Encryption Essays (Examples)

1
Onion Routing uses a flexible communications infrastructure that prevents traffic from being analyzed and eavesdropping from occurring. The way it works is by separating routing from identification techniques. In other words, any identifying information is removed from the data stream (Syverson, 2005).
The structure is created by wrapping a plaintext message in layers of encryption. Just as an onion has layers that peel away, this wrapping is successively pealed away as the wrapped message is passed through from one router to the next. The message is viewable only by the sender and the recipient and perhaps even the last node, unless end-to-end encryption is used (Joshi, 2012).
For example, in a packet switched network, packets use a header for routing and the payload confers the data. The header is visible to the network and anyone watching the network; it tells where the packet originated and where it is going.…

References
Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation
onion router. Naval Research Lab Washington DC.
Joshi, P. (2012). Onion routing. Retrieved from
 https://prateekvjoshi.com/2012/11/27/onion-routing/ 
Syverson, P. (2005). Onion routing. Retrieved from
 https://www.onion-router.net/Summary.html 

 

Part 2 - Reflective Diary

The security of customer's data is very critical in the contemporary business environment because of the increase in the data breach that could make organizations to face bad publicity within and outside the United States. Essentially, organizations are required to secure employees' and customers' data to enhance Pretty Good Privacy (PGP) within the IT environment. One of the strategies to enhance customers' privacy is to implement data encryption. Encryption is a strategy of encoding data file where only authorized user can only have access to a secret "key' in order to read the data. The major impact of encryption is that it will prevent unauthorized access to organizational data, which will consequently enhance data protection and privacy. oreover, securing information will make organization to be in line with the IT ethical standard, which will consequently enhance organizational public image.

Despite the security platform implemented by…

McEvoy, S.A.(2002). Email and Internet Monitoring and the Workplace: Do Employee has the Right to Privacy. Communication and Law.

Miller, A.R. & Tucker, C.E.(2011). Encryption and the Loss of Patient Data. Journal of Policy Analysis and Management, 30 (3):534-556.

Lugaresi, N.(2010).Electronic Privacy in the Workplace: Transparency and Responsibility. International Review of Law, Computers & Technology. 24( 2):163-173

These certificates are issued by the certification authorities (CAs) and they contain the name, expiration dates as well as serial numbers of the certificates.

OS Hardening

Operating system hardening is the process of addressing the various security issues and vulnerabilities in a given operating system via the implementation of the latest Operating system patches, updates, hotfixes as well procedures and policies that are necessary for reducing the number of attacks as well as system downtime.

Application hardening

Application hardening is the process of addressing the various security issues and vulnerabilities in a given operating system via the implementation of the latest application patches, updates, hotfixes as well procedures and policies that are necessary for reducing the number of attacks as well as system downtime.

Transmission / emote access protection protocols

The transmission protocols that are necessary for the information assurance include the used of https as well as FTP. Https…

4G LTE Encryption

When cellular phones first came out, the concerns about data loss and theft was not all that high. This was mostly because these devices functioned mostly (if not entirely) as phones with perhaps a camera phone here and there. Nowadays, however, cellular phones are often smartphones and they are literally small computers in terms of the data that they carry and the abilities that they have. Given that and the fact that tablets and other devices have entered the cellular signal fray, it is important to focus on the data security that these data devices have and whether that technology is being used in the way it could or should be and whether improvements are needed. While technology and encryption have come a long way, it is imperative that the envelope is pressed harder and harder every day so as to maintain (or create) privacy and safety…

References

Alam, M., Yang, D., Rodriguez, J., & Abd-Alhameed, R. (2014). Secure device-to-device

communication in LTE-A. IEEE Communications Magazine, 52(4), 66-73.

Huang, Y., Leu, F., You, I., Sun, Y., & Chu, C. (2014). A secure wireless communication system

integrating RSA, Diffie-Hellman PKDS, intelligent protection-key chains and a Data

Internet Encryption

he growing sophistication of internet, along with advancing abilities of individuals to hack into electronic systems is creating a growing need for improved encryption technology. he internet is becoming a domain all to itself, with its own rules, and requirements. he internet is creating new opportunities for the business and communication industries. It is also creating new demands. he internet is now facing a period in its evolution similar to the period of our country's history of westward expansion, and settlement

Wild Wild West years of the internet have passed with the bursting of the ech bubble in the early 21st century. Now business is building entire enterprises on the net. As hundreds of thousands of dollars change hands based on digital bleeps, the needs for government, business, and individuals to protect their data is becoming of paramount importance. Who will be the exas Ranger's of the internet,…

The Promotion of Commerce Online in the Digital Era Act of 1996, or "Pro-Code" Act: (1997) Hearing on S. 1726 Before the Senate Comm. On Commerce, Science, and Transportation, 104th Cong. 13.

U.S. Government Restrictions on Cryptography Exports and the Plight of Philip Zimmermann, 13 GA. ST U.L. REV. 581, 592-600 (1997)

Yoshida, J. (1996, Oct. 14) Intel Weighs in on DVD Encryption, Elecrtronic Engineering Times.

In this manner, if the transmitted information is intercepted by a cyber-thief, the information will remain useless to him since it is in an encrypted form that is incomprehensible to him.

anks is another common user of cryptography and whose input and output information are critical and must remain confidential. These days, a large percentage of banking transactions can be done online. Hence it is very critical that the information of bank customers is highly secured. If one is to access a banking online site, it is noticeable that a warning is provided to the user informing him that the site he is about to access is secured. Moreover, such secured sites are marked by a lock icon shown at the bottom part of the user's browser. Within a user's session in a secured site, it is typical that cryptography works at the background of every information exchange that occurs…

Bibliography

Hebert, S. (2001). A Brief History of Cryptography.

Retrieved on October 14, 2006, from Online.

Web site: http://www.cybercrimes.net/Cryptography/Articles/Hebert.html

Cryptography.

This occurs when a server happens to receive more connection requests that are incomplete and that it cannot possibly handle. This kind of attack's source code were released in 2006 by 2600 and Phracks two well-known underground hacker magazines. The second threat is IP Spoofing which is an attack which involves the impersonation of a legitimate host user at the IP layer. The third one is sequence number attack. The third one is TCP session hijacking. The third threat is denial of service attacks Security strategies to address various threats that are addressed by IPSec that users who use unsecured TCP/IP face

In order to ensure that users of unsecured TCP/IP don't fall victims to the threats outlined above, the following strategies must be employed;

Countering SYN Flooding:

The ISPs that are responsible for the IP packets must block the non-internal addresses that are responsible for the flooding. The attacker…

References

CEEnet (2000)Applications of IPSec

http://www.ceenet.org/workshops/lectures2000/Richard_Perlman/ipsec/tsld002.htm

Ferguson, B Poulton, D and Barrett, D (2004). MCSA/MCSE 70-299 Exam Cram 2:

Implementing and Administering Security in a Windows 2003 Network

Securing the Electronic Frontier

The paradox of how to secure individuals and organizations' right to access the Internet vs. securing personal and corporate data and identities is a particularly complex and challenging issue. The ethicacy of this paradox is most present in the differences between encryption and Pretty Good Privacy (PGP). Too open of standards and governance policies on these areas will often lead to large scale data breaches, as many organizations presume they have greater security over their data than is actually the case (Mikko, 2010). When security guidelines and initiatives are too restrictive, organizations cannot accomplish their objectives either. Making this paradox complex is the ethicacy of asking people and organizations for passwords and access to their accounts (Spinello, 2004). The ethics of trespass vs. legitimate access becomes all the more critical when the complexity, pace and severity of computer fraud perpetrated by globally-based gangs that are well-financed…

References

Hypponen, Mikko. (2010). Fighting Viruses Defending the Net. Retrieved on June 16, 2012 at  http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html 

Miller, A.R., & Tucker, C.E. (2011). Encryption and the loss of patient data. Journal Of policy analysis & management, 30(3), 534-556.

