...store your public keys or public certificate files in the public domain? Is this the same thing as a public key infrastructure (PKI) server? Certificate stores 2. What do you need if you want to decrypt