Free information about Data security http://e-articles.info/e/s/s/Data-security/ en-us E-articles.info 2006 - 2009 There are several common but very popular viruses that everyone can catch nowadays. That's swine flue and malicious software. Swine flue can be dangerous to your health though in the most cases it can't be very harmful... by Dina http://e-articles.info/e/a/title/Rogue-antispyware-is-a-danger-for-all-Internet-users-/ http://e-articles.info/e/a/title/Rogue-antispyware-is-a-danger-for-all-Internet-users-/ Thu, 19 Nov 2009 00:33:17 GMT             Anyone who owns a computer knows about the threats of viruses and worms. But over the past ten years there has bean another concern annoying computer owners to death. This problem is Spyware and  Adware... by salem hassan http://e-articles.info/e/a/title/Spyware/ http://e-articles.info/e/a/title/Spyware/ Tue, 17 Nov 2009 01:41:22 GMT             Many people wonder if it is worth it to download any of those free anti-virus programs out there or just go out and purchase one at fifty dollars. Most people would rather go with downloading the free anti-virus instead because of budget and convenience and that is just fine.  There are small differences when it comes to the free one and the kind that you pay for... by salem hassan http://e-articles.info/e/a/title/Do-Free-AntiVirus-Work/ http://e-articles.info/e/a/title/Do-Free-AntiVirus-Work/ Tue, 17 Nov 2009 02:49:27 GMT             Many people wonder if it is worth it to download any of those free anti-virus programs out there or just go out and purchase one at fifty dollars. Most people would rather go with downloading the free anti-virus instead because of budget and convenience and that is just fine.  There are small differences when it comes to the free one and the kind that you pay for... by salem http://e-articles.info/e/a/title/Are-Free-Anti-Viruses-Worth-It/ http://e-articles.info/e/a/title/Are-Free-Anti-Viruses-Worth-It/ Fri, 13 Nov 2009 03:57:32 GMT Today for an obvious reason, there is no need to convince somebody to use passwords. We use passwords everywhere and they became one of everyday realities. However, competent password management is still a question of interest... by Alexander Riss http://e-articles.info/e/a/title/Reasons-to-Use-Password-Manager-at-Home/ http://e-articles.info/e/a/title/Reasons-to-Use-Password-Manager-at-Home/ Thu, 05 Nov 2009 04:23:37 GMT In order to make your computer perform faster, it is essential for you to clean its registry regularly. There are several third party utilities available online, that can help you in this concern. Computer registry: What it is? Definitely, this would be the first question of a person who is using the computer but is not concerned with its functioning... by Mukesh Miller http://e-articles.info/e/a/title/Cleaning-Registry:-How-To-Fix-Computer-Registry/ http://e-articles.info/e/a/title/Cleaning-Registry:-How-To-Fix-Computer-Registry/ Wed, 04 Nov 2009 05:31:42 GMT The purpose of IUID marking IUID marking is the marking of an item's unique identification. As per MIL STD 130, the Department of Defense requires that many items be assigned an IUID marking in order to mark, identify, and track the military property effectively. MIL STD 130 consolidates the different specifications and standards which are involved in the creation of the http://e-articles.info/e/a/title/Simplifying-the-IUID-marking-process/ http://e-articles.info/e/a/title/Simplifying-the-IUID-marking-process/ Wed, 04 Nov 2009 06:39:47 GMT Active Directory® is one of the most commonly used authentication mechanisms for Windows systems. Later versions support lightweight directory access protocol (LDAP) and LDAP over SSL for directory loading. Kerberos and NTLM are common options for authentication... by Minish Omba http://e-articles.info/e/a/title/Active-Directory/ http://e-articles.info/e/a/title/Active-Directory/ Sat, 24 Oct 2009 07:47:52 GMT Active scanners that are created using virtual machine technology generally follow the same strategy as physical machines with some minor differences. Virtual machines can be deployed much faster in many locations with less reliance on WAN links. The locations chosen to not have a virtual machine are those that do not have hardware, personnel, and licensed software sufficient to support them... by Minish Omba http://e-articles.info/e/a/title/Virtual-Scanners/ http://e-articles.info/e/a/title/Virtual-Scanners/ Sat, 24 Oct 2009 08:55:57 GMT Using password programs is one of the best things you can do to protect yourself against password theft. However, even using the most secure password manager can leave you vulnerable if you don't take extra safety precautions. Along with using password software or online password protection, there are some other steps that you can take as a business or individual to protect your important online information:   Never write down passwords: With too many passwords to remember, many people take to writing down their passwords somewhere they think is secure, like on a data file on their computer... by Sarah Michaels http://e-articles.info/e/a/title/Tips-for-extra-password-security/ http://e-articles.info/e/a/title/Tips-for-extra-password-security/ Thu, 22 Oct 2009 09:23:15 GMT It can be tough to remember one Internet password. However, most people have dozens of Internet passwords, and since security experts recommend avoiding overlap between passwords, this can mean dozens of different log-ins. Couple this with the fact that a truly strong password - one that can repel the attempts of hackers using password software to crack them - has a combination of letters, numbers and in some cases symbols, and it can seem almost impossible to remember passwords online... by Sarah Michaels http://e-articles.info/e/a/title/The-advantages-of-using-Internet-password-storage/ http://e-articles.info/e/a/title/The-advantages-of-using-Internet-password-storage/ Thu, 22 Oct 2009 10:31:20 GMT   Introduction The sure to way to make your laptop secure is to never use them, never bring them with you, never open them nor install software on your laptop. Just locked them down in a fireproof safe place and they will be protected and out of harm's way forever. However, laptops were made for us to use, to help us more productive in our work and make our lives easy... by salemm http://e-articles.info/e/a/title/Ways-to-Secure-Your-Laptop:-Tips-and-software/ http://e-articles.info/e/a/title/Ways-to-Secure-Your-Laptop:-Tips-and-software/ Thu, 10 Sep 2009 11:39:25 GMT VPN Services will help you to feel safe while suffering the Internet. You have a full access to the Internet, which could not be sniffed by anyone - hackers, hotspot owners, technicians from your ISP, even government. It also hides your IP address on the Net, so nobody, neither bad guys nor website owners can find your location... by Nick Morozov http://e-articles.info/e/a/title/VPN-Service-(Virtual-Private-Network):-Stay-Anonymous-Online-And-Surf-The-Web-Securely/ http://e-articles.info/e/a/title/VPN-Service-(Virtual-Private-Network):-Stay-Anonymous-Online-And-Surf-The-Web-Securely/ Wed, 19 Aug 2009 12:47:30 GMT In this competitive world, data processing and storage of data in multiple formats is the essence of all great undertakings. It is the accessibility of the data whenever necessary. Sometimes, it becomes a headache... by zeeshan http://e-articles.info/e/a/title/Data-Conversion,-Data-Format-and-Data-Entry/ http://e-articles.info/e/a/title/Data-Conversion,-Data-Format-and-Data-Entry/ Wed, 12 Nov 2008 13:55:35 GMT After one too many bad experiences of waking up to files mysteriously disappearing, I now know better than to throw caution to the wind. This doesn’t mean I’ve given up working on the computer and have gone back to pen and paper; this just means that I take the utmost care to prevent history from repeating itself by religiously backing up my data. Although the lost data was recovered after I sent the infected drive to a local data recovery company, prevention is better than cure... by Racheal Phillips http://e-articles.info/e/a/title/How-to-Prevent-Data-Loss/ http://e-articles.info/e/a/title/How-to-Prevent-Data-Loss/ Tue, 11 Nov 2008 14:23:40 GMT Seclore: Information Rights management (IRM) Company, data protection & control, file security, document Rights Management & ERM Solutions provider Seclore Information rights management provides information security which tracks and secures sensitive information stored in documents. Seclore controls usage of your data, wherever it is. Seclore Technology develops innovative solutions in the area of information usage control... by Rita rashmij http://e-articles.info/e/a/title/Data-Security-Solutions/ http://e-articles.info/e/a/title/Data-Security-Solutions/ Tue, 21 Oct 2008 15:31:45 GMT This paper will cover the field of quantum cryptography. Quantum cryptography is a method of securing information that has reached its time. Until now, any information sent across a network, even encrypted, has been subject to eavesdropping... by Kevin Mann http://e-articles.info/e/a/title/Quantum-Cryptography/ http://e-articles.info/e/a/title/Quantum-Cryptography/ Sat, 26 Apr 2008 16:39:50 GMT Does your organization have a written identity theft prevention program in place? Such a program involves educating your customers and members about the importance of identification theft and letting the stakeholders in your business know that you share their concerns about this growing problem. By providing knowledge of how identification theft affects everyone and what your organization is doing to protect its members and customers, you help them understand the levels of security your institution provides. According to the banking regulatory agencies that released "Identity Theft Red Flags" guidance at the end of October, leaders of financial institutions should expect to do more, not less, of this education in the next few years... by Gale Yocom http://e-articles.info/e/a/title/Identification-Theft/ http://e-articles.info/e/a/title/Identification-Theft/ Tue, 01 Apr 2008 17:47:55 GMT All of us, unless of course you have been living in a cave for the past decade, are aware of the dangers of viruses and spyware. For those of you that somehow aren't, a virus is a malicious computer program that is written to intentionally disrupt a computers normal functionality or otherwise cause harm. Malware is created at a faster pace than ever before... by Kevin Souter http://e-articles.info/e/a/title/Your-virus-scanner-may-be-useless/ http://e-articles.info/e/a/title/Your-virus-scanner-may-be-useless/ Wed, 09 Jan 2008 18:55:15 GMT A comprehensive security architecture is best achieved through an increasingly granular approach that begins from an external viewpoint and progresses through the details of the implementation. The following components organize the information needed for the creation of an application's security architecture: · Risk assessment and response · Security requirements · Design phase security · Implementation phase security Set the Stage for Security Risk assessment is an important process in the development of any product or application. The creation of an application begins with the spark of an idea... by Tamas Querolin http://e-articles.info/e/a/title/Components-of-a-Security-Architecture/ http://e-articles.info/e/a/title/Components-of-a-Security-Architecture/ Wed, 19 Sep 2007 19:23:20 GMT In this inter-networked age, many people often associate security with the more virtual aspects—network, operating system and application security, the underground, crackers, and all of the media-hyped fear, uncertainty, and doubt that surrounds these aspects. Prior to this time, the term security conjured images of armed guards or large, burly men posted by each door. Physical security is a large component of any security policy, and rightfully so... by Maggie Shawman http://e-articles.info/e/a/title/Facilities-and-Physical-Security-Considerations/ http://e-articles.info/e/a/title/Facilities-and-Physical-Security-Considerations/ Sun, 16 Sep 2007 20:31:25 GMT As with the building and facilities, control of physical access to the computing environment is an important component to its security. Once someone is inside a building, finding an unoccupied terminal or computer system is often easily accomplished. Without a policy for protecting these systems, unauthorized users can gain access to important and private resources, information, and files... by Maggie Shawman http://e-articles.info/e/a/title/Public-Terminals/ http://e-articles.info/e/a/title/Public-Terminals/ Sun, 16 Sep 2007 21:39:30 GMT Desktop systems often have the most lax security because individual employees often administer their own machines or have special privilege and access to their respective system. It is often infeasible for the Information Technology staff to administer all desktop workstations, therefore the development of a security policy that governs their creation and use is very important. The site and infrastructure security policy for desktop systems establishes the standards used to create them, including operating systems, applications, and utilities... by Maggie Shawman http://e-articles.info/e/a/title/Desktop-and-Server-Systems/ http://e-articles.info/e/a/title/Desktop-and-Server-Systems/ Sun, 16 Sep 2007 22:47:35 GMT Sniffers differ greatly from keystroke-capture programs. Here's how: Key-capture programs save, or capture, keystrokes entered at a terminal. Sniffers, on the other hand, capture actual network packets... by Marcel Baldwin http://e-articles.info/e/a/title/Sniffers-as-Security-Risks/ http://e-articles.info/e/a/title/Sniffers-as-Security-Risks/ Fri, 14 Sep 2007 23:55:40 GMT Passwords and "pass phrases" are used for everything ranging from logging into terminals to checking email accounts, from protecting Excel spreadsheets to securing the encryption keys for PKI-enabled enterprise networks. Their use in the enterprise is widespread, to say the least. Password crackers are programs that aid in the discovery of protected passwords, usually through some method of automated guessing... by Denis Norman http://e-articles.info/e/a/title/An-Introduction-to-Password-Cracking/ http://e-articles.info/e/a/title/An-Introduction-to-Password-Cracking/ Thu, 13 Sep 2007 01:23:45 GMT If you're new to system administration, you're probably wondering how you can benefit from password crackers. Passwords crackers can help you identify weak passwords on your network. Ideally, you should run a password cracker once a month... by Denis Norman http://e-articles.info/e/a/title/The-Password-Cracking-Process/ http://e-articles.info/e/a/title/The-Password-Cracking-Process/ Thu, 13 Sep 2007 02:31:50 GMT Authentication and access control are two aspects of security in which administrators and users must participate equally for any level of effectiveness to exist. Security policies need to present the regulations