Spinello, R.A. (2011).Cyberethics - Morality and Law in Cyberspace (4th ed.). (4th Ed.). Sudbury, MA: Jones and Bartlett Learning. Chapter 6

Spinello, R.A. (2004). Reading in Cyber ethics (2nd ed.). (4th ed.). Sudbury, MA: Jones and Bartlett Learning. Chapter 5

Technologiies

Emerging Technologies

Scenario

Senior leadership of a medical center has just recently reviewed the plan for changes to the center's facilities. However, the medical center found out that the associated risks related to the new and emerging technologies had not been addressed. Thus, the Hospital's Chief Operating Officer (COO) has given a Chief Information Security Officer (CISO) two weeks to deliver a quick evaluation of the risks as well as the planned expansion of the areas that may pose potential technology problems.

Security Issue at the Medical Center

The main security issue at the Medical Center is the protection of patient's identity and keeping patient's data anonymous as much as possible. In the contemporary IT environment, protection of the emerging technologies has become a challenge for many organizations since sophisticated hackers could used different strategies to steal patient's information from the central database, which include Social Security Number (SSN),…

References

Ekambaram, V. & Ramchandran, K. (2007). R-GPS (Robust GPS): Enhancing GPS Accuracy and Security using DSRC. University of California Berkeley.

Michael, k. McNamee, A. & Michael, M.G.(2006).The Emerging Ethics of Humancentric GPS Tracking and Monitoring. Faculty of Informatics -- Papers. University of Wollongong.

Stell, A. Sinnott, R. & Jiang. J. (2009). A Clinical Grid Infrastructure Supporting Adverse Hypotensive Event Prediction. National e-Science Centrer, University of Glasgow.

Groups -- People sometimes act as a group to steal information for any number of reasons. They may be a company's customer or vendor, or they may be a fierce competitor trying to steal sensitive trade secrets (Elifoglu, 2002).

Some common threat attack groups include the following:

Saboteurs/Terrorists/Paramilitary Groups;

Domestic or Foreign Criminals;

Vendors;

Customers;

Competitors; and,

Former Employees (Elifoglu, 2002).

In reality, the concept of intrusion detection systems is a straightforward matter of designing a system that can provide alerts when it is attacked. According to Andress (2003), the process of intrusion detection typically requires the identification of unauthorized access into computer systems. For example, this author notes, "obust intrusion-detection systems are placed at strategic locations on the network to look for suspicious usage patterns so that attacks can be detected before an intruder has gained access to the network, application, or operating system" (Andress, p. 66). This author…

References

Andress, a. (2003). Surviving security: How to integrate people, process, and technology. Boca Raton, FL: Auerbach Publications.

Elifoglu, I.H. (2002). Navigating the 'information super highway': How accountants can help clients assess and control the risks of Internet-based e-commerce. Review of Business, 23(1), 67-69.

Grimes, R.A. (2008). Honeypots, honeynets. Honeypots.net. [Online]. Available:  http://www.honeypots.net/ .

Hinojosa, P. (2005). Information security: Where we've been and where we need to go the Journal, 32(7), 36.

OSIIT

An analysis of IT policy transformation

The aim of this project is to evaluate the effectiveness of information security policy in the context of an organization, OSI Systems, Inc. With presence in Africa, Australia, Canada, England, Malaysia and the United States, OSI Systems, Inc. is a worldwide company based in California that develops and markets security and inspection systems such as airport security X-ray machines and metal detectors, medical monitoring anesthesia systems, and optoelectronic devices. The company is also represented by three subsidiary divisions in offices and plants dedicated to the brands, apiscan Systems, OSI Optoelectronics and SpaceLabs Healthcare.

In 2010, OSI, Inc. had sales of $595 million with net income of over $25 million. As of June 2010, the company was comprised of 2,460 personnel globally. The parent company provides oversight and fiscal control to the different divisions, and is connected through its virtual network world-wide intranet system;…

References

Allen, J. (2005). Governing for Security: Project Stakeholders Interests. News at SEI. Retrieved on 5SEPT10 from  http://www.sei.cmu.edu/library/abstracts/news-at-sei/securitymatters20054.cfm 

Computer Misuse Law, 2006. Parliament UK. Retrieved from:  http://www.publications.parliament.uk/pa/cm200809/cmhansrd/cm090916/text/90916w0015.htm#09091614000131 

Diver, S. (2006). Information Security Policy -- A Development Guide for Large and Small Companies. SANS Institute InfoSec Reading Room. Retrieved on 30 Sept 10 from  http://www.sans.org/reading_room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies_1331 

Global IT Policy (2009) OSI, Inc.

Portability

M

In the event that Myra decides to expand her business, portability becomes more important. However in this situation portability is not as important due to the single location and the access to cloud technology.

Security

L

There is not much security risk in this approach to the problem. Beautician scheduling is not regarded as a high risk activity.

Data Quality

L

Names and time are all that are really needed in this software. As long as that quality is fine, there are no problems with this area.

Authentication

L

Once again the lack of a need for high security denotes the lack of importance of this area. Authentication is not that important since the scheduling software is more like a common good to be used by all.

Encryption

L

Only basic encryption is needed in a software application such as this. There is no reasonable excuse for any…

This is very important in the securing of communication taking place over the open systems like the internet. This is done by embedding hidden information in data packets that are being conveyed over the TCP/IP link. The information is embedded in audio, video or even in pictures that are being sent over the link.

Digital watermarking

Digital watermarking involves the use of steganographic techniques to effectively embed information into various documents. This is important for copywriting reasons by corporations. Digital watermarking is then used in embedding a company's copyright into the property of a company. This is then used in prosecuting pirates as well as digital thieves. The copyright or trademark information is embedded in the copyrighted image, audio or video files.

4. Name at least two different Information Assurance (IA) standards, each from a different standards organization. Summarize the standards and explain why they are important.

ETF FC 2246.…

References

Blyth, a ., Koyacic., G (2006).Information assurance: security in the information environment. Springer Science & Business,

Department of Defense (1999). INFORMATION ASSURANCE:Legal, Regulatory, Policy and Organizational Considerations,4th Edition. Accessed on 3/15/2012 at http://www.au.af.mil/au/awc/awcgate/jcs/ia.pdf

Dunbar, B (2002). A detailed look at Steganographic Techniques and their use in an Open-Systems Environment.SANS Institute. Accessed on 3/15/2012 at  http://www.sans.org/reading_room/whitepapers/covert/detailed-steganographic-techniques-open-systems-environment_677 

ISO/IEC (2002). Information technology -- Security techniques -- Security information objects for access control. ISO/IEC 15816. Accessed on 3/15/2012 at  http://webstore.iec.ch/preview/info_isoiec15816%7Bed1.0%7Den.pdf

(Gartenberg, 2005)

Like all other aspects of business today, security systems often prove to be highly complex and hard (even for the participants) to identify.

