DataSec Limited
Forensic computing is now an essential part of the fight against fraud and a vital tool in dealing with internal computer misuse. The use of computer evidence is becoming more prevalent in criminal and civil legal proceedings. Computer forensics is now an essential part of commercial risk management.
Friday, July 19, 2002
Thursday, July 18, 2002
Wireless Security Blackpaper
In 1999 the IEEE completed and approved the standard known as 802.11b, and WLANs were born. Finally, computer networks could achieve connectivity with a useable amount of bandwidth without being networked via a wall socket. Suddenly connecting multiple computers in a house to share an Internet connection or play LAN games no longer required expensive or ugly cabling. Business users could get up out of their chairs and sit in the sunshine while they worked. New generations of handheld devices allowed users access to stored data as they walked down the hall to a meeting. The dawn of networking elegance was upon us. Users could set their laptops down anywhere and instantly be granted access to all networking resources. This was, and is, the vision of wireless networks, and what they are capable of delivering.
Fast forward to today. While wireless networks have seen widespread adoption in the home user markets, widely reported and easily exploited holes in the standard security system have stunted wireless' deployment rate in enterprise environments. While many people don't know exactly what the weaknesses are, most have accepted the prevailing wisdom that wireless networks are inherently insecure and nothing can be done about it. Can wireless networks be deployed securely today? What exactly are the security holes in the current standard, and how do they work? Where is wireless security headed in the future? This article attempts to shed light on these questions and others about wireless networking security in an enterprise environment.
In 1999 the IEEE completed and approved the standard known as 802.11b, and WLANs were born. Finally, computer networks could achieve connectivity with a useable amount of bandwidth without being networked via a wall socket. Suddenly connecting multiple computers in a house to share an Internet connection or play LAN games no longer required expensive or ugly cabling. Business users could get up out of their chairs and sit in the sunshine while they worked. New generations of handheld devices allowed users access to stored data as they walked down the hall to a meeting. The dawn of networking elegance was upon us. Users could set their laptops down anywhere and instantly be granted access to all networking resources. This was, and is, the vision of wireless networks, and what they are capable of delivering.
Fast forward to today. While wireless networks have seen widespread adoption in the home user markets, widely reported and easily exploited holes in the standard security system have stunted wireless' deployment rate in enterprise environments. While many people don't know exactly what the weaknesses are, most have accepted the prevailing wisdom that wireless networks are inherently insecure and nothing can be done about it. Can wireless networks be deployed securely today? What exactly are the security holes in the current standard, and how do they work? Where is wireless security headed in the future? This article attempts to shed light on these questions and others about wireless networking security in an enterprise environment.
Center for Internet Security
The Center for Internet Security (CIS) is a not-for-profit cooperative enterprise that helps organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security configurations.
CIS members are developing and propagating the widespread application of Security Benchmarks through a global consensus process that brings together industry, government, academia and consultants. CIS Benchmarks enumerate the "When, Why, and How" aspects of technical security configurations across a wide range of operating system platforms and Internet software applications.
The Center for Internet Security (CIS) is a not-for-profit cooperative enterprise that helps organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security configurations.
CIS members are developing and propagating the widespread application of Security Benchmarks through a global consensus process that brings together industry, government, academia and consultants. CIS Benchmarks enumerate the "When, Why, and How" aspects of technical security configurations across a wide range of operating system platforms and Internet software applications.
Security of the Internet
As of 1996, the Internet connected an estimated 13 million computers in 195 countries on every continent, even Antarctica (1). The Internet is not a single network, but a worldwide collection of loosely connected networks that are accessible by individual computer hosts in a variety of ways, including gateways, routers, dial-up connections, and Internet service providers. The Internet is easily accessible to anyone with a computer and a network connection. Individuals and organizations worldwide can reach any point on the network without regard to national or geographic boundaries or time of day.
