Home Page

Personal

Photo Gallery

Music-Info

Ramble-on

Link-Me

Security

THE BIG QUESTIONS

In god we Trust...

Click on any link below to get the answers.

E-COMMERCE    ENCRYPTION    FIREWALLS     PASSWORDS   SECURE TRANSMISSION    LEVELS OF TRUST    FUTURE STEPS   

 


E-COMMERCE

With visible seals that attest to your Web site's security and privacy practices, consumers can better trust that their transaction information will be kept private, secure, and confidential. Here you'll learn where you can find the information to participate in these programs.

Even as electronic commerce has matured over the last few years, consumer wariness of online buying still remains far too high if the goals to supplant Mail Order/Phone Order (MOTO) shopping are to ever be realised. Continued fears of credit card theft, stolen identities, and other security and privacy threats certainly won't disappear overnight, but with the efforts described here, perhaps those fears will soon lose their stranglehold on business.

While records of online buying are being broken, research continues to show that about a third of all consumers still refuse to consider providing private or confidential data to faceless merchant recipients. As emerging protocols like Secure Electronic Transaction (SET) are adopted, along with assurances of privacy for consumer information, online buying is certain to increase and will eventually become commonplace. To help the movement to e-commerce along faster, several initiatives are now in the works.

For more information on one possiable protocol check out E-Commerce Watch - WebReference.com

top_man.gif (3459 bytes)To the top

ENCRYPTION

Encryption is required if a message sender wants his or her message to be read only by certain groups of people who have the legitimate ability to decipher the message. This is the most popular and mature way to protect the data or audio being transmitted through the media. This ensures that the data once outside of the system will be in unreadable codes. The Data Encryption Standard (DES), has been approved by the US National Bureau of Standards (NBS). DES, using a 64-bit pattern as the encryption key, is the most used data encryption method. It uses keys to encrypt and decrypt the data between plain text and encrypted data (ciphertext). The keys are only accessible to legitimate users. Because the encryption process slows down the data transmission speed, most of the DES algorithms are available in the IC chips to enhance the processing capability. One promising algorithm of encryption to be approved by NBS is trapdoor encryption. Trapdoor uses two different keys, public keys and private keys, as the major tools. The public key is used to encrypt the data, and is like a phone number in the yellow pages. Anyone can access the public key for encryption. Private keys, on the other hand, can be accessed only by the legitimate users, who use the keys to decrypt the data.

No matter what kind of encryption method is applied, key administration is an extremely important function in protecting information. Organizations, such as ANSI, have recognized the critical nature of key management and are creating standards to guide key administrators. ANSI X9.17 is the key management guide for financial institutions. US Federal Standard 1027 is the security requirement of equipment using the DES. Generally, the key administrators will guide the key creation, key distribution and key storage to ensure the security of the encryption itself.

top_man.gif (3459 bytes)To the top

FIREWALLS

The term firewall is a well known term in the network security field. Fire walls are combinations of software and hardware used for preventing hackers from breaking into the network system. Unlike encryption which protects out-bound data, fire walls guard the network by filtering the incoming users. Filtering routers are the basic and easiest way to keep away unwanted users.

Routers are basically a device responsible for sending messages to the desired addresses. It is like the post system, which identifies the address on the envelope and sends the envelope to the address. By programming the router, the company can allow only certain messages from certain senders and therefore bar the unwanted or unfriendly people from gaining access to

the system. At the same time, the router can be programmed to accept those people we want to access the system. Firewalls are very flexibile, which is very beneficial to the network administrator who can set a standard for accessibility.

The host-based computer is another common tool used to guard the network. Unlike the router working on the network level (Internet protocol level for Internet) of OSI (Open System Interconnection), the host-based computer works at the application level. Because the host exercises its control at the application level, traffic as a whole can be monitored more completely.

top_man.gif (3459 bytes)To the top

PASSWORDS

Most people who have used computers have had experience using passwords. It is now a common procedure when entering a proprietary system. Many network users like to use passwords that are easy to remember. Names, telephone numbers, and birthdays are common passwords. Some people even repeat their user IDs as their passwords. Using this type of password is not a very good way to bar illegitimate users from gaining access to your system or to protect the valuable data and information

that you have on your network system. Hackers have their own programs that can guess passwords based on personal information about the users. This procedure does not usually take a long time. Generally, easy-to-remember passwords are riskier than passwords which are in an unreadable format. A company or any organization with log-in computer systems should educate their network users to create their passwords in a format that can not be easily guessed, or program the log-in procedure to allow only passwords in a complex format.