The culture of an organization is like the culture of a family, a community, or a nation: Because it surrounds the people in it they often have a great deal of difficulty in recognizing to what extent policies and procedures arise from the constraints of culture and what therefore can be relatively easily changed. Matz (2010) summarizes the ways in which organizational culture both supports an organization and can blind the individuals in it to ways in which their actions may no longer be as effective as they once were:

… the essence of organisational cultures consists of a set of 'unspoken rules' that exist without conscious knowledge of the members of the organisation. Over time the invisibility of the attributes at the deepest level…

References

Dalton, D.R. (2003). Rethinking Corporate Security in the Post 9/11 Era, New York: Butterworth-Heinemann

Deal, T.E. & Kennedy, a.A. (1982). Corporate Cultures: The Rites, and Rituals of Corporate Life, London: Penguin.

Gartenberg, M. (2005). How to develop an enterprise security policy.  http://www.computerworld.com/s/article/98896/How_to_develop_an_enterprise_security_policy .

Johnston, L. & Shearing, C. (2003). Governing Security: Explorations in Policing and Justice. London: Routledge.

Despite of these advantages that were mentioned, which creates the power to convince consumers and business owners to use and accept legacy payment methods in a networked environment, there are also a number of disadvantages why some people are hesitant to use such mode of payment. They are especially true when they are used in a networked environment particularly in the Internet.

Issues, Disadvantages, and Solutions in Legacy Payment Methods in a Networked Environment

One of the most critical issues that exist in the use of legacy payment methods in a networked environment, such as the credit card, is how secured are the financial and personal information of the credit card users. Especially when used online, where information is oftentimes vulnerable to threats and unauthorized access, there is a high possibility that credit card information may not be secured. This thus is causing great concerns for consumers.

One of the…

Bibliography

Orr, Bill. The Great Card Question: Will it be Smart or Debit?

ABA Banking Journal, Vol. 90, Issue 9, pp 54-57.

Credit Cards.

2005. The BeeHive Online. 2005. http://www.thebeehive.org/money/credit-cards-benefits.asp

Government officials and elected officers become unwilling to provide limited public funds to broadcasters whose audiences are becoming smaller, forcing public service programmers to reach for larger audiences with different types of program content. "While multiple program sources -- cable, home video -- make it unlikely that these systems will move toward "mass audience programming" it is the case that the face of broadcasting is changing in these contexts" (Narrowcasting, 2012).

Digital signage networks for narrowcast advertising are becoming part of the mainstream and not some sort of on the edge experimental medium reserved for the daring and advanced. ather than being seen as a risk in the eyes of media buyers, they are becoming a vital communications path for marketers and advertisers wishing to sway consumer spending decisions at the point of purchase. It isn't particularly surprising that narrowcast digital signage networks are entering the mainstream. Advertising buyers and…

References

Little, D. (2007). Digital signage -- InfoTrends sees significant growth for narrowcasting.

Retrieved from  http://ezinearticles.com/?Digital-Signage-InfoTrends-Sees -

Significant-Growth-for-Narrowcasting&id=633856

Narrowcasting. (2012). Retrieved from  http://www.museum.tv/eotvsection.php?entrycode=narrowcasting

547-548).

The problem is stated clearly by Graham: "The legal community has paid little attention to the consequences for individual privacy of the development of computers" (Graham 1987, p. 1396). Graham does say that the common law has the capacity to protect privacy rights from invasion of privacy just as it expanded to combat threats in the past, but he also says that privacy law has lagged behind technology: "Privacy law has failed to respond, as it has in the past, to technological changes that influence the degree of privacy to which we are accustomed" (Graham 1987, p. 1396).

Technology has changed the nature of "privacy" according to some because technology has altered the meaning of "public." In an earlier age, people possessed greater anonymity than in the computer age, given that information is increasing with vast stores of data about everyone accessible by computer. The old concept of privacy…

References

Darsie, R., 2005, Building Accessible Web Sites, Office of the Vice Provost Information and Educational Technology Expiration,  http://tif.ucdavis.edu/meetings/2002/accessibility_recsol3.pdf .

Dean, J., 2000, Cultural Studies and Political Theory, Ithaca, New York, Cornell University Press.

Dean, J., 2002, Publicity's Secret: How Technoculture Capitalizes on Democracy, New York, Cornell University Press.

Denise, T.C., Peterfreund, S.P. & White, N.P., 1996, Great traditions in ethics, New York, Wadsworth.

In addition electronic purses can be reloaded using ATM machines or traditional tellers (if the card is connected to a banking account).

Additionally, electronic purses are usually based on smart card technology and necessitate a card reader to fulfill a transaction. Equipment including point of sale (POS) terminals, ATMs, and smart card kiosks can be outfitted with card readers (Misra et al., 2004). Every time the user utilizes the card reader to complete a transaction; the card reader will debit or credit the transaction value from or to the card.

The author further asserts that Smart cards can be utilized for various purposes.

In most cases they are used as stored value cards (Misra et al., 2004). Stored value cards can be utilized at the time of purchase and are preloaded with a certain amount of money. These cards can be discarded after they have been used; however, most stored…

References

AL-KAYALI a. (2004) Elliptic Curve Cryptography and Smart Cards GIAC Security Essentials Certification (GSEC). Retrieved October 8 at  http://www.sans.org/reading_room/whitepapers/vpns/1378.php 

ECC. Retrieved October 8 at  http://planetmath.org/encyclopedia/EllipticCurveCryptography.html 

Frauenfelder M. (2005) Make: Technology on Your Time. Oreily Misra, S.K., Javalgi, R. (., & Scherer, R.F. (2004). Global Electronic Money and Related Issues. Review of Business, 25(2), 15+.

Mitrou N. (2004) Networking 2004: Networking Technologies, Services, and Protocols. Springer Murphy S., Piper F. (2002) Cryptography: A Very Short Introduction. Oxford University Press: Oxford, England.

Security

Cryptography

In order to maintain information secrecy one would use cryptography. This is intentionally making information unintelligible. This method is mainly employed during the transmission of information. Cryptography ensures that only the intended person would be able to decipher the information (Whitman & Mattord, 2011, p. 339). The process of deciphering encrypted text is referred to as cryptanalysis. Cryptology is the mathematics branch covering cryptography and cryptanalysis. Cryptology has been in use since 1900 B.C. In Egyptian hieroglyphs. A Mesopotamian cryptography was discovered in 1500 B.C. that surpassed that of the Egyptians. The book of Jeremiah was written using alphabet substitution called ATBASH. Cryptography was employed during the First World War to decipher radio communication. Prisoners have also used cryptography to decipher their messages in order to protect their privacy. A key in cryptography is a parameter or piece of information that would determine the functional output for a…

References

Whitman, M., & Mattord, H. (2011). Principles of Information Security (4th ed.). Stamford, CT: Cengage Learning.

