SlideShare a Scribd company logo

Steven Leahy_IT 543_Unit 1 Assignment

Download as DOC, PDF
S
Steven Leahy

Cryptographic techniques can help reduce threats to information security from industrial espionage, e-commerce, and private networks. They encrypt data during transmission and storage to prevent unauthorized access. For industrial espionage, cryptographic file systems and virtual private networks (VPNs) encrypt data. For e-commerce, digital signatures and secure socket layers (SSLs) provide encryption. Private networks can use firewalls and network intrusion detection systems to monitor traffic. However, cryptographic techniques are not effective against threats like theft, pickpocketing, or stolen vehicles where information is in physical rather than digital form.

1 of 6
RUNNING HEAD: Cryptographic Techniques 1 Cryptographic Techniques Steven Leahy Kaplan University IT 543
Cryptographic Techniques 2 In today’s technical world, threats to information security can come from a variety of places, both internally and externally. The accidental and malicious dissemination of private and proprietary data about an individual or an organization can cause countless issues, both locally and globally. Three areas that cryptography can help reduce the threat of intrusion are in Industrial Espionage, e-Commerce, and private networks. With the threats of intrusions from the outside, there are measures that can be taken to help combat these threats. Industrial Espionage is the “acquisition of trade secrets from business competitors” (Britanica Concise Encyclopedia, 2012). Since the end of the Cold War, secret government agencies from around the world have refocused much of their vast resources in this area of information gathering. “The undisputed world champion of snooping is the American NSA (National Security Administration)” (Schmeh, 2003, p.14). Cryptographic techniques can help limit the amount of information available to both professional agencies and private entities that attempt to gain unlawful access to sensitive data. Using cryptographic file systems is one technique that can be used to “augment the file system interface with client-side cryptographic operations that protect the file secrecy and integrity against the compromise of the file store and attacks on the network” (Oprea, 2007, p. 2). Another way to help protect against intrusions is the use of virtual private networks (VPN’s) when transmitting data between company branches using wideband connections (Schmeh, 2003). The data is encrypted on one end prior to transmission and decrypted when it reaches the intended destination on the other end. If that data is intercepted en route, it is useless to the party that intercepted it without the proper decryption key. The goal of the VPN is to allow users to connect securely to their corporate network remotely, link various branches together, and allow for an organization’s existing partners and suppliers to have access to the network. See Figure 1: Figure 1: Example of a VPN
Cryptographic Techniques 3 Another area where cryptographic techniques can help to alleviate the threat is in e-Commerce. The advancement of technology, infrastructure, and the internet has allowed the field of e-Commerce to burst onto the scene and grow at an unbelievable rate. The success of online stores such as eBay and Amazon would not be available without proper encryption of private customer data such as address, phone number, and payment method. Because of cryptographic techniques being utilized today, it is possible to shop and provide payment more securely over the internet (Schmeh, 2003). One of the ways to ensure data integrity when using the internet for e-Commerce is the use of digital signatures. “Digital signatures provide not only data integrity but also nonrepudiation” (Hassler & Moore, 2001, p.11 and 12). Another method to help combat the threat of intrusion and eavesdropping over the internet is the use of Secure Socket Layers (SSL’s). Because the internet is basically a packet- switching network, it requires data to be packet sized with the destination address prepended to the data when submitted to a router in order for any two hosts to communicate. Since the data will most likely travel between many routers before reaching its final destination, the packets of data are secured so that only the intended destination router can then de-cypher the data into a readable format (Davies, 2011). Industrial espionage and e-Commerce are not the only areas where cryptographic techniques can be of use. Private networks, like those in a private home, are also susceptible to unwanted intrusions. Accessing someone’s private home network can allow hackers to perform illegal activities over the internet and the owner of the network will be the one who is investigated since the hackers can mask their identities and make it look as though the network owner is actually visiting those sites. One way of reducing