However, along with the convenience and easy access to information come new risks. Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and that the computer systems will be corrupted. If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. Intruders do not need to enter an office or home, and may not even be in the same country. They can steal or tamper with information without touching a piece of paper or a photocopier. They can create new electronic files, run their own programs, and hide evidence of their unauthorized activity.
As of 1996, the Internet connected an estimated 13 million computers in 195 countries on every continent, even Antarctica (1). The Internet is not a single network, but a worldwide collection of loosely connected networks that are accessible by individual computer hosts in a variety of ways, including gateways, routers, dial-up connections, and Internet service providers. The Internet is easily accessible to anyone with a computer and a network connection. Individuals and organizations worldwide can reach any point on the network without regard to national or geographic boundaries or time of day.
However, along with the convenience and easy access to information come new risks. Among them are the risks that valuable information will be lost, stolen, corrupted, or misused and that the computer systems will be corrupted. If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. Intruders do not need to enter an office or home, and may not even be in the same country. They can steal or tamper with information without touching a piece of paper or a photocopier. They can create new electronic files, run their own programs, and hide evidence of their unauthorized activity.
Group proposes PC protection guarantees
Several U.S. government agencies have teamed with an international Internet security organization to support a set of benchmarks aimed at guaranteeing a minimum security standard for computers.
Several U.S. government agencies have teamed with an international Internet security organization to support a set of benchmarks aimed at guaranteeing a minimum security standard for computers.
HiveCache: Distributed Enterprise Online Backups
HiveCache is a new and innovative backup and data restore solution that eliminates the productivity cost of restoring lost data files for IT users by using the spare disk space on PCs within the corporate intranet to store backup data and keep it available for instant file restores. When a data is lost on a PC the most critical need for your users is restoring a couple of files or folders that were being actively worked on when the system crashed or the files were lost due to "pilot error." With HiveCache your users are up and running again in minutes with data from a version of their file stored in the HiveCache distributed backup mesh, eliminating lost user productivity and the time spent by IT staff tending to such requests.
HiveCache is a new and innovative backup and data restore solution that eliminates the productivity cost of restoring lost data files for IT users by using the spare disk space on PCs within the corporate intranet to store backup data and keep it available for instant file restores. When a data is lost on a PC the most critical need for your users is restoring a couple of files or folders that were being actively worked on when the system crashed or the files were lost due to "pilot error." With HiveCache your users are up and running again in minutes with data from a version of their file stored in the HiveCache distributed backup mesh, eliminating lost user productivity and the time spent by IT staff tending to such requests.
Wednesday, July 17, 2002
Only Mostly Dead
PKI is dead. Mercifully. PKI arrived as a gimpy pony in the first place, and by now we are pretty tired of beating a dead horse.
If you think it seems naive to summarily dismiss an entire platform, I would agree. Writing its obit wasn't my idea. It was inspired by a leading PKI vendor.
PKI is dead. Mercifully. PKI arrived as a gimpy pony in the first place, and by now we are pretty tired of beating a dead horse.
If you think it seems naive to summarily dismiss an entire platform, I would agree. Writing its obit wasn't my idea. It was inspired by a leading PKI vendor.
Computer Policy and Law Policy Collection
Welcome to the Computer Policy and Law Policies List! We've worked hard to make this list a very useful resource for policy-makers of all kinds.
Welcome to the Computer Policy and Law Policies List! We've worked hard to make this list a very useful resource for policy-makers of all kinds.
Security holds back Web services
Security issues are the number one roadblock to the adoption of Web services, according to a ZapThink market analyst.
Last week industry pundits claimed that the submission of the latest version of the Web Services Security (WS-Security) specification to international standards body Organization for the Advancement of Structured Information Standards (OASIS) was a move in the right direction.
But Jason Bloomberg, senior analyst at U.S.-based XML and Web services analyst ZapThink, thinks it's still security concerns that are holding Web services back.
Security issues are the number one roadblock to the adoption of Web services, according to a ZapThink market analyst.
