Dd wrt ssh server unexpectedly closed network connection

Practical Connection Assignment -

World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com.

Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Network Security, Firewalls, and VPNs, Second Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only.

This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal or other professional service. If legal advice or other expert assistance is required, the service of a competent professional person should be sought.

mailto:info@jblearning.com
http://www.jblearning.com/
http://www.jblearning.com/
mailto:specialsales@jblearning.com
Production Credits Chief Executive Officer: Ty Field President: James Homer SVP, Editor-in-Chief: Michael Johnson SVP, Curriculum Solutions: Christopher Will Director of Sales, Curriculum Solutions: Randi Roger Senior Marketing Manager: Andrea DeFronzo Associate Marketing Manager: Kelly Thompson VP, Design and Production: Anne Spencer VP, Manufacturing and Inventory Control: Therese Connell Manufacturing and Inventory Control Supervisor: Amy Bacus Editorial Management: High Stakes Writing, LLC, President: Lawrence J. Goodrich Senior Editor, HSW: Ruth Walker Senior Editorial Assistant: Rainna Erikson Production Manager: Susan Schultz Composition: Gamut+Hue, LLC Cover Design: Kristin E. Parker Director of Photo Research and Permissions: Amy Wrynn Rights & Photo Research Assistant: Joseph Veiga Cover Image: © HunThomas/ShutterStock, Inc. Chapter Opener Image: © Rodolfo Clix/Dreamstime.com Printing and Binding: Edwards Brothers Malloy Cover Printing: Edwards Brothers Malloy

ISBN: 978-1-284-03167-6

Library of Congress Cataloging-in-Publication Data Not available at time of printing.

6048

Printed in the United States of America 17 16 15 14 13 10 9 8 7 6 5 4 3 2 1

http://dreamstime.com/
Contents

Preface

PART ONE Foundations of Network Security

CHAPTER 1

Fundamentals of Network Security

What Is Network Security? What Is Trust? Who—or What—Is Trustworthy? What Are Security Objectives?

What Are You Trying to Protect? Seven Domains of a Typical IT Infrastructure

Goals of Network Security How Can You Measure the Success of Network

Security?

Why Are Written Network Security Policies Important? Planning for the Worst

Who Is Responsible for Network Security?

Examples of Network Infrastructures and Related Security Concerns

Workgroups SOHO Networks Client/Server Networks LAN Versus WAN Thin Clients and Terminal Services Remote Control, Remote Access, and VPN Boundary Networks Strengths and Weaknesses of Network Design

Enhancing the Security of Wired Versus Wireless LAN Infrastructures

Internal and External Network Issues Common Network Security Components Used to

Mitigate Threats Hosts and Nodes IPv4 Versus IPv6 Firewall Virtual Private Networks Proxy Servers Network Address Translation Routers, Switches, and Bridges The Domain Name System Directory Services Intrusion Detection Systems and Intrusion

Prevention Systems Network Access Control

CHAPTER SUMMARY

KEY CONCEPTS AND TERMS CHAPTER 1 ASSESSMENT

CHAPTER 2

Firewall Fundamentals

What Is a Firewall? What Firewalls Cannot Do

Why Do You Need a Firewall? What Are Zones of Risk? How Firewalls Work and What Firewalls Do TCP/IP Basics

OSI Reference Model Sub-Protocols Headers and Payloads Addressing

Types of Firewalls Ingress and Egress Filtering Types of Filtering

Static Packet Filtering Stateful Inspection and Dynamic Packet Filtering Network Address Translation (NAT) Application Proxy Circuit Proxy Content Filtering

Software Versus Hardware Firewalls

IPv4 Versus IPv6 Firewalls

Dual-Homed and Triple-Homed Firewalls Placement of Firewalls CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 2 ASSESSMENT

CHAPTER 3

VPN Fundamentals

What Is a Virtual Private Network? What Are the Benefits of Deploying a VPN? What Are the Limitations of a VPN?

