Message Authentication

Abstract
The purpose of this document is to define message authentication, as well as, to identify different types of attacks that message authentication was designed to protect against. This document is intended for anybody looking to gain a basic knowledge or understanding of message authentication.

Content
A Message Authentication Code (MAC) is a short piece of information used to authenticate a message between two parties. The MAC functions by using a message and a secret key to produce a fixed-length value that is used as an authenticator (Stallings, 2007, p.320). The message authentication performs two primary functions. The first function is to use the secret key and the message to produce the authenticator. The second primary function is to enable the receiver of a message to verify the authenticity of a message. A MAC is different from public-key encryption methods, such as digital signatures, because a MAC value is generated and verified by using the same secret key. Message Authentication Code, although similar to a cryptographic hash, does possess different security requirements. Message Authentication Code uses a message and a secret key to produce an authenticator that is used by a recipient of a message to authenticate the origin of the message and verify the authenticity of the message.

Message Authentication was designed to protect information against certain types of security vulnerabilities. Masquerading is the threat of message being sent from a fraudulent source or a fraudulent acknowledgement of a message receipt in which message authentication protects against (Ajarvi, 2001). Another threat that is protected against is the threat of content modification. Content modification is when information that is contained within a message is altered in some way. Sequence modification is a threat of changing the order of messages between parties and is minimized by message authentication. Another threat is called timing modification and this threat consists of delaying or replaying messages in order to gain unauthorized access. Message authentication protects against the security threats of masquerading, content modification, sequence modification, and even timing modification.

In conclusion, message authentication was designed to ensure a message can be sent from one person to another without being modified while in transit and to guarantee the message is being sent from the person the message says its from. Message authentication works by taking a message in conjunction with a secret key to produce a fixed-length item called an authenticator and then once the message is received the receiver of the message can verify the messages authenticity. Message authentication protects against different security threats like content modification, sequence modification, timing modification, and masquerading.

References
1. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 320-321). Upper Saddle
River, NJ: Pearson Prentice Hall.
2. Ajarvi, (2001, March 2nd). Message Authentication and Hash functions. Retrieved March 8, 2009, from Message Authentication and Hash functions Web site:

Two Plastic Bags

A little old lady was walking down the street dragging two large plastic garbage bags behind her. One of the bags was ripped and every once in a while a $20 fell out onto the sidewalk.

Noticing this, a policeman stopped her, and said, “Ma’am, there are $20 bills falling out of that bag. Oh really? Darn it!” said the little old lady. “I’d better go back and see if I can find them. Thanks for telling me officer.” Well, now, not so fast,” said the cop. Where did you get all that money? You didn’t steal it, did you?”

“Oh, no, no”, said the old lady. “You see, my back yard is right next to the football stadium parking lot. On game days, a lot of fans come and pee through a knot hole in the fence, right into my flower garden. It used to really tick me off. Kills the flowers, you know. Then I thought, ‘why not make the best of it? So, now, on game days, I stand behind the fence by the knot hole, real quiet, with my hedge clippers.

Every time some guy sticks his pecker through my fence, I surprise him, grab hold of it and say, ‘O.K., buddy! Give me $20, or off it comes.’

“Well, that seems only fair,” said the cop, laughing. “OK. Good luck! Oh, by the way, what’s in the other bag?”

“Well, you know”, said the little old lady, “not everybody pays.”

Bass Pro Shop

A woman goes into Bass Pro Shop to buy a rod and reel for her grandson’s birthday. She doesn’t know which one to get; so she grabs one and goes over to the counter. A Bass Pro Shop associate is standing there wearing dark glasses.

She says, ‘Excuse me, sir. Can you tell me anything about this rod and reel?’

He says, ‘Ma’am, I’m completely blind; but if you’ll drop it on the counter, I can tell you everything from the sound it makes.’

She doesn’t believe him but drops it on the counter anyway.

He says, ‘That’s a six-foot Shakespeare graphite rod with a Zebco 404 reel and 10-LB test line. It’s a good all around combination and it’s on sale this week for only $20.00.

‘It’s amazing that you can tell all that just by the sound of it dropping on the counter’, she says. “I’ll take it!” As she opens her purse, her credit card drops on the floor.

‘Oh, that sounds like a Master Card,’ he says.

She bends down to pick it up and accidentally “toots”. At first she is really embarrassed, but then realizes there is no way the blind clerk could tell it was she who tooted. Being blind, he wouldn’t know that she was the only person around.

The clerk rings up the sale and says, ‘That’ll be $34.50 please.’

The woman is totally confused and says, ‘Didn’t you tell me the rod and reel were on sale for $20.00? How did you get $34.50?’

He says, ‘Yes, Ma’am. The rod and reel is $20.00, but the Duck Call is $11.00 and the Bear Repellent is $3.50.

Wife 1.0

Dear Tech Support:

Last year I upgraded from Girlfriend 7.0 to Wife 1.0. I soon noticed that the new program began unexpected child processing that took up a lot of space and valuable resources. In addition, Wife 1.0 installed itself into all other programs and now monitors all other system activity, such as Poker Night 10.3, Football 5.0, Hunting and Fishing 7.5, and Racing 3.6. I can’t seem to keep Wife 1.0 in the background while attempting to run my favorite applications. I’m thinking about going back to Girlfriend 7.0, but the uninstall doesn’t work on Wife 1.0. Please help!

Thanks,

A Troubled User.

______________________________________

REPLY:
Dear Troubled User:

This is a very common problem that men complain about.

Many people upgrade from Girlfriend 7.0 to Wife 1.0, thinking that it is just a Utilities and Entertainment program. Wife 1.0 is an OPERATING SYSTEM and is designed by its Creator to run EVERYTHING!!! It is also impossible to delete Wife 1.0 and to return to Girlfriend 7.0. It is impossible to uninstall, or purge the program files from the system once Installed!

You cannot go back to Girlfriend 7.0 because Wife 1.0 is designed to not allow this. Look in your Wife 1.0 manual under Warnings-Alimony-Child Support. I recommend that you keep Wife1.0 and work on improving the situation. I suggest installing the background application “Yes Dear” to alleviate software augmentation.

The best course of action is to enter the command C:\APOLOGIZE because ultimately you will have to give the APOLOGIZE command before the system will return to normal anyway. Wife 1.0 is a great program, but it tends to be very high maintenance. Wife 1.0 comes with several support programs, such as Clean and Sweep 3.0, Cook It 1.5 and Do Bills 4.2.