Last week industry pundits claimed that the submission of the latest version of the Web Services Security (WS-Security) specification to international standards body Organization for the Advancement of Structured Information Standards (OASIS) was a move in the right direction.
But Jason Bloomberg, senior analyst at U.S.-based XML and Web services analyst ZapThink, thinks it's still security concerns that are holding Web services back.
Tuesday, July 16, 2002
Creating Secure & Fully Managed Bluetooth Networks
REQUIRES REGISTRATION The Bluetooth standard has reached stability with version 1.1; multiple vendors are now shipping their first Bluetooth products; the first commercial applications for Bluetooth are starting to emerge; and the ultimate goal of wide-scale market adoption by the mass consumer market is on the horizon.
The nature of the technology and its application has also undergone a profound change: what started as a concept for a simple, short-range cable replacement technology has evolved into a local wireless networking technology for the delivery voice, video and data services to a enormous range of handheld and mobile devices. To many, Bluetooth will become the ubiquitous standard for in-building wireless networks which complements the revolution occurring in long-range 3 rd generation cellular networks.
REQUIRES REGISTRATION The Bluetooth standard has reached stability with version 1.1; multiple vendors are now shipping their first Bluetooth products; the first commercial applications for Bluetooth are starting to emerge; and the ultimate goal of wide-scale market adoption by the mass consumer market is on the horizon.
The nature of the technology and its application has also undergone a profound change: what started as a concept for a simple, short-range cable replacement technology has evolved into a local wireless networking technology for the delivery voice, video and data services to a enormous range of handheld and mobile devices. To many, Bluetooth will become the ubiquitous standard for in-building wireless networks which complements the revolution occurring in long-range 3 rd generation cellular networks.
Laptop Theft, Know Before You Go: Why Criminals Steal Laptops
10 years ago when travelers were victimized the object of theft was cameras, five years ago it was camcorders, today it’s laptops. Criminals look at laptops as a good return on their “investment”. A good laptop can be worth up to $5,000 dollars. A criminal can sell a stolen laptop to an unsuspecting used computer store or pawnshop and easily receive up to half it’s value in cash. Not too bad when you compare that to the amount of cash a thief would get by targeting your wallet. How much money would they get from you, $60.00? It easy to understand why your laptop is so desirable to a thief. In addition to the obvious monetary benefit, there is also a legal benefit to stealing property vs. someone’s money. Most career criminals know that the penalties for a crime against property (theft) are less severe than those of a crime against a person ( robbery) like stealing money. So to sum it up, laptops are worth more than cash,, and if you are caught stealing them the penalty is less severe.
10 years ago when travelers were victimized the object of theft was cameras, five years ago it was camcorders, today it’s laptops. Criminals look at laptops as a good return on their “investment”. A good laptop can be worth up to $5,000 dollars. A criminal can sell a stolen laptop to an unsuspecting used computer store or pawnshop and easily receive up to half it’s value in cash. Not too bad when you compare that to the amount of cash a thief would get by targeting your wallet. How much money would they get from you, $60.00? It easy to understand why your laptop is so desirable to a thief. In addition to the obvious monetary benefit, there is also a legal benefit to stealing property vs. someone’s money. Most career criminals know that the penalties for a crime against property (theft) are less severe than those of a crime against a person ( robbery) like stealing money. So to sum it up, laptops are worth more than cash,, and if you are caught stealing them the penalty is less severe.
Developing a Company Policy Against laptop Computer Theft
Firewalls, security scanners, antivirus software and other types of security technology aren't enough to prevent high-tech crime. Real prevention begins by formulating a company security policy that details -- among other matters -- what information is valuable and how to protect it."A lot of companies don't have a policy in place," says Patrice Rapalus of the Computer Security Institute in San Francisco. "It's still an area where there needs to be a lot of awareness. Companies don't believe it's a problem."
Firewalls, security scanners, antivirus software and other types of security technology aren't enough to prevent high-tech crime. Real prevention begins by formulating a company security policy that details -- among other matters -- what information is valuable and how to protect it."A lot of companies don't have a policy in place," says Patrice Rapalus of the Computer Security Institute in San Francisco. "It's still an area where there needs to be a lot of awareness. Companies don't believe it's a problem."