What Are Effective VPN Policies? VPN Deployment Models and Architecture Tunnel Versus Transport Mode

The Relationship Between Encryption and VPNs Symmetric Cryptography Asymmetric Cryptography Hashing

What Is VPN Authentication? VPN Authorization CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 3 ASSESSMENT

CHAPTER 4

Network Security Threats and Issues

Hacker Motivation Favorite Targets of Hackers Threats from Internal Personnel and External Entities

The Hacking Process Fallback Attacks

Common IT Infrastructure Threats Hardware Failures and Other Physical Threats Natural Disasters Accidents and Intentional Concerns

Malicious Code (Malware) Advanced Persistent Threat

Fast Growth and Overuse Wireless Versus Wired Eavesdropping Replay Attacks Insertion Attacks Fragmentation Attacks, Buffer Overflows, and XSS

Attacks Fragmentation Attacks Buffer Overflows XSS (Cross-Site Scripting) Attacks

Man-in-the-Middle, Session Hijacking, and Spoofing Attacks

Man-in-the-Middle Attacks Session Hijacking Spoofing Attacks

Covert Channels Network and Resource Availability Threats Denial of Service (DoS) Distributed Denial of Service (DDoS) Hacker Tools Social Engineering CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 4 ASSESSMENT

PART TWO Technical Overview of Network Security, Firewalls, and VPNs

CHAPTER 5

Network Security Implementation

Seven Domains of a Typical IT Infrastructure Network Design and Defense in Depth Protocols Common Types of Addressing

IPv6

Controlling Communication Pathways Hardening Systems Equipment Selection Authentication, Authorization, and Accounting Communication Encryption Hosts: Local-Only or Remote and Mobile Redundancy Endpoint Security

Clients Servers Routers Switches Firewalls and Proxies

CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 5 ASSESSMENT

CHAPTER 6

Network Security Management

Network Security Management Best Practices Fail-Secure, Fail-Open, and Fail-Close Options Physical Security

Watching for Compromise

Incident Response Trapping Intruders and Violators Why Containment Is Important Imposing Compartmentalization Using Honeypots, Honeynets, and Padded Cells Essential Host Security Controls Backup and Recovery User Training and Awareness Network Security Management Tools Security Checklist Network Security Troubleshooting Compliance Auditing Security Assessment Configuration Scans Vulnerability Scanning Penetration Testing Post-Mortem Assessment Review CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 6 ASSESSMENT

CHAPTER 7

Firewall Basics

Firewall Rules Authentication, Authorization, and Accounting Monitoring and Logging Understanding and Interpreting Firewall Logs and

Alerts

Intrusion Detection Limitations of Firewalls Improving Performance The Downside of Encryption with Firewalls Firewall Enhancements Management Interfaces CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 7 ASSESSMENT

CHAPTER 8

Firewall Deployment Considerations

What Should You Allow and What Should You Block? Common Security Strategies for Firewall Deployments

Security Through Obscurity Least Privilege Simplicity

Defense in Depth Diversity of Defense Chokepoint Weakest Link Fail-Safe

Forced Universal Participation Essential Elements of a Firewall Policy Software and Hardware Options for Firewalls Benefit and Purpose of Reverse Proxy Use and Benefit of Port-Forwarding Considerations for Selecting a Bastion Host OS Constructing and Ordering Firewall Rules Evaluating Needs and Solutions in Designing Security What Happens When Security Gets in the Way of

Doing Business?

CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 8 ASSESSMENT

CHAPTER 9

Firewall Management and Security

Best Practices for Firewall Management Security Measures in Addition to a Firewall Selecting the Right Firewall for Your Needs

The Difference Between Buying and Building a Firewall

Mitigating Firewall Threats and Exploits Concerns Related to Tunneling Through or Across a

Firewall

Testing Firewall Security Important Tools for Managing and Monitoring a

Firewall

Troubleshooting Firewalls Proper Firewall Implementation Procedure Responding to Incidents CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 9 ASSESSMENT

CHAPTER 10

Using Common Firewalls

Individual and Small Office/Home Office (SOHO) Firewall Options

Uses for a Host Software Firewall Examples of Software Firewall Products

Using Windows 7’s Host Software Firewall Using a Linux Host Software Firewall Managing the Firewall on an ISP Connection Device

Converting a Home Router into a Firewall

Commercial Software Network Firewalls Open-Source Software Network Firewalls Appliance Firewalls Virtual Firewalls Simple Firewall Techniques CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 10 ASSESSMENT

CHAPTER 11

VPN Management

VPN Management Best Practices Developing a VPN Policy Developing a VPN Deployment Plan

Bypass Deployment Internally Connected Deployment DMZ-Based Implementation

VPN Threats and Exploits Commercial or Open Source VPNs Differences Between Personal and Enterprise VPNs Balancing Anonymity and Privacy Protecting VPN Security to Support Availability

