Posts: 6,566
Threads: 1,107
Joined: Jul 2011
INTERNET SECURITY
Introduction: Secure communication is critical, for e-commerce, e-banking, and even e-mail. Additionally, systems are becoming even more distributed. We know that the real world has many people who will try to gain advantage. Mischief in the virtual world is typically remote and criminal faceless. In the real world, we want confidentiality, secrecy and privacy - criminal offences exist to prosecute unauthorised opening of mail. Integrity is also an important aspect, it should be apparent when artefacts have been alteredseals have been used in years gone by to protect documents. Similarly, the authenticity of artefacts needs to be proved. Other things we want in the real world includes non-repudiation (you should not be able to deny doing specific actions, for example if you bought a share you should not later deny it), which is often implemented using the idea of signatures and witnessing.
Data Encryption System: The Data Encryption Standard (DES) has a very controversial history. It was developed on behalf of the US government based on previous work done by IBM.
Posts: 6,566
Threads: 1,107
Joined: Jul 2011
INTERNET SECURITY
[attachment=17192]
Internet Security as Part of the Overall Security Plan:
Computer security attacks cost as much as $10 billion a year. An attack can damage data integrity, confidentiality or availability. Organizations must understand the potential costs: How would incorrect data affect decision making? What will happen if confidential information is made public? What is the cost (in lost time and credibility) of interrupted service? To understand threats, organizations should ask themselves: Does the information have a dollar value? While more security equals more cost, the cost is slight compared to a single breakdown of services.
Risk Assessment: The Foundation for Security Planning
Internet risk assessment must address a myriad of specific Internet threats. By running a "risk assessment workshop" an organization can determine security needs and develop a security strategy that covers both personnel and technology issues.
The risks of the Internet reflect its size: 50 million users, 30 thousand networks, 10+ million computers, 137 countries. As capacity, connectivity and mobility increase, so does risk. Prominent sites are probed daily. Banks may get 50 or more probes a day. Successful attacks are automated and posted to electronic bulletin boards; attack methodologies quickly spread.
Securing the Server and LAN
Based on an understanding of Internet risks, an organization can implement any of a number of security architectures. These can incorporate router controls, firewalls, authentication and encryption, and a number of other technologies. An organization should secure both its LAN and its Internet server.
Computer security threats continue to increase. CERT reports a 77% increase in break-ins between 1995 and 1996. Electronic crimes are particularly costly, with a price tag of $650,000 (compared to $9,000 for the average bank robbery). Part of the problem is that break-ins often go undetected. One study used common hacker tools to break into Department of Defense systems. 88% of break-ins succeeded. Only 4% were detected.