Mailbag: Laptop security conspiracy theories
As expected, I received a range of responses to a previous newsletter about whether laptop security was a real or imagined issue. I heard from several readers who told me their tales of laptop theft. Here are few of your responses.
As expected, I received a range of responses to a previous newsletter about whether laptop security was a real or imagined issue. I heard from several readers who told me their tales of laptop theft. Here are few of your responses.
Where the Hell Is My Laptop?
Unaware that he was about to become a footnote in the history of corporate espionage, Irwin Jacobs shook hands with the people who had flocked to the dais after his speech. It was just before 1 p.m. last Sept. 16, at a meeting of the Society of American Business Editors and Writers in a Hyatt Regency in Irvine, Calif. At one end of a room full of chairs stood Jacobs, a former MIT engineering professor who founded Qualcomm in 1985 and drove the company to revenues of $3.9 billion a year, and himself to billionaire status. A few feet away from him was a lectern with his IBM ThinkPad laptop, which he had used for his presentation. After chatting for a few minutes with the journalists who had approached him, Jacobs noticed something odd about his laptop: It wasn't there. Distraught, he strode over to the lectern, where he confirmed the bad news. The machine had vanished. Reporters asked him what was on it. "Everything," he said. Financial statements, secret corporate data, years of e-mail, digitized pictures of his grandchildren -- all of it was on his machine. "Wherever I go, it goes," he said. "It's been around the world with me a couple of times."
Unaware that he was about to become a footnote in the history of corporate espionage, Irwin Jacobs shook hands with the people who had flocked to the dais after his speech. It was just before 1 p.m. last Sept. 16, at a meeting of the Society of American Business Editors and Writers in a Hyatt Regency in Irvine, Calif. At one end of a room full of chairs stood Jacobs, a former MIT engineering professor who founded Qualcomm in 1985 and drove the company to revenues of $3.9 billion a year, and himself to billionaire status. A few feet away from him was a lectern with his IBM ThinkPad laptop, which he had used for his presentation. After chatting for a few minutes with the journalists who had approached him, Jacobs noticed something odd about his laptop: It wasn't there. Distraught, he strode over to the lectern, where he confirmed the bad news. The machine had vanished. Reporters asked him what was on it. "Everything," he said. Financial statements, secret corporate data, years of e-mail, digitized pictures of his grandchildren -- all of it was on his machine. "Wherever I go, it goes," he said. "It's been around the world with me a couple of times."
Laptop Security: Be Deliberate
Laptops are commonplace today and so is their theft. But losing the computer often doesn't matter as much as losing the data it contains.
Case in point: Qualcomm's chairman and CEO recently gave a speech to the Society of American Business Editors and Writers at the Hyatt Regency Hotel in Irvine, California. After his speech, numerous journalists gathered around to ask questions. During that brief time, he was never more than 30 feet from his laptop, yet someone managed to steal it. The laptop contained some of Qualcomm's most valuable trade secrets (reported to be worth millions), which are now in the thief's hands.
Laptops are commonplace today and so is their theft. But losing the computer often doesn't matter as much as losing the data it contains.
Case in point: Qualcomm's chairman and CEO recently gave a speech to the Society of American Business Editors and Writers at the Hyatt Regency Hotel in Irvine, California. After his speech, numerous journalists gathered around to ask questions. During that brief time, he was never more than 30 feet from his laptop, yet someone managed to steal it. The laptop contained some of Qualcomm's most valuable trade secrets (reported to be worth millions), which are now in the thief's hands.
Laptop Security Guidelines for IT Professionals
Laptops have become thief magnets attracting everything from common thugs and dishonest housekeeping employees to sophisticated conmen, hi-tech crime rings, and industrial spies. In 1999 alone, over 319,000 laptops were reported stolen. Thousands more were simply misplaced or left in hotel rooms, restaurants, airports, cabs or coffee shops by busy employees rushing around. Protect your capital investment and your company's secrets by following these guidelines to better laptop security.
