Module 1 Lab – CIA Triad & Authentication Fundamentals

Module 1 · Fundamentals

CIA Triad & Authentication Fundamentals

Confidentiality, Integrity, Availability — Understanding public key cryptography and password security

Scenario: You're a cybersecurity analyst for a financial institution. Your job is to protect customer data using the three pillars of information security. Understanding these fundamentals will help you implement proper authentication and encryption systems.

🛡️ The CIA Triad

🎯 Why This Matters — CIA is the universal security taxonomy. Every risk, control, and compliance requirement maps to at least one of these three pillars. This demo builds the mental model you will use for every other topic in this course.

Click on each pillar to explore how it protects information:

🔒

Confidentiality

Data privacy & secrecy

✅

Integrity

Data accuracy & trustworthiness

⚡

Availability

System accessibility & uptime

Select a CIA pillar above to see detailed examples and threats

🎯 CIA Threat Simulator

🔑 Symmetric vs Asymmetric (Public Key) Cryptography

🎯 Why This Matters — Real systems use both cryptographic paradigms for different problems. Understanding when to use symmetric (speed, bulk data) vs asymmetric (key distribution, authentication) is foundational to designing secure protocols like TLS.

📌 Scenario

You're a developer who needs to give a teammate remote access to a production server — without ever emailing them a password. You also need to encrypt customer records at rest as fast as possible. These two problems require different types of cryptography. Understanding when to use symmetric vs asymmetric encryption is one of the most practical skills in cybersecurity.

🔑 Symmetric Key

Alice ←→ [Same Key] ←→ Bob
🔒 Encrypt with Key A
🔓 Decrypt with Key A

✓ Fast & efficient

✗ Key distribution problem

🔐 Public Key (Asymmetric)

Alice ←→ [Public/Private Keys] ←→ Bob
🔒 Encrypt with Bob's Public Key
🔓 Decrypt with Bob's Private Key

✓ Secure key exchange

✗ Slower computation

💡 Why this matters in practice

Use Symmetric when:

Encrypting large files or databases
Both parties already share a key securely
Speed is critical (AES is ~1000× faster than RSA)

Use Asymmetric when:

Establishing a secure connection for the first time
Authenticating identity (digital signatures)
Sharing a symmetric key safely over the internet

🔐 Real-world example: HTTPS uses asymmetric encryption (RSA/ECDH) only to exchange a temporary symmetric key, then switches to AES for the rest of the session — getting the best of both worlds.

🖥️ Try it yourself — Generate Your Own Key Pair

Your browser detected you're on . The correct commands are pre-selected below. Open your terminal and run them to create a real RSA key pair.

← not right? switch here

          
              ▶ How to open Terminal on macOS
            Option 1 — Spotlight (fastest): Press ⌘ Space, type Terminal, press Enter
Option 2 — Finder: Applications → Utilities → Terminal
Option 3 — Dock: If Terminal is in your Dock, click its icon directly
iTerm2 users: Any of the above works — iTerm2 is a drop-in replacement for Terminal

          # 1. Generate a 4096-bit RSA key pair (press Enter to accept defaults)

          ssh-keygen -t rsa -b 4096 -C "your.email@example.com"

          # 2. View your PUBLIC key — safe to share with anyone

          cat ~/.ssh/id_rsa.pub

          # 3. View your PRIVATE key — never share this!

          cat ~/.ssh/id_rsa
        
              ▶ How to open Terminal on Windows
            Option 1 — PowerShell (Admin): Press Win + X, choose Windows PowerShell (Admin) or Terminal (Admin)
Option 2 — Run dialog: Press Win + R, type powershell, press Ctrl + Shift + Enter to run as Administrator
Option 3 — Start menu: Search PowerShell, right-click → Run as Administrator
Git Bash users: Open Start menu, search Git Bash — no admin rights needed for key generation
⚠️ The OpenSSH install step (step 1 below) requires Administrator. Key generation does not.