The Importance of User Training VPN Troubleshooting CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 11 ASSESSMENT

CHAPTER 12

VPN Technologies

Differences Between Software and Hardware Solutions Software VPNs Hardware VPNs

Differences Between Layer 2 and Layer 3 VPNs Internet Protocol Security (IPSec) Layer 2 Tunneling Protocol (L2TP) Secure Sockets Layer (SSL)/Transport Layer Security

(TLS) SSL/TLS and VPNs

Secure Shell (SSH) Protocol Establishing Performance and Stability for VPNs

Performance Stability

Using VPNs with Network Address Translation (NAT) Types of Virtualization

Desktop Virtualization

SSL VPN Virtualization

Differences Between Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6)

The TCP/IP Protocol Suite IPv4 Challenges IPv6 IPSec and IPv6

CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 12 ASSESSMENT

PART THREE Implementation, Resources, and the Future

CHAPTER 13

Firewall Implementation

Constructing, Configuring, and Managing a Firewall SmoothWall Examining Your Network and Its Security Needs

What to Protect and Why Preserving Privacy Firewall Design and Implementation Guidelines Selecting a Firewall

Hardware Requirements for SmoothWall Planning a Firewall Implementation with SmoothWall

Firewalling a Big Organization: Application-Level Firewall and Package Filtering, a Hybrid System

Firewalling a Small Organization: Packet Filtering or Application-Level Firewall, a Proxy Implementation

Firewalling in a Subnet Architecture

Installing a Firewall with SmoothWall Configuring a Firewall with SmoothWall Elements of Firewall Deployment Performing Testing with SmoothWall Firewall Troubleshooting Additional SmoothWall Features Firewall Implementation Best Practices CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 13 ASSESSMENT

CHAPTER 14

Real-World VPNs

Operating System–Based VPNs VPN Appliances

Configuring a Typical VPN Appliance Client-Side Configuration

Remote Desktop Protocol

Using Remote Control Tools Using Remote Access

The Technology for Remote Use Choosing Between IPSec and SSL Remote Access

VPNs

Terminal Services TS RemoteApp TS Web Access

Microsoft DirectAccess DMZ, Extranet, and Intranet VPN Solutions

Intranet VPNs Extranet VPNs

Internet Café VPNs Online Remote VPN Options

Security Wake-on-LAN Support File Sharing Remote Printing Mac Support

The Tor Application Planning a VPN Implementation

Requirements Installation Deployment Testing and Troubleshooting

VPN Implementation Best Practices

CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 14 ASSESSMENT

CHAPTER 15

Perspectives, Resources, and the Future

What the Future Holds for Network Security, Firewalls, and VPNs

Threats Firewall Capabilities Encryption Authentication Metrics Focus Securing the Cloud Securing Mobile Devices Mobile IP Bring Your Own Device (BYOD)

Resource Sites for Network Security, Firewalls, and VPNs

Tools for Network Security, Firewalls, and VPNs Commercial Off-the-Shelf (COTS) Software Open Source Applications and Tools

The Impact of Ubiquitous Wireless Connectivity Potential Uses of Security Technologies

What Happens When There Is No Perimeter?

Specialized Firewalls Available Intrusion Detection Systems (IDSs) and Intrusion

Prevention Systems (IPSs)

Effect of Honeypots, Honeynets, and Padded Cells Emerging Network Security Technologies

IP Version 6 VPNs, Firewalls, and Virtualization Steganography Anti-Forensics

CHAPTER SUMMARY KEY CONCEPTS AND TERMS CHAPTER 15 ASSESSMENT

APPENDIX A

Answer Key

APPENDIX B

Standard Acronyms

Glossary of Key Terms References Index

Preface

Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information- security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinking—putting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow, as well.

The first part of this book on network security focuses on the business challenges and threats that you face as soon as you physically connect your organization’s network to the public Internet. It will present you with key concepts and terms, and reveal what hackers do when trying to access your network, thus providing you with the necessary foundation in network security for the discussions that follow. It will define firewalls and virtual private networks (VPNs), providing you with an understanding of how to use them as security countermeasures to solve business challenges.

Part 2 discusses how to implement network security and reviews best practices. It discusses to how select and deploy firewalls and the tools for

http://www.jblearning.com/
managing and monitoring them. It also reviews implementing a VPN, the technologies involved, and VPN-management best practices.