However, be very careful how you use these programs. Improper use will cause the system to launch the program Nag Nag 9.5. Once this happens, the only way to improve the performance of Wife 1.0 is to purchase additional software. I recommend Flowers 2.1 and Diamonds 5.0! WARNING!!! DO NOT, under any circumstances, install Secretary With Short Skirt 3.3. This application is not supported by Wife 1.0 and will cause irreversible damage to the operating system.

Best of luck,
Tech Support

When Daddy Calls

‘Hello?’

‘Hi honey.

This is Daddy. Is Mommy near the phone?’

‘No Daddy. She’s upstairs in the bedroom with Uncle Paul.’

After a brief pause, Daddy says, ‘But honey, you haven’t got an Uncle Paul.’

‘Oh yes I do, and he’s upstairs in the room with Mommy, right now.’

Brief Pause. ‘Uh, okay then, this is what I want you to do. Put the phone down on the table, run upstairs and knock on the bedroom door and shout to Mommy that Daddy’s car just pulled into the driveway.’

‘Okay Daddy, just a minute.’ A few minutes later the little girl comes back to the phone. ‘I did it Daddy.’

‘And what happened honey?’

‘Well, Mommy got all scared, jumped out of bed with no clothes on and ran around screaming. Then she tripped over the rug, hit her head on the dresser and now she isn’t moving at all!’

‘Oh my God!!! What about your Uncle Paul?’

‘He jumped out of the bed with no clothes on, too. He was all scared and he jumped out of the back window and into the swimming pool. But I guess he didn’t know that you took out the water last week to clean it. He hit the bottom of the pool and I think he’s dead.’

***Long Pause***

***Longer Pause***

***Even Longer Pause***

Then Daddy says, ‘Swimming pool? Is this 486-5731?’

Public-key Directory

a laptop computer sitting on a stage in front of a building

Abstract
The purpose of this document is to explain the four key elements to a public-key directory. Also included in this document is an explanation of what a public-key certificate is. This document is intended for anybody looking to gain knowledge about public-keys and public-key certificates.

Content
When working with the public-key cryptography there is a need to distribute public keys so that users are able to encrypt messages using the recipient’s public key. One method for distributing public-keys is by using a public-key directory. The public-key directory acts as a central repository for storing and distributing public-keys that have been established. The public-key directory is a listing where users can publish their public key to and then other users can find their public-key in order to send an encrypted message.

A public-key directory is a central repository where users who have registered and obtained cryptographic public and private keys can publish their public key in order to search the directory to find others or let others find them so that secure message traffic can be passed. By having a third-party maintain the public-key directory a greater level of security can be achieved (Stallings, 2007, p.291-292). In order for the directory to maintain a heightened level of security, it must first be maintained by a trusted organization. The trusted authority of the public directory would have to maintain four key elements for the directory. The first key element is that the directory stores a name and public key for each participant of the directory. The second key element is that each participant registers, either in person or over some authenticated means, with the directory authority. The third key element to the public directory is that all participants need to have the ability to update or change their keys at any time in the event that a key has been compromised. Lastly, all participants of the directory need to have the ability to access the directory electronically over some sort of secure means. Although the public-key directory provides a more secure means to distribute public keys, it does provide a single point of weakness in the even the directory’s private key has been cracked or illegally obtained. Another drawback to the public-key directory is that it provides a bottleneck for sending encrypted message traffic. The public-key directory is a centralized repository that has four key elements that must be achieved in order for the directory to be successful and even though the directory is more secure than individually distributing keys, it dos have some drawbacks.

An alternative method to using a public-key directory is similar, however it does not require requesting a recipients keys from a public-key authority. The alternative method would instead use digitally signed certificates that contains and identifier of the owner of a public key’s with the public-key and then it would be signed by a trusted third-party. Using this method a user can present their public key in a secure message in order to obtain a certificate. Then when the user wants to send an encrypted message to another user, all they have to do is provide the certificate of the person they want to encrypt a message to and then they know the key is valid because the certificate can only be created by the owner of that public key. This method has a need for a certificate authority to have the function of being the only entity that can create or update certificates. This method allows any participant to read a certificate in order to determine the name of the owner of a public key; the public keys itself, and the currency of the public key (Stallings, 2007, p.294). Using a public-key certificate method provides the means for users to lookup public keys and owners of the public keys based upon certificates, however the certificates can only be created or updated by certificate authorities.

In conclusion, there are multiple ways for users to send encrypted data to each other when using public-key cryptography. One method is for users to distribute their public keys themselves. Another method is using a public-key directory in which a public-key authority maintains the directory and provides public keys over secure channels. The public-key directory is more secure than users distributing keys themselves, however there are some drawbacks. Another method of establishing secure communications between users is by a user publishing their public key to a certificate authority in order to obtain a certificate. The certificate can then be used to verify the owner of the public-key, as well as, the keys authenticity. No matter which method is used, it is important to understand how they work and what is being accomplished by each of these methods.

References
1. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 291-292). Upper Saddle
River, NJ: Pearson Prentice Hall.
2. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 291-292). Upper Saddle
River, NJ: Pearson Prentice Hall.

Public-key Cryptography

Abstract
The purpose of this document is to provide a basic understanding of public-key cryptography. Also included within this document is a description of the basic components to the public-key cryptography system. This document is intended for anybody looking to gain a basic understanding or knowledge of public-key cryptography.

Content
When the Internet was first developed security was not a major concern as it was for different networking devices to have the ability to communicate with each other. As the Internet grew and evolved there became more of a need to ensure personal or private information was being protected from threats like: eavesdropping, impersonation, tampering, misrepresentation, and even spoofing. One method for protecting against these threats is by using public-key cryptography. Public-key cryptography protects against all of these threats by using an asymmetrical encryption process that provides encryption and decryption, tamper detection, authentication, and nonrepudiation (Sun Microsystems, 1998).

There are two primary uses of public-key cryptography, digital signing and encryption (RSA Security, 2009). When a person wants to send a digitally signed message to another person they must first register with a certifying authority (CA) to obtain a public and a private key. Once the keys have been obtained a user is able to use the key to authenticate onto a network and lookup the intended recipient in a global address listing (GAL). The person wanting to send a digitally signed message to a recipient then types up a message and chooses to digitally sign the message before sending to the recipient. Once the person pushes the send button within the e-mail client the system then performs a mathematical computation based on the private key and the message itself. When the recipient receives the message another mathematical computation is performed based on the message, the sender’s public key, and the purported signature. If the computation is correct then the signature has been verified, if the computation is incorrect then the message has been tampered or the signature is fraudulent. The mathematical computation that took place is based upon a mathematical relationship that exists between all public and private keys. Once the signature has been verified the recipient is able to read the message, knowing that is has not been altered and from a trusted source. If the message sender does not want to digitally sign a message or wants to include encryption, this process can be completed using similar steps. First the sender registers with a CA in order to obtain a public and a private key. The sender is then able to use their public key to authenticate onto a network. Once they have been authenticated onto the network they can then lookup the intended recipient in a GAL. Once the recipient has been identified the message is then encrypted using the recipients public key that was retrieved from the GAL to encrypt the message. The message is then sent to the recipient and when they are ready to read the message, the recipient uses their private key to decrypt the message knowing that any unauthorized viewers have not intercepted this message.

