Category: Education

[Abstract]
The purpose of this document is to discuss three elements of the United States justice system and how they relate to a forensics investigator. This document is intended for anybody looking to gain a basic understanding or knowledge of how the justice system applies to forensic investigators.

[Content]
Since the advent of the Internet there has been a lot more cyber crimes being committed in which digital forensic investigators need to analyze evidence and be able to present it in a way that adheres to the law and allows for a conviction. The law affects forensic investigators in many different ways, whether it be the way that evidence is collected, what types of evidence are allowed to be collected, the way a premises is searched, or even the way evidence is presented in a court of law. No matter how the law affects a forensic investigator it is the investigators job to be able to gather evidence in a manner that is well within the scope of the law.

The U.S. Constitution’s 4th Amendment identifies that a person, their home, papers, or effects shall not be searched without permission, unless there is reasonable cause to do so (Findlaw, 2009). This means that forensic investigators can’t go around being forensic vigilante’s searching other people’s residence for evidence to use against them…unless there is probable cause to and/or permission has been granted. This Amendment also states that if evidence is in plain view that it is admissible in court. This affects forensic investigators because forensic investigators can’t go search other people’s residence and belongings without a warrant or if there is probable cause. If forensic investigators were at the residence for some other reason other than looking for evidence, but they happened to see some evidence that was in plain view, then that evidence would be allowed in a court of law. The U.S. Constitution’s 4th Amendment protects people from unauthorized searches unless a court issues a warrant because there is probable cause.

The U.S. PATRIOT Act affects forensic investigators because the Act states that if somebody is a suspect of either domestic or foreign terrorism, then it is authorized to search and gather evidence against the suspect (107th Congress, 2001). This Act has been debate of much controversy because people argue that this act allows for the infringement of people’s civil liberties. The Act is intended to allow officials the ability to search and gather evidence either by electronic surveillance or other means in order to protect the country from foreign or domestic terrorists. The Patriot Act can affect forensic investigators by a government agency or offices may use the services of investigators to gather evidence against suspected terrorists. The Patriot Act can also affect forensic investigators because the Patriot Act is not authorized to conduct a search if it interferes with a previous ongoing investigation. The U.S. PATRIOT Act of 2001 enables government agencies to use the services of forensic investigators to gather evidence against suspected terrorists as long as it doesn’t interfere with any other investigations.

Forensic investigators need to know the U.S. Statutory laws and how these laws affect them. The U.S. Statutory laws consist of three different statues the Wiretap Act, Pen Registers and Trap and Trace Devices Statute, and the Stored Wired and Electronic Communication Act (US-CERT, 2008). If forensic investigators do not comply any of these statues with the result could be a stiff fine or imprisonment. By forensic investigators not knowing the laws it could greatly affect a criminal investigation and could put the investigator in jail for failure to comply with the law.

In conclusion, forensic investigators provide a bridge for gathering evidence from different types of technologies and presenting them before the U.S. Judicial system. In order for forensic investigators to successfully complete their job, they need to know the laws and how to operate within the limitations of the laws; otherwise they could end up in prison. Forensic investigators are not allowed to arbitrarily search people’s home, documents, or other belongings without permission or unless there is reasonable cause. Forensic investigator services may be allowed to search for evidence of a person who is either a foreign or domestic terrorist as long as it doesn’t interfere with any other government investigations.

References
1. FindLaw: U.S. Constitution: Fourth Amendment: Annotations pg. 1 of 6. Retrieved April 26, 2009, from FindLaw: U.S. Constitution: Fourth Amendment: Annotations pg. 1 of 6 Web site: http://caselaw.lp.findlaw.com/data/constitution/amendment04/01.html#1
2. Public Law 107-56 107th Congress. Retrieved April 26, 2009, from Public Law 107-56 107th Congress Web site:
3. (2008). Computer Forensics. Computer Forensics, Retrieved April 26th, 2009, from http://www.us-cert.gov/reading_room/forensics.pdf

Related Posts

• Areas Digital Forensic Investigators Find Evidence
• Challenges Forensic Investigators Face
• Hashing Algorithms and CRC Uses

[Content]
In the realm of computer forensics, there are many different software applications and hardware that digital forensic investigators need to use to find evidence against a crime that was committed, protect the evidence so that it maintains its integrity, and then present the evidence that was found. The vast majority of software applications that are used by forensic investigators are used to help them find the evidence they are trying to attain. The software applications in use can range from anything such as a root kit to an encryption cracking application. Sometimes there is actually a need for hardware devices to aid the investigators to accomplish their job. In most cases there is a combination of both software applications and hardware devices to assist a forensic investigator in doing their job.

One key hardware device that forensic investigators may have to use is called a write-blocker. A write-blocker allows a forensic investigator to read the contents of a device, such as a storage device or hard drive, but it prevents anything from being written to the drive (NIST, 2008). This helps forensic investigators maintain the integrity of the evidence because if they were allowed to write to the drive, the drive could either become corrupted or the evidence could be tainted. Write-blockers come in all shapes and sizes and more importantly they support different computing standards so that different types of devices can be read, but not written to. Some of the devices that a write-blocker can be used to interface with are USB hard drives, IDE hard drives, SATA hard drives, ESATA hard drives, thumb drives, firewire hard drives, and the list goes on. A write-blocker can be used by forensic investigators to aid them in preserving a drive’s contents, while allowing the investigators to read the data contained on the drive.

A root kit is a software application or multiple applications that are used to hide or conceal that a system has been compromised through methods of subversion or evasion. One root kit that was aimed at Apple’s OS X operating system is called Reopen-A or just Reopen for short. This root kit functions by somebody with administrative permissions installing it onto a system. Because this root kit requires administrative access to be first installed, it is considered a low security threat. It functions by trying to copy files of itself into the “/System/Library/StartupItems” directory. Reopen also creates a directory called “.info” in the root directory and then it tries to capture password hashes and application configurations. Some of the applications that this root kit tries to capture data for are: FTP servers, web servers, VNC, browsers, and a bunch of other applications (SOPHOS, 2004). Reopen also tries to modify file and directory permissions so that they are read/writeable by anybody. Reopen is a root kit that tries to modify settings on a computer running OS X and it also tries to capture account information to include logins and passwords and it does this by creating a directory on the host computer.

A version of a rootkit that was aimed at the Microsoft Windows operating system is called, “Win2K Rootkit.” This rootkit functions by installing a bogus “.dll” file and when the file is executed this rootkit has full control over all resources on the system. This rootkit hides processes on the system that it is running and entries it makes in the systems registry (Bobkiewic, 2003). Another interesting thing that this rootkit does is sniffs keyboard strokes, in attempt to capture usernames and passwords. The Windows rootkit is similar to the OS X rootkit, however it was designed to run on the Windows operating system and it has some additional features and full control over the system. The Windows rootkit functions by installing a fake driver on the system and then when the driver is executed the rootkit has full control over the system and resources, which it uses to capture data.