Part 3 focuses on the practical, giving concrete, step-by-step examples of how to implement a firewall and a VPN. It also discusses what challenges the future holds for information security professionals involved in network security. It covers the tools and resources available to the professional and scans the horizon of emerging technologies.

Learning Features

The writing style of this book is practical and conversational. Step-by-step examples of information security concepts and procedures are presented throughout the text. Each chapter begins with a statement of learning objectives. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional and helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in the back of the book.

Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.

Audience

The material is suitable for undergraduate or graduate computer science majors or information science majors, students at a two-year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge.

About the Author

James Michael Stewart has been working with computers and technology for more than 25 years. His work focuses on security, certification, and

various operating systems. Recently, Michael has been teaching job-skill and certification courses such as CISSP, CEH, and Security+. He is the primary author of the CISSP Study Guide, 4th Edition and the Security+ 2008 Review Guide. In addition, Michael has written numerous books on other security and Microsoft certification and administration topics. He has developed certification courseware and training materials as well as presented these materials in the classroom. Michael holds the following certifications: CISSP, ISSAP, SSCP, MCT, CEI, CEH, TICSA, CIW SA, Security+, MCSE+Security: Windows 2000, MCSA Windows Server 2003, MCDST, MCSE NT & W2K, MCP+I, Network+, iNet+. He graduated in 1992 from the University of Texas at Austin with a bachelor’s degree in philosophy.

PART ONE

Foundations of Network Security

CHAPTER 1

Fundamentals of Network Security

CHAPTER 2

Firewall Fundamentals

CHAPTER 3

VPN Fundamentals

CHAPTER 4

Network Security Threats and Issues

CHAPTER

1 Fundamentals of Network Security

COMPUTER NETWORK SECURITY is very complex. New threats from inside and outside networks appear constantly. Just as constantly, the security community is developing new products and procedures to defend against threats of the past and unknowns of the future.

As companies merge, people lose their jobs, new equipment comes online, and business tasks change, people do not always do what you expect. Network security configurations that worked well yesterday might not work quite as well tomorrow. In an ever-changing business climate, whom should you trust? Has your trust been violated? How would you even know? Who is attempting to harm your network this time? And why?

Because of these complex issues, you need to understand the essentials of network security. This chapter will introduce you to the basic elements of network security. Once you have a firm grasp of these fundamentals, you will be well equipped to put effective security measures into practice on your organization’s network.

Chapter 1 Topics

This chapter covers the following topics and concepts:

What network security is

What you are trying to protect within the seven domains of a typical IT infrastructure

What the goals of network security are

How you can assess the success of your network security implementation

Why written network security policies are important

Who is responsible for network security

What some examples of network infrastructures and related security concerns are

Which controls can enhance the security of wired vs. wireless local area network (LAN) infrastructures

What some examples of internal and external network issues are

Which common network security components are used to mitigate threats throughout the IT infrastructure

Chapter 1 Goals

When you complete this chapter, you will be able to:

Describe the key concepts and terms associated with network security

Describe the importance of a written security policy and explain how policies help mitigate risk exposure and threats to a network infrastructure

Define network security roles and responsibilities and who within an IT organization is accountable for these security implementations

Identify examples of network security concerns or threats that require enhanced security countermeasures to properly mitigate risk exposure and threats

Describe the security requirements needed for wired versus wireless LAN infrastructures in order to provide an enhanced level of security

Compare and contrast common network security components and devices and their use throughout the IT infrastructure

What Is Network Security?

Network security is the control of unwanted intrusion into, use of, or damage to communications on your organization’s computer network. This includes monitoring for abuses, looking for protocol errors, blocking non- approved transmissions, and responding to problems promptly. Network security is also about supporting essential communication necessary to the organization’s mission and goals, avoiding the unapproved use of resources, and ensuring the integrity of the information traversing the network.

Network security includes elements that prevent unwanted activities while supporting desirable activities. This is hard to do efficiently, cost effectively, and transparently. Efficient network security provides quick and easy access to resources for users. Cost-effective network security controls user access to resources and services without excessive expense. Transparent network security supports the mission and goals of the organization through enforcement of the organization’s network security policies, without getting in the way of valid users performing valid tasks.

Computer networking technology is changing and improving faster today than ever before. Wireless connectivity is now a realistic option for most companies and individuals. Malicious hackers are becoming more adept at stealing identities and money using every means available.

