A while ago, I made a video about security concepts for beginners:
Here's the transcript:
I have been working on the Security docs for CockroachDB and learned that CockroachDB provides authentication, encryption, authorization, and audit logging features to deploy secure clusters. But what do these terms mean?
Let’s consider an analogy to understand these terms:
Imagine that you work at an office that is located in an office building with a security system in place.
On the first day at the job, you were given an ID card with identifying information about you, like your photograph, your name, and the name of the company you work for, and it was signed by the security officer who’s in charge of the security of the entire office building.
Now every time you enter the building, you present the identity card to the security guard at the entrance.
The security guard doesn’t know you, and so has no reason to trust you and let you in.
They also might not personally know the security officer who signed your card, so they can’t trust the signature either.
However, they have the security officer’s signature stored in a system that they do trust.
They check the signature on your card against the signature that they have in their system and find that the signatures match.
Now they trust that the information on your ID card is valid. So they let you enter the building.
This is authentication - your signed ID card serves as a way to “authenticate” your identity.
Once you enter the building, you realize that the building has offices of several companies.
Each company has their own access systems, and you have access only to your office. So even though you have able to enter the building, you are authorized to access only a part of it.
This is authorization, or access control.
Now suppose that you are in the lobby with a coworker, discussing a confidential issue, when another person walks in.
You don’t want to abruptly stop your conversation, but you also don’t want this other person to know what you’re talking about.
Thankfully, both you and your coworker have a pre-established code language that only the two of you know about.
You continue the conversation in the code language, thereby having an uninterrupted discussion while also maintaining the confidentiality of the matter.
This is encryption - a secured communication using a code or encryption system that only the communicating parties know about.
Finally, the security person maintains a “log” of employees and visitors entering and leaving the building. In case something goes wrong, they can track down who was in the building at what time.
This is Audit Logging.