the threat of intrusion at home is the use of a firewall. A firewall is used to filter packets of data as they arrive at the network and denying access to those packets of data that do not meet certain criteria for acceptance and helps prevent malicious software from being introduced to a network and on a system. Another useful tool to help protect a network is the use of Network Intrusion Detection Systems (NIDS), which “watches for attempts to penetrate a network” (Ciampa, M., 2009, p. 135). A NIDS is basically a watchdog and will monitor network traffic as it passes by capturing packets of data and reassembling it for evaluation (Ciampa, 2009). There are also threats where cryptographic techniques will not be a viable solution to help mitigate the threats. Three threats that come to mind are being pick pocketed, home theft, and a stolen vehicle. When using non technological devices or storing information non-digitally, the threat of dissemination of personal and private information is increased. Protecting that information is essential, but the use of cryptographic techniques will do little to limit those threats. Everyone in modern society is generally wary of traveling in large groups or in crowded locations because of the threat of someone pick-pocketing their wallet or other valuable items. Whether riding on a crowded subway, or walking through a crowd in Times Square or in New Orleans during Mardi Gras, being aware of one’s surroundings is a must to help prevent theft. The shear anxiety of losing not just money, but one’s credit cards and ID’s is enough to try to find smarter ways to carry those
Cryptographic Techniques 4 items. Some of these can be by adding a chain to a wallet, using a fanny pack or back pack, or carrying those items in tighter pocket that is harder to access. Home theft is a big threat as well, especially when the owners are gone for long periods of time. Many people use home security systems to help combat this, but those can be circumvented fairly easily. Other ways that can help mitigate theft of information in the home is by scanning and storing sensitive documents digitally and then shredding them once they are backed up and no longer needed. Also, the use of a safe or safety deposit box at a bank can help lessen the threat of unwanted dissemination of information. Identity theft is a big problem and can negatively affect individuals with regards to employment, credit, and criminal history. Guarding the information is only part of the process and people should regularly monitor their credit reports and if possible, their criminal histories. Theft of identity doesn’t just happen in the home, it can also happen from the mailbox as well. Criminals will intercept the mail or take it from target’s mailbox in the hopes of obtaining enough personal information to steal an identity and gain access to credit or accounts. The best way to combat this is to sign up for e-statements and stop all paper billing. Car theft is a huge problem in America and thieves can get the added bonus of personal information that may be left in the vehicle in the forms of insurance cards, registrations, finance or lease agreements, and even laptops or tablets stored in the vehicle. All the personal data is readily accessible and even if the electronic devices left in the vehicle are password protected, they are generally easy to crack and gain access to all the data on those devices. In these cases, cryptographic techniques will be of little help and the best defense to combat this threat is to not store any vital information in the vehicle while not in operation.
Cryptographic Techniques 5 References: industrial espionage. (2012). In Britannica Concise Encyclopedia. Retrieved from http://lib.kaplan.edu/login?url=/login? Accessed August 5, 2013. Oprea, A (2007). Efficient Cryptographic Techniques for Securing Storage Systems. Carnegie Melon University. Retrieved from: http://www.cs.unc.edu/~reiter/theses/aoprea.pdf, Accessed August 5, 2013. Hassler, V., & Moore, P. (2001). Security Fundamentals for E-commerce. Boston, MA: Artech House. Davies, J. A. (2011). Implementing SSL/TLS Using Cryptography and PKI. Hoboken, N.J.: Wiley. Ciampa, M. D. (2009). CompTIA Security+ 2008 in Depth. Australia: Course Technology/Cengage Learning.
Cryptographic Techniques 5 References: industrial espionage. (2012). In Britannica Concise Encyclopedia. Retrieved from http://lib.kaplan.edu/login?url=/login? Accessed August 5, 2013. Oprea, A (2007). Efficient Cryptographic Techniques for Securing Storage Systems. Carnegie Melon University. Retrieved from: http://www.cs.unc.edu/~reiter/theses/aoprea.pdf, Accessed August 5, 2013. Hassler, V., & Moore, P. (2001). Security Fundamentals for E-commerce. Boston, MA: Artech House. Davies, J. A. (2011). Implementing SSL/TLS Using Cryptography and PKI. Hoboken, N.J.: Wiley. Ciampa, M. D. (2009). CompTIA Security+ 2008 in Depth. Australia: Course Technology/Cengage Learning.