In conclusion, the public-key cryptography system was designed to protect against threats of eavesdropping, impersonation, tampering, misrepresentation, and spoofing. By the use of a certifying authority along with a users public and private keys the recipient of a digitally signed message will know immediately if a message was altered or sent from an untrusted source because the mathematical computation that takes place between the public and private keys will return an error. When a message is encrypted the recipient’s public key is used to encrypt the message in which the recipient will use their private key to decrypt the message knowing that it was sent and received without being altered or intercepted.

References
1. Microsystems, Sun (1998, October 9th). Introduction to Public-Key Cryptography. Retrieved February 28, 2009, from Sun Microsystems Web site: (2009). Network Security.
2. Security, RSA (2009). 2.1.1 What is public-key cryptography?. Retrieved February 28, 2009, from RAS Laboratories Web site:

How to Stop Him from Snoring


A couple has a dog that snores. Annoyed because she can’t sleep, the wife goes to the vet to see if he can help. The vet tells the woman to tie a ribbon around the dog’s testicles, and he will stop snoring. “Yeah right!” she says.

A few minutes after going to bed, the dog begins snoring, as usual. The wife tosses and turns, unable to sleep. Muttering to herself, she goes to the closet, grabs a piece of red ribbon, and ties it carefully around the dog’s testicles. Sure enough, the dog stops snoring! The woman is amazed. Later that night, her husband returns home drunk from being out drinking with his buddies. He climbs into bed, falls asleep and begins snoring loudly.

The woman thinks maybe the ribbon trick might work on him, too. So, she goes to the closet again, grabs a piece of blue ribbon, and ties it around her husband’s testicles. Amazingly, it also works on him! The woman sleeps soundly. The husband wakes from his drunken stupor and stumbles into the bathroom. As he stands in front of the toilet, he glances in the mirror and sees a blue ribbon attached to his privates. He is very confused, and as he walks back into the bedroom, he sees the red ribbon attached to his dog’s testicles..

He shakes his head and looks at the dog and whispers, “I don’t know where we were or what we did. But, by God, we took first and second place!”

How the Fight Started

One year, a husband decided to buy his mother-in-law a cemetery plot as a Christmas gift. The next year, he didn’t buy her a gift.

When his wife asked him why, he replied, “Well, she still hasn’t used the gift I bought her last year!”

And that’s how the fight started…

————————–

My wife walked into the den & asked “What’s on the TV?”

I replied “Dust”.

And that’s how the fight started…..

————————–

A woman is standing nude, looking in the bedroom mirror.

She is not happy with what she sees and says to her husband, ‘I feel horrible; I look old, fat and ugly. I really need you to pay me a compliment.’

The husband replies, ‘Your eyesight’s damn near perfect.’

And that’s how the fight started…..

————————–

My wife was hinting about what she wanted for our upcoming anniversary. She said, ‘I want something shiny that goes from 0 to 200 in about 3 seconds.

I bought her a scale..

And that’s how the fight started…..

————————–

I asked my wife, ‘Where do you want to go for our anniversary?’

It warmed my heart to see her face melt in sweet appreciation.

‘Somewhere I haven’t been in a long time!’ she said.

So I suggested, ‘How about the kitchen?’

And that’s when the fight started….

————————–

My wife and I are watching Who Wants To Be A Millionaire while we were in bed.. I turned to her and said, ‘Do you want to have sex?’

‘No,’ she answered.

I then said, ‘Is that your final answer?’

She didn’t even look at me this time, simply saying ‘Yes.’

So I said, ‘Then I’d like to phone a friend.’

And that’s when the fight started….

————————–

I tried to talk my wife into buying a case of Miller Light for $14.95.

Instead, she bought a jar of cold cream for $7.95. I told her the beer would make her look better at night than the cold cream.

And that’s when the fight started…..

————————-

I took my wife to a restaurant. The waiter, for some reason, took my order first.

‘I’ll have the strip steak, medium rare, please.’

He said, ‘Aren’t you worried about the mad cow?’

‘Nah, she can order for herself.’

And that’s when the fight started…..

Women Should Take Their Own Messages

I Like Hores

R.A.P.E.D

Dear Employees,

Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement…This scheme will be known as RAPE (Retire Aged People Early).

Persons selected to be RAPED can apply to management to be eligible for the SHAFT scheme (Special Help After Forced Termination). Persons who have been RAPED and SHAFTED will be reviewed under the SCREW program (Scheme Covering Retired Early Workers). A person may be RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Persons who have been RAPED can only get AIDS (Additional Income for Dependants & Spouse) or HERPES (Half Earnings for Retired Personnel Early Severance). Obviously persons who have AIDS or HERPES will not be SHAFTED or SCREWED any further by Management.

Persons who are not RAPED and are staying on will receive as much SHIT (Special High Intensity Training) as possible. Management has always prided itself on the amount of SHIT it gives employees. Should you feel that you do not receive enough SHIT, please bring to the attention of your Supervisor. They have been trained to give you all the SHIT you can handle.

Sincerely,

The Management.

Data Encryption Standard and 3DES

Abstract
The purpose of this document is to explain how Data Encryption Standard (DES) works and why 3 DES is now used. Also included within this document is an explanation of why the middle portion of 3DES is a decryption instead of an encryption. The last item talked about within this document is a nonce and a key distribution center.

Content
IBM developed the Data Encryption Standard (DES) in 1974 and submitted to the National Bureau of Standards as a Lucifer encryption algorithm (Tropical Software, 2007). IBM also solicited assistance from the National Security Agency (NSA) to evaluate the security of the Lucifer algorithm. In 1976, the National Institute of Standards and Technology (NIST) changed the name of the Lucifer algorithm to the Data Encryption Standard (DES) where it was widely used in a short amount of time. Over time as computers became more powerful the amount of time needed to crack the DES key was greatly reduced. In 1997 the NIST abandoned the DES and started working on a replacement.