and requirements clearly and should help employees understand the seriousness of compliance. Authentication policies establish the best practices and exact implementations used to provide access to desktop systems, servers, and local network resources, and from remote sites... by Maggie Shawman http://e-articles.info/e/a/title/Authentication-and-Access-Control/ http://e-articles.info/e/a/title/Authentication-and-Access-Control/ Thu, 13 Sep 2007 03:39:55 GMT Security in an IPv6 network is not substantially different from security in an IPv4 network. Many of the existing well-known IPv4 attacks can be performed with IPv6, so our means for securing data are similar. Just like in the IPv4 world, there will always be unethical hackers who find new ways to break into our networks... by Ahmad Rivkin http://e-articles.info/e/a/title/IPv6-Security/ http://e-articles.info/e/a/title/IPv6-Security/ Thu, 13 Sep 2007 04:47:15 GMT Hackers often communicate with each other through Usenet newsgroups. Unlike ordinary newsgroups where people share information and answer questions, hacker newsgroups more often resemble shouting matches full of insults, sprinkled between ads for get-rich-quick schemes or pornography websites. Still, if you don't mind wading through these types of messages cluttering hacker newsgroups, you can learn about the newest hacker websites and share source code and hacker programs with others on the newsgroup... by CEO Justin Tomel http://e-articles.info/e/a/title/HACKER-USENET-NEWSGROUPS/ http://e-articles.info/e/a/title/HACKER-USENET-NEWSGROUPS/ Tue, 11 Sep 2007 05:55:20 GMT The network is the lifeline for the computing infrastructure. The phone system that provides voice communications forms a network of interconnected phones. Desktops connect to servers and the greater Internet via the local area network... by Maggie Shawman http://e-articles.info/e/a/title/Voice-and-Data-Network-Security/ http://e-articles.info/e/a/title/Voice-and-Data-Network-Security/ Tue, 11 Sep 2007 06:23:25 GMT Central to a comprehensive security policy, and the components that unify procedures and response, is the discussion of monitoring and auditing. Security monitoring verifies the configuration guidelines and technical requirements outlined in the security policies. Security auditing entails a consistent set of practices that enforce the security policies set forth for the organization... by Maggie Shawman http://e-articles.info/e/a/title/Security-Monitoring-and-Auditing/ http://e-articles.info/e/a/title/Security-Monitoring-and-Auditing/ Mon, 10 Sep 2007 07:31:30 GMT One pitfall in the world of firewalls is that security can be configured so stringently that it can actually impair the process of networking. For example, some studies suggest that the use of a firewall is impractical in environments where users critically depend on distributed applications. Because firewalls can implement such strict security policies, these environments can become bogged down... by Craig Nelson http://e-articles.info/e/a/title/Pitfalls-of-Firewalling/ http://e-articles.info/e/a/title/Pitfalls-of-Firewalling/ Sat, 08 Sep 2007 08:39:35 GMT Like any product-purchasing decision, before answering the question of which product is right, you first need to decide your specific requirements. For example, if plotting vulnerability- remediation progress over time is something you want automated, then a product's capability to log and plot multiple scan sets is a feature you need to look for. If you have a large NetWare environment, you might want to make sure that the scanner has NetWare-specific checks... by Craig Nelson http://e-articles.info/e/a/title/What-to-Look-For-When-Choosing-a-Vulnerability-Scanner/ http://e-articles.info/e/a/title/What-to-Look-For-When-Choosing-a-Vulnerability-Scanner/ Sat, 08 Sep 2007 09:47:40 GMT As technology advances, we see the creation of new, smaller, and more powerful computing devices. In light of the prevalence of telecommuters and remote offices, and the frequency of business travel, these small computing devices such as laptops and PDAs require special security considerations. The theft and misuse of these devices present a high risk to the infrastructure of an organization, as they often function with the same level of access as their larger and less portable cousins... by Maggie Shawman http://e-articles.info/e/a/title/Physical-Security-Considerations-for-Laptop-Computers-and-PDAs/ http://e-articles.info/e/a/title/Physical-Security-Considerations-for-Laptop-Computers-and-PDAs/ Sat, 08 Sep 2007 10:55:45 GMT Turn back the calendar to the early 1990s. The Internet is off the ground and running rampant in universities. CERT is up and operational... by Craig Nelson http://e-articles.info/e/a/title/The-History-of-Vulnerability-Scanners/ http://e-articles.info/e/a/title/The-History-of-Vulnerability-Scanners/ Wed, 05 Sep 2007 11:23:50 GMT Many con games have been around for years; others are brand new to the Internet. The prime con game on the Internet involves stealing your credit card number so the con artist can rack up charges without your knowledge. Con artists have several ways to steal your credit card number: packet sniffers, web spoofing, phishing, and keystroke loggers... by CEO Justin Tomel http://e-articles.info/e/a/title/PACKET-SNIFFERS,-WEB-SPOOFING,-PHISHERS,-AND-KEYSTROKE-LOGGERS/ http://e-articles.info/e/a/title/PACKET-SNIFFERS,-WEB-SPOOFING,-PHISHERS,-AND-KEYSTROKE-LOGGERS/ Wed, 15 Aug 2007 12:31:55 GMT This article delves into the more technical aspects of security in the code used to implement an application, and provides guidelines to develop an enforcement process for secure implementation. The potential for vulnerabilities in an application is reduced by a strong design, but the implementation of the application seals its fate. Hard work poured into a secure design becomes inconsequential if the implementation is poorly done... by Tamas Querolin http://e-articles.info/e/a/title/Secure-Coding-Practices/ http://e-articles.info/e/a/title/Secure-Coding-Practices/ Wed, 25 Jul 2007 13:39:15 GMT Remote network access is a convenience that allows employees to do their daily work, regardless of their location. This functionality requires an extension of the network security policy discussed above, focused on the methods and use of remote access. Remote access can be provided via Virtual Private Networks and the previously mentioned dial-in modems... by Maggie Shawman http://e-articles.info/e/a/title/Remote-Network-Access/ http://e-articles.info/e/a/title/Remote-Network-Access/ Tue, 12 Jun 2007 14:47:20 GMT There are as many definitions out there for network attackers as there are for attacks. Most commonly, you will hear people refer to these individuals as hackers, crackers, script kiddies, black and white hats, and many other names. I will touch on the most common types here... by Craig Nelson http://e-articles.info/e/a/title/What-Kinds-of-Web-Attackers-Exist/ http://e-articles.info/e/a/title/What-Kinds-of-Web-Attackers-Exist/ Mon, 11 Jun 2007 15:55:25 GMT It's actually pretty easy to practice due diligence with physical security. You've just got to be meticulous and consistent, and take it seriously. Pretend that someone could burglarize you personally if you're not careful... by Maggie Shawman http://e-articles.info/e/a/title/Physical-Security-when-networking/ http://e-articles.info/e/a/title/Physical-Security-when-networking/ Thu, 07 Jun 2007 16:23:30 GMT