only way to get there is to come through this door, or to authenticate through that door. Now we replace that door with the login page or something of that nature, and that's another way that we give ourselves confidentiality. As a matter of fact, part of the reason we have cybersecurity problems is back in the day when computers were first created, they were only in the form of what we call mainframes and things of that nature, which meant for you to get access to the data on that computer, you had to physically get into that building. We're talking about government installations that were protected by people with machine guns. It wasn't an easy task to get into that building. The security of it and the confidentiality of that data was the fact that you can't even get into the building. The assumption was anybody in the building has access to the data. That's old school. But now we've applied that same principle, but we can put these things together. We can tie them together. We can have authentication on the one side so that only people that can get past that authentication gets to the data. But we can separately encrypt it so that even if they get to it, they now have to decrypt it to be able to read it. This is where you start to hear things like layered security, or layers of security, or you might hear it called the fence in debt. But it all means the same thing. Now these are terms that you need to get baked into your brain because you're going to hear them throughout your cybersecurity career.