Adore-ng is a rootkit designed to take aim at the Linux operating system. This rootkit has an advanced promiscuous mode that hides promiscuous flags. Adore also has a persistent file and directory hiding. Adore is sophisticated enough to have process hiding and netstat hiding with a root-shell backdoor (Liston, 2004). This allows a remote user to be hidden as they have root access on the system. A version of Adore has also been ported to work on BSD. The Linux rootkit has some advanced hiding and promiscuous mode hiding features that include a root-shell backdoor to give somebody full control of the system.

In conclusion, forensic investigators have to overcome obstacles from applications like rootkits, which are designed to hide their existence on a system. There are many different types of rootkits, some are aimed at Windows systems, Apple’s OS X, Linux OS, and almost every other operating system on the market. When forensic investigators are searching for data they can use a hardware device called a write-blocker that allows them to read the contents of a device, but protects against corrupting data or tainting evidence by blocking the ability to write to the drive.

References
1. (2008, December 8th). Hardware Write Block. Retrieved April 19, 2009, from National Institute of Standards and Technology Web site: http://www.cftt.nist.gov/hardware_write_block.htm
2. (2004, October 25th). SH/Renepo-A. Retrieved April 19, 2009, from SOPHOS Web site: http://www.sophos.com/security/analyses/viruses-and-spyware/shrenepoa.html
3. Bobkiewic, Bartosz (2003, January 23rd). Hidden Backdoors, Trojan Horses and Rootkit Tools in a Windows Environment. Retrieved April 19, 2009, from Hidden Backdoors, Trojan Horses and Rootkit Tools in a Windows Environment Web site: http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html
4. Liston, Tom (2004, January 6th). Adore-ng 0.31 released. Retrieved April 19, 2009, from SANS Internet Storm Center; Cooperative Network Security Community – Internet Security – isc Web site: http://isc.sans.org/diary.html?storyid=78

Related Posts

• Challenges Forensic Investigators Face
• Areas Digital Forensic Investigators Find Evidence
• Hashing Algorithms and CRC Uses

Abstract
The purpose of this document is to provide a basic knowledge and understanding of the Internet Protocol Security otherwise known as IPSec to include additional protocols that are used as part of the IPsec suite. This document is intended for anybody looking to gain a basic knowledge and understand of what IPSec is and how it works.

Content
In order to ensure the confidentiality of data on a network there may be a need to use different forms of encryption or encryption techniques. The Open Source Interconnect (OSI) model can be used as a guideline to know how data is being protected and at which layer of the OSI model the data is being protected at (Teare, 1999). The seven layers of the OSI model are:

Application
Presentation
Session
Transport
Networking
Data link
Physical

One of those methods to ensure data is secure is by using Internet Protocol Security, otherwise known as IPsec. IPsec functions at the Networking Layer, which is the same layer of the OSI, model that the Internet Protocol works at. Because IPsec works at the Networking Layer all of the Layers above the Data Link Layer are being protected. Other security systems like SSL, TLS, and SSH, function at higher levels of the OSI model and a system needs to be designed to incorporate these security systems, however due to IPsec functioning at the Networking Layer it is more flexible and systems do not need to be designed to use IPsec.

IPsec uses different protocols to authenticate and encrypt each packet within a data stream. IPsec is a framework of open standards that uses protocols like Inter Key Exchange (IKE and IKEv2), Authentication Header (AH), and Encapsulation Security Payload (ESP) to ensure secure communications. During the beginning of a session of communications between hosts, the IKE protocol establishes a mutual agreement of which shared secret key will be used during a session. The sessions of secure communications can be established between different hosts, gateway and hosts, and gateway and firewall. Once two hosts establish which cryptologic key will be used secure communications can begin. When a packet is sent from one host to another the receiving host uses the AH protocol, which ensures the integrity of a packet and that the packet is being sent from an authenticated host. The authentication header protects against replay attacks by using a “sliding window technique” that discards any aging packets (Network Sorcery, Inc., 2004). The Encapsulation Security Payload (ESP) transforms the data by encrypting it with an encryption algorithm key and then repackaging the datagram to include and ESP header, ESP trailer, and ESP authenticated data. Even though IPsec sounds like one form of encryption it is actually a suite of protocols that are used in conjunction with each other by using their own methods to ensure the data is being transferred from one host to another securely.

In conclusion, IPsec is actually a suite a protocol that function at the network layer of the OSI model to ensure data is being transferred from one host to another securely. As part of the IPsec suite the inter key exchange, authentication header, and the encapsulation security payload each perform their own function and build upon each other. The inter key exchange protocol is responsible for negotiating from one host to another to come to a mutual agreement on which shared secret key will be used. The authentication header protocol is responsible for ensuring the integrity of the data and protecting against replay attacks. The encapsulation security payload is responsible for encrypting the data and transforming the datagram so that the remote host can successfully decrypt the datagram and read the data.

References
1. Teare, Diane (1999). Internetworking Technology Handbook – Internetworking Basic – Cisco Systems. Retrieved March 13, 2009, from Internetworking Technology Handbook – Internetworking Basic – Cisco Systems Web site: http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-Internet.html#wp1020580
2. (2004, June 7th). AH, Authentication Header. Retrieved March 13, 2009, from Network Sorcery, Inc. Web site: http://www.networksorcery.com/enp/protocol/ah.htm

Related Posts

• Security Concerns of a Collaboration System
• Link and End-to-End Encryption Techniques
• Public-key Cryptography

Abstract
The purpose of this document is to provide a basic understanding Pretty Good Privacy (PGP) and how it applies to message security. Also included within this document is an explanation to provide a basic understanding of what functions PGP performs to ensure a message is secured. Finally this paper explains why the first two octets (16 bits) of the message digest are translated in the clear and how the writer views this as an issue to respect of security compromise of the hash algorithm.

Content
With more and more governments, businesses, and people using the Internet more and more of our information is becoming digital and thus creating an increased demand for the security of personal or private information. One method for ensuring information is being protected is to encrypt e-mail or message traffic. There are different means of encrypting messages, however one method called Pretty Good Privacy, or PGP for short, was created by Phil Zimmerman to “create an awareness of the privacy issue in the digital age (Poole, Caftori, Lal, Rosenburg, 2005).”