Auditing, Monitoring, Intrusion Prevention, Intrusion Detection, and Penetration Testing

"Unlike IP fragmentation (which can be done by intermediate devices), IP reassembly can be done only at the final destination. What problems do you see if IP reassembly is attempted in intermediate devices like routers?" [ ]

IP fragmentation is defined as the IP (Internet Protocol) that breaks datagrams into smaller fragment to assist packets passing through links and forming a smaller MTU (maximum transmission unit) than its original size. However, the fragments reassemble themselves when reaching the receiving hosts. After the receiving hosts have received the fragmented IP packet, they have to reassemble the datagram before passing it to the higher layer. In practices, the reassembly happens in the receiving hosts, however, a reassembly may be carried out by the intermediate router. For example, the NAT (network address translation) is designed to reassemble the fragments to the translate data streams.…

Reference. San Francisco.No Starch Press Series.

Kukoleca, M., Zdravkovic, M., & Ivanovic, I. (2014). Securing Linux Servers: Best Practice Document. AMRES/RCUB.

Rehman, R.U. (2003). Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, Mysql, PHP, and ACID. Indianapolis, Prentice Hall.

Security Site (2016). Snort Analyzer. Retrieved 23 November 2016 from  http://asecuritysite.com/forensics/snort?fname=nmap.pcap&rulesname=rulesportscan.rules 

Tews, E., & Beck, M. (2009). Practical attacks against WEP and WPA. In Proceedings of the second ACM conference on Wireless network security, 79-86.

Abstract - With regard to security, the major issue is that most mobile devices are targets that are in line to face attacks. Mobile devices face a range of threats that capitalize on several susceptibilities usually obtained in such devices. Lack of encryptions is a major threat to security of mobile device networks. Information such as text messages and electronic messages that are sent using a mobile device are more often than not unencrypted. Furthermore, numerous mobile device applications lack such encryptions over the networks for transmission and reception and therefore simplify the process of data interception. Malware is an additional problem regarding mobile device networks. It is simple for mobile device users to download malware through games and security patches and also through online advertisements. Consequently, this makes it significantly easy for data interception owing to spyware and Trojans. The lack of security software is also a major issue.…

Secured real time protocol (STP) is also being identified to enhance the security parameter of WAN and LAN network elements. "STP provides protection with encryption keys for wired and wireless networks including bandwidth limited channels." (Guillen and Chacon 2009 P. 690). There is also a growing use of IP secure to protect organization from the interception of data over the LAN and WAN environment.

To enhance network security, Chen, Horng, & Yang (2008) postulate the use of public key cryptography. While there is a growing use of public key cryptography, there is still a shortcoming identified with the use of public key cryptography in the LAN and WAN environment. Since the public key is being kept in a public file, it is possible for an active intruder to forge the contents of the public key and use it to get access onto the data kept within the network system. To…

References

Chen, T. Horng, G. & Yang, C. (2008).Public Key Authentication Schemes for Local Area. Informaticia.19 (1):3-16.

Fetterolf, P.C. & Anandalinga, G. (1992). Optimal design of LAN-WAN internetworks:

an approach using simulated annealing. Annals of Operations Research. 36: 275-298.

Guillen, P.E. & Chacon, D. A (2009). VoIP Networks Performance Analysis with Encryption Systems. World Academy of Science, Engineering & Technology. 58: 688-695.

Network Security and Why Use It

Security And Why Use It

The security of any network should be taken seriously. A network allows someone to share resources and information with others on the network. Networks allow for distribution of computer viruses, Trojans, human intruders, and employees can damage more than just one computer. To better understand the importance of network security, one needs to think of what might happen if all the data for a company that is stored in their servers vanishes. This scenario would cause losses that the company might never recover. Networks are divided into three main categories Internetwork (internet), Wide Area Networks (WAN) and Local Area Networks (LAN). These three categories of network require security to ensure that no malicious humans gain access, and no viruses attack the network.

To better understand network security, one needs to know what a network is. A network is defined…

References

Hu, H., Myers, S., Colizza, V., Vespignani, A., & Parisi, G. (2009). WiFi Networks and Malware Epidemiology. Proceedings of the National Academy of Sciences of the United States of America, 106(5), 1318-1323.

Krishna, V.A., & Victoire, T.A.A. (2011). A Descriptive Study on Firewall. [Article]. European Journal of Scientific Research, 63(3), 339-346.

Papaj, J., Dobos, L. u., & izmar, A. (2012). Opportunistic Networks and Security. [Article]. Journal of Electrical & Electronics Engineering, 5(1), 163-166.

Rao, B., & Parikh, M.A. (2003). Wireless Broadband Networks: The U.S. Experience. International Journal of Electronic Commerce, 8(1), 37-53.

Network Design

Network

ABC NETWOK DESIGN

A Comprehensive Proposal and Design for ABC Inc. Network equirements

Network Proposal Overview

Telecommunication Overview

Telecommunication Proposal

Network Configuration Management Plan

In order to meet the needs of the customers, ABC Inc. must insure that productivity is not hindered by the growth of the company. The employees at ABC Inc. must have a robust network so that customer service is not jeopardized. The accounting firm has grown from five to fifty employees with the acquisition of a large account. Currently, each employee has their own standalone computer which contains Windows 7, Office 2010 and QuickBooks accounting software. The company does not have a network in place. Currently information is shared by copying data to a flash drive and each workstation has a stand-alone printer. The objective of this proposal is to provide a centralized solution for all of ABC's network needs.

Given the highly…

References

Amsel, E. (1988). Network security and access controls. Computers & Security, 7(1),

53.

Bray, O., & Hess, M.M. (1995). Reengineering a configuration-management system.

IEEE Software, 12(1), 55-63.

features of telecommunications networks, including key networking technologies. Cover the Open Systems Interconnection (OSI) model, including each logical layer.

The OSI layer covers the different layers and types of communication that occurs within a network. The layers, in order of complexity from greatest to lowest are application, presentation, session, transport, network, data link and physical. The physical layer is the actual transport medium like network cable and such while routers and switches address much of the middle layers while the "window" to the user is the application layer at the very top. Telecommoniciation networks, and this is something that will be answered more in-depth later in this report, are very computer driven and are in many ways indistinguishable from regular computer networks as phone and conventional internet networks are very much one and the same and this is especially true when speaking Voice over IP (VOIP) technologies and the like.…

References

DigiCert. (2014, February 20). What Is SSL (Secure Sockets Layer) and What Are SSL

Certificates?. DigiCert Inc.. Retrieved February 20, 2014, from  http://www.digicert.com/ssl.htm 

Kratsas, G. (2014, February 18). Reports: Target warned before data breach. USA

Today. Retrieved February 20, 2014, from  http://www.usatoday.com/story/money/business/2014/02/14/target-warned-breach/5494911/

Security Audit for FX Hospital EH/EM Systems

The study carries out the security audits for the FX Hospital EH/EM information systems to identify the vulnerabilities in the systems. The study uses the BackTrack as an auditing tool to penetrate the website, and outcomes of the auditing reveal that the website is not secure and can be subject to different vulnerabilities. After carrying out the auditing, the study is able to collect as much patients' data as possible revealing the website can be subject to vulnerable attacks. One of the vulnerabilities identified is that the website UL starts from HTTP showing that an attacker can easily break into the website and collect sensitive information. Moreover, all the data in the website are not encrypted making them easy for an attacker to collect patients' data.