DES encryption works by running a line of plain text through a block cipher sixteen times and then outputting a cipher text. The DES encryption has 64-bit blocks, however the 8th bit is a parity bit, so it makes the DES actually a 56-bit encryption. Prior to running the plain text through the block cipher there is an initial phase that does not play a part with encryption, but rather with ensuring compatibility with older equipment. There is also a final phase that undoes the block facilitation, which took place in the initial phase. Although DES was used for quite a long period of time it was found that as computers became more powerful, DES could be cracked with a brute force attack. DES successfully protected data by putting data through 16 rounds of data encryption, however it was eventually outgrown as it became easy to break with a brute force attack.

Triple DES was a successor to DES and it even uses the same encryption algorithm. The triple DES uses a key length of 168 bits. It is essentially the same as a DES, however it performs three rounds of encryption that is the same as 48 DES equivalent rounds. The triple DES was anticipated to only be a temporary solution until the completion of the AES encryption in 2001, however the NIST anticipates triple DES to be used until the year 2030. The triple DES is susceptible to a meet-in-the-middle attack, however for this attack to work there needs to be a 232 known plaintexts, which is not very practical (Wikipedia, 2009). The triple DES works by passing data through a 56-bit key in the initial phase, then decrypting using a 56-bit key in the second phase, and then encrypting again using a 56-bit key in the last phase of encryption.

Nonce’s and key distribution centers ensure communications on a network are secure by encrypting data. A nonce is an encryption key that is used one time to establish a secure communication and then never used again. A good use of a nonce is for establishing secure communications between a client and a server via authentication protocols because any previous keys or communications are obsolete and cannot be used in the event a replay attack is staged. Key Distribution Centers (KDC) use encryption techniques to authenticate users when a user requests a service. The KDC will then verify the user has authorization to use the requested service. Once the verification has taken place the KDC will then issue a ticket to the requestor so that secure communications can begin. A KDC is typically found in symmetric encryption techniques like on networks that use Kerberos (Microsoft, 2007). Nonce’s and key distribution centers ensure there is secure communication between a client and server by using encryption techniques.

In conclusion, the Data Encryption Standard was created to ensure private data is secure. DES worked effectively, however as the power of computers grew DES was outgrown and was superseded by triple DES. Triple DES works by using the same encryption algorithm that can be found in DES, but it passes data through three rounds of encryption. The triple DES was developed to be temporary solution until a newer encryption technology came out. Both nonce’s and key distribution centers ensure communications are secure between a client and a server by using encryption techniques.

References
1. (2007). DES Encryption. Retrieved February 21, 2009, from DES Encryption Web site: http://www.tropsoft.com/strongenc/des.htm
2. (2009, February 3rd). Triple DES – Wikipedia, the free encyclopedia. Retrieved February 21, 2009, from Triple DES – Wikipedia, the free encyclopedia Web site: http://en.wikipedia.org/wiki/Triple_DES
3. (2007, November 30th). Kerberos Key Distribution Center. Retrieved February 22, 2009, from Kerberos Key Distribution Center Web site: http://technet.microsoft.com/en-us/library/cc734104.aspx

Link and End-to-End Encryption Techniques

Abstract
The purpose of this document is to provide fundamental differences between link and end-to-end encryption techniques. Also included within this document is a description of traffic padding and what its fundamental purpose is. The last item that can be found within this document is a description of differences between a session key and a master key.

Content
Although similar, there is a major difference between end-to-end encryption and link encryption. Both end-to-end encryption and link encryption is used to ensure data being passed along a network is secure. For both end-to-end encryption and link encryption to work both sides need to have a prearranged key and algorithm established. End-to-end encryption works by encrypting the payload of a packet and leaves the header information unencrypted to allow for routing to be done without the need of decrypting the packet (Net Security, 2009). End-to-end encryption works between two end systems on a network. Link encryption works by having an encryption device on two ends of a communication path and encrypting everything that enters those encryption devices. Link encryption is good, however on a large network there is a need for numerous encryption devices (School of Electronics and Communications Engineering, 2009). Also for link encryption, a major disadvantage is that data needs to be decrypted before entering a network device. The major difference between link encryption and end-to-end encryption is that link encryption encrypts everything and end-to-end encryption only encrypts the payload of a packet and leaves the header information clear to allow for switching or routing.

What is traffic padding? Traffic padding is the ability to generate additional data and input that data into a data stream in order to make data analysis or data monitoring more difficult. Traffic padding can be found within encryption devices in order to make communications more secure. Traffic padding is used to ensure the confidentiality of private information is not compromised.

In order to best understand what the difference between a session key and a master key is, it is important to know about each. A session key is a key that is used to encrypt all communications between devices during an entire session. Once the session has been broken, a new session key needs to be generated in order to establish secure communications. A master key is a key that is used to create other keys from. Since a master key is used to create other keys from, it is important that a master key is handled appropriately and is stored in a secure location (Sibbald, 2008). A master key is used to create other keys, while a session key is a one-time use key that is used to ensure communications are secured during an entire session.

In conclusion, there are similarities between different types of encryption and different types of keys, but even though it seems they are the same there are differences. End-to-end encryption encrypts only the information within a body of a packet, whereas link encryption encrypts everything between two points. Traffic padding is used to ensure secure communications remain secure by generating pieces of information and placing that information into a data stream in order to make monitoring more difficult. A session key is used to ensure data is securing for the duration of a session between devices, whereas a master key is used to derive other keys from.

References
1. (2009, February 13th). Distributed end-to-end encryption of sensitive data with SecureData. Retrieved February 22, 2009, from Distributed end-to-end encryption of sensitive data with SecureData Web site: http://www.net-security.org/secworld.php?id=7045
2. (2009). Network Security. Retrieved February 22, 2009, from Network Security and Encryption Web site: [URL Removed Broken link]
3. Sibbald, Kern (2008, January 26th). Data Encryption. Retrieved February 22, 2009, from Bacula Web site: [URL Removed Broken link]

Aids or Alzheimer’s

The phone rings and the lady of the house answers, ‘Hello, Mrs. Sanders, please. ”Speaking. ‘Mrs. Sanders, this is Doctor James at Saint Agnes Laboratory. When your husband’s doctor sent his biopsy to the lab last week, a biopsy from another Mr. Sanders arrived as well. We are now uncertain which one belongs to your husband. Frankly, either way the results are not too good. ‘What do you mean?’ Mrs. Sanders asks nervously. ‘Well one of the specimens tested positive for Alzheimer’s and the other one tested positive for HIV. We can’t tell which is which. ‘That’s dreadful! Can you do the test again?’ questioned Mrs. Sanders. ‘Normally we can, but Medicare will only pay for these expensive tests once and once only. ‘Well what am I supposed to do now? ‘The folks at Medicare recommend that you drop your husband off somewhere in the middle of town. If he finds his way home, don’t sleep with him.’