Pretty Good Privacy (PGP) is a computer program that provides encryption and authentication to increase the security of e-mail communications. PGP binds a message to an e-mail address or a username with the use of the public-key cryptography. Because PGP uses the public-key cryptography it uses a public and private key. PGP can be used with a “Web of Trust” or through an automated key management server architecture for public key distribution, however the private key kept secure by the user. When a message is encrypted the private key is used to encrypt the message, which can be a key based off the RSA, DSS, or Diffie-Hellman encryption algorithms. The combination of the digital signature, which uses a SHA-1 for hash coding, in conjunction with the RSA provides an effective digital signature scheme. After a user generates a message they wish to encrypt the SHA-1 generates a 160-bit hash code of the message (Stallings, 2007, p.439). The hash coded is then encrypted with the user’s private key and the result is placed at the beginning of the message. Once the recipient of the message receives the message, the sender’s public key is used to decrypt the message and obtain the hash code. The receiver of the message then generates a new hash code of the message and then the two hash codes are compared. If the hash code obtained from the sender’s message and the generated hash code from the receiver match, then the message is considered authentic.

The message digest is the 160-bit SHA-1 hashed code that is encrypted using the message sender’s private key. Using the signature timestamp and combining this with the message calculate the message digest. Because the digest uses the signature timestamp, this helps to protect against replay attacks. The first 16 bits of the message digest are not encrypted, but are actually used by the receiver of the message to identify if the correct public key was used. Although this may seem like a security vulnerability because the first 16 bits are not encrypted, it actually is not because these first 16 bits are used as a frame check for the message. The frame check is able to take place by the message recipient by using these first unencrypted 16 bits and comparing them to the first 16 bits of the decrypted digest and thus performing authentication of the message (Stallings, 2007, p.448). When the process is broken down, it is apparent that the first 16 bits that are in plaintext are not a security vulnerability, but rather used to compare the decrypted digest with these plaintext bits for a message frame check and authentication purposes.

In conclusion, Pretty Good Privacy was first developed by Phil Zimmerman to produce awareness of ensuring private data is secure. Pretty Good Privacy is widely used today and works by using public-key cryptography and methods of a web of trust or automated key management servers to distribute public keys. The process PGP uses to encrypt and decrypt messages is an elaborate process, which includes using 16 bits of plaintext in conjunction with a decrypted message digest to authenticate the message sender’s public key. When asked if these unencrypted first 16 bits of the message digest pose a security concern the answer can clearly be stated, “The plaintext 16 bits of the message digest pose no security threat to the hash algorithm.”

References
1. Poole, Caftori, Lal, Rosenburg, Bernie, Netiva, Pranav, Bob (2005, November 7th). A Tutorial for Beginners to PGP. Retrieved March 14, 2009, from A Tutorial for Beginners to PGP Web site: http://www.pitt.edu/~poole/PGP.htm
2. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 439-448). Upper Saddle
River, NJ: Pearson Prentice Hall.

Related Posts

• Public-key Cryptography
• Message Authentication
• Guarding the Digital Frontier: Advanced Cybersecurity in a Hyper-Connected World

Abstract
The purpose of this document is to explain specific properties that a digital signature should have. This document also provides an explanation of the differences between direct and arbitrated digital signatures. Lastly this document explains what a suppress-replay attack entail. This document is intended for anybody looking to gain a basic understanding or a general knowledge about different types of digital signatures and vulnerabilities.

Content
When working with computer security, information assurance, information privacy, etc. there may be a time when you may have to deal with digital signatures. It is good to know a little bit about digital signatures including the properties of a digital signature. There may also be a time that you might want to know differences between digital signatures. You may also want to know about security vulnerabilities when dealing with digital signatures. Instead of going out and finding trusted sources for information and then having to research each specific item, you can look no further and find the information you are looking for right here.

There are some properties that a digital signature must have in order to serve its purpose. A digital signature must be authentic (Leiwo, 2003). This means that person who signed the document deliberately did so. A digital signature must be unforgeable. This means that somebody else cannot act on behalf of a person and only the signer is the individual who signed the document. The signed document must be unaltered. This means that after the document was signed, nothing within that document has changed. Digital signatures must not be reusable. This means that after a document has been signed, any part of the document cannot be used elsewhere. Digital signatures cannot be repudiated. This means that once a document is digitally signed, the signer of the document cannot say that they did not sign the document. If any of these properties do not exist for a digital signature the whole digital signature scheme collapses and is essentially unusable. The properties that a digital signature must have pertain to the sender of the document is who they say they are, the receiver of the document is who they say they are and that no part of the document was changed, altered, or allowed to be used at a later point in time.

In order to better understand direct digital signatures and arbitrated digital signatures, it is first important to know what the differences are. A direct digital signature is a signature that a sender of a message contacts the receiver and gives the receiver the sender’s public key. The sender then sends a secure message to the receiver where the receiver uses the sender’s public key to unencrypt the message and read the contents. Although this method seems more secure than having a 3rd party involved, however there are some drawbacks to it. One major drawback is that the sender can deny sending a message simply by claiming that their key was compromised (Yoon, 2004). Another major drawback is that the security of the message being sent is only as good as the security of the sender’s private key. Lastly, if a digital key was compromised a message could be sent with a compromised key. An arbitrated digital signature is a signature in which a sender sends a message, and a receiver receives a message and that there is a 3rd party that validates the sender is who they say they are, the receiver is who they say they are, and that the message was not compromised in any way. Much like the direct digital signature, the arbitrated digital signature has some drawbacks to it too. A major drawback to an arbitrated digital signature is that there must be a trusted 3rd party involved. The trusted 3rd party needs to maintain an active role in validating entities and contents of messages and therefore provides a bottleneck in message traffic. The arbitrated method does, however, solve the problems seen in the direct digital signatures. Direct and arbitrated digital signatures are methods used to send data from one validated person to another validated person without any data being changed.

A message replay attack is where a legitimate data transmission is delayed or captured and then replayed by an adversary in attempts to gain unauthorized access to data or resources. A replay attack can be used in conjunction with a masquerade where an unauthorized user pretends to be somebody else. There are countermeasures that can be taken in order to prevent these types of attacks from happening. One countermeasure is to use a timestamp on data or a message. Another countermeasure is by using tokens to verify timestamps of messages. Another countermeasure is to use a message authentication code (MAC). They’re using proper precautions these attacks, however, can prevent attacks that are designed to retransmit or delay data in attempt to gain unauthorized access.

