THM: Principles of Security walkthrough by RAZREXE

RAZREXE
3 min readSep 10, 2021

--

What’s good fellow hackers! This is Rajdeep a.k.a. RAZREXE back again with another writeup after a short break, and today I am going to take you all to the walkthrough of the room on TryHackMe called “Principles of Security” which is a pretty basic beginner-friendly room and it falls into the category of easy rooms. So, without further ado, let’s dive in.

Learn some of the principles of information security that secures data and protects systems from abuse. You can access the room through this link: https://tryhackme.com/room/principlesofsecurity

TASK 1: Introduction

1. Let’s proceed!
No Answers needed

TASK 2: The CIA Triad

1. What element of the CIA triad ensures that data cannot be altered by unauthorized people?
Integrity
2. What element of the CIA triad ensures that data is available?
Availability
3. What element of the CIA triad ensures that data is only accessed by authorized people?
Confidentiality

TASK 3: Principles of Privileges

1. What does the acronym “PIM” stand for?
Privilege Identity Management
2. What does the acronym “PAM” stand for?
Privileged Access Management
3. If you wanted to manage the privileges a system access role had, what methodology would you use?
PAM
4. If you wanted to create a system role that is based on a user's role/responsibilities with an organization, what methodology is this?
PIM

TASK 4: Security Models Continued

1. What is the name of the model that uses the rule “no write-down, no read up”?
The Bell-La Padula Model
2. What is the name of the model that uses the rule “no write up, no read down”?
The Biba Model
3. If you were a military, what security model would you use?
The Bell-La Padula Model
4. If you were a software developer, what security model would the company perhaps use?
The Biba Model

TASK 5: Threat Modelling & Incidence Response

1. What model outlines “Spoofing”?
STRIDE
2. What does the acronym “IR” stand for?
Incidence Response
3. You are tasked with adding some measures to an application to improve the integrity of data, what STRIDE principle is this?
Tampering
4. An attacker has penetrated your organization’s security and stolen data. It is your task to return the organization to business as usual. What incidence response stage is this?
Recovery

This completes our room and I hope you were able to follow along. If you enjoyed reading this, do give it a clap and follow me on medium. If you face any problem regarding any solution, feel free to reach out to me. Hope you enjoyed reading my work. If you really liked this article, then a follow on medium would be magical.

If you want to connect with me, here are all my links just click here.

With that being said, I would end this article here, until next time, Happy HACKING!!

--

--

RAZREXE

Data engineer by profession with the skill set of a hacker, and a tech writer during tea breaks :)