Friday 5 October 2012

Preventing computer related crime

  • Cryptography: How it works?
    • it is a variable value that is used by cryptographic algorithms to produce encrypted text or decrypt encrypted text.
    • The length of the key reflects the difficulty to decrypt from the encrypted message.
  • Cryptography is first appeared in closed commercial, financial network and military systems.
  • We can send/receive secure e-mail, connect to secure website to purchase goods or obtain services.
  • Problem: how do we implement them in this global open network, internet?
  • To what level of encryption is sufficient to provide safe and trust services on the Net?
  • The Public Key Infrastructure enables users of an unsecured public network such as the internet to securely and privately exchange data through the use of a public and private cryptographic key pair that is obtained through a trusted authority.
  • A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file) is authentic.
    • This is NOT scanned signature!!
    • Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.
    • A message is generated between a 128-bit and a 256 bit through an algorithm. This generated number is then encrypted with the senders private key and added to the end of the message.
    • The recipient receives the message they run the message through the same hash algorithm and generate. They then decrypt the signature using the senders public key and provided the two numbers match they know the message is from who that is has not been modified.
  • Anti-virus software to ensure that malicious program such as worms and viruses do not damage or destroy vital information.
  • Anti-virus programs or utilities prevent viruses and recover the computer from them if the computer is infected.
  • Using intrusion detection software monitors the system and network resources and notifies of any unauthorized access.
  • The following are protocols that will help protect systems against hackers
    1. Install string user authentication and encryption capabilities
    2. Install the latest security patches
    3. Disable guest accounts and null user accounts
    4. Do not provide easy log in procedures for remote users.
    5. Give an application its own server
    6. Restrict physical access to the server
    7. Turn audit trails on
    8. Consider installing caller ID
    9. Install a corporate Firewall
    10. Install anti-virus software
    11. conduct regular IS security audits
    12. Verify and exercise frequent data backups for critical data.
    13. Have contingency plan in place.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)