By consequence, the FX Hospital can face lawsuits for failing to protect patients' data because if patients'…

Reference

Abdel-Aziz, A. (2009). Intrusion Detection & Response - Leveraging Next Generation Firewall Technology. SANS Institute.

Burr, W. Ferraiolo, H. & Waltermire, D. (2014). IEEE Computer Society. NIST and Computer Security.

Chadwick, D. (2012). Network Firewall Technologies. IS Institute, University of Salford.

Mell, P.Bergeron, T. & Henning, D.(2005).Creating a Patch and Vulnerability Management Program. National Institute of Standards and Technology (NIST).

networking and TCP/IP and internetworking. Also discussed are risk management, network threats, firewalls, and also more special purpose network devices. The paper will provide a better insight on the general aspects of security and also get a better understanding of how to be able to reduce and manage risk personally at the workplace and at home.

In today's world, the Computer has become a common feature in any organization anywhere in the world. This may be due to the fact that a computer can be accessed by anybody who knows how to handle it and also because it can store a lot of information both confidential and general. A computer is connected through a physical network that allows a person or many persons to share any information necessary. (Conceptual Overview of Network Security) Though network security in Information Technology is an issue that has been discussed endlessly, implementation has definitely…

References

Bolding, Darren. "Network Security, Filters and Firewalls." Retrieved from ACM Cross Roads Student Magazine, 17 January, 2001  http://www.acm.org/crossroads/xrds2-1/security.html . Accessed on 03/09/2004

Curtin, Matt. "Introduction to Network Security March" 1997. Retrieved at http://www.interhack.net/pubs/network-securityAccessed on 03/09/2004

Home Internet security: Protection against network security attacks" Retrieved at http://www.buildwebsite4u.com/articles/home-internet-security.shtml. Accessed on 03/09/2004

Magalhaes, Ricky M. "Network Security recommendations that will enhance your windows" network" Oct 22, 2002. Retrieved at  http://www.windowsecurity.com/articles/Net_Security_Recommendations.html . Accessed on 03/09/2004

Despite its clear benefits and advantages in terms of ease of use and cost effectiveness, there are certain risks associated with wireless networking. These risks are discussed further below.

Review of the Literature.

Security Risks Associated with IEEE WLAN 802.11. The applications for wireless communication technology continue to develop and expand; today, at least, the 802.11b is the standard of choice for wireless router communication used with network installation (Gonazles & Higby 2003). "The integrity of the transmitted data is a valid 2.4 GHz. At this wavelength medium, the propagation of wavelength maintains strong connectivity" (Gonzales & Higby 2003, p. 30). The technology of WLANs actually dates back to the mid-1980s; during this period, the Federal Communications Commission (FCC) freed up radio frequency (rf) to the industry. "Initially, this was viewed as a broadcast reception procedure and very little thought went to broadcast transmission" (Gonzales & Higby 2003, p. 30).…

Bibliography

Alexander, Steve. 2004. Computers and Information Systems. In Encyclopedia Britannica Book of the Year [premium service].

Anderson, Robert H., Tora K. Bikson, Richard O. Hundley & C. Richard Neu. 2003. The Global Course of the Information Revolution: Recurring Themes and Regional Variations. Santa Monica, CA: Rand.

Bliss, R. Marion. September 5, 2003. Homeowners Connect to Wireless Fidelity. The Washington Times, p. F29.

Brookshear, J.G. 2000. Computer Science: An Overview. Reading, Mass: Addison-Wesley.

Lawrence Berkeley National Laboratory Implementation Plan

Introduction and Business strategies

Lawrence Berkeley National Laboratory continully receives increasing competition in the information services industry. To reinstate the effectiveness and generate consumer satisfaction, as well as company presence in the market, a proactive strategy must be formed to increase functionality and service, as well as generate a wider consumer base, all while minimizing overhead and operational cost. Along with this aim, an implementation plan must be executed. The plan will consist of a five-step problem-solving model. This model will identify and address concerns, while establishing a process of improvement for Lawrence Berkeley National Laboratory and create increases in the company's wireless service efficacy. "The 5-Step model is a process to; categorize the situation, label and frame the central issue, articulate final goals, possible alternatives, and evaluate those alternatives" (Kundra, United States, & Chief Information Officers Council (U.S.),2010, p. 12)

The model as…

References

Haugen, D.M., Musser, S., & Lovelace, K. (2009). Outsourcing. Detroit: Greenhaven Press.

Kundra, V., United States, & Chief Information Officers Council (U.S.) (2010). 25 point implementation plan to reform federal information technology management. Washington [D.C.: The White House, [Chief Information Officers Council.

Lacity, M.C., & Hirschheim, R.A. (1995). Beyond the information systems outsourcing bandwagon: The insourcing response. Chichester: Wiley.

Laudon, K.C., & Laudon, J.P. (2002). Management information systems: Managing the digital firm. Upper Saddle River, N.J: Prentice Hall.

Information System Security Plan

The information security system is required to ensure the security of the business process and make the confidential data of the organization secure. The organization's management is required to analyze the appropriate system to be implemented and evaluate the service provided on the basis of their required needs. The implementation of the system requires the compliance of organizational policies with the service provider to ensure the maximum efficiency of the system. The continuous update and maintenance of the system is required to ensure the invulnerability of the system towards the potential internal and external threats.

Data Security Manager and Coordinator

Develop Plan

Implement Plan

Employees Training

Test Safeguards

Evaluate Service Providers

Internal isks

Change Passwords Periodically

estricted access to personal information

Safeguard paper records

eport unauthorized use of customer information

Terminated Employees 1

3. External isks 1

3.1 Firewall Protection 1

3.2 Data Encryption 1

3.3…

REFERENCES

Baskerville, R., & Siponen, M. (2002).An information security meta-policy for emergent organizations.Logistics Information Management, 15(5/6), 337-346.

Dlamini, M.T., Eloff, J.H., & Eloff, M.M. (2009). Information security: The moving target. Computers & Security, 28(3), 189-198.

Dhillon, G., & Backhouse, J. (2000). Technical opinion: Information system security management in the new millennium. Communications of the ACM, 43(7), 125-128.

Jain, A.K., Ross, A., & Pankanti, S. (2006). Biometrics: a tool for information security. Information Forensics and Security, IEEE Transactions on, 1(2), 125-143.

solution for a client of Wireless Technology Company. They are a company that assists organizations and businesses when it comes to issues that involve networking, bandwidth, productivity and connectivity. The client in need of a solution right now is The Athlete's Shack. They are a chain of sporting goods stores with about ten stores in the area. While the company has a technology framework in place, they are lacking a wireless element and they wish to add one. Beyond that, they wish to make use of iPads that can thus link to the wireless infrastructure in the stores. The Athlete's Shack is unsure on how to initiate and start the process and that is why they are turning to the Wireless Technology Company.