In conclusion, digital signatures have certain properties to them that are part of the digital signature design scheme that is aimed at validating a sender, recipient, and a message and the contents of the message. A direct digital signature is where a sender of a message is responsible for ensuring the receiver obtained the sender’s public key securely and the sender’s private key is secure so that a message transfer can take place without any compromise, however there are some drawbacks to this method. An arbitrated digital signature is a method that uses a trusted 3rd party to validate the sender, the receiver, and the message contents and this method was designed to fix some of the drawbacks in the direct digital signature method. One security vulnerability is called a message replay attack, this is where a legitimate transmission of data is delayed or captured and replayed at a later point in time in order to gain unauthorized access, however if the proper security precautions are taken this attack can be prevented.

References
1. Leiwo, Jussipekka (2003, June 16h). Digital Signatures. Retrieved March 5th, 2009, from Cyptologic Protocols Web site: http://www.tml.tkk.fi/Studies/T-110.498/2003summer/Slides/lecture04.pdf
2. Yoon, H (2004, August 26th). Digital Signatures. Retrieved March 8th, 2009, from Digital Signatures and Authentication Protocols Web site: [URL Removed Broken link]

Related Posts

• Public-key Cryptography
• Challenges Forensic Investigators Face
• Hashing Algorithms and CRC Uses

Abstract
The purpose of this document is to define message authentication, as well as, to identify different types of attacks that message authentication was designed to protect against. This document is intended for anybody looking to gain a basic knowledge or understanding of message authentication.

Content
A Message Authentication Code (MAC) is a short piece of information used to authenticate a message between two parties. The MAC functions by using a message and a secret key to produce a fixed-length value that is used as an authenticator (Stallings, 2007, p.320). The message authentication performs two primary functions. The first function is to use the secret key and the message to produce the authenticator. The second primary function is to enable the receiver of a message to verify the authenticity of a message. A MAC is different from public-key encryption methods, such as digital signatures, because a MAC value is generated and verified by using the same secret key. Message Authentication Code, although similar to a cryptographic hash, does possess different security requirements. Message Authentication Code uses a message and a secret key to produce an authenticator that is used by a recipient of a message to authenticate the origin of the message and verify the authenticity of the message.

Message Authentication was designed to protect information against certain types of security vulnerabilities. Masquerading is the threat of message being sent from a fraudulent source or a fraudulent acknowledgement of a message receipt in which message authentication protects against (Ajarvi, 2001). Another threat that is protected against is the threat of content modification. Content modification is when information that is contained within a message is altered in some way. Sequence modification is a threat of changing the order of messages between parties and is minimized by message authentication. Another threat is called timing modification and this threat consists of delaying or replaying messages in order to gain unauthorized access. Message authentication protects against the security threats of masquerading, content modification, sequence modification, and even timing modification.

In conclusion, message authentication was designed to ensure a message can be sent from one person to another without being modified while in transit and to guarantee the message is being sent from the person the message says its from. Message authentication works by taking a message in conjunction with a secret key to produce a fixed-length item called an authenticator and then once the message is received the receiver of the message can verify the messages authenticity. Message authentication protects against different security threats like content modification, sequence modification, timing modification, and masquerading.

References
1. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 320-321). Upper Saddle
River, NJ: Pearson Prentice Hall.
2. Ajarvi, (2001, March 2nd). Message Authentication and Hash functions. Retrieved March 8, 2009, from Message Authentication and Hash functions Web site:

Related Posts

• Pretty Good Privacy
• Public-key Cryptography
• Internet Protocol Security (IPsec)

Abstract
The purpose of this document is to provide a basic understanding of public-key cryptography. Also included within this document is a description of the basic components to the public-key cryptography system. This document is intended for anybody looking to gain a basic understanding or knowledge of public-key cryptography.

Content
When the Internet was first developed security was not a major concern as it was for different networking devices to have the ability to communicate with each other. As the Internet grew and evolved there became more of a need to ensure personal or private information was being protected from threats like: eavesdropping, impersonation, tampering, misrepresentation, and even spoofing. One method for protecting against these threats is by using public-key cryptography. Public-key cryptography protects against all of these threats by using an asymmetrical encryption process that provides encryption and decryption, tamper detection, authentication, and nonrepudiation (Sun Microsystems, 1998).

There are two primary uses of public-key cryptography, digital signing and encryption (RSA Security, 2009). When a person wants to send a digitally signed message to another person they must first register with a certifying authority (CA) to obtain a public and a private key. Once the keys have been obtained a user is able to use the key to authenticate onto a network and lookup the intended recipient in a global address listing (GAL). The person wanting to send a digitally signed message to a recipient then types up a message and chooses to digitally sign the message before sending to the recipient. Once the person pushes the send button within the e-mail client the system then performs a mathematical computation based on the private key and the message itself. When the recipient receives the message another mathematical computation is performed based on the message, the sender’s public key, and the purported signature. If the computation is correct then the signature has been verified, if the computation is incorrect then the message has been tampered or the signature is fraudulent. The mathematical computation that took place is based upon a mathematical relationship that exists between all public and private keys. Once the signature has been verified the recipient is able to read the message, knowing that is has not been altered and from a trusted source. If the message sender does not want to digitally sign a message or wants to include encryption, this process can be completed using similar steps. First the sender registers with a CA in order to obtain a public and a private key. The sender is then able to use their public key to authenticate onto a network. Once they have been authenticated onto the network they can then lookup the intended recipient in a GAL. Once the recipient has been identified the message is then encrypted using the recipients public key that was retrieved from the GAL to encrypt the message. The message is then sent to the recipient and when they are ready to read the message, the recipient uses their private key to decrypt the message knowing that any unauthorized viewers have not intercepted this message.

In conclusion, the public-key cryptography system was designed to protect against threats of eavesdropping, impersonation, tampering, misrepresentation, and spoofing. By the use of a certifying authority along with a users public and private keys the recipient of a digitally signed message will know immediately if a message was altered or sent from an untrusted source because the mathematical computation that takes place between the public and private keys will return an error. When a message is encrypted the recipient’s public key is used to encrypt the message in which the recipient will use their private key to decrypt the message knowing that it was sent and received without being altered or intercepted.

References
1. Microsystems, Sun (1998, October 9th). Introduction to Public-Key Cryptography. Retrieved February 28, 2009, from Sun Microsystems Web site: (2009). Network Security.
2. Security, RSA (2009). 2.1.1 What is public-key cryptography?. Retrieved February 28, 2009, from RAS Laboratories Web site:

Related Posts

• Public-key Directory
• Pretty Good Privacy
• Digital Signature Properties

Abstract
The purpose of this document is to explain how Data Encryption Standard (DES) works and why 3 DES is now used. Also included within this document is an explanation of why the middle portion of 3DES is a decryption instead of an encryption. The last item talked about within this document is a nonce and a key distribution center.