Laptops have become thief magnets attracting everything from common thugs and dishonest housekeeping employees to sophisticated conmen, hi-tech crime rings, and industrial spies. In 1999 alone, over 319,000 laptops were reported stolen. Thousands more were simply misplaced or left in hotel rooms, restaurants, airports, cabs or coffee shops by busy employees rushing around. Protect your capital investment and your company's secrets by following these guidelines to better laptop security.
Netcat 1.10
Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol.It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Netcat, or "nc" as the actual program is named, should have been supplied long ago as another one of those cryptic but standard Unix tools.
Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol.It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Netcat, or "nc" as the actual program is named, should have been supplied long ago as another one of those cryptic but standard Unix tools.
Monday, July 15, 2002
Computer Security Bible Volume 1
Welcome to Computer Security Bible Volume 1. This is the first volume of the many volumes to come that begins in the first steps of hacking. The following is nothing but baby steps into the world of Computer Security. Now, most people hear computer security and think hackers. So I guess you could call this a hacker manual. BUT , at the end of this book I teach you how to defend against every attack presented to you throughout this volume.
Welcome to Computer Security Bible Volume 1. This is the first volume of the many volumes to come that begins in the first steps of hacking. The following is nothing but baby steps into the world of Computer Security. Now, most people hear computer security and think hackers. So I guess you could call this a hacker manual. BUT , at the end of this book I teach you how to defend against every attack presented to you throughout this volume.
Computer Security Reference Volume 1
Welcome to the Computer Security Reference Volume 1. This is an add-on to the Computer Security Bible Volume 1 on www.CyrusLabs.com . It is more like a reference book that anything else. But I still suggest you go read the original, as it explains everything. But in this reference volume, you will find a little bit extra information that I think should have been in the Computer Security Bible. So basically, just surf through the Table Of Contents and click on a question and read the answer. From now on, every release of a Computer Security Bible Volume, there will be a reference as an added bonus for each one. Enjoy! :)
Welcome to the Computer Security Reference Volume 1. This is an add-on to the Computer Security Bible Volume 1 on www.CyrusLabs.com . It is more like a reference book that anything else. But I still suggest you go read the original, as it explains everything. But in this reference volume, you will find a little bit extra information that I think should have been in the Computer Security Bible. So basically, just surf through the Table Of Contents and click on a question and read the answer. From now on, every release of a Computer Security Bible Volume, there will be a reference as an added bonus for each one. Enjoy! :)
SILICON DEFENSE Spade Snorts anomalous packet analyzer The Stealthy Portscan and Intrusion Correlation Engine, is a project at Silicon Defense to detect portscans, even those in which the attacker has attempted to make the scan stealthy. For example, they may have slowed down the scan or randomized it.
The basic idea with Spice is to monitor a network's packets. Each packet is assigned an anomaly score based on the normal traffic observed on the network. The higher the score, the more unusual and possibly suspicious the packet is. These are then passed to a correlator which groups related packets together and reports portscans. The correlator is under active development, but an implementation of the anomaly sensor called SPADE has been released.
Spade stands for the Statistical Packet Anomaly Detection Engine. It is a Snort preprocessor plugin which sends alerts of anomalous packet through standard Snort reporting mechanisms.
The basic idea with Spice is to monitor a network's packets. Each packet is assigned an anomaly score based on the normal traffic observed on the network. The higher the score, the more unusual and possibly suspicious the packet is. These are then passed to a correlator which groups related packets together and reports portscans. The correlator is under active development, but an implementation of the anomaly sensor called SPADE has been released.
Spade stands for the Statistical Packet Anomaly Detection Engine. It is a Snort preprocessor plugin which sends alerts of anomalous packet through standard Snort reporting mechanisms.