Executive Summary

The Athlete's Shack is in need of a solution that allows for wireless connectivity along with the use of iPads as a mean to make…

References

Amazon. (2015). NETGEAR Nighthawk X6 AC3200 Tri-Band Wi-Fi Router (R8000). Amazon.com.

Retrieved 23 August 2015, from  http://www.amazon.com/NETGEAR-Nighthawk-AC3200-Tri-Band -

R8000/dp/B00KWHMR6G/ref=sr_1_4?ie=UTF8&qid=1440365411&sr=8-4&keywords=wireless+AC

Apple. (2015). Apple. Apple. Retrieved 23 August 2015, from  http://apple.com

Wide Web Consortium and HIPAA Applicable ules

In the contemporary business environment, compliance and security standards have become the crucial factors to a successful business and assist in gaining the confidence of top global clients. The W3C (World Wide Web Consortium) is one of the standards, which develops the interoperable technologies that include guidelines, specifications, tools and software to assist the Web achieving its full potential. Moreover, the W3C is a forum for commerce, communication information, and collective understanding primarily aimed to pursue its mission through development of Web guidelines and standards. Since 1994, the W3C has launched a publication of over 100 standards referred as W3C recommendations. The W3C also engages in software development, outreach, education, and serve as an open forum for Web discussion. To assist Web reaching its full potential, fundamental Web technologies allow the software and hardware accessing the Web to allow the technologies working together.…

Reference

ANSI, (2016). United States National Standards. USA.

Barth, A. Datta, A. Mitchell, J.C. et al. (2006). Privacy and Contextual Integrity: Framework and Applications. IEEE Symposium on Security and Privacy (S&P'06).

FERPA (2016). Family Educational Rights and Privacy Act. USA.

Kim, D., & Solomon, M. G. (2014). Fundamentals of information systems security (2nd ed.). Burlington, MA: Jones & Bartlett Learning.

emote access controls.

Network security management.

Password policies.

Compliance with the policies and procedures of the company is very vital to the organization, and the policies and procedures should be clearly communicated to the appropriate business teams.

Intruder: The suggested treatment for the attack by the external intruder such as hacker is to ensure that all communication within the organization is encrypted to deter the unauthorized access to the company data. Moreover, the organization should use antivirus to protect the company data from the attack such as Trojan horse, worm, virus etc. Compliance to policies and procedure is so vital to assure an organizational IT security.

Disgruntled Employee: Company needs to evaluate each personnel before being allowed to handle sensitive information. There is a need to conduct background check on each employee. The background check could verify potential employee criminal background, and social background. Employee should be asked to sign…

References

Graham, I. (1996). Graham Information Security and Management Services. Information Security Summit on 29-31.

Harn, L. Lin, H. & Xu.Y. (1994). Cryptography for PC/workstation security. ACM SIGICE Bulletin Homepage archive. 20 (1).

Hilcorp Energy, (2011). Vision, Mission, Values. Hilcorp Energy Company.USA.

Kumar, R. Jindal, R. Gupta, A. et al. (2011). A Secure Authentication System- Using Enhanced One Time Pad Technique, IJCSNS International Journal of Computer Science and Network Security, 11(.2): 11-17.

TMP (Trusted Platform Module) is an international standard dedicated to secure hardware by integrating the security cryptographic keys into hardware devices. In other words, the TMP is a secure cryptoprocessor integrated into the computer motherboards enabling full disk encryption without using extremely long paraphrases. When a user buys a personal computer, the TPM is built into the computer's motherboard with the goal to offer security into the computer systems by generating the encryptions keys to protect the data in the drive. With the TPM in place, an attacker cannot remove the file from the systems or access the files elsewhere. Moreover, the TPM stores the encryption key that requires a user to login with a password to get access to the Windows and computer system.

The objective of this paper is to explore the concept the Trusted Platform Module, and the working protocol of the TMP technology.

Working Process of…

Reference

Francis, A., Daniel., R. M. and Vindoh, E.S.E. (2013). TPM: A More Trustworthy Solution to Computer Security, Engineering and Computer 3 (3): 99 -- 103.

Hans, B., & Infineon Technologies, A. (2008). Introduction Trusted Computing: The TCG Trusted Platform Module Specification. Infineon Technologies AG, Germany.

Jared, S., Dmitry, P., Jason, L., Nael, A., & Jesse, E. (2011). TPM-SIM: A Framework for Performance Evaluation of Trusted Platform Modules. Conference: Proceedings of the 48th Design Automation Conference: 236-241.

Protecting Personal Data

Protection of personal data is paramount in any situation. Battered women receiving help in a shelter, part of a community clinic require confidentiality to avoid problems should their abusers locate them. When computerizing an appointment system and records, sometimes such information can easily be taken if there is no protection available. Things like passwords and encryption help keep would be criminals from accessing sensitive data. Although hackers may still access the data should they gain password information, adding those layers of protection, safeguard sensitive data on most occasions. While not all negative situations can be avoided, extra precaution must be taken when attempting to protect personal data.

The stakeholders of this scenario are several. The first and most important are the battered women and children in the shelter. They are the ones that may be endangered should their information leak out. The second are the staff working…

BluetoothTM is a low cost, low power, short-range radio technology- originally perceived as cable replacement alternative for the cable / wire connected devices such as mobile phone hand, headsets, and portable computers. The BluetoothTM's goals expanded to include standardized wireless communications between any electrical devices and created a notion of Personal Area Network. The write-up traces history of BluetoothTM starting with its unusual name to formation of Special Interest Group, SIG's formation, its growth culminating into implementation of version 1.0b.

Version 1.0 of the Bluetooth came out in 1999-starting as early as 1994 by engineers from Ericsson. The specification is named after Harald Blatand- a tenth century Viking. Ericsson Corp. founded the Bluetooth SIG in February 1998, Intel Corp., IBM Corp., Toshiba Corp., and Nokia Mobile Phones. In December 1999, core promoters group enlarged to include four major players, namely, Micorsoft, Lucent, 3 Com and Motorola.

Then, the components of…

References

Books

Bluetooth Revealed, Brent, Miller. September 2000, Prentice Hall PTR

Bluetooth Demystified, Nathan Muller, J.J. September 2000, Prentice Hall PTR

Web Addresses

6: Existing Cable and Wireless Design

The company will establish wireless access using the LWAP (lightweight access point). The LWAP will be distributed to all the facilities through the WLS. Typically, WLS will be installed to assist in providing the traffic tunnel and failover authentication. To enhance the security of the WLAN, the company will install the encryption system at the wireless access point, the encryption protocols will contain WPA/WPA2, and there will be an AES encryption at all the wireless access point using the 802.1 X authentication.

The company will redesign the local backbone infrastructure in order to increase the network bandwidth. There would be 100 BASE-T4 cabling to the 7 Cisco 2613 routers. The cabling system will assist the company to achieve efficient network connectivity for future growth. The 100 BASE-FX (fiber) cabling will be attached to the Cisco 7507 routers, which will assist in achieving more expansion…

References

Cisco (2011). Product Overview. Cisco Inc. USA.

Cisco (2012). Cisco Network Availability and Operations Optimization Service. Cisco System Inc.