Recommended

Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
AM Publications,India
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
zaarahary
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
IJwest
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 
Data trawling and security strategies
Data trawling and security strategiesData trawling and security strategies
Data trawling and security strategies
Venkata Karthik Gullapalli
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
Awais Haider
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
Stefano Maria De' Rossi
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
Titas Ahmed
 

Recommended

Design and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA CryptosystemDesign and Development of an E-Commerce Security Using RSA Cryptosystem
Design and Development of an E-Commerce Security Using RSA Cryptosystem
AM Publications,India
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
zaarahary
 
Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...Implementing High Grade Security in Cloud Application using Multifactor Auth...
Implementing High Grade Security in Cloud Application using Multifactor Auth...
IJwest
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 
Data trawling and security strategies
Data trawling and security strategiesData trawling and security strategies
Data trawling and security strategies
Venkata Karthik Gullapalli
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
Awais Haider
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
Stefano Maria De' Rossi
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
Titas Ahmed
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
TELKOMNIKA JOURNAL
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E Commerce
EamonnORagh
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESS
EDUJIE DOMINIC IGHODALO
 
Privacy Enhanced Online Payment System
Privacy Enhanced Online Payment SystemPrivacy Enhanced Online Payment System
Privacy Enhanced Online Payment System
Editor IJMTER
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
Putra Wanda
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
Prateek Panda
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
MarcusBrown87
 
Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil Mehrotra
Kapil Mehrotra
 
Cryptointro
CryptointroCryptointro
Cryptointro
losalamos
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
m8817
 
Forensic incident
Forensic incidentForensic incident
Forensic incident
Niko Tidar Lantang Perkasa
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And Privacy
Manan Gadhiya
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
Ulf Mattsson
 
E commerce security
E commerce securityE commerce security
E commerce security
Shakti Singh
 
Privacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous NetworksPrivacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous Networks
dimgkik
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded Devices
Netop
 
Cyber security
Cyber security Cyber security
Cyber security
Tanu Basoiya
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
Hitoshi Kokumai
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
hdbundo
 
Information security
Information securityInformation security
Information security
Onkar Sule
 

More Related Content

What's hot

Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
TELKOMNIKA JOURNAL
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E Commerce
EamonnORagh
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESS
EDUJIE DOMINIC IGHODALO
 
Privacy Enhanced Online Payment System
Privacy Enhanced Online Payment SystemPrivacy Enhanced Online Payment System
Privacy Enhanced Online Payment System
Editor IJMTER
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
Putra Wanda
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
Prateek Panda
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
MarcusBrown87
 
Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil Mehrotra
Kapil Mehrotra
 
Cryptointro
CryptointroCryptointro
Cryptointro
losalamos
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
m8817
 
Forensic incident
Forensic incidentForensic incident
Forensic incident
Niko Tidar Lantang Perkasa
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And Privacy
Manan Gadhiya
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
Ulf Mattsson
 
E commerce security
E commerce securityE commerce security
E commerce security
Shakti Singh
 
Privacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous NetworksPrivacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous Networks
dimgkik
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded Devices
Netop
 
Cyber security
Cyber security Cyber security
Cyber security
Tanu Basoiya
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
Hitoshi Kokumai
 

What's hot (20)

Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E Commerce
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESS
 
Privacy Enhanced Online Payment System
Privacy Enhanced Online Payment SystemPrivacy Enhanced Online Payment System
Privacy Enhanced Online Payment System
 
Efficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant MessengerEfficient Data Security for Mobile Instant Messenger
Efficient Data Security for Mobile Instant Messenger
 
