Cryptography

Contributed by Neha Sharma, Mr. J. S. Bhatia, and Dr. Mrs. Neena Gupta

Digital communication has become an essential part of infrastructure nowadays, a lot of applications are Internet-based and in some cases it is desired that communication be made secret. Consequently, the security of information has become a fundamental issue. Two techniques are available to achieve this goal: Encryption and steganography is one of them. Using cryptography, the data is transformed into some other gibberish form and then the encrypted data is transmitted. In steganography, the data is embedded in an image file and the image file is transmitted.

This document is in PDF format. To view it click here.

Contributed by Dr. Colin Walter

Phishing is the fastest growing threat in the history of Internet and has gained immense popularity amongst Internet fraudsters and hackers as a simple yet effective way to gain unsolicited access to confidential user information. Using social engineering tactics, fraudsters ensure that the trust relationship established by a company with its customers is exploited to maximum effect. It is for this reason that moving towards stronger identity assurance techniques is the only long term strategy that will maintain the stability of the Internet.

This document is in PDF format. To view it click here. 

Contributed by Dr. Anton Chuvakin

If you follow the media today, you might get to a conclusion that data encryption is everywhere. However, is this “good” encryption? A classic saying “Encryption is easy; key management is hard” illustrates one of the pitfalls that await those implementing encryption enterprise-wide or even SMB-wide. This paper covers some of the other mistakes that often occur when organizations try to use encryption to protect data-at-rest and data-in-transit and thus improve their security posture.

This document is in PDF format. To view it click here.

Contributed by Jack Webb

The paper will cover the importance of databases and why their contents should be secure. Databases are a necessity in today's corporate environment. Even though databases are important to business productivity, their security in most cases are still considered second to other areas. The paper will cover the initial concepts of database. In order to properly place security controls, we must understand the necessary risks involved with improper database security. It is also necessary to cover the types of threats and attacks that can be launched to gain access to or disrupt access to a database. As it would be a long process to cover all possible controls to securing databases, it better to just cover a single concept in database security such as encryption.

This document is in PDF format. To view it click here.

Contributed by Robert Meacham