Chen, T. Horng, G. & Yang, C.(2008).Public Key Authentication Schemes for Local Area. Informaticia.19(1):3-16.

Guillen, P. E. & Chacon, D. A (2009). VoIP Networks Performance Analysis with Encryption Systems. World Academy of Science, Engineering & Technology. 58: 688-695.

EMC IT Strategic Plan

EMC: Strategic IT Plan

The corporate IT governance environment of EMC Corporation was analyzed in the previous papers and it was indicated that the firm is challenged with issues related to data security, data mobility, and data backup for cloud customers. For the highlighted issues of IT governance, some solutions were also recommended that included encryption of data, application of Firewalls, VLANs and other securitization throughout the EMC IT infrastructure. For data mobility, it was recommended that EMC should adopt an efficient data mobility model to decrease end-to-end delay in data mobility (Camp, Boleng & Davies, 2002). Gauss-Markov Mobility Model was recommended as the optimal model of data mobility for the firm. emote data integrity standards and state as well as national level data back legal provisions were recommended as solution for data back-up issue. This paper will highlight the implications of recommended IT solutions followed…

References

Agile Path Corporation. (2013). Cloud Leadership Forum. Retrieved from:  https://www.eiseverywhere.com/file_uploads/8d78b669e86b0120d704469d84fbf680_CLF_2011_Governance_Frameworks_Eric_Marks.pdf 

Camp, T., Boleng, J., & Davies, V. (2002). A survey of mobility models for ad hoc network research. Wireless communications and mobile computing, 2(5), 483-502.

Kelly, S.G. (2006). Security Implications of Using the Data Encryption Standard (DES). IETF Trust. Retrieved from:  http://www.ietf.org/rfc/rfc4772.txt 

Kundra, V. (2011). Federal cloud computing strategy. The U.S. Chief Information Officer: The White House. Retrieved from: http://cdn3.ctovision.com/wp-content/uploads/2011/02/Federal-Cloud-Computing-Strategy1.pdf

Installation

The author of this report has been presented with a hypothetical situation as ZXY Corporation where a new building has been procured. This building will be the site of the new information technology (IT) and other infrastructures. However, the current setup is very raw and unfinished and this obviously needs to change. The facets of the information technology setup that will be addressed in this report will include a plan to provide secure access for all users, a viable password policy in terms of complexity and other important factors, a cryptography method to ensure that vital data is encrypted, a remote access plan to ensure that remote access to the network is done in a viable, functional and secure way and a thorough plan to protect the network from malware and various other types of malicious attacks such as phishing, social engineering and so forth. While the overall facets…

References

Harrison, K. (2016). 5 steps to a (nearly) paperless office. Forbes.com. Retrieved 24 June 2016, from  http://www.forbes.com/sites/kateharrison/2013/04/19/5-steps-to-a-nearly-paperless-office/#7e1a915b1cda 

Nolo. (2016). Vicarious Liability -- Nolo's Free Dictionary of Law Terms and Legal Definitions. Nolo.com. Retrieved 24 June 2016, from  https://www.nolo.com/dictionary/vicarious-liability-term.html 

Ou, G. (2007). TJX's failure to secure Wi-Fi could cost $1B -- ZDNet. ZDNet. Retrieved 24 June 2016, from  http://www.zdnet.com/article/tjxs-failure-to-secure-wi-fi-could-cost-1b/ 

Rosoff, M. (2016). Netflix and YouTube are America's biggest bandwidth hogs. Business Insider. Retrieved 24 June 2016, from  http://www.businessinsider.com/which-services-use-the-most-bandwidth-2015-12

Strategy of E-Procurement and IT Architecture

1a) Planned Strategy in E-procurement

A large number of organizations adopting electronic commerce (e-commerce) have identified e-procurement as an effective strategy that can be used to enhance the competitive market advantages. In a business environment, a traditional procurement faces challenges of a paperwork workload associated that includes a purchase order, delivery order, and statement of work, invoice, and payment. All these process increase an organizational cost of production. Typically, e-procurement eliminates this workload by assisting management purchasing or supplying goods and services electronically at lowest possible costs using the paperless transactions.

A report carried out by the CIPS (2013) reveals that the goal of e-procurement is to use the latest information technology to link suppliers and customers thereby improve the value chain process. In essence, the e-procurement is a critical component of e-commerce, and the major goal of an e-procurement process is to enhance…

Resources Management in Canada. Toronto: Pearson Prentice Hall.

Shrinivas P. 1 Winai, Wo. (2015). Information technology (IT) outsourcing by business process outsourcing/information technology enabled services (BPO/ITES) firms in India: A strategic gamble. Journal of Enterprise Information Management. 28 (1):60-76.

Jerome, B. (2001). The hidden costs of IT outsourcing: lessons from 50 IT-outsourcing efforts show that unforeseen costs can undercut anticipated benefits. Understanding the issues can lead to better outsourcing decisions. MIT Sloan management review.

Schaefer, S. (1999). Product design partitions with complementary Components. Journal of Economic Behavior & Organization. 38 (1999) 311-330.

Software Engineering Institute (2013). Unintentional Insider Threats: A Foundational Study. Department of Homeland Security.

Privacy and Security: Apple vs. Federal Government

With increased usage of smartphones and other mobile devices, concerns over unauthorized access to private and confidential data stored in the devices have soared. In recent times, Apple Inc., one of the largest manufacturers of smartphones in the U.S. and worldwide, resorted to robust cryptographic techniques in an attempt to protect data customers store on its devices. The move has led to a fierce battle between Apple and the federal government, with the latter citing national security concerns. The government's concerns over national security have gained further momentum following the discovery that one of the masterminds of the December 2015 San Bernardino terrorist attack owned an iPhone 5C (Stavridis). Unable to unlock the device due to Apple's strong encryption software, the Federal Bureau of Investigations (FBI) sought the intervention of the courts to compel Apple, under the premise of All Writs of 1789,…

Certificates can be personal or set up by the users for certain trusted authorities. Once an SSL connection is recognized, the server certificate in use can usually be scrutinized by looking at the assets of the page conveyed over the SSL connection. Certificates and keys are normally stored on the hard disk of the computer. Additionally to needing a password when the private key is used, it is typically also required to import or export keys and certificates. Some browsers also hold key and certificate storage on a secure external device (Using PKI, 2004).

Certificates given to web servers and individuals are signed by a Certificate Authority. The signature on a certificate recognizes the particular Certificate Authority that issued a certificate. The Certificate Authority in turn has a certificate that connects its identity to its public key, so you can verify its uniqueness. A certificate authority issues a policy defining…

References

Introduction to Public-Key Cryptography. (1998). Retrieved April 8, 2010, from Web site:

 http://docs.sun.com/source/816-6154-10/contents.htm 

Public Key Certificate. (2010). Retrieved April 7, 2010, from Search Security Web site:

 http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci497876,00.html

Vey High - IPSec woks at the potocol level, independent of applications, theefoe scalability is best-in-class

Compaing the technological and opeational benefits specifically in the aeas of client access options, access contol, client-side secuity, installation, and client configuation highlights just how diffeentiated the IPv4-based IPSec vs. IPv6 -based SSL potocols ae fom each othe. In analyzing these diffeences, Table 3: Compaing Technological and Opeational benefits of IPv6-based SSL and IPv4-based IPSec VPNS, was ceated. Stating fist with the client access options, IPv6-based SSL can suppot a clientless inteface though its bowse at longe addess lengths, suppot fo semi-clientless though Java and ActiveX clients developed in AJAX, and also in a full client configuation. This flexibility in use of the IPv6-based SSL potocol is leading to significantly highe levels of adoption oveall. IPv4-based IPSec has a single client access option that needs to be pe-installed on evey system. Requiing a full…

references/ssl.html.