Blockchain in cyber security
Blockchain in cyber securityBlockchain in cyber security
Blockchain in cyber security
 
Team 3_Final Project.docx
Team 3_Final Project.docxTeam 3_Final Project.docx
Team 3_Final Project.docx
 
Cyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil MehrotraCyber Security work shop by Kapil Mehrotra
Cyber Security work shop by Kapil Mehrotra
 
Cryptointro
CryptointroCryptointro
Cryptointro
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Forensic incident
Forensic incidentForensic incident
Forensic incident
 
Report on Network Security And Privacy
Report on Network Security And PrivacyReport on Network Security And Privacy
Report on Network Security And Privacy
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Privacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous NetworksPrivacy Techniques in Fourth Generation Heterogeneous Networks
Privacy Techniques in Fourth Generation Heterogeneous Networks
 
Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded Devices
 
Cyber security
Cyber security Cyber security
Cyber security
 
Cyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password SystemsCyber Predicament by Text-Only Password Systems
Cyber Predicament by Text-Only Password Systems
 

Similar to Steven Leahy_IT 543_Unit 1 Assignment

Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
hdbundo
 
Information security
Information securityInformation security
Information security
Onkar Sule
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no cover
PJStarr
 
Social engineering
Social engineeringSocial engineering
Social engineering
Alexander Zhuravlev
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
Cryptoandnetworksecuritylitreview
Faith Nweke
 
Vincent O. Mwando - Encryption
Vincent O. Mwando - EncryptionVincent O. Mwando - Encryption
Vincent O. Mwando - Encryption
Vincent Mwando
 
Secured and Encrypted Data Transmission over the Web Using Cryptography
Secured and Encrypted Data Transmission over the Web Using CryptographySecured and Encrypted Data Transmission over the Web Using Cryptography
Secured and Encrypted Data Transmission over the Web Using Cryptography
ijtsrd
 
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docxRunning Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
healdkathaleen
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10
ismaelhaider
 
Information Leakage Prevention Using Public Key Encryption System and Fingerp...
Information Leakage Prevention Using Public Key Encryption System and Fingerp...Information Leakage Prevention Using Public Key Encryption System and Fingerp...
Information Leakage Prevention Using Public Key Encryption System and Fingerp...
CSCJournals
 
Multi level parsing based approach against phishing attacks with the help of ...
Multi level parsing based approach against phishing attacks with the help of ...Multi level parsing based approach against phishing attacks with the help of ...
Multi level parsing based approach against phishing attacks with the help of ...
IJNSA Journal
 
A01450131
A01450131A01450131
A01450131
IOSR Journals
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
acijjournal
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
CheapSSLsecurity
 

Similar to Steven Leahy_IT 543_Unit 1 Assignment (14)

Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
 
Information security
Information securityInformation security
Information security
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no cover
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cryptoandnetworksecuritylitreview
CryptoandnetworksecuritylitreviewCryptoandnetworksecuritylitreview
Cryptoandnetworksecuritylitreview
 
Vincent O. Mwando - Encryption
Vincent O. Mwando - EncryptionVincent O. Mwando - Encryption
Vincent O. Mwando - Encryption
 
Secured and Encrypted Data Transmission over the Web Using Cryptography
Secured and Encrypted Data Transmission over the Web Using CryptographySecured and Encrypted Data Transmission over the Web Using Cryptography
Secured and Encrypted Data Transmission over the Web Using Cryptography
 
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docxRunning Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10
 
Information Leakage Prevention Using Public Key Encryption System and Fingerp...
Information Leakage Prevention Using Public Key Encryption System and Fingerp...Information Leakage Prevention Using Public Key Encryption System and Fingerp...
Information Leakage Prevention Using Public Key Encryption System and Fingerp...
 
Multi level parsing based approach against phishing attacks with the help of ...
Multi level parsing based approach against phishing attacks with the help of ...Multi level parsing based approach against phishing attacks with the help of ...
Multi level parsing based approach against phishing attacks with the help of ...
 