Content
IBM developed the Data Encryption Standard (DES) in 1974 and submitted to the National Bureau of Standards as a Lucifer encryption algorithm (Tropical Software, 2007). IBM also solicited assistance from the National Security Agency (NSA) to evaluate the security of the Lucifer algorithm. In 1976, the National Institute of Standards and Technology (NIST) changed the name of the Lucifer algorithm to the Data Encryption Standard (DES) where it was widely used in a short amount of time. Over time as computers became more powerful the amount of time needed to crack the DES key was greatly reduced. In 1997 the NIST abandoned the DES and started working on a replacement.

DES encryption works by running a line of plain text through a block cipher sixteen times and then outputting a cipher text. The DES encryption has 64-bit blocks, however the 8th bit is a parity bit, so it makes the DES actually a 56-bit encryption. Prior to running the plain text through the block cipher there is an initial phase that does not play a part with encryption, but rather with ensuring compatibility with older equipment. There is also a final phase that undoes the block facilitation, which took place in the initial phase. Although DES was used for quite a long period of time it was found that as computers became more powerful, DES could be cracked with a brute force attack. DES successfully protected data by putting data through 16 rounds of data encryption, however it was eventually outgrown as it became easy to break with a brute force attack.

Triple DES was a successor to DES and it even uses the same encryption algorithm. The triple DES uses a key length of 168 bits. It is essentially the same as a DES, however it performs three rounds of encryption that is the same as 48 DES equivalent rounds. The triple DES was anticipated to only be a temporary solution until the completion of the AES encryption in 2001, however the NIST anticipates triple DES to be used until the year 2030. The triple DES is susceptible to a meet-in-the-middle attack, however for this attack to work there needs to be a 232 known plaintexts, which is not very practical (Wikipedia, 2009). The triple DES works by passing data through a 56-bit key in the initial phase, then decrypting using a 56-bit key in the second phase, and then encrypting again using a 56-bit key in the last phase of encryption.

Nonce’s and key distribution centers ensure communications on a network are secure by encrypting data. A nonce is an encryption key that is used one time to establish a secure communication and then never used again. A good use of a nonce is for establishing secure communications between a client and a server via authentication protocols because any previous keys or communications are obsolete and cannot be used in the event a replay attack is staged. Key Distribution Centers (KDC) use encryption techniques to authenticate users when a user requests a service. The KDC will then verify the user has authorization to use the requested service. Once the verification has taken place the KDC will then issue a ticket to the requestor so that secure communications can begin. A KDC is typically found in symmetric encryption techniques like on networks that use Kerberos (Microsoft, 2007). Nonce’s and key distribution centers ensure there is secure communication between a client and server by using encryption techniques.

In conclusion, the Data Encryption Standard was created to ensure private data is secure. DES worked effectively, however as the power of computers grew DES was outgrown and was superseded by triple DES. Triple DES works by using the same encryption algorithm that can be found in DES, but it passes data through three rounds of encryption. The triple DES was developed to be temporary solution until a newer encryption technology came out. Both nonce’s and key distribution centers ensure communications are secure between a client and a server by using encryption techniques.

References
1. (2007). DES Encryption. Retrieved February 21, 2009, from DES Encryption Web site: http://www.tropsoft.com/strongenc/des.htm
2. (2009, February 3rd). Triple DES – Wikipedia, the free encyclopedia. Retrieved February 21, 2009, from Triple DES – Wikipedia, the free encyclopedia Web site: http://en.wikipedia.org/wiki/Triple_DES
3. (2007, November 30th). Kerberos Key Distribution Center. Retrieved February 22, 2009, from Kerberos Key Distribution Center Web site: http://technet.microsoft.com/en-us/library/cc734104.aspx

Related Posts

• Encryption Techniques
• Public-key Cryptography
• Pretty Good Privacy

Abstract
The purpose of this document is to provide fundamental differences between link and end-to-end encryption techniques. Also included within this document is a description of traffic padding and what its fundamental purpose is. The last item that can be found within this document is a description of differences between a session key and a master key.

Content
Although similar, there is a major difference between end-to-end encryption and link encryption. Both end-to-end encryption and link encryption is used to ensure data being passed along a network is secure. For both end-to-end encryption and link encryption to work both sides need to have a prearranged key and algorithm established. End-to-end encryption works by encrypting the payload of a packet and leaves the header information unencrypted to allow for routing to be done without the need of decrypting the packet (Net Security, 2009). End-to-end encryption works between two end systems on a network. Link encryption works by having an encryption device on two ends of a communication path and encrypting everything that enters those encryption devices. Link encryption is good, however on a large network there is a need for numerous encryption devices (School of Electronics and Communications Engineering, 2009). Also for link encryption, a major disadvantage is that data needs to be decrypted before entering a network device. The major difference between link encryption and end-to-end encryption is that link encryption encrypts everything and end-to-end encryption only encrypts the payload of a packet and leaves the header information clear to allow for switching or routing.

What is traffic padding? Traffic padding is the ability to generate additional data and input that data into a data stream in order to make data analysis or data monitoring more difficult. Traffic padding can be found within encryption devices in order to make communications more secure. Traffic padding is used to ensure the confidentiality of private information is not compromised.

In order to best understand what the difference between a session key and a master key is, it is important to know about each. A session key is a key that is used to encrypt all communications between devices during an entire session. Once the session has been broken, a new session key needs to be generated in order to establish secure communications. A master key is a key that is used to create other keys from. Since a master key is used to create other keys from, it is important that a master key is handled appropriately and is stored in a secure location (Sibbald, 2008). A master key is used to create other keys, while a session key is a one-time use key that is used to ensure communications are secured during an entire session.

In conclusion, there are similarities between different types of encryption and different types of keys, but even though it seems they are the same there are differences. End-to-end encryption encrypts only the information within a body of a packet, whereas link encryption encrypts everything between two points. Traffic padding is used to ensure secure communications remain secure by generating pieces of information and placing that information into a data stream in order to make monitoring more difficult. A session key is used to ensure data is securing for the duration of a session between devices, whereas a master key is used to derive other keys from.

References
1. (2009, February 13th). Distributed end-to-end encryption of sensitive data with SecureData. Retrieved February 22, 2009, from Distributed end-to-end encryption of sensitive data with SecureData Web site: http://www.net-security.org/secworld.php?id=7045
2. (2009). Network Security. Retrieved February 22, 2009, from Network Security and Encryption Web site: [URL Removed Broken link]
3. Sibbald, Kern (2008, January 26th). Data Encryption. Retrieved February 22, 2009, from Bacula Web site: [URL Removed Broken link]

Related Posts

• Internet Protocol Security (IPsec)
• Encryption Techniques
• Public-key Cryptography

[Abstract]
The purpose of this document is to analyze cryptographic transposition techniques by showing a few examples of some different techniques. The next portion of this document is to provide an answer to the question “Is it possible to decrypt the message that was encrypted with a two-stage transposition technique with a different key?” The last part of this document provides supporting information to the argument, “The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography.” This document provides a basic knowledge and understanding of how different encryption techniques can be used and is intended for use by anybody interested in gaining a basic knowledge of encryption techniques.