The central goal of this article is to set forth a Web application security review methodology that is comprehensive, approachable, and repeatable by readers who wish to apply the wisdom we’ve gained over years of performing them professionally. The basic steps in the methodology are - Profile the infrastructure - Attack Web servers - Survey the application - Attack the authentication mechanism - Attack the authorization schemes - Perform a functional analysis - Exploit the data connectivity - Attack the management interfaces - Attack the client - Launch a denial-of-service attack Profile the Infrastructure The first step in the methodology is to glean a high-level understanding of the target Web infrastructure. Is there a special client necessary to connect to the application? What transports does it use? Over which ports? Howmany servers are there? Is there a load balancer? What is the make and model of the Web server(s)? Are external sites relied on for some functionality? Attack Web Servers The sheer number of Web server software vulnerabilities that have been published makes this one of the first and usually most fruitful areas of research for a Web hacker... by Dolan Vaughan http://e-articles.info/e/a/title/THE-METHODOLOGY-OF-WEB-HACKING/ http://e-articles.info/e/a/title/THE-METHODOLOGY-OF-WEB-HACKING/ Thu, 31 May 2007 17:31:35 GMT FAT32 is an abbreviation of File allocation table. This file system was originated in 1980’s supporting operating systems are windows MS-Dos. Later on Windows 95 and windows 98 were based on this FAT32 file system... by Sam Mike http://e-articles.info/e/a/title/What-is-meant-by-FAT32-Filesystem/ http://e-articles.info/e/a/title/What-is-meant-by-FAT32-Filesystem/ Mon, 28 May 2007 18:39:40 GMT Important operating systems like Windows NT, 2000 and XP is based on NTFS file system. The purpose for developing file systems is to administer files, folders and to manage all that information needed to access the files from local or remote computers. Two versions of NTFS have been released up till now- NTFS 4... by Sam Mike http://e-articles.info/e/a/title/What-is-meant-by-NTFS-file-system/ http://e-articles.info/e/a/title/What-is-meant-by-NTFS-file-system/ Sun, 27 May 2007 19:47:45 GMT Sniffing is another technique to use internally. A sniffer or packet capture utility is able to capture any traffic traveling along the network segment to which it is connected. We normally set up sniffers throughout the organization to capture network traffic, hoping to identify valuable information such as user IDs and passwords... by Abraham Humphrey http://e-articles.info/e/a/title/What-is-Sniffing/ http://e-articles.info/e/a/title/What-is-Sniffing/ Thu, 17 May 2007 20:55:50 GMT First-Tier Hackers First-tier hackers are programmers who have the ability to find unique vulnerabilities in existing software and to create working exploit code. These hackers, as a whole, are not seeking publicity and are rarely part of front-page news stories. As a result, they are known only to the security community for the programs they write and the exploits they have uncovered... by Abraham Humphrey http://e-articles.info/e/a/title/Hacker-Skill-Levels/ http://e-articles.info/e/a/title/Hacker-Skill-Levels/ Wed, 16 May 2007 21:23:55 GMT All the perceptions of hackers and their portrayal in movies and entertainment have lead to the development of “hacker myths.” These myths involve common misconceptions about hackers and can lead to misconceptions about how to defend against them. Here we have attempted to identify some of these myths and dispel common misconceptions... by Abraham Humphrey http://e-articles.info/e/a/title/Hacker-Myths/ http://e-articles.info/e/a/title/Hacker-Myths/ Wed, 16 May 2007 22:31:15 GMT An information security consultant typically tries to help organizations become safer and more secure from hackers. They are usually individuals with a technology-related degree or equivalent technical experience gained either professionally or as a hobby. They likely have a large collection of licensed security tools (commercial, freeware, or shareware), are familiar with all of them, have a user-level understanding of a majority of them, and are extensively experienced with the workings of one or two favorite tools in each tool category... by Abraham Humphrey http://e-articles.info/e/a/title/Information-Security-Consultants/ http://e-articles.info/e/a/title/Information-Security-Consultants/ Tue, 15 May 2007 23:39:20 GMT The spread of technology has brought computers more and more into our daily lives. It has brought along with it a collection of myths repeated so many times they seem to be true. These myths can breed either a false sense of security or a sense of paranoia... by Abraham Humphrey http://e-articles.info/e/a/title/Information-Security-Myths/ http://e-articles.info/e/a/title/Information-Security-Myths/ Mon, 14 May 2007 01:47:25 GMT There are two distinct types of testing that can be performed: announced and unannounced. The distinction comes when you define what is being tested: network security devices or network security staff. Definitions The following definitions help clarify the differences between the two types of testing... by Abraham Humphrey http://e-articles.info/e/a/title/Announced-vs.-Unannounced-Penetration-Testing/ http://e-articles.info/e/a/title/Announced-vs.-Unannounced-Penetration-Testing/ Thu, 10 May 2007 02:55:30 GMT In 1976, Diffie and Hellman proposed a new type of cryptography that distinguished between encipherment and decipherment keys. One of the keys would be publicly known; the other would be kept private by its owner. Classical cryptography requires the sender and recipient to share a common key... by Bill Kuriko http://e-articles.info/e/a/title/Public-Key-Cryptography/ http://e-articles.info/e/a/title/Public-Key-Cryptography/ Tue, 08 May 2007 03:23:35 GMT Identification by physical characteristics is as old as humanity. Recognizing people by their voices or appearance, and impersonating people by assuming their appearance, was widely known in classical times. Efforts to find physical characteristics that uniquely identify people include the Bertillion cranial maps, fingerprints, and DNA sampling... by Meden Reece http://e-articles.info/e/a/title/Biometrics/ http://e-articles.info/e/a/title/Biometrics/ Tue, 08 May 2007 04:31:40 GMT Identity is simply a computer's representation of an entity. A principal is a unique entity. An identity specifies a principal... by Fred Foster http://e-articles.info/e/a/title/What-Is-Computer-Identity/ http://e-articles.info/e/a/title/What-Is-Computer-Identity/ Tue, 08 May 2007 05:39:45 GMT Computer security rests on confidentiality, integrity, and availability. The interpretations of these three aspects vary, as do the contexts in which they arise. The interpretation of an aspect in a given environment is dictated by the needs of the individuals, customs, and laws of the particular organization... by Meden Reece http://e-articles.info/e/a/title/Computer-security-~-The-Basic-Components/ http://e-articles.info/e/a/title/Computer-security-~-The-Basic-Components/ Mon, 07 May 2007 06:47:50 GMT Implementing computer security controls is complex, and in a large organization procedural controls often become vague or cumbersome. Regardless of the strength of the technical controls, if nontechnical considerations affect their implementation and use, the effect on security can be severe. Moreover, if