          # Open PowerShell as Administrator, then run:

          # 1. Enable OpenSSH (if not already installed)

          Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

          # 2. Generate a 4096-bit RSA key pair

          ssh-keygen -t rsa -b 4096 -C "your.email@example.com"

          # 3. View your PUBLIC key — safe to share

          Get-Content $env:USERPROFILE\.ssh\id_rsa.pub

          # Alternatively: use Git Bash if Git for Windows is installed
        
              ▶ How to open Terminal on Linux
            Option 1 — Keyboard shortcut: Press Ctrl + Alt + T (works on Ubuntu, Mint, Pop!_OS, and most GNOME/KDE distros)
Option 2 — Desktop right-click: Right-click an empty area of the desktop → Open Terminal (if your DE supports it)
Option 3 — App menu: Open your application launcher, search for Terminal, Konsole, or GNOME Terminal
Option 4 — Run dialog: Press Alt + F2 (KDE), type konsole or xterm

          # 1. Generate a 4096-bit RSA key pair

          ssh-keygen -t rsa -b 4096 -C "your.email@example.com"

          # 2. View your PUBLIC key — safe to share with anyone

          cat ~/.ssh/id_rsa.pub

          # 3. Set correct permissions (required on Linux)

          chmod 600 ~/.ssh/id_rsa && chmod 644 ~/.ssh/id_rsa.pub

          # 4. Verify your private key is protected

          ls -la ~/.ssh/

🔑 Key rule: Your public key (.pub) can be freely shared — it's how others encrypt messages for you or verify your identity. Your private key (no extension) must never leave your machine.

📸 Upload Your Terminal Screenshot

After running the commands above, take a screenshot of your terminal showing both the public and private key output. Upload it here as proof of completion.

📁 Click to upload screenshot (PNG, JPG, or GIF)

🔐 Why Do We Have Passwords?

🎯 Why This Matters — Despite being the weakest common authentication mechanism, passwords protect billions of accounts. Understanding why passwords fail motivates better alternatives: MFA, hardware keys, and proper password hashing with algorithms like bcrypt and Argon2.

Authentication: Passwords verify "you are who you say you are"

Without authentication, anyone could access your accounts, files, and sensitive information.

🧪 Password Generator Task

Use a password generator to create three passwords — one for each strength level — then paste them in the fields below. Each field will validate your entry and show you the estimated crack time.

🔴 Weak Password

Short password — under 8 characters (e.g. hello123)

🟡 Medium Password

Mix of letters & numbers, 8–11 characters (e.g. Coffee2024)

🟢 Strong Password

12+ characters with uppercase, lowercase, numbers & symbols (e.g. T!ger$8x#Mango)

⚠️ Password Vulnerabilities

Dictionary attacks (using common words)
Brute force attacks (trying all combinations)
Social engineering (guessing personal info)
Data breaches (passwords stolen from other sites)

❓ Which CIA principle is MOST violated when an attacker intercepts and reads your encrypted email without authorization?

💭 Learning Reflection Submission

After interacting with the CIA triad, public key concepts, and password strength tools, reflect on your learning:

Guided Questions:

What does each pillar of the CIA triad protect against — and can you give a real-world example for each?
How does public key cryptography solve the key distribution problem that symmetric encryption cannot?
Why is password length generally more important than complexity when it comes to brute-force resistance?
What is the difference between authentication and authorization? Why does it matter?
Key question: An attacker intercepts your encrypted email and reads its contents without modifying it. Which CIA principle is violated — and why are the other two not violated in this specific scenario?

🔒 Complete all objectives (tracker bottom-right ↘) to unlock submission

📝 Your Learning Reflection ★ Required

🔍 Lab Observations (Optional)

Was there anything within the lab you expected to change, but didn't?

Your name:

💡 Why it matters

The CIA Triad forms the foundation of all cybersecurity practices:

Confidentiality — Encryption protects sensitive data from unauthorized access
Integrity — Hash functions and digital signatures ensure data hasn't been tampered with
Availability — Redundancy and security measures keep systems accessible to authorized users

Public key cryptography solves the key distribution problem, enabling secure communication over insecure channels. Strong authentication (passwords, multi-factor auth) ensures only authorized users access protected systems.

Student:
Opened:
Submitted:
Time on page:

CIA Triad & Authentication Fundamentals

🛡️ The CIA Triad

🔑 Symmetric vs Asymmetric (Public Key) Cryptography

🔐 Why Do We Have Passwords?

💡 Why it matters

Module 1 Lab – CIA Triad & Authentication Fundamentals

Student Info

Interactions

Key Pair Screenshot

Reflection

Lab Observations

CIA Triad & Authentication Fundamentals

🛡️ The CIA Triad

🔑 Symmetric vs Asymmetric (Public Key) Cryptography

🔐 Why Do We Have Passwords?

💡 Why it matters

Module 1 Lab – CIA Triad & Authentication Fundamentals

Student Info

Interactions

Key Pair Screenshot

Reflection

Lab Observations

🔐 Welcome to Cryptography Labs!

📋 Track Your Progress with Objectives

🎮 Learn by Doing — Interactive Playgrounds

❓ Test Your Understanding with the Quiz

📝 Share Your Learning in the Reflection

📄 Export Your Work & Exit