Cisco Support for Lawful Intercept In IP Networks
Service providers are being asked to meet lawful intercept requirements of IP networks for voice as well as data in a variety of countries worldwide. Service Provider requirements vary from country to country but some requirements remain common even though details such as delivery formats may differ. The objective of this document is to describe how a Service Provider can support lawful intercept with a general solution that has a minimum set of common interfaces. This document does not deal with legal requirements or obligations.
Tuesday, April 15, 2003
PKI... Why Go Through the Hassle?
As e-mail increasingly substitutes the use of letters and faxes (also to governmental bodies) and as commercial transactions on the web get more and more important to organisations, the need for secure communications equally grows, especially with spoof attacks, interception of transmissions and other hacking methods becoming more widespread and getting more “intelligent” every day. So, if the web is to achieve its true (commercial) potential, it is important that the right technological infrastructure is in place. Public Key Infrastructure (PKI) enabled by cryptography provides a secure basis. Digital signatures use public key infrastructure.
As e-mail increasingly substitutes the use of letters and faxes (also to governmental bodies) and as commercial transactions on the web get more and more important to organisations, the need for secure communications equally grows, especially with spoof attacks, interception of transmissions and other hacking methods becoming more widespread and getting more “intelligent” every day. So, if the web is to achieve its true (commercial) potential, it is important that the right technological infrastructure is in place. Public Key Infrastructure (PKI) enabled by cryptography provides a secure basis. Digital signatures use public key infrastructure.
Digital Forensics Lesson Learned Repository
The use of computers to store evidence by criminals has become more prevalent as our society has become increasingly computerized. It is now routine to find calendars, e-mails among co-conspirators, financial account information, detailed plans of crimes, telephone numbers and other artifacts that can be used as evidence in a criminal case stored on a hard drive, PDA or cell phone. However, every new computerized device or new software upgrade poses additional challenges to computer forensics experts who are already thinly stretched as case loads mount. There is little opportunity for innovation and research, and no slack to allow the luxury of reinventing the wheel for similar cases.
A "Lesson Learned" is defined as: "A good work practice or innovative approach that is captured and shared to promote repeat application, or an adverse work practice or experience that is captured and shared to avoid recurrence[1]." In order to facilitate sharing information on computer forensics, we are developing a web-based Lessons-Learned Repository (LLR) to facilitate both the contribution and retrieval of Lessons.
The LLR will initially be populated through contributions from a set of selected computer forensics specialists from the Law Enforcement community, the results of an analysis of the transcripts of past court cases involving electronic evidence and standardized procedures for collecting the data from a device in a legally admissible manner [2]. Once the Repository is on-line, it is anticipated additional Lessons will continue to be contributed from the global computer forensics community, as well as being augmented by manufacturers willing to post contact information for product-specific inquiries.
The use of computers to store evidence by criminals has become more prevalent as our society has become increasingly computerized. It is now routine to find calendars, e-mails among co-conspirators, financial account information, detailed plans of crimes, telephone numbers and other artifacts that can be used as evidence in a criminal case stored on a hard drive, PDA or cell phone. However, every new computerized device or new software upgrade poses additional challenges to computer forensics experts who are already thinly stretched as case loads mount. There is little opportunity for innovation and research, and no slack to allow the luxury of reinventing the wheel for similar cases.
A "Lesson Learned" is defined as: "A good work practice or innovative approach that is captured and shared to promote repeat application, or an adverse work practice or experience that is captured and shared to avoid recurrence[1]." In order to facilitate sharing information on computer forensics, we are developing a web-based Lessons-Learned Repository (LLR) to facilitate both the contribution and retrieval of Lessons.
The LLR will initially be populated through contributions from a set of selected computer forensics specialists from the Law Enforcement community, the results of an analysis of the transcripts of past court cases involving electronic evidence and standardized procedures for collecting the data from a device in a legally admissible manner [2]. Once the Repository is on-line, it is anticipated additional Lessons will continue to be contributed from the global computer forensics community, as well as being augmented by manufacturers willing to post contact information for product-specific inquiries.
Warren Harrison
Warren's research interests are focused on the areas of software engineering, computer forensics and mobile wireless applications. He is currently Editor-in-Chief of IEEE Software Magazine, whose mission is "building the community of leading software practitioners." He is also past-Editor-in-Chief of Empirical Software Engineering and the Software Quality Journal.
Warren's research interests are focused on the areas of software engineering, computer forensics and mobile wireless applications. He is currently Editor-in-Chief of IEEE Software Magazine, whose mission is "building the community of leading software practitioners." He is also past-Editor-in-Chief of Empirical Software Engineering and the Software Quality Journal.
Monday, April 14, 2003
Steganography Revealed
Over the past couple of years, steganography has been the source of a lot of discussion, particularly as it was suspected that terrorists connected with the September 11 attacks might have used it for covert communications. While no such connection has been proven, the concern points out the effectiveness of steganography as a means of obscuring data. Indeed, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security.
Over the past couple of years, steganography has been the source of a lot of discussion, particularly as it was suspected that terrorists connected with the September 11 attacks might have used it for covert communications. While no such connection has been proven, the concern points out the effectiveness of steganography as a means of obscuring data. Indeed, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security.
Webinvestigator
The Internet consists of over two billion pages of information yet many investigators make only superficial use of this amazing resource. This site is dedicated to those who have to dig deeper and use information more carefully than the general public.
The Internet consists of over two billion pages of information yet many investigators make only superficial use of this amazing resource. This site is dedicated to those who have to dig deeper and use information more carefully than the general public.
Subscribe to:
Posts (Atom)