IPSec VPNs: Conformance & Performance Testing. 12 Jan. 2003. White Papers Ixia. 11 Apr. 2007. Accessed from the Internet on May 28, 2008 from location:  http://www.ixiacom.com/library/white_papers/display?skey=ipsec 

Lehtovirta, J (2006). Transition from IPv4 to IPv6. White Paper, 1, Retrieved June 3, 2008, at http://www.tascomm.fi/~jlv/ngtrans/

Kent, S. Security Architecture for the Security Protocol (2007). Network Working Group. Nov. 1998. Javvin Network Managing & Security. 05 Apr. 2007. Accessed from the Internet on June 4, 2008 from location:

http://www.javvin.com/protocol/rfc2401.pdf

This translates into the use of system cache as part of the memory allocation algorithms inherent in the VA memory space approach to managing memory in Vista. In addition, memory manager now relies on kernel page tables that are loaded at system initiation and allocated on demand. This saves a significant amount of system resources including a minimum of 1.5MB on Intel x86-based systems and up to 3MB on PAE-based systems. The resource savings are exponential when applied to 64-bit systems, where up to 2.5GB of memory can be saved through this approach to memory management. Microsoft also continued this approach to the definition of the boot sequence on systems with large registries, predominantly found on 32-bit based Intel systems. The options on this specific Memory Managers include turning on or off the option of using a 3GB switch, which is essential for larger systems used for multipath network configurations.…

References

Danny Bradbury. "Microsoft's new window on security. " Computers & Security

25.6 (2006) 405. ABI/INFORM Global. ProQuest. 9 May. 2008 www.proquest.com

Christopher Breen. "Which Windows? " Macworld 1 May 2007: 49. ABI/INFORM Global. ProQuest. 9 May. 2008. www.proquest.com

Reid Goldsborough. "Windows Vista: What to Do? " Tech Directions 66.8 (2007): 14-15. ABI/INFORM Global. ProQuest. 9 May. 2008 www.proquest.com.

The self-encrypting hard drives technology enables the automatic encryption of every data written to the disk while restricting access to people without the correct password immediately the computer starts up. Furthermore, since the encryption is built in to the hard drive, it automatically encrypts and decrypts with no performance delay.

Pros and Cons of Using Security Technologies:

The use of these emerging technologies in protecting information and sensitive data within an organization has both advantages and disadvantages. One of the major advantages of these technologies they help in protecting an organization in addition to being an important element of the general security puzzle. Secondly, along with others, the three emerging technologies make the jobs of employees and administrators easier since they don't have to spend a lot of time trying to figure how to protect information and sensitive data.

The major disadvantages of using these technologies is that they don't…

References:

Greengard, S. (n.d.). 5 Emerging Security Technologies to Watch. Retrieved May 16, 2011, from http://www.microsoft.com/midsizebusiness/security/technologies.mspx

"Protect Sensitive Computer Files With New Security Technology." (2009, May 25). Jakarta

Globe: Great Stories, Global News. Retrieved May 16, 2011, from http://www.thejakartaglobe.com/lifeandtimes/protect-sensitive-computer-files-with-new-security-technology/277082

It also has only printable characters

Washington

The character is unsuitable since it contains more than 8 characters. It can be guessed by dictionary attack since it is a common name

Aristotle

The password is unsuitable since it has more than 8 characters. Can be guessed by a dictionary attack since it is a common name

Tv9stove

The password is suitable since the character length does not exceed eight characters and it contains printable characters

12345678

The password is too obvious so it is unsuitable

Dribgib

The password is suitable since it does not contain more than 8 characters. It also contains printable characters.

Problem 3.6

95*95*95*95*95*95*95*95*95*95 + 6.4 million

=95^10/6.4 million

Chapter 4

Question 4.1

DAC is used to define the basic access control policies to various objects. These are set according to the needs of the object owners. The MAC are access control policies that are system-controlled. The…

Threading is not as popular or useful on Linux and other Unix-like operating systems as it is on other systems. Threads became popular on operating systems that have high overhead for starting new processes. Starting a new process on Linux has fairly low overhead, so use of multiple cooperating processes is usually a simpler approach. (Raymond Chapter 7) Threaded applications are generally more complex and perform worse than those than use multiple cooperating processes to split up tasks. Having more options is never a bad thing, however, and some Linux programs do use threads to split up tasks and gain improved performance on multiprocessor systems. The new threading model should provide a significant performance boost for these types of applications, especially on multiprocessor servers, provided the applications are compatible with NPTL; it is not backwards compatible with LinuxThreads. The performance improvement is a strong incentive for authors of threaded applications…

Works Cited

Deshpande, Asheem R. "Linux Kernel 2.6: the Future of Embedded Computing, Part I." Linux Journal. 26, Mar, 2004.  http://www.linuxjournal.com/node/7477 

Marshall, Pete. "With Scheduler improvements in Linux 2.6 -- is it ready for the data center?" CCR2. 2004.  http://www-306.ibm.com/software/tivoli/features/ccr2/ccr2-2004-02/features-scheduler.html 

Meredith, Marry Eidie and Vianney, Duc. "Linux 2.6 Performance in the Corporate Data Center." Open Source Development Labs. Jan, 2004.  http://www.osdl.org/newsroom/presentations/linux_2_6_datacenter_performance.pdf 

Raymond, Eric Steven. The Art of Unix Programming. Thyrsus Enterprises, 2003.  http://www.catb.org/~esr/writings/taoup/html

Centralized telesaving control

Managing cost-effective use of dial links centrally may no longer be possible.

Overhead

VPN tunnels impose overhead for dial-in users: encryption algorithms may impact the performance of the user's system, there will be an increased protocol header overhead, authentication latency will increase, PPP and IP compression will perform poorly (compared to a direct link), and modem compression won't work at all.

Support issues

eplacing direct-dial links with VPN tunnels may produce some very painful faultfinding missions. Due to the complexity of VPN carrier networks, the opportunities for "hand-washing" are enormous.

econnection time

Using tunneling may increase the reconnection time for dial users. With the VPN carrier L2TP model, the client has to go through two authentication phases: one on contacting the VPN carrier POP, and another on contact with the enterprise Security Gateway.

Multimedia

Applications such as video conferencing only work acceptably over low latency links that…

References

Bird, T. (2001). Virtual Private Networks. Retrieved April 21, 2005, from Vpn.shmoo.com

Web site: http://vpn.shmoo.com/vpn/FAQ.html

Virtual Private Networks. (n.d). Retrieved April 20, 2005, from Cba.unomaha.edu

Web site:  http://cba.unomaha.edu/faculty/garfathr/web/vpn_pros_cons.html