Today, many companies spend more time, money, and effort protecting their assets than they do on the initial installation of the network. And little wonder. Threats, both internal and external, can cause a catastrophic system failure or compromise. Such security breaches can even result in a company going out of business. Without network security, many businesses and even individuals would not be able to work productively.

Network security must support workers in doing their jobs while protecting against compromise, maintaining high performance, and keeping costs to a minimum. This can be an incredibly challenging job, but it is one that many organizations have successfully tackled.

Network security has to start somewhere. It has to start with trust.

What Is Trust? Trust is confidence in your expectation that others will act in your best interest. With computers and networks, trust is the confidence that other users will act in accordance with your organization’s security rules. You trust that they will not attempt to violate the stability, privacy, or integrity of the network and its resources. Trust is the belief that others are trustworthy.

Unfortunately, sometimes people violate your trust. Sometimes they do this by accident, oversight, or ignorance that the expectation even existed. In other situations, they violate trust deliberately. Because these people can be either internal personnel or external hackers, it’s difficult to know whom to trust.

So how can you answer the question, “Who is trustworthy?” You begin by realizing that trust is based on past experiences and behaviors. Trust is usually possible between people who already know each other. It’s neither easy nor desirable to trust strangers. However, once you’ve defined a set of rules and everyone agrees to abide by those rules, you have established a conditional trust. Over time, as people demonstrate that they are willing to abide by the rules and meet expectations of conduct, then you can consider them trustworthy.

Trust can also come from using a third-party method. If a trustworthy third party knows you and me, and that third party states that you and I are both trustworthy people, then you and I can assume that we can

conditionally trust each other. Over time, someone’s behavior shows whether the initial conditional trust was merited or not.

A common example of a third-party trust system is the use of digital certificates that a public certificate authority issues. As shown in Figure 1-1, a user communicates with a Web e-commerce server. The user does not initially know whether a Web server is what it claims to be or if someone is “spoofing” its identity. Once the user examines the digital certificate issued to the Web server from the same certificate authority that issued the user’s digital certificate, the user can then trust that the identity of the Web site is valid. This occurs because both the user and the Web site have a common, trustworthy third party that they both know.

Ultimately, network security is based on trust. Companies assume that their employees are trustworthy and that all of the computers and network devices are trustworthy. But not all trust is necessarily the same. You can (and probably should) operate with different levels or layers of trust. Those with a higher level of trust can be assigned greater permissions and privileges. If someone or something violates your trust, then you remove the violator’s access to the secure environment. For example, companies terminate an untrustworthy employee or replace a defective operating system.

FIGURE 1-1

An example of a third-party trust system.

Who—or What—Is Trustworthy? Determining who or what is trustworthy is an ongoing activity of every organization, both global corporations and a family’s home network. In both cases, you offer trust to others on a conditional basis. This conditional trust changes over time based on adherence to or violation of desired and prescribed behaviors.

If a program causes problems, it loses your trust and you remove it from the system. If a user violates security, that person loses your trust and might have access privileges revoked. If a worker abides by the rules, your trust grows and privileges increase. If an Internet site does not cause harm, you deem it trustworthy and allow access to that site.

To review, trust is subjective, tentative, and changes over time. You can offer trust based on the reputation of a third party. You withhold trust when others violate the rules. Trust stems from actions in the past and can grow based on future behaviors.

In network security, trust is complex. Extending trust to others without proper background investigation can be devastating. A network is only as secure as its weakest link. You need to vet every aspect of a network, including software, hardware, configuration, communication patterns, content, and users, to maintain network security. Otherwise, you will not be able to accomplish the security objectives of your organization’s network.

What Are Security Objectives? Security objectives are goals an organization strives to achieve through its security efforts. Typically, organizations recognize three primary security objectives:

Confidentiality/privacy Integrity/nonrepudiation Availability/uptime

Confidentiality is the protection against unauthorized access, while providing authorized users access to resources without obstruction. Confidentiality ensures that data is not intentionally or unintentionally disclosed to anyone without a valid need to know. A job description defines the person’s need to know. If a task does not require access to a specific resource, then that person does not have a need to know that resource.

Integrity is the protection against unauthorized changes, while allowing for authorized changes performed by authorized users. Integrity ensures that data remain consistent, both internally and externally. Consistent data do not change over time and remain in sync with the real world. Integrity also protects against accidents and hacker modification by malicious code, or software written with malicious intent.