Five Mistakes of Data Encryption

Contributed by Dr. Anton Chuvakin

If you follow the media today, you might get to a conclusion that data encryption is everywhere. However, is this “good” encryption? A classic saying “Encryption is easy; key management is hard” illustrates one of the pitfalls that await those implementing encryption enterprise-wide or even SMB-wide. This paper covers some of the other mistakes that often occur when organizations try to use encryption to protect data-at-rest and data-in-transit and thus improve their security posture.

This document is in PDF format. To view it click here.


Database Security – Encryption

Contributed by Jack Webb

The paper will cover the importance of databases and why their contents should be secure. Databases are a necessity in today's corporate environment. Even though databases are important to business productivity, their security in most cases are still considered second to other areas. The paper will cover the initial concepts of database. In order to properly place security controls, we must understand the necessary risks involved with improper database security. It is also necessary to cover the types of threats and attacks that can be launched to gain access to or disrupt access to a database. As it would be a long process to cover all possible controls to securing databases, it better to just cover a single concept in database security such as encryption.

This document is in PDF format. To view it click here.


User Authentication Through the Use of Public Key Infrastructure (PKI)

Contributed by Robert Meacham


Document DRM: Replacing Encryption as the Standard for Document Protection

Contributed by Dr Stephen Hitchen

Corporate intellectual property and other sensitive information is generally created and maintained in the form of electronic documents. Encryption is routinely used to protect this information against unauthorised access during storage and transfer (e.g. by email). While encrypted, the protected information, or content, is essentially immune to unauthorised access. It may seem, therefore, that the application of modern encryption software provides perfectly adequate protection of such information. However, such a view is superficial – in essence it focuses on only one aspect of securing sensitive information.

This document is in PDF format. To view it click here.


Defeating Encryption: Security is More than Just Good Crypto

Contributed by John C. A. Bambenek

Encryption is good. It helps make things more secure. However, the idea that strong cryptography is good security by itself is simply wrong. Encrypted messages eventually have to be decrypted so they are useful to the sender or receiver. If those end-points are not secured, then getting the plain-text messages is trivial. This is a demonstration of a crude process of accomplishing that.

This document is in PDF format. To view it click here.


Subscribe to RSS - Cryptography