It is sometimes difficult for people to remember their passwords, especially when the passwords are required to be in a long and indecipherable format. Some people write their passwords down where they can quickly refer to them. This is a very risky habit because these passwords can then be accessed by other people. Making sure the network users remember their passwords or put their passwords in a secure place is important, since passwords are the simplest security measure to make.

top_man.gif (3459 bytes)To the top

 

THE NEED FOR SECURE TRANSMISSION AND PROPER INDENTIFICATION

People using the Internet for carrying on day-to-day business require security for communicating confidential information, for conducting commercial transactions, or simply for connecting safely to new sites. Furthermore, we all want to limit access to private data and to ensure that we can control the kind of content we view. Think of communicating with your stockbroker, sending medical information from a doctor's office to a hospital, or using a credit card to buy an expensive watch via the Internet. These are all cases in which it is important both that you be properly identified to the Web site you are connecting to or the application you are using, and that your transmissions be kept secure through encryption.

This means that both the browser that connects you to the Internet and the server that supplies that browser
with data need to play a large role in your protection. Specifically, they need to provide services that:

  • Identify you to the sites from which you are trying to obtain information.
  • Send and receive information confidentially.
  • Ensure that information cannot be tampered with while in transmission.
  • Control who can access and modify information stored on your computer.
  • Filter the type of content that flows into homes or businesses.

Equally important as any item on the list above, good security should intrude as little as possible into the computing experience. In other words, it should not increase the difficulty of using valuable services available on the Internet and it should not create new barriers to entry for providers of goods and services.

top_man.gif (3459 bytes)To the top


LEVELS OF TRUST

Generally people are willing to place their trust in information from sources that are protected. For example, servers on internal corporate networks (intranets) appear safer than Web sites that are freely available to anyone with a computer and a modem. Intranets are generally seen as more secure, both because you have a "trust relationship" with the company for whom you work, and because firewalls physically limit access from the outside world, protecting the information integrity of servers inside the company.

Further, you are willing to place a greater amount of trust in information from specific Web sites -- those published by trading partners, regulatory bodies, trusted software providers -- than you are in random sites. These "trust relationships" are simple, intuitive, and mirror the way in which other business processes operate.

There is a lot of effort into the area of developing and refining digital signatures for software. Digital signatures enforce a "truth-in-downloading" edict. A signature reminds customers to verify who authored the software they are about to download. By performing the verification, they will be able to determine that no one has tampered with the software during transmission. This technology -- called Authenticode™ -- gives consumers the ability make informed decisions about whether they trust the online software publisher, just as they do when they buy a box of shrink-wrapped software. Microsoft also supports digital signatures which prove that the (apparent) author really signed the letter, purchase order, or product approval.

top_man.gif (3459 bytes)To the top


FUTURE STEPS

Companies are working hard to further improve security, in products and for the industry as a whole. The next 18 months, will see tools provided to make it even easier for information technology (IT) professionals to set up highly secure servers for large corporations, plus encryption technologies for laptop data files, and advanced certificate technology for Internet Information Servers. The certificate technology will allow corporations to authenticate the identity of, for example, employees of trading partners who need to have access to specific proprietary data contained in an intranet or on other systems previously accessed only by employees.

Security on the Internet is an industrywide issue. Therefore companies are working together with other industry leaders in areas of common concern. For example, Microsoft and Netscape are working together on a specification called the Open Profiling Standard (OPS). This technology will give users additional and more uniform control over what private information, if any, can be released to Internet service providers (ISPs). Users will also be able to better understand who sees the information. Microsoft is also working with Cisco Systems and other Internet infrastructure companies in such areas as directory services and network security.

Finally, Microsoft works closely with industry groups and with law enforcement agencies around the world on issues that affect consumer privacy, access to online services, and malicious Internet attacks. Our goal is to make online security an integral part of the Internet infrastructure.

top_man.gif (3459 bytes)To the top