The State of Anomaly Detection
Anomaly detection can be described as an alarm for strange system behavior. The concept stems from a paper fundamental to the field of security - An Intrusion Detection Model, by Dorothy Denning. In it, she describes building an "activity profile" of normal usage over an interval of time. Once in place, the profile is compared against real time events. Anything that deviates from the baseline, or the norm, is logged as anomalous.
Anomaly detection can be described as an alarm for strange system behavior. The concept stems from a paper fundamental to the field of security - An Intrusion Detection Model, by Dorothy Denning. In it, she describes building an "activity profile" of normal usage over an interval of time. Once in place, the profile is compared against real time events. Anything that deviates from the baseline, or the norm, is logged as anomalous.
INTERNATIONAL SPY MUSEUM
The mission of the International Spy Museum is to educate the public about espionage in an engaging manner and to provide a dynamic context that fosters understanding of its important role in and impact on current and historic events. The Museum focuses on human intelligence and reveals the role spies have played in world events throughout history.
The mission of the International Spy Museum is to educate the public about espionage in an engaging manner and to provide a dynamic context that fosters understanding of its important role in and impact on current and historic events. The Museum focuses on human intelligence and reveals the role spies have played in world events throughout history.
Secure Deletion of Data from Magnetic and Solid-State Memory
With the use of increasingly sophisticated encryption systems, an attacker wishing to gain access to sensitive data is forced to look elsewhere for information. One avenue of attack is the recovery of supposedly erased data from magnetic media or random-access memory. This paper covers some of the methods available to recover erased data and presents schemes to make this recovery significantly more difficult.
With the use of increasingly sophisticated encryption systems, an attacker wishing to gain access to sensitive data is forced to look elsewhere for information. One avenue of attack is the recovery of supposedly erased data from magnetic media or random-access memory. This paper covers some of the methods available to recover erased data and presents schemes to make this recovery significantly more difficult.
Linux Data Hiding and Recovery
Just when you thought your data was removed forever, Anton Chuvakin shows us how to recover data and even how data can surruptitiously be hidden within space on the filesystem.
It is common knowledge that what is deleted from the computer can sometimes be brought back. Recent analysis of security implications of "alternative datastreams" on Windows NT by Kurt Seifried has shown that Windows NTFS filesystem allows data hiding in "alternative datastreams" connected to files. These datastreams are not destroyed by many file wiping utilities that promise irrecoverable removal of information. Wiping the file means "securely" deleting it from disk (unlike the usual removal of file entries from directories), so that file restoration becomes extremely expensive or impossible.
Just when you thought your data was removed forever, Anton Chuvakin shows us how to recover data and even how data can surruptitiously be hidden within space on the filesystem.
It is common knowledge that what is deleted from the computer can sometimes be brought back. Recent analysis of security implications of "alternative datastreams" on Windows NT by Kurt Seifried has shown that Windows NTFS filesystem allows data hiding in "alternative datastreams" connected to files. These datastreams are not destroyed by many file wiping utilities that promise irrecoverable removal of information. Wiping the file means "securely" deleting it from disk (unlike the usual removal of file entries from directories), so that file restoration becomes extremely expensive or impossible.
ASSET: Automated Security Self-Evaluation Tool
The purpose of ASSET is to automate the completion of the questionnaire contained in NIST Special Publication 800-26, "Security Self-Assessment Guide for Information Technology Systems."
As described in NIST Special Publication 800-26, the results of the questionnaire provide a "method of evaluating the security of a particular system or group of systems." Through interpretation of the questionnaire results, users are able to assess the information technology (IT) security posture for any number of systems within their organization and, in particular, assess the status of the organization's security program plan.
ASSET consists of two tools -- The ASSET-System and the ASSET-Manager. Within ASSET-System, the questionnaire is presented in a progressive format, allowing users to move backward and forward in the questionnaire at their discretion. The ASSET-Manager provides the ability to sort and summarize the questionnaire results for all systems assessed and to display the results through several formatted reports or through an export capability.