She Will Make it Greater

“Whatever you give a woman, she will make greater.
If you give her sperm, she’ll give you a baby.
If you give her a house, she’ll give you a home.
If you give her groceries, she’ll give you a meal.
If you give her a smile, she’ll give you her heart.
She multiplies and enlarges what is given to her.
So, if you give her any crap, be ready to receive a ton of shit.”

Shibuya Crossing


Went to Shibuya crossing in Tokyo, Japan today. Here are some of the photos of the experience. You can see Tower records, Disney store, and the most busy intersection in the world.

It’s Just a Catfish

This would be ‘all the catfish you can eat.’ Each year, a few people were drowning or disappearing mysteriously in Huadu, China’s Furong Reservoir. It was not until recently, when the son of a government official went swimming, in the reservoir and was drowned, that the secret was revealed. It is a 3 meter long man-eating catfish whose head alone is 1 meter wide! After cutting up the catfish, people were surprised to find the remains of another man inside! Swimming in the reservoir is now forbidden because it is feared another similar man-eating catfish is still lurking in the waters.

holy_catfish_batmanholy_catfish_batman-1

Encryption Techniques

[Abstract]
The purpose of this document is to analyze cryptographic transposition techniques by showing a few examples of some different techniques. The next portion of this document is to provide an answer to the question “Is it possible to decrypt the message that was encrypted with a two-stage transposition technique with a different key?” The last part of this document provides supporting information to the argument, “The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography.” This document provides a basic knowledge and understanding of how different encryption techniques can be used and is intended for use by anybody interested in gaining a basic knowledge of encryption techniques.

[Content]
Three different encryption techniques are primitive in nature, however they illustrate different techniques that can be used to secure data. The three different techniques used will use the following message as an example of the data to be protected: “The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography.” One technique that is used is called the rail fence technique. This method works by offsetting every other letter in a message and then putting the second line of text behind the first line. This method is illustrated in the following example.

Transposition Technique: Rail Fence
Plain Text: thetranspositionciphertechniqueworksbypermutingthelettersoftheplaintextitisnotverysecurebutitisgreatforlearningaboutcryptography
Cipher Text: ternpstocpetcnqeokbpruighltesfhpanettsovrscrbttsrafrerigbucytgahhtasoiinihrehiuwrsyemtnteetrotelitxiinteyeueuiigetolannaotrporpy

The next technique is called the columnar transposition. This method works by using a key and inputting the message in a number of columns that is identified by the key and then the number of characters in the message itself identifies the number of rows. After the message is placed into the rows and columns then the characters in each column is placed in the order identified by the key (Stallings, 2006). This is illustrated in the following example.

Transposition Technique: Columnar Transposition
Key: 2315746
Plain Text: thetran
spositi
onciphe
rtechn
iquewo
rksbyp
ermuti
ngthele
ttersof
thepla
intexti
tisnotv
erysecu
rebutit
isgreat
forlear
ningabo
utcrypt
ography
Cipher Text: eoceusmteetsybgrncrtsorirentiterifnuohpntqkrgthniresoitgathhwytlolttciaabphtsicebuhrpeosurlgranienopiefaiyuttrotyripcebuespxoeteeayp

The last technique is called the double transposition. This method is very similar to the columnar transposition, except that after the cipher text is determined after the initial encryption, then the cipher text in put back through the matrix and encrypted a second time. This is illustrated in the following example.

Transposition Technique: Double Transposition
Key: 2315746
Plain Text (1st Cipher Output): eoceusm
teetsyb
grncrts
orirent
iterifn
uohpntq
krgthni
resoitg
athhwyt
lolttci
aabphts
icebuhr
peosurl
granien
opiefai
yuttrot
yripceb
uespxoe
teeayp
Cipher Text (2nd Cipher Output): ceniehgshlbeoaitiseetgoiukralaipgoyyutoerrtoretoacerpureesytnftntycthreaoeoyetcrrptohtpbsnetppambstnqigtisrlnitbeusreinhiwthuuifrcxy

When the question is asked, “Is it possible to decrypt the double transposition message with a different key?” the answer is simply “yes.” The matrix transposition ciphers can be cracked because they use a fixed number of characters to develop a matrix. By simply counting the total number of letters can help to guess what size matrix is to be used. Once the total number of letters is known, then it is a matter of trying all variations of different sizes of matrices. By filling in the matrix with the characters both horizontally and vertically a person can look for patterns. By using this methodology, with a little trial and error, a person can continue to try different sized matrices and filling in the letters to look for patterns of letters to spell words (NOVA, 2000). This methodology is essentially recreating the key, but the whole key may not be needed to completely understand the message. Due to the fixed size of matrices used for the matrix transposition method, it is possible to crack the message by using a different or incomplete key.

“The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography,” is a true statement. To better understand this statement it is important to understand what the statement is saying. The statement is saying that the transposition cipher technique works by changing the letters of plaintext. As previously illustrated in the previous examples, one can clearly see that this technique of encryption works by simply changing the order of the characters in the original plain text and therefore that is a true statement.

In conclusion, the transposition techniques of changing the order of the characters in the original plain text message are primitive means of encrypting the original message. Although the rail fence, matrix transposition, and the double transposition methods are good for learning about encryption techniques, they are not ideal for encrypting any real messages. Due to using the original plain text of the message, one is able to crack the encryption technique by using a different or incomplete key.

References
1. Stallings, William (2006). Cryptography and Network Security (Fourth Edition). Upper Saddle river, NJ: Pearson Prentice Hall. (2000, November).
2. The Double Transposition Cipher. Retrieved February 11, 2009, from >NOVA Online | Decoding Nazi Secrets | The Double Transposition Cipher Web site: http://www.pbs.org/wgbh/nova/decoding/doubtrans.html

Definition Distinction Between Guts and Balls

We’ve all heard about people “having guts” or “having balls”. But do you really know the difference between them? In an effort to keep you informed, the definition for each is listed below…

Guts – is arriving home late after a night out with the guys, being met by your wife with a broom, and having the guts to ask: “Are you still cleaning or are you flying somewhere?”