[Content]
Three different encryption techniques are primitive in nature, however they illustrate different techniques that can be used to secure data. The three different techniques used will use the following message as an example of the data to be protected: “The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography.” One technique that is used is called the rail fence technique. This method works by offsetting every other letter in a message and then putting the second line of text behind the first line. This method is illustrated in the following example.

Transposition Technique: Rail Fence
Plain Text: thetranspositionciphertechniqueworksbypermutingthelettersoftheplaintextitisnotverysecurebutitisgreatforlearningaboutcryptography
Cipher Text: ternpstocpetcnqeokbpruighltesfhpanettsovrscrbttsrafrerigbucytgahhtasoiinihrehiuwrsyemtnteetrotelitxiinteyeueuiigetolannaotrporpy

The next technique is called the columnar transposition. This method works by using a key and inputting the message in a number of columns that is identified by the key and then the number of characters in the message itself identifies the number of rows. After the message is placed into the rows and columns then the characters in each column is placed in the order identified by the key (Stallings, 2006). This is illustrated in the following example.

Transposition Technique: Columnar Transposition
Key: 2315746
Plain Text: thetran
spositi
onciphe
rtechn
iquewo
rksbyp
ermuti
ngthele
ttersof
thepla
intexti
tisnotv
erysecu
rebutit
isgreat
forlear
ningabo
utcrypt
ography
Cipher Text: eoceusmteetsybgrncrtsorirentiterifnuohpntqkrgthniresoitgathhwytlolttciaabphtsicebuhrpeosurlgranienopiefaiyuttrotyripcebuespxoeteeayp

The last technique is called the double transposition. This method is very similar to the columnar transposition, except that after the cipher text is determined after the initial encryption, then the cipher text in put back through the matrix and encrypted a second time. This is illustrated in the following example.

Transposition Technique: Double Transposition
Key: 2315746
Plain Text (1st Cipher Output): eoceusm
teetsyb
grncrts
orirent
iterifn
uohpntq
krgthni
resoitg
athhwyt
lolttci
aabphts
icebuhr
peosurl
granien
opiefai
yuttrot
yripceb
uespxoe
teeayp
Cipher Text (2nd Cipher Output): ceniehgshlbeoaitiseetgoiukralaipgoyyutoerrtoretoacerpureesytnftntycthreaoeoyetcrrptohtpbsnetppambstnqigtisrlnitbeusreinhiwthuuifrcxy

When the question is asked, “Is it possible to decrypt the double transposition message with a different key?” the answer is simply “yes.” The matrix transposition ciphers can be cracked because they use a fixed number of characters to develop a matrix. By simply counting the total number of letters can help to guess what size matrix is to be used. Once the total number of letters is known, then it is a matter of trying all variations of different sizes of matrices. By filling in the matrix with the characters both horizontally and vertically a person can look for patterns. By using this methodology, with a little trial and error, a person can continue to try different sized matrices and filling in the letters to look for patterns of letters to spell words (NOVA, 2000). This methodology is essentially recreating the key, but the whole key may not be needed to completely understand the message. Due to the fixed size of matrices used for the matrix transposition method, it is possible to crack the message by using a different or incomplete key.

“The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography,” is a true statement. To better understand this statement it is important to understand what the statement is saying. The statement is saying that the transposition cipher technique works by changing the letters of plaintext. As previously illustrated in the previous examples, one can clearly see that this technique of encryption works by simply changing the order of the characters in the original plain text and therefore that is a true statement.

In conclusion, the transposition techniques of changing the order of the characters in the original plain text message are primitive means of encrypting the original message. Although the rail fence, matrix transposition, and the double transposition methods are good for learning about encryption techniques, they are not ideal for encrypting any real messages. Due to using the original plain text of the message, one is able to crack the encryption technique by using a different or incomplete key.

References
1. Stallings, William (2006). Cryptography and Network Security (Fourth Edition). Upper Saddle river, NJ: Pearson Prentice Hall. (2000, November).
2. The Double Transposition Cipher. Retrieved February 11, 2009, from >NOVA Online | Decoding Nazi Secrets | The Double Transposition Cipher Web site: http://www.pbs.org/wgbh/nova/decoding/doubtrans.html

Related Posts

• Link and End-to-End Encryption Techniques
• Data Encryption Standard and 3DES
• Public-key Cryptography

[Abstract]
The purpose of this document is to provide a basic knowledge of how having a business backup plan can maintain business continuity. Also included within this document are guidelines to maintain business continuity and an explanation of some consequences for not following the business continuity guidelines.

[Content]
When the September 11th attacks on the New York world trade center towers happened, it was a major wakeup call, not only for national security, but also for the amount of business data that was lost when the two buildings collapsed. As tragic as the attacks were, many businesses found out how effective or ineffective their computer network backups worked. In many cases companies’ lost large amounts of data. If companies had better business continuity procedures established, then there would be minimal data lost.

Maintaining a backup of all network systems and its respective data will maintain business continuity in the event of a catastrophic event. Previously the main concerns with maintaining backups of all computer systems and their data was in the event of a natural disaster like an earthquake, hurricane, fire, tidal wave, flooding, landslides, etc. In recent years there has been another reason identified and that is due to terrorist or militaristic attacks. The September 11th attacks on the world trade centers tested many companies with maintaining business continuity and many of those companies failed to maintain off-site backups so their businesses were greatly affected (Shore, 2002). There are different strategies when considering a backup and disaster recovery plan. One strategy consists of four parts that those parts are to detect, notify, isolate, and repair (Mitchell). The detect portion of the strategy is to quickly determine the source of the failure. The notify portion of the strategy is to notify all parties that are involved with recovering from the failure, as well as, the parties that are affected from the failure. The next step is to isolate the affected systems and minimize the failure from affecting any additional systems. The last step is to repair any affected systems or recover from the failure. There are also different backup strategies when considering a disaster recovery plan. One backup strategy is to backup all critical data and then either electronically transfer or physically ship the backups to an offsite location. This method is typically cheaper, however in many cases it is much slower to recover and restore systems to their previous state. Another backup strategy is to have a coop site, which all necessary data is completely backed up to another location. The coop site strategy comes at a much higher cost, however it has the ability to recover much quicker and provides a much more efficient recovery process in the event of a disaster. There are difference disaster recovery and backup strategy plans that are designed to maximize business continuity in the event of a disaster or catastrophic failure.