The purpose of ASSET is to automate the completion of the questionnaire contained in NIST Special Publication 800-26, "Security Self-Assessment Guide for Information Technology Systems."
As described in NIST Special Publication 800-26, the results of the questionnaire provide a "method of evaluating the security of a particular system or group of systems." Through interpretation of the questionnaire results, users are able to assess the information technology (IT) security posture for any number of systems within their organization and, in particular, assess the status of the organization's security program plan.
ASSET consists of two tools -- The ASSET-System and the ASSET-Manager. Within ASSET-System, the questionnaire is presented in a progressive format, allowing users to move backward and forward in the questionnaire at their discretion. The ASSET-Manager provides the ability to sort and summarize the questionnaire results for all systems assessed and to display the results through several formatted reports or through an export capability.
Why Cryptography Is Harder Than It
From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today's information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital.
But the cryptography now on the market doesn't provide the level of security it advertises. Most systems are not designed and implemented in concert with cryptographers, but by engineers who thought of cryptography as just another component. It's not. You can't make systems secure by tacking on cryptography as an afterthought. You have to know what you are doing every step of the way, from conception through installation.
From e-mail to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today's information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital.
But the cryptography now on the market doesn't provide the level of security it advertises. Most systems are not designed and implemented in concert with cryptographers, but by engineers who thought of cryptography as just another component. It's not. You can't make systems secure by tacking on cryptography as an afterthought. You have to know what you are doing every step of the way, from conception through installation.
SSL Tunneling
No matter how hard you try, at times your privacy will need to be knowingly invaded so you can make use of the product offered for doing so. If you think about food, for example, one cannot eat without swallowing. When we wish to make a transaction or view a site on the internet, where we have to give enough information away so that it happens, we also want to be assured no one else along the line gathers that data. An encrypted session would mean our data is not at the hands of any privacy perpetrators unless they knew how to decode it - and the only ones in the know, are those you specifically wish. SSL uses public key encryption as explained in the PGP section. To put this at a head: if you use an encrypted connection or session, you can be relatively assured that there are no prying eyes along the way.
No matter how hard you try, at times your privacy will need to be knowingly invaded so you can make use of the product offered for doing so. If you think about food, for example, one cannot eat without swallowing. When we wish to make a transaction or view a site on the internet, where we have to give enough information away so that it happens, we also want to be assured no one else along the line gathers that data. An encrypted session would mean our data is not at the hands of any privacy perpetrators unless they knew how to decode it - and the only ones in the know, are those you specifically wish. SSL uses public key encryption as explained in the PGP section. To put this at a head: if you use an encrypted connection or session, you can be relatively assured that there are no prying eyes along the way.
Sunday, July 14, 2002
Intrusion Detection: Implementation and Operational Issues
Intrusion detection systems (IDSs) are an important component of defensive measures protecting computer systems and networks from abuse. This article gives an overview of the most commonly used intrusion detection (ID) techniques. It considers the role of IDSs in the overall defensive posture of an organization and provides guidelines for their deployment, operation, and maintenance.
Intrusion detection systems (IDSs) are an important component of defensive measures protecting computer systems and networks from abuse. This article gives an overview of the most commonly used intrusion detection (ID) techniques. It considers the role of IDSs in the overall defensive posture of an organization and provides guidelines for their deployment, operation, and maintenance.
Can Data Security Be Outsourced?
By understanding how ASPs (application service providers) protect your data, you may find it both more economical and safer to outsource your application and data management.
By understanding how ASPs (application service providers) protect your data, you may find it both more economical and safer to outsource your application and data management.
Top 10 Web services security requirements
No matter how big your company is or what it does, security is a primary consideration when choosing a Web service for all applications. This article will look at the 10 most important factors that determine the security level and requirements when implementing Web services
No matter how big your company is or what it does, security is a primary consideration when choosing a Web service for all applications. This article will look at the 10 most important factors that determine the security level and requirements when implementing Web services
Subscribe to:
Posts (Atom)