Balls – is coming home late after a night out with the guys, smelling of perfume and beer, lipstick on your collar, slapping your wife on the butt and having the balls to say: “You’re next.”

Helicopter Ride

Buddy and his wife Edna went to the state fair every year, and every year Buddy would say, ‘Edna,I’d like to ride in that helicopter’ Edna always replied, ‘I know Buddy, but that helicopter ride is fifty bucks, And fifty bucks is fifty bucks.’ One year Buddy and Edna went to the fair, and Buddy said, ‘Edna, I’m 85 years old. If I don’t ride that helicopter, I might never get another chance.’ To this, Edna replied, “Buddy that helicopter ride is fifty bucks, and fifty bucks is fifty bucks.’ The pilot overheard the couple and said, ‘Folks I’ll make you a deal. I’ll take the both of you for a ride. If you can stay quiet for the entire ride and don’t say a word I won’t charge you a penny! But if you say one word it’s fifty dollars.’ Buddy and Edna agreed and up they went. The pilot did all kinds of fancy maneuvers, but not a word was heard. He did his daredevil tricks over and over again, But still not a word. When they landed, the pilot turned to Buddy and said, ‘By golly, I did everything I could to get you to yell out, but you didn’t. I’m impressed!’ Buddy replied, ‘Well, to tell you the truth, I almost said something when Edna fell out, but you know, “Fifty bucks is fifty bucks!’

Business Continuity

[Abstract]
The purpose of this document is to provide a basic knowledge of how having a business backup plan can maintain business continuity. Also included within this document are guidelines to maintain business continuity and an explanation of some consequences for not following the business continuity guidelines.

[Content]
When the September 11th attacks on the New York world trade center towers happened, it was a major wakeup call, not only for national security, but also for the amount of business data that was lost when the two buildings collapsed. As tragic as the attacks were, many businesses found out how effective or ineffective their computer network backups worked. In many cases companies’ lost large amounts of data. If companies had better business continuity procedures established, then there would be minimal data lost.

Maintaining a backup of all network systems and its respective data will maintain business continuity in the event of a catastrophic event. Previously the main concerns with maintaining backups of all computer systems and their data was in the event of a natural disaster like an earthquake, hurricane, fire, tidal wave, flooding, landslides, etc. In recent years there has been another reason identified and that is due to terrorist or militaristic attacks. The September 11th attacks on the world trade centers tested many companies with maintaining business continuity and many of those companies failed to maintain off-site backups so their businesses were greatly affected (Shore, 2002). There are different strategies when considering a backup and disaster recovery plan. One strategy consists of four parts that those parts are to detect, notify, isolate, and repair (Mitchell). The detect portion of the strategy is to quickly determine the source of the failure. The notify portion of the strategy is to notify all parties that are involved with recovering from the failure, as well as, the parties that are affected from the failure. The next step is to isolate the affected systems and minimize the failure from affecting any additional systems. The last step is to repair any affected systems or recover from the failure. There are also different backup strategies when considering a disaster recovery plan. One backup strategy is to backup all critical data and then either electronically transfer or physically ship the backups to an offsite location. This method is typically cheaper, however in many cases it is much slower to recover and restore systems to their previous state. Another backup strategy is to have a coop site, which all necessary data is completely backed up to another location. The coop site strategy comes at a much higher cost, however it has the ability to recover much quicker and provides a much more efficient recovery process in the event of a disaster. There are difference disaster recovery and backup strategy plans that are designed to maximize business continuity in the event of a disaster or catastrophic failure.

When applying disaster recovery guidelines to a business continuity strategy it is important to know about the recommended guidelines and the consequences if the guidelines are not followed. One of the first and foremost guidelines to recommend to any organization is to have a policy that states which disaster recovery strategy the company is going to use. Without having this policy in place, every different office within the organization may choose to follow their own guidelines and do what they think is best. The next policy that should be implemented should identify which backup strategy the company chooses to employ. This backup strategy should be chosen based upon company goals, cost, importance of data, and the desired minimal downtime the company determines as acceptable. Without the company identifying the backup strategy, there is a possibility different offices within the organization could waste time, money, and effort employing their own desired methods. The 3rd guideline for a company should be to implement a policy that states when backups are to be completed, where they will be stored, how often they are to be tested, and which offices or organizations are responsible for maintaining documentation of the procedures for backing up, storing, and testing. When a company chooses to not have a policy that identifies the company’s proper backup and testing procedures the results are drastic due to loss of data, loss of money, loss of resources, and many wasted man-hours. When a company chooses to put policies in place that identify business goals for minimizing loss of data, time, and money during a time of disaster, all offices or organizations within that company must comply with the policies or be held accountable.

In conclusion, there are information assurance lessons that have been learned from previous disasters, which should pave the way for future business continuity strategies. In order for companies to employ a successful business continuity strategy there needs to be policies put in place to identify which disaster recover and backup plans best suite the company. It is critical to ensure all offices and organizations within the company follow the company’s policies otherwise be held accountable in the event there is a loss.

References
1. Shore, Dave (2002, May 17th). Sept. 11 reaches real lessons in disaster recovery and business continuity planning. Retrieved February 8, 2009, from Tech Republic Web site: http://articles.techrepublic.com.com/5100-10878_11-1048799.html
2. Mitchell, Bradley Network Disaster Recovery . Retrieved February 8, 2009, from Network Disaster Recovery – Overview Web site: http://compnetworking.about.com/od/itinformationtechnology/l/aa083102a.htm

Choosing a Location for a Network Operations Center (NOC)

[Abstract]
The purpose of this document is to provide a basic understanding of network operation centers by identifying three key factors to consider when choosing a location for a network operation center. Also included within this document are five areas of physical security to consider when constructing a network operation center.

[Content]
When considering constructing a network operations center, otherwise known as a NOC, there are some key factors to consider when choosing an ideal location. Many large globalized organizations choose geographic locations to host their network operations centers. This is in part so that the NOC for an area covers a region of the globe and ensures their communications operate optimally. Another part of the reason is due to different industry standards for different geographical regions. In the United States a network may traverse a T-1 circuit, however in Europe the network may traverse E-1 circuits (Patton Electronics Co., 2001). Even though this may not seem like a significant different, it does illustrate different standards for different geographical locations and having a NOC that is familiar with its specific region will greatly reduce downtime in the event of a failure and maintain an overall general knowledge base of the networks in their geographical region. Another factor to consider when choosing a location for a NOC is choosing a city that has the surrounding infrastructure to ensure a maximum uptime of building power. Ensure that local businesses, including Internet Service Providers, can meet or exceed the needs that are required to support the capabilities of a NOC. When choosing a facility to host a NOC there are many considerations to be taken into account, but to name a few the overall building power and redundant backup power, such as a building generator, are requirements. Access to the building, to include any combination locks, biometric access points, loading area security, perimeter security fencing, and local security guards, are all instrumental elements to ensuring that the facility maintains a high level of security. Part of the overall building requirements when choosing an ideal facility is to first ensure that it has enough space and cooling to accommodate all of the necessary equipment that will be operated within. Once inside a building it is dire to ensure that all network cables are secured whenever they leave the NOC by putting them in a protective covering, such as a conduit, to ensure the network is not being monitored or tampered with in any way. There are many elements to take into account when choosing a location that can accommodate a high level of security and importance as with that which is needed to house a network operations center.