When applying disaster recovery guidelines to a business continuity strategy it is important to know about the recommended guidelines and the consequences if the guidelines are not followed. One of the first and foremost guidelines to recommend to any organization is to have a policy that states which disaster recovery strategy the company is going to use. Without having this policy in place, every different office within the organization may choose to follow their own guidelines and do what they think is best. The next policy that should be implemented should identify which backup strategy the company chooses to employ. This backup strategy should be chosen based upon company goals, cost, importance of data, and the desired minimal downtime the company determines as acceptable. Without the company identifying the backup strategy, there is a possibility different offices within the organization could waste time, money, and effort employing their own desired methods. The 3rd guideline for a company should be to implement a policy that states when backups are to be completed, where they will be stored, how often they are to be tested, and which offices or organizations are responsible for maintaining documentation of the procedures for backing up, storing, and testing. When a company chooses to not have a policy that identifies the company’s proper backup and testing procedures the results are drastic due to loss of data, loss of money, loss of resources, and many wasted man-hours. When a company chooses to put policies in place that identify business goals for minimizing loss of data, time, and money during a time of disaster, all offices or organizations within that company must comply with the policies or be held accountable.

In conclusion, there are information assurance lessons that have been learned from previous disasters, which should pave the way for future business continuity strategies. In order for companies to employ a successful business continuity strategy there needs to be policies put in place to identify which disaster recover and backup plans best suite the company. It is critical to ensure all offices and organizations within the company follow the company’s policies otherwise be held accountable in the event there is a loss.

References
1. Shore, Dave (2002, May 17th). Sept. 11 reaches real lessons in disaster recovery and business continuity planning. Retrieved February 8, 2009, from Tech Republic Web site: http://articles.techrepublic.com.com/5100-10878_11-1048799.html
2. Mitchell, Bradley Network Disaster Recovery . Retrieved February 8, 2009, from Network Disaster Recovery – Overview Web site: http://compnetworking.about.com/od/itinformationtechnology/l/aa083102a.htm

Related Posts

• The 1993 World Trade Center Bombing: A Dark Warning
• The Lasting Impact of September 11th: A Wake-up Call to Unite Against Terrorism
• Disposition of Sensitive Information

[Abstract]
The purpose of this document is to provide a basic understanding of network operation centers by identifying three key factors to consider when choosing a location for a network operation center. Also included within this document are five areas of physical security to consider when constructing a network operation center.

[Content]
When considering constructing a network operations center, otherwise known as a NOC, there are some key factors to consider when choosing an ideal location. Many large globalized organizations choose geographic locations to host their network operations centers. This is in part so that the NOC for an area covers a region of the globe and ensures their communications operate optimally. Another part of the reason is due to different industry standards for different geographical regions. In the United States a network may traverse a T-1 circuit, however in Europe the network may traverse E-1 circuits (Patton Electronics Co., 2001). Even though this may not seem like a significant different, it does illustrate different standards for different geographical locations and having a NOC that is familiar with its specific region will greatly reduce downtime in the event of a failure and maintain an overall general knowledge base of the networks in their geographical region. Another factor to consider when choosing a location for a NOC is choosing a city that has the surrounding infrastructure to ensure a maximum uptime of building power. Ensure that local businesses, including Internet Service Providers, can meet or exceed the needs that are required to support the capabilities of a NOC. When choosing a facility to host a NOC there are many considerations to be taken into account, but to name a few the overall building power and redundant backup power, such as a building generator, are requirements. Access to the building, to include any combination locks, biometric access points, loading area security, perimeter security fencing, and local security guards, are all instrumental elements to ensuring that the facility maintains a high level of security. Part of the overall building requirements when choosing an ideal facility is to first ensure that it has enough space and cooling to accommodate all of the necessary equipment that will be operated within. Once inside a building it is dire to ensure that all network cables are secured whenever they leave the NOC by putting them in a protective covering, such as a conduit, to ensure the network is not being monitored or tampered with in any way. There are many elements to take into account when choosing a location that can accommodate a high level of security and importance as with that which is needed to house a network operations center.

As part of ensuring the overall physical security for a facility to host critical operations that are provided by a NOC there are many different considerations. First and foremost is to ensure the building is secure by having locks on all doors, security cameras put in place, guards posted and logging all access into the building, and any necessary alarms installed onto any doors. Part of ensuring the overall security of a building is to monitor the state of the building by monitoring door alarms, monitoring security cameras watching for any suspicious activity, signing in any visitors to the building and ensuring they have access to only areas they have the clearance for, and lastly conduct background investigations on employees to ensure they are trustworthy to protect the building and its contents. Another area of physical security to consider is to secure all networking cables by placing the cables in a secure housing, such as a metal conduit, whenever they traverse an unsecured room or area. Another part of physical security is to ensure all networking equipment is secure by having it in a locked room or locked equipment rack with only authorized persons having access (Bogue, 2003). Much like with ensuring security personnel are trustworthy, any and all employees who work inside the NOC should have background investigations to ensure they are trustworthy to work with or handle the level of security classification for the data they are handling. Another part of physical security is to have policies in place to ensure all computers and documentation is put in an authorized secure location, like a safe, when the systems or documentation is not being used. One portion of the policies should identify that all backups must be stored in a secure different geographical location. There are many different areas of consideration when ensuring the physical security for a network operations center.

In conclusion, when choosing a location to host a network operations center there are many factors to consider that apply to where the network operations center will reside. Some of the concerns are with the facility itself, but there are also concerns that go beyond the facility and are related to the surrounding area. When hosting a network operations center there are many physical secure concerns to take into account. Ensuring the physical security of the facility and networking equipment aids in ensuring the data that is being monitored and housed inside the NOC is secured.

References
1. (2001, May 11th). T1/E1/PRI Technology Overview. Retrieved February 7, 2009, from Patton Electronics Co. Web site: [URL Removed Broken link]
2. Bogue, Robert (2003, August 11th). Lock IT Down: Don’t overlook physical security on your network. Retrieved February 7, 2009, from Lock IT Down: Don’t overlook physical security on your network Web site: http://articles.techrepublic.com.com/5100-10878_11-5054057.html

Related Posts

• Network Testing Programs
• Advantages and Disadvantages of Network Topologies
• Networking Protocols and Models

[Abstract]
The purpose of this document is to provide a basic understanding of operating systems and vulnerabilities with hardening practices for ensuring Apple’s operating system OS X is secured. Also included within this document are methods for ensuring that a web server is secured.