configured or used incorrectly, even the best security control is useless at best and dangerous at worst... by Meden Reece http://e-articles.info/e/a/title/Human-Issues-regarding-Computer-Security/ http://e-articles.info/e/a/title/Human-Issues-regarding-Computer-Security/ Mon, 07 May 2007 07:55:55 GMT Consider a client and a server. When the client issues a request to the server, the client sends the server some data. The server then uses the data to perform some function and returns a result (or no result) to the client... by Bill Kuriko http://e-articles.info/e/a/title/The-Confinement-Problem/ http://e-articles.info/e/a/title/The-Confinement-Problem/ Mon, 07 May 2007 08:23:15 GMT As electronic commerce grows, so does the need for a provably high degree of authentication. Think of Alice's signature on a contract with Bob. Bob not only has to know that Alice is the other signer and is signing it; he also must be able to prove to a disinterested third party (called a judge) that Alice signed it and that the contract he presents has not been altered since Alice signed it... by Bill Kuriko http://e-articles.info/e/a/title/Digital-Signatures/ http://e-articles.info/e/a/title/Digital-Signatures/ Thu, 03 May 2007 09:31:20 GMT Information flow policies define the way information moves throughout a system. Typically, these policies are designed to preserve confidentiality of data or integrity of data. In the former, the policy's goal is to prevent information from flowing to a user not authorized to receive it... by Fred Foster http://e-articles.info/e/a/title/Information-flow-policies/ http://e-articles.info/e/a/title/Information-flow-policies/ Mon, 30 Apr 2007 10:39:25 GMT A threat is a potential violation of security. The violation need not actually occur for there to be a threat. The fact that the violation might occur means that those actions that could cause it to occur must be guarded against (or prepared for)... by Meden Reece http://e-articles.info/e/a/title/Common-Threats/ http://e-articles.info/e/a/title/Common-Threats/ Thu, 26 Apr 2007 11:47:30 GMT Like the program-based information flow mechanisms discussed above, both special-purpose and general-purpose computer systems have information flow controls at the system level. File access controls, integrity controls, and other types of access controls are mechanisms that attempt to inhibit the flow of information within a system, or between systems. The first example is a special-purpose computer that checks I/O operations between a host and a secondary storage unit... by Fred Foster http://e-articles.info/e/a/title/Example-Information-Flow-Controls/ http://e-articles.info/e/a/title/Example-Information-Flow-Controls/ Tue, 24 Apr 2007 12:55:35 GMT Our general procedure is determined in part by the results of our enumeration and information gathering. We examine the list of known vulnerabilities and potential security holes on the various target hosts and determine which are most likely to be fruitful. Next we pursue exploiting those vulnerabilities to gain root access on the target system... by Abraham Humphrey http://e-articles.info/e/a/title/What-is-Exploitation/ http://e-articles.info/e/a/title/What-is-Exploitation/ Sun, 22 Apr 2007 13:23:40 GMT The Trojan Horse got its name from the old mythical story about how the Greeks gave their enemy a huge wooden horse as a gift during the war. The enemy accepted this gift and they brought it into their kingdom, and during the night, Greek soldiers crept out of the horse and attacked the city, completely overcoming it. A Trojan horse is an unauthorized program contained within a legitimate program... by Suhas Desai http://e-articles.info/e/a/title/Trojans-and-Backdoors/ http://e-articles.info/e/a/title/Trojans-and-Backdoors/ Sat, 21 Apr 2007 14:31:45 GMT 1. Introduction: Packet sniffer is a program which monitors network traffic which passes through your computer. A packet sniffer which runs on your PC connected to the internet using a modem, can tell you your current IP address as well as the IP addresses of the web servers whose sites you are visiting... by Suhas A Desai http://e-articles.info/e/a/title/Packet-Sniffing:-Sniffing-Tools-Detection-Prevention-Methods/ http://e-articles.info/e/a/title/Packet-Sniffing:-Sniffing-Tools-Detection-Prevention-Methods/ Fri, 20 Apr 2007 15:39:50 GMT An obvious variant of the access control matrix is to store each column with the object it represents. Thus, each object has associated with it a set of pairs, with each pair containing a subject and a set of rights. The named subject can access the associated object using any of those rights... by Fred Foster http://e-articles.info/e/a/title/Access-Control-Lists-ACL/ http://e-articles.info/e/a/title/Access-Control-Lists-ACL/ Fri, 20 Apr 2007 16:47:55 GMT There are certain requirements that you must meet in order to be an effective penetration tester in a freelance consultant role. The requirements deal with your level of security skills, your systems and network knowledge, the depth and breadth of tools at your disposal, and the OS and hardware on which you use them. Also critical is your attention to record keeping and maintaining the ethics of security... by Abraham Humphrey http://e-articles.info/e/a/title/Requirements-for-a-Security-Consultant/ http://e-articles.info/e/a/title/Requirements-for-a-Security-Consultant/ Wed, 18 Apr 2007 17:55:15 GMT The principles of secure design discussed in this section express common-sense applications of simplicity and restriction in terms of computing. Principle of Least Privilege This principle restricts how privileges are granted. The principle of least privilege states that a subject should be given only those privileges that it needs in order to complete its task... by Bill Kuriko http://e-articles.info/e/a/title/The-Principles-of-Secure-Computing-Design/ http://e-articles.info/e/a/title/The-Principles-of-Secure-Computing-Design/ Tue, 17 Apr 2007 18:23:20 GMT Fenton created an abstract machine called the Data Mark Machine to study handling of implicit flows at execution time. Each variable in this machine had an associated security class, or tag. Fenton also included a tag for the program counter (PC)... by Fred Foster http://e-articles.info/e/a/title/Fentons-Data-Mark-Machine/ http://e-articles.info/e/a/title/Fentons-Data-Mark-Machine/ Tue, 17 Apr 2007 19:31:25 GMT Security policies can have few details, or many. The explicitness of a security policy depends on the environment in which it exists. A research lab or office environment may have an unwritten policy... by Meden Reece http://e-articles.info/e/a/title/Academic-Computer-Security-Policy/ http://e-articles.info/e/a/title/Academic-Computer-Security-Policy/ Mon, 16 Apr 2007 20:39:30 GMT Host identity is intimately bound to networking. A host not connected to any network can have any name, because the name is used only locally. A host connected to a network can have many names or one name, depending on how the interface to the network is structured and the context in which the name is used... by Fred Foster http://e-articles.info/e/a/title/Host-Identity/ http://e-articles.info/e/a/title/Host-Identity/ Mon, 16 Apr 2007 21:47:35 GMT Suppose Alice and Bob wish to communicate. If they share a common key, they can use a classical cryptosystem. But how do they agree on a common key? If Alice sends one to Bob, Eve the eavesdropper will see it and be able to read the traffic between them... by Bill