As part of ensuring the overall physical security for a facility to host critical operations that are provided by a NOC there are many different considerations. First and foremost is to ensure the building is secure by having locks on all doors, security cameras put in place, guards posted and logging all access into the building, and any necessary alarms installed onto any doors. Part of ensuring the overall security of a building is to monitor the state of the building by monitoring door alarms, monitoring security cameras watching for any suspicious activity, signing in any visitors to the building and ensuring they have access to only areas they have the clearance for, and lastly conduct background investigations on employees to ensure they are trustworthy to protect the building and its contents. Another area of physical security to consider is to secure all networking cables by placing the cables in a secure housing, such as a metal conduit, whenever they traverse an unsecured room or area. Another part of physical security is to ensure all networking equipment is secure by having it in a locked room or locked equipment rack with only authorized persons having access (Bogue, 2003). Much like with ensuring security personnel are trustworthy, any and all employees who work inside the NOC should have background investigations to ensure they are trustworthy to work with or handle the level of security classification for the data they are handling. Another part of physical security is to have policies in place to ensure all computers and documentation is put in an authorized secure location, like a safe, when the systems or documentation is not being used. One portion of the policies should identify that all backups must be stored in a secure different geographical location. There are many different areas of consideration when ensuring the physical security for a network operations center.

In conclusion, when choosing a location to host a network operations center there are many factors to consider that apply to where the network operations center will reside. Some of the concerns are with the facility itself, but there are also concerns that go beyond the facility and are related to the surrounding area. When hosting a network operations center there are many physical secure concerns to take into account. Ensuring the physical security of the facility and networking equipment aids in ensuring the data that is being monitored and housed inside the NOC is secured.

References
1. (2001, May 11th). T1/E1/PRI Technology Overview. Retrieved February 7, 2009, from Patton Electronics Co. Web site: [URL Removed Broken link]
2. Bogue, Robert (2003, August 11th). Lock IT Down: Don’t overlook physical security on your network. Retrieved February 7, 2009, from Lock IT Down: Don’t overlook physical security on your network Web site: http://articles.techrepublic.com.com/5100-10878_11-5054057.html

Love Making

The Italian says, “When I’ve a finished a makina da love withna my wife, I go down and gently tickle the back of her knees, she floats 6 inches above a da bed in ecstasy.”

The Frenchman replies, zat is noting, “When Ah’ve finished making ze love with ze wife, Ah kiss all ze way¬† down her body, and zen Ah lick za soles of her feet wiz mah tongue, and she floats 12 inches above ze bed in pure ecstasy.”

The redneck says, that aint nothing. ” When I’ve finished porkin the ole lady, I git out of bed, walk over to the winder and wipe my weener on the curtains. She hits the freakin’ ceiling.”

Single vs. Engaged vs. Married

Sipping her drink, the single girl leered and said, “Last Friday at the end of the work day I went to my boyfriend’s office wearing a leather coat. When all the other people had left, I slipped out of it and all I had on was a leather bodice, black stockings and stiletto heels. He was so aroused that we made passionate love on his desk right then and there!”

The engaged woman giggled and said, “That’s pretty much my story! When my fianc√© got home last Friday, he found me waiting for him in a black mask, leather bodice, black hose and stiletto pumps. He was so turned on that we not only had sex all night, he wants to move up our wedding date!”

The married woman put her glass down and said, “I did a lot of planning. I made arrangements for the kids to stay over at Grandma’s. I took a long scented-oil bath and then put on my best perfume. I slipped into a tight leather bodice, a black garter belt, black stockings and six-inch stilettos. I finished it off with a black mask.

When my husband got home from work, he grabbed a beer and the remote, sat down and yelled, “Hey Batman, what’s for dinner?”

Most Romantic First Line, But least Romantic Second Line

These are entries to a competition asking for a rhyme with the most romantic first line but least romantic second line:

Love may be beautiful, love may be bliss
but I only slept with you, because I was pissed.

I thought that I could love no other
Until, that is, I met your brother.

Roses are red, violets are blue, sugar is sweet, and so are you.
But the roses are wilting, the violets are dead, the sugar bowl’s empty and so is your head.

Of loving beauty you float with grace
If only you could hide your face.

Kind, intelligent, loving and hot
This describes everything you are not.

I want to feel your sweet embrace
But don’t take that paper bag off of your face.

I love your smile, your face, and your eyes
Damn, I’m good at telling lies!

My darling, my lover, my beautiful wife:
Marrying you screwed up my life.

I see your face when I am dreaming
That’s why I always wake up screaming.

My love you take my breath away
What have you stepped in to smell this way?

What inspired this amorous rhyme?
Two parts vodka, one part lime.

Hardening OS X

[Abstract]
The purpose of this document is to provide a basic understanding of operating systems and vulnerabilities with hardening practices for ensuring Apple’s operating system OS X is secured. Also included within this document are methods for ensuring that a web server is secured.

[Content]
“Every Mac is secure right out of the box,” thanks to the proven foundation of Mac OS X (Apple Inc., 2009). Although this statement is true in the aspect that you physically have control of your Mac and that it hasn’t yet been configured to go onto a network, this doesn’t mean that the system should be ran without first securing the system, simply because Apple Inc. says that it is more secure. When a new computer is purchased or a computer has an operating system newly installed onto it, the computer may need additional configurations in order to protect the system from potential threats. There are steps that should be taken to protect or make the computer more secure prior to ever start leisurely using the system.