[Content]
“Every Mac is secure right out of the box,” thanks to the proven foundation of Mac OS X (Apple Inc., 2009). Although this statement is true in the aspect that you physically have control of your Mac and that it hasn’t yet been configured to go onto a network, this doesn’t mean that the system should be ran without first securing the system, simply because Apple Inc. says that it is more secure. When a new computer is purchased or a computer has an operating system newly installed onto it, the computer may need additional configurations in order to protect the system from potential threats. There are steps that should be taken to protect or make the computer more secure prior to ever start leisurely using the system.

Apple has made a valiant effort to make their operating system more secure for the standard user to use with confidence straight after purchasing or installing Apple‚Äôs operating system OS X, however there are still additional steps that should be taken to harden the system prior to casual or business use. One of the initial steps to ensuring that OS X is more secure is to configure the system with individual user account for all individuals who will be using the system. This means that there are no shared accounts for all users to use and nobody should be logged in as the administrator, otherwise known as root. All user accounts should be using strong passwords that meet or exceed the minimum strong password requirements. The next step to ensuring the user accounts have an additional layer of security is to go into the system preferences and turn on FileVault‚ for all the user accounts. Apple’s FileVault uses a 256-bit AES encryption to encrypt the users home directory (Apple Inc., 2007). Once the user accounts are properly configured it is important to start locking the system down. To lock the system down it is important to ensure the firewall is enabled. The next step should be to turn on the automatic updates and then to run the update to ensure all the latest patches have been applied. After the security updates have been applied it is instrumental to the system security to ensure any unused or any unneeded services are turned off. Properly configured user accounts and operating system add different layers to security of the system.

After the system security configurations are made it is a good idea to start locking down the applications. One of the biggest vulnerabilities happens when a user is surfing the Internet and downloads applications. Some of the security configurations can be applied to Apple‚Äôs web browser known as Safari. First it is important to ensure Safari is configured to block pop-up windows. The next step to securing Safari is to turn OFF “Open ‘Safe’ Files After Downloading.” Another good step to that is nice, but not a necessity is to use Safari’s Private Browsing whenever possible. In the event a system is authorized to run a service, such as a web service, it is important to ensure that service is properly secured. One method to ensuring a service is secured is to ensure the latest version of the web server is being used and any security updates have been applied. For example it may be a good idea to run the service under a wheel or system account as opposed to running it under a user account. Next it is important to configure the users of that service have the proper permissions. The next step to locking down a service is to adjust any file permissions so that only authorized users can access or modify files. After any configuration changes have been made to the different applications on the system it may be necessary to install 3rd party applications, such as antivirus software to further add additional security. Application security may need to be applied to any and all applications on a particular system, but that may depend on the system and its uses.

The final step that is going to be mentioned should be the first step to ensuring any system is more secure is to ensure all users are properly trained on the system and are aware of any acceptable use policies that may be put in place to aid is securing devices on a network. No matter what configurations that may have been made, software that is in place, one of the biggest threats to a system is a user of the system. This means that users shouldn’t be allowed to readily go out and visit Warez sites or other known threatening websites. Users should also be aware that downloading and installing software applications from the Internet could compromise security to that system. In the event that a user is a minor, it may be necessary for an adult to use parental controls as well as monitoring the minor while they use the system. A properly trained user can aid in ensuring a system is more secure and remains secure.

In conclusion, properly configuring user accounts, system configurations, application configurations, and installing any 3rd party applications will provide a layered approach to hardening a system. Even after a system is properly configured it is important to ensure all users of that system are trained or monitored. After all configurations and training have been completed, it is then acceptable to connect the system to a properly configured and secured network for use.

References
Apple, Inc. (2009). Apple – Mac OS X Leopard – Technology – Security. Retrieved January 31st, 2009, from Apple – Mac OS X Leopard – Technology – Security Web site: http://www.apple.com/macosx/technology/security.html
Apple, Inc. (2007, November). Keeping safety simple.. Mac OS X Security , Retrieved January 31st, 2008, from [URL Removed Broken link]

Related Posts

• Better Solution to Windows
• Security Concerns of a Collaboration System
• Windows vs. macOS: The Ultimate Showdown of Features, Performance, and User Experience

[Abstract]
The purpose of this document is to provide a summary of the article entitled “Disposition Of Sensitive Automated Information” as the author understands this article. Also included within this document is an explanation of how disk encryption can help to protect the information on that disk in the event it was lost or stolen.

[Content]
The article entitled “Disposition Of Sensitive Automated Information” identifies methods that should be used by businesses, government, and even the military for ensuring their information is safely removed from different types of media. There are three different techniques that are identified in different publications that the article talked about ensuring there is no information or remnants of information remaining on a disk. The three methods are overwriting, degaussing, destruction. Overwriting would consist of using an NSA approved software application, such as BCWipe (Jetico, 2008), to write 1‚Äôs and 0‚Äôs over a disk seven times to ensure that the information on the disk could not be retrieved. The overwriting method should be used on operations media in an instance where the media may need to be reused again. The degaussing method should be used by an NSA approved degasser and this method will magnetically or electronically destroy a piece of media so that no information can be retrieved. This method should be used on a piece of media that may contain information, but the media itself is non-operational. The final method of destruction provides specifications of how media should be properly disposed of. The article “Disposition Of Sensitive Automated Information” identifies methods that should be used to properly ensure data is unrecoverable from media.

There are instances where data on a form of electronic media needs to be protected in the event that it falls into an unauthorized individuals possession. Disk encryption can help to ensure information is being protected from unauthorized access, however encryption is not the solution, but rather a technique for helping to protect data (TecSec, 2006). By simply encrypting the information on a disk cannot protect that information forever. Time is any type of encryptions’ number one enemy, as it takes time before an encryption algorithm can be cracked. Once the algorithm is cracked then access to the protected information can be gained. One of the best uses of using the disk encryption method for protecting data is when travelling, either domestically or internationally. Another good instance of proper use of this technique is in the event you have to relinquish physical control of a piece of media or when you may not be physically present to ensure that media is secure. The use of encryption to secure physical media will help protect the information on that media in the event the media should fall into the wrong hands.

References
1. Jetico – Products. Retrieved January 25, 2009, from Jetico – Products Web site: [URL Removed Broken link]
2. TecSec, (2006, January). Tactical Military Encryption in a Multinational Environment. Retrieved January 25, 2009, from Tactical Military Encryption in a Multinational Environment Web site: [URL Removed Broken link]

Related Posts

• Software Applications Forensic Investigators Use
• Hashing Algorithms and CRC Uses
• Challenges Forensic Investigators Face