Kuriko http://e-articles.info/e/a/title/Classical-Cryptographic-Key-Exchange-and-Authentication/ http://e-articles.info/e/a/title/Classical-Cryptographic-Key-Exchange-and-Authentication/ Sat, 14 Apr 2007 22:55:40 GMT Buffer overflow attacks, also called data-driven attacks, can be run remotely to gain access and locally to escalate privileges. Buffer overflows in general are designed almost exclusively for UNIX because in order to write a successful buffer overflow, knowledge of the workings of the OS, specifically treatment of the TCP stack, or the target application's memory/buffer-handling processes is necessary. While there are buffer overflows for Windows and Windows-based applications such as the IIS Web server, they are more common on the UNIX environment... by Abraham Humphrey http://e-articles.info/e/a/title/Buffer-Overflow-Attacks/ http://e-articles.info/e/a/title/Buffer-Overflow-Attacks/ Thu, 12 Apr 2007 23:23:45 GMT We distinguish between a session key and an interchange key. An interchange key is a cryptographic key associated with a principal to a communication. A session key is a cryptographic key associated with the communication itself... by Bill Kuriko http://e-articles.info/e/a/title/Session-and-Interchange-Keys/ http://e-articles.info/e/a/title/Session-and-Interchange-Keys/ Wed, 11 Apr 2007 01:31:50 GMT The role of trust is crucial to understanding the nature of computer security. Articles present theories and mechanisms for analyzing and enhancing computer security, but any theories or mechanisms rest on certain assumptions. When someone understands the assumptions her security policies, mechanisms, and procedures rest on, she will have a very good understanding of how effective those policies, mechanisms, and procedures are... by Meden Reece http://e-articles.info/e/a/title/The-Role-of-Trust-in-Computer-Security/ http://e-articles.info/e/a/title/The-Role-of-Trust-in-Computer-Security/ Tue, 10 Apr 2007 02:39:55 GMT Dual-homed hosts introduce a significant security hole into the network architecture since they can give users with access rights and privileges on one network or domain the rights and privileges they perhaps are not intended to have on a separate domain. This vulnerability usually appears as a corporate desktop machine connected to the organization's internal LAN and simultaneously connected through a modem line to a local ISP. In such a configuration, anyone on the Internet may be able to access the corporate network through the dial-up connection... by Abraham Humphrey http://e-articles.info/e/a/title/Dual-Homed-Hosts/ http://e-articles.info/e/a/title/Dual-Homed-Hosts/ Mon, 09 Apr 2007 03:47:15 GMT Systems isolate processes in two ways. In the first, the process is presented with an environment that appears to be a computer running only that process or those processes to be isolated. In the second, an environment is provided in which process actions are analyzed to determine if they leak information... by Fred Foster http://e-articles.info/e/a/title/Isolation/ http://e-articles.info/e/a/title/Isolation/ Sun, 08 Apr 2007 04:55:20 GMT Conceptually, public key cryptography makes exchanging keys very easy. Alice -> Bob : { ksession } eBob where eBob is Bob's public key. Bob deciphers the message and obtains the session key ksession... by Bill Kuriko http://e-articles.info/e/a/title/Public-Key-Cryptographic-Key-Exchange-and-Authentication/ http://e-articles.info/e/a/title/Public-Key-Cryptographic-Key-Exchange-and-Authentication/ Wed, 04 Apr 2007 05:23:25 GMT Key storage arises when a user needs to protect a cryptographic key in a way other than by remembering it. If the key is public, of course, any certificate-based mechanism will suffice, because the goal is to protect the key's integrity. But secret keys (for classical cryptosystems) and private keys (for public key cryptosystems) must have their confidentiality protected as well... by Bill Kuriko http://e-articles.info/e/a/title/Storing-and-Revoking-Keys/ http://e-articles.info/e/a/title/Storing-and-Revoking-Keys/ Thu, 29 Mar 2007 06:31:30 GMT Conceptually, a capability is like the row of an access control matrix. Each subject has associated with it a set of pairs, with each pair containing an object and a set of rights. The subject associated with this list can access the named object in any of the ways indicated by the named rights... by Fred Foster http://e-articles.info/e/a/title/Capabilities/ http://e-articles.info/e/a/title/Capabilities/ Fri, 16 Mar 2007 07:39:35 GMT Identification on the Internet arises from associating a particular host with a connection or message. The recipient can determine the origin from the incoming packet. If only one person is using the originating host, and the address is not spoofed, someone could guess the identity of the sender with a high degree of accuracy... by Fred Foster http://e-articles.info/e/a/title/Anonymity-on-the-Web/ http://e-articles.info/e/a/title/Anonymity-on-the-Web/ Tue, 27 Feb 2007 08:47:40 GMT Passphrase Considerations: SSH private keys are protected with a passphrase rather than a password. What makes a good passphrase? A passphrase differs from a password in that it should be composed of multiple words and more difficult to guess. The same rules that apply to creating good passwords also apply to creating good passphrases... by Omar Boubacar http://e-articles.info/e/a/title/What-makes-a-good-passphrase/ http://e-articles.info/e/a/title/What-makes-a-good-passphrase/ Mon, 26 Feb 2007 09:55:45 GMT Given a security policy's specification of "secure" and "nonsecure" actions, these security mechanisms can prevent the attack, detect the attack, or recover from the attack. The strategies may be used together or separately. Prevention means that an attack will fail... by Meden Reece http://e-articles.info/e/a/title/Goals-of-Computer-Security/ http://e-articles.info/e/a/title/Goals-of-Computer-Security/ Fri, 23 Feb 2007 10:23:50 GMT Each site has its own requirements for the levels of confidentiality, integrity, and availability, and the site policy states these needs for that particular site. A military security policy (also called a governmental security policy) is a security policy developed primarily to provide confidentiality. The name comes from the military's need to keep information, such as the date that a troop ship will sail, secret... by Meden Reece http://e-articles.info/e/a/title/Types-of-Security-Policies/ http://e-articles.info/e/a/title/Types-of-Security-Policies/ Fri, 23 Feb 2007 11:31:55 GMT Software firewalls all operate using a similar methodology. All data routed into and out of your PC is done using ports. The firewall software is configured to monitor these ports and only allow traffic on those that are specifically enabled to do so, while blocking all other traffic... by Johnny Stenthal http://e-articles.info/e/a/title/How-Software-Firewalls-Protect-Your-PC-from-Attacks/ http://e-articles.info/e/a/title/How-Software-Firewalls-Protect-Your-PC-from-Attacks/ Wed, 21 Feb 2007 12:39:15 GMT Spyware has become the fastest growing concern among computer users today. It is uncommon to find a computer that has never been infected with some sort of a spyware application. Because of vulnerabilities discovered mostly in Internet Explorer and other software and the bundling of spyware with some common applications, spyware is often secretly installed on a user's machine... by Johnny Stenthal