Apple has made a valiant effort to make their operating system more secure for the standard user to use with confidence straight after purchasing or installing Apple‚Äôs operating system OS X, however there are still additional steps that should be taken to harden the system prior to casual or business use. One of the initial steps to ensuring that OS X is more secure is to configure the system with individual user account for all individuals who will be using the system. This means that there are no shared accounts for all users to use and nobody should be logged in as the administrator, otherwise known as root. All user accounts should be using strong passwords that meet or exceed the minimum strong password requirements. The next step to ensuring the user accounts have an additional layer of security is to go into the system preferences and turn on FileVault‚ for all the user accounts. Apple’s FileVault uses a 256-bit AES encryption to encrypt the users home directory (Apple Inc., 2007). Once the user accounts are properly configured it is important to start locking the system down. To lock the system down it is important to ensure the firewall is enabled. The next step should be to turn on the automatic updates and then to run the update to ensure all the latest patches have been applied. After the security updates have been applied it is instrumental to the system security to ensure any unused or any unneeded services are turned off. Properly configured user accounts and operating system add different layers to security of the system.

After the system security configurations are made it is a good idea to start locking down the applications. One of the biggest vulnerabilities happens when a user is surfing the Internet and downloads applications. Some of the security configurations can be applied to Apple‚Äôs web browser known as Safari. First it is important to ensure Safari is configured to block pop-up windows. The next step to securing Safari is to turn OFF “Open ‘Safe’ Files After Downloading.” Another good step to that is nice, but not a necessity is to use Safari’s Private Browsing whenever possible. In the event a system is authorized to run a service, such as a web service, it is important to ensure that service is properly secured. One method to ensuring a service is secured is to ensure the latest version of the web server is being used and any security updates have been applied. For example it may be a good idea to run the service under a wheel or system account as opposed to running it under a user account. Next it is important to configure the users of that service have the proper permissions. The next step to locking down a service is to adjust any file permissions so that only authorized users can access or modify files. After any configuration changes have been made to the different applications on the system it may be necessary to install 3rd party applications, such as antivirus software to further add additional security. Application security may need to be applied to any and all applications on a particular system, but that may depend on the system and its uses.

The final step that is going to be mentioned should be the first step to ensuring any system is more secure is to ensure all users are properly trained on the system and are aware of any acceptable use policies that may be put in place to aid is securing devices on a network. No matter what configurations that may have been made, software that is in place, one of the biggest threats to a system is a user of the system. This means that users shouldn’t be allowed to readily go out and visit Warez sites or other known threatening websites. Users should also be aware that downloading and installing software applications from the Internet could compromise security to that system. In the event that a user is a minor, it may be necessary for an adult to use parental controls as well as monitoring the minor while they use the system. A properly trained user can aid in ensuring a system is more secure and remains secure.

In conclusion, properly configuring user accounts, system configurations, application configurations, and installing any 3rd party applications will provide a layered approach to hardening a system. Even after a system is properly configured it is important to ensure all users of that system are trained or monitored. After all configurations and training have been completed, it is then acceptable to connect the system to a properly configured and secured network for use.

References
Apple, Inc. (2009). Apple – Mac OS X Leopard – Technology – Security. Retrieved January 31st, 2009, from Apple – Mac OS X Leopard – Technology – Security Web site: http://www.apple.com/macosx/technology/security.html
Apple, Inc. (2007, November). Keeping safety simple.. Mac OS X Security , Retrieved January 31st, 2008, from [URL Removed Broken link]

Michigan: Summer’s Almost Here


Summer’s almost here in Michigan…we can now see the deer moving around. Yep, won’t be long.

The Birds and the Bee’s and Jewelry?

The Michigan Wife

Three men were sitting together bragging about how they had given their new wives duties. The first man had married a woman from Ohio and had told her that she was going to do the dishes and house cleaning. It took a couple of days, but on the third day he came home to see a clean house and dishes washed and put away.

The second man had married a woman from Illinois. He had given his wife orders that she was to do all the cleaning, dishes, and the cooking. The first day he didn’t see any results but the next day he saw it was better. By the third day, he saw his house was clean the dishes were done, and there was a huge dinner on the table.

The third man had married a beautiful girl from Michigan. He told her that her duties were to keep the house cleaned, dishes washed, lawn mowed, laundry washed, and hot meals on the table for every meal. He said the first day he didn’t see anything, the second day he didn’t see anything but by the third day some of the swelling had gone down and he could see a little out of his left eye enough to fix himself a sandwich and load the dishwasher.

Disposition of Sensitive Information

[Abstract]
The purpose of this document is to provide a summary of the article entitled “Disposition Of Sensitive Automated Information” as the author understands this article. Also included within this document is an explanation of how disk encryption can help to protect the information on that disk in the event it was lost or stolen.

[Content]
The article entitled “Disposition Of Sensitive Automated Information” identifies methods that should be used by businesses, government, and even the military for ensuring their information is safely removed from different types of media. There are three different techniques that are identified in different publications that the article talked about ensuring there is no information or remnants of information remaining on a disk. The three methods are overwriting, degaussing, destruction. Overwriting would consist of using an NSA approved software application, such as BCWipe (Jetico, 2008), to write 1‚Äôs and 0‚Äôs over a disk seven times to ensure that the information on the disk could not be retrieved. The overwriting method should be used on operations media in an instance where the media may need to be reused again. The degaussing method should be used by an NSA approved degasser and this method will magnetically or electronically destroy a piece of media so that no information can be retrieved. This method should be used on a piece of media that may contain information, but the media itself is non-operational. The final method of destruction provides specifications of how media should be properly disposed of. The article “Disposition Of Sensitive Automated Information” identifies methods that should be used to properly ensure data is unrecoverable from media.

There are instances where data on a form of electronic media needs to be protected in the event that it falls into an unauthorized individuals possession. Disk encryption can help to ensure information is being protected from unauthorized access, however encryption is not the solution, but rather a technique for helping to protect data (TecSec, 2006). By simply encrypting the information on a disk cannot protect that information forever. Time is any type of encryptions’ number one enemy, as it takes time before an encryption algorithm can be cracked. Once the algorithm is cracked then access to the protected information can be gained. One of the best uses of using the disk encryption method for protecting data is when travelling, either domestically or internationally. Another good instance of proper use of this technique is in the event you have to relinquish physical control of a piece of media or when you may not be physically present to ensure that media is secure. The use of encryption to secure physical media will help protect the information on that media in the event the media should fall into the wrong hands.

References
1. Jetico – Products. Retrieved January 25, 2009, from Jetico – Products Web site: [URL Removed Broken link]
2. TecSec, (2006, January). Tactical Military Encryption in a Multinational Environment. Retrieved January 25, 2009, from Tactical Military Encryption in a Multinational Environment Web site: [URL Removed Broken link]