A01450131
A01450131A01450131
A01450131
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
 

Steven Leahy_IT 543_Unit 1 Assignment

  • 1. RUNNING HEAD: Cryptographic Techniques 1 Cryptographic Techniques Steven Leahy Kaplan University IT 543
  • 2. Cryptographic Techniques 2 In today’s technical world, threats to information security can come from a variety of places, both internally and externally. The accidental and malicious dissemination of private and proprietary data about an individual or an organization can cause countless issues, both locally and globally. Three areas that cryptography can help reduce the threat of intrusion are in Industrial Espionage, e-Commerce, and private networks. With the threats of intrusions from the outside, there are measures that can be taken to help combat these threats. Industrial Espionage is the “acquisition of trade secrets from business competitors” (Britanica Concise Encyclopedia, 2012). Since the end of the Cold War, secret government agencies from around the world have refocused much of their vast resources in this area of information gathering. “The undisputed world champion of snooping is the American NSA (National Security Administration)” (Schmeh, 2003, p.14). Cryptographic techniques can help limit the amount of information available to both professional agencies and private entities that attempt to gain unlawful access to sensitive data. Using cryptographic file systems is one technique that can be used to “augment the file system interface with client-side cryptographic operations that protect the file secrecy and integrity against the compromise of the file store and attacks on the network” (Oprea, 2007, p. 2). Another way to help protect against intrusions is the use of virtual private networks (VPN’s) when transmitting data between company branches using wideband connections (Schmeh, 2003). The data is encrypted on one end prior to transmission and decrypted when it reaches the intended destination on the other end. If that data is intercepted en route, it is useless to the party that intercepted it without the proper decryption key. The goal of the VPN is to allow users to connect securely to their corporate network remotely, link various branches together, and allow for an organization’s existing partners and suppliers to have access to the network. See Figure 1: Figure 1: Example of a VPN
  • 3. Cryptographic Techniques 3 Another area where cryptographic techniques can help to alleviate the threat is in e-Commerce. The advancement of technology, infrastructure, and the internet has allowed the field of e-Commerce to burst onto the scene and grow at an unbelievable rate. The success of online stores such as eBay and Amazon would not be available without proper encryption of private customer data such as address, phone number, and payment method. Because of cryptographic techniques being utilized today, it is possible to shop and provide payment more securely over the internet (Schmeh, 2003). One of the ways to ensure data integrity when using the internet for e-Commerce is the use of digital signatures. “Digital signatures provide not only data integrity but also nonrepudiation” (Hassler & Moore, 2001, p.11 and 12). Another method to help combat the threat of intrusion and eavesdropping over the internet is the use of Secure Socket Layers (SSL’s). Because the internet is basically a packet- switching network, it requires data to be packet sized with the destination address prepended to the data when submitted to a router in order for any two hosts to communicate. Since the data will most likely travel between many routers before reaching its final destination, the packets of data are secured so that only the intended destination router can then de-cypher the data into a readable format (Davies, 2011). Industrial espionage and e-Commerce are not the only areas where cryptographic techniques can be of use. Private networks, like those in a private home, are also susceptible to unwanted intrusions. Accessing someone’s private home network can allow hackers to perform illegal activities over the internet and the owner of the network will be the one who is investigated since the hackers can mask their identities and make it look as though the network owner is actually visiting those sites. One way of reducing the threat of intrusion at home is the use of a firewall. A firewall is used to filter packets of data as they arrive at the network and denying access to those packets of data that do not meet certain criteria for acceptance and helps prevent malicious software from being introduced to a network and on a system. Another useful tool to help protect a network is the use of Network Intrusion Detection Systems (NIDS), which “watches for attempts to penetrate a network” (Ciampa, M., 2009, p. 135). A NIDS is basically a watchdog and will monitor network traffic as it passes by capturing packets of data and reassembling it for evaluation (Ciampa, 2009). There are also threats where cryptographic techniques will not be a viable solution to help mitigate the threats. Three threats that come to mind are being pick pocketed, home theft, and a stolen vehicle. When using non technological devices or storing information non-digitally, the threat of dissemination of personal and private information is increased. Protecting that information is essential, but the use of cryptographic techniques will do little to limit those threats. Everyone in modern society is generally wary of traveling in large groups or in crowded locations because of the threat of someone pick-pocketing their wallet or other valuable items. Whether riding on a crowded subway, or walking through a crowd in Times Square or in New Orleans during Mardi Gras, being aware of one’s surroundings is a must to help prevent theft. The shear anxiety of losing not just money, but one’s credit cards and ID’s is enough to try to find smarter ways to carry those
  • 4. Cryptographic Techniques 4 items. Some of these can be by adding a chain to a wallet, using a fanny pack or back pack, or carrying those items in tighter pocket that is harder to access. Home theft is a big threat as well, especially when the owners are gone for long periods of time. Many people use home security systems to help combat this, but those can be circumvented fairly easily. Other ways that can help mitigate theft of information in the home is by scanning and storing sensitive documents digitally and then shredding them once they are backed up and no longer needed. Also, the use of a safe or safety deposit box at a bank can help lessen the threat of unwanted dissemination of information. Identity theft is a big problem and can negatively affect individuals with regards to employment, credit, and criminal history. Guarding the information is only part of the process and people should regularly monitor their credit reports and if possible, their criminal histories. Theft of identity doesn’t just happen in the home, it can also happen from the mailbox as well. Criminals will intercept the mail or take it from target’s mailbox in the hopes of obtaining enough personal information to steal an identity and gain access to credit or accounts. The best way to combat this is to sign up for e-statements and stop all paper billing. Car theft is a huge problem in America and thieves can get the added bonus of personal information that may be left in the vehicle in the forms of insurance cards, registrations, finance or lease agreements, and even laptops or tablets stored in the vehicle. All the personal data is readily accessible and even if the electronic devices left in the vehicle are password protected, they are generally easy to crack and gain access to all the data on those devices. In these cases, cryptographic techniques will be of little help and the best defense to combat this threat is to not store any vital information in the vehicle while not in operation.
  • 5. Cryptographic Techniques 5 References: industrial espionage. (2012). In Britannica Concise Encyclopedia. Retrieved from http://lib.kaplan.edu/login?url=/login? Accessed August 5, 2013. Oprea, A (2007). Efficient Cryptographic Techniques for Securing Storage Systems. Carnegie Melon University. Retrieved from: http://www.cs.unc.edu/~reiter/theses/aoprea.pdf, Accessed August 5, 2013. Hassler, V., & Moore, P. (2001). Security Fundamentals for E-commerce. Boston, MA: Artech House. Davies, J. A. (2011). Implementing SSL/TLS Using Cryptography and PKI. Hoboken, N.J.: Wiley. Ciampa, M. D. (2009). CompTIA Security+ 2008 in Depth. Australia: Course Technology/Cengage Learning.
  • 6. Cryptographic Techniques 5 References: industrial espionage. (2012). In Britannica Concise Encyclopedia. Retrieved from http://lib.kaplan.edu/login?url=/login? Accessed August 5, 2013. Oprea, A (2007). Efficient Cryptographic Techniques for Securing Storage Systems. Carnegie Melon University. Retrieved from: http://www.cs.unc.edu/~reiter/theses/aoprea.pdf, Accessed August 5, 2013. Hassler, V., & Moore, P. (2001). Security Fundamentals for E-commerce. Boston, MA: Artech House. Davies, J. A. (2011). Implementing SSL/TLS Using Cryptography and PKI. Hoboken, N.J.: Wiley. Ciampa, M. D. (2009). CompTIA Security+ 2008 in Depth. Australia: Course Technology/Cengage Learning.