http://e-articles.info/e/a/title/What-is-spyware-and-antispyware-software/ http://e-articles.info/e/a/title/What-is-spyware-and-antispyware-software/ Wed, 21 Feb 2007 13:47:20 GMT Covert channels use shared resources as paths of communication. This requires sharing of space or sharing of time. A covert storage channel uses an attribute of the shared resource... by Fred Foster http://e-articles.info/e/a/title/Covert-Channels/ http://e-articles.info/e/a/title/Covert-Channels/ Fri, 16 Feb 2007 14:55:25 GMT Viruses have been around for a very long time, and while the Internet is still rampant with these dangerous programs, they are finally starting to become a little less common in favor of other forms of destructive malware and spyware. Fortunately, out of all of the different computer menaces in existence, computer viruses are one of the easiest to defend yourself from. Because of advances in antivirus software, a good, frequently updated anti-virus utility is really all that is needed... by Johnny Stenthal http://e-articles.info/e/a/title/Viruses-and-antivirus-software/ http://e-articles.info/e/a/title/Viruses-and-antivirus-software/ Mon, 12 Feb 2007 15:23:30 GMT Because classical cryptosystems use shared keys, it is not possible to bind an identity to a key. Public key cryptosystems use two keys, one of which is to be available to all. The association between the cryptographic key and the principal is critical, because it determines the public key used to encipher messages for secrecy... by Bill Kuriko http://e-articles.info/e/a/title/Cryptographic-Key-Infrastructures/ http://e-articles.info/e/a/title/Cryptographic-Key-Infrastructures/ Fri, 24 Nov 2006 16:31:35 GMT Cybercrime is not the only reason for malicious attacks. Could it be that companies themselves are not taking the necessary preventive measures? Lists of Mistakes According to the SANS Institute, the answer to the preceding question is “Yes!” SANs has developed the following three lists of mistakes people make that enable attackers. End Users: The Five Worst Security Mistakes Opening unsolicited e-mail attachments from unreliable sources Forgetting to install security patches, including ones for Microsoft Office, Microsoft Internet Explorer, and Netscape Downloading screen savers or games from unreliable sources Not creating or testing backups Using a modem while connected through a local area network Corporate Management: The Seven Top Errors That Lead to Computer Security Vulnerabilities Not providing training to the assigned people who maintain security within the company Only acknowledging physical security issues while neglecting the need to secure information Making a few fixes to security problems and not taking the necessary measures to ensure the problems are fixed Relying mainly on a firewall Failing to realize how much money intellectual property and business reputations are worth Authorizing only short-term fixes so problems reemerge rapidly Pretending the problem will go away if ignored IT Professionals: The Ten Worst Security Mistakes Connecting systems to the Internet before hardening them Connecting test systems to the Internet with default accounts/passwords Failing to update systems when security holes are found Using unencrypted protocols for managing systems, routers, firewalls, and PKI Giving users passwords over the phone or changing them when the requester is not authenticated Failing to maintain and test backups Running unnecessary services Implementing firewalls with rules that do not prevent dangerous incoming or outgoing traffic Failing to implement or update virus detection software Failing to educate users on what to do when they see a potential security problem ... by Clara Mikeri http://e-articles.info/e/a/title/Cybercrime-~-Threats-Due-to-Lack-of-Security/ http://e-articles.info/e/a/title/Cybercrime-~-Threats-Due-to-Lack-of-Security/ Thu, 12 Oct 2006 17:39:40 GMT A digital identification (ID), also known as a digital certificate, is the electronic equivalent to a passport or business license. It is a credential, issued by a trusted authority, that individuals or organizations can present electronically to prove their identity or their right to access information. When a computer applcation issues digital IDs, it verifies that the owner is not claiming a false identity... by Dave O`Brien http://e-articles.info/e/a/title/How-Do-Digital-IDs-Work/ http://e-articles.info/e/a/title/How-Do-Digital-IDs-Work/ Fri, 29 Sep 2006 18:47:45 GMT As e-commerce environments have evolved to distributed component models, security technologies have been trying to keep up. Most of the pieces of the security puzzle exist as off-the-shelf products, but it still takes considerable effort to put all these pieces together to build an integrated solution. Twenty-two years ago, life was reasonably simple for the security professional... by Dave O`Brien http://e-articles.info/e/a/title/End-to-End-Enterprise-Application-Security-Integration-(EASI)/ http://e-articles.info/e/a/title/End-to-End-Enterprise-Application-Security-Integration-(EASI)/ Sat, 23 Sep 2006 19:55:50 GMT Information security is a serious concern for most businesses. Even though reporting of computer-based crime is sporadic because companies fear negative publicity and continued attacks, the trend is quite clear: information security attacks continue to be a real threat to businesses. According to a recent Computer Security Institute Survey, 72% of interviewed businesses reported that they had been subjects of serious information security attacks in 2002... by Dave O`Brien http://e-articles.info/e/a/title/Information-Security-~-A-Proven-Concern/ http://e-articles.info/e/a/title/Information-Security-~-A-Proven-Concern/ Tue, 05 Sep 2006 20:23:55 GMT The breadth of information security in e-commerce applications is broader than you might expect. Many system architects and developers are accustomed to thinking about security as a low-level topic, dealing only with networks, firewalls, operating systems, and cryptography. However, e-commerce is changing the risk levels associated with deploying software, and, as a consequence, security becomes an important design issue for any software component... by Dave O`Brien http://e-articles.info/e/a/title/E-Commerce-Solutions-Create-New-Security-Responsibilities/ http://e-articles.info/e/a/title/E-Commerce-Solutions-Create-New-Security-Responsibilities/ Fri, 01 Sep 2006 21:31:15 GMT The EASI framework specifies the interactions among the security services and application components that use those security services. By using common interfaces, it’s possible to add new security technology solutions without making big changes to the existing framework. In this way, the EASI framework supports “plug-ins” for new security technologies... by Dave O`Brien http://e-articles.info/e/a/title/EASI-(End-to-End-Enterprise-Application-Security-Integration)-Framework/ http://e-articles.info/e/a/title/EASI-(End-to-End-Enterprise-Application-Security-Integration)-Framework/ Wed, 23 Aug 2006 22:39:20 GMT Because of their susceptibility to viruses, handheld devices are potentially dangerous to a corporate network. In addition, small business and home users will probably soon require protection from wireless viruses. Malicious virus writers have a passion for "owning" new technology... by Brian Rodrigues http://e-articles.info/e/a/title/Wireless-Network-Viruses-~-Airborne-Viruses/ http://e-articles.info/e/a/title/Wireless-Network-Viruses-~-Airborne-Viruses/ Sat, 19 Aug 2006 23:47:25 GMT This section will give a brief introduction to viruses. We will define them and discuss how they have evolved from the desktop. In addition, we will examine how they might evolve in the near future over wireless media... by Clara Mikeri http://e-articles.info/e/a/title/Virus-Overview-~-What-are-Viruses-How-Does-a-Internet-Virus-Work;-Types-of-Internet-Viruses/ http://e-articles.info/e/a/title/Virus-Overview-~-What-are-Viruses-How-Does-a-Internet-Virus-Work;-Types-of-Internet-Viruses/ Sat, 19 Aug 2006 01:55:30 GMT The stereotyped image conjured up by most people when they hear the term "hacker" is that of a pallid, atrophied recluse cloistered in a dank bedroom, whose spotted complexion is revealed only by the unearthly glare of a Linux box used for port scanning with Perl. This mirage might be set off by other imagined features, such as dusty stacks of Dungeons and Dragons lore from the 1980s, empty Jolt Cola cans, and Japanese techno music streaming from the Net. However, although computer skill is central to a hacker's profession, there are many additional facets that he must master... by Yoko Jelkovich http://e-articles.info/e/a/title/Diverse-Hacker-Attack-Methods/ http://e-articles.info/e/a/title/Diverse-Hacker-Attack-Methods/ Fri, 18 Aug 2006 02:23:35 GMT From lessons in biology, we know that viruses infect every other organism, without exception, including even the tiniest bacteria. Thus, biologists and anti-virus experts were not surprised to hear of the first malware infections of mobile devices. The first PDA virus appeared on the Palm platform in 2000... by Clara Mikeri http://e-articles.info/e/a/title/Short-history-about-Internet-Viruses-on-Palm-OS/ http://e-articles.info/e/a/title/Short-history-about-Internet-Viruses-on-Palm-OS/ Tue, 15 Aug 2006 03:31:40 GMT A sniffer is a program and/or device that monitors all information passing through a computer network. It sniffs the data passing through the network off the wire and determines where the data is going, where it's coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter a certain type of data, capture passwords, and more... by Yoko Jelkovich http://e-articles.info/e/a/title/What-is-a-Sniffer-and-How-to-Protect-your-Data-Against-Sniffing/ http://e-articles.info/e/a/title/What-is-a-Sniffer-and-How-to-Protect-your-Data-Against-Sniffing/ Mon, 14 Aug 2006 04:39:45 GMT Hackers can wreak havoc without ever penetrating your system. For example, a hacker can effectively shut down your computer by flooding you with obnoxious signals or malicious code. This technique is known as a denial-of-service attack... by Yoko Jelkovich http://e-articles.info/e/a/title/What-are-Denial-of-Service-Attacks-(DOS-attacks)-and-how-to-protect-against-them/ http://e-articles.info/e/a/title/What-are-Denial-of-Service-Attacks-(DOS-attacks)-and-how-to-protect-against-them/ Sat, 12 Aug 2006 05:47:50 GMT There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be... by Clara Mikeri http://e-articles.info/e/a/title/Virus-Prevention-~-How-to-protect-against-Internet-Viruses/ http://e-articles.info/e/a/title/Virus-Prevention-~-How-to-protect-against-Internet-Viruses/ Thu, 10 Aug 2006 06:55:55 GMT The dangers of Trojans and viruses are well known. However, many computer users are completely unaware of the dangers involved in viewing Web pages. Through scripting languages, Web page operators can upload and download files to your device (PC/PDA)... by Clara Mikeri http://e-articles.info/e/a/title/How-to-protect-against-Hostile-Web-Pages-and-Scripting/ http://e-articles.info/e/a/title/How-to-protect-against-Hostile-Web-Pages-and-Scripting/ Thu, 10 Aug 2006 07:23:15 GMT • Only available on Windows 2000 and Windows XP operating systems using NTFS partitions and volumes. (NTFS v5). • Encryption is transparent to the user... by Marieta Leke http://e-articles.info/e/a/title/Features-of-Windows-Encrypting-File-System-(EFS)/ http://e-articles.info/e/a/title/Features-of-Windows-Encrypting-File-System-(EFS)/ Thu, 10 Aug 2006 08:31:20 GMT The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private... by Brian Rodrigues http://e-articles.info/e/a/title/Protecting-the-Security-of-Information/ http://e-articles.info/e/a/title/Protecting-the-Security-of-Information/ Wed, 09 Aug 2006 09:39:25 GMT Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade... by Dave O`Brien http://e-articles.info/e/a/title/Why-Is-Authenticated-SSL-Necessary/ http://e-articles.info/e/a/title/Why-Is-Authenticated-SSL-Necessary/ Wed, 09 Aug 2006 10:47:30 GMT Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is... by Yoko Jelkovich http://e-articles.info/e/a/title/What-are-Buffer-Overflows/ http://e-articles.info/e/a/title/What-are-Buffer-Overflows/ Mon, 07 Aug 2006 11:55:35 GMT When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page... by Yoko Jelkovich http://e-articles.info/e/a/title/How-to-protect-against-Unexpected-Inputs/ http://e-articles.info/e/a/title/How-to-protect-against-Unexpected-Inputs/ Sat, 05 Aug 2006 12:23:40 GMT The following taxonomy is useful in understanding the security systems, technologies and authentication tools widely available to support secure transmission and storage of information in a networked e-business environment. Firewalls Firewalls are used to keep a network secure from intruders. A firewall is a network node consisting of both hardware and software that isolates a private network... by Yoko Jelkovich http://e-articles.info/e/a/title/The-Most-Common-Network-Security-Tools-and-Technologies/ http://e-articles.info/e/a/title/The-Most-Common-Network-Security-Tools-and-Technologies/ Wed, 02 Aug 2006 13:31:45 GMT As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a single site name Service providers using virtual and shared hosting configurations But, in complex, multiserver environments, SSL server certificates must be used carefully if they are to serve their purpose of reliably identifying sites and the businesses operating them to visitors and encrypt e-commerce transactions—thus, establishing the trust that customers require before engaging in e-commerce. When used properly in an e-commerce trust infrastructure equipped with multiple servers, SSL server certificates must still satisfy the three requirements of online trust: Client applications, such as Web browsers, can verify that a site is protected by an SSL server certificate by matching the “common name” in a certificate to the domain name (such as www... by Dave O`Brien http://e-articles.info/e/a/title/Securing-Multiple-Servers-and-Domains-with-SSL/ http://e-articles.info/e/a/title/Securing-Multiple-Servers-and-Domains-with-SSL/ Wed, 02 Aug 2006 14:39:50 GMT A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised... by Yoko Jelkovich http://e-articles.info/e/a/title/Which-Are-The-Most-Common-Network-Security-Risks/ http://e-articles.info/e/a/title/Which-Are-The-Most-Common-Network-Security-Risks/ Fri, 28 Jul 2006 15:47:55 GMT Spoofing is the term hackers use to describe the act of faking information sent to a computer. This is a broad definition of spoofing, but there are many subtle variations of this attack. However, the purpose is generally the same: to disguise the location from which the attack originates... by Yoko Jelkovich http://e-articles.info/e/a/title/How-to-protect-against-Spoofing-and-Session-Hijacking/ http://e-articles.info/e/a/title/How-to-protect-against-Spoofing-and-Session-Hijacking/ Fri, 21 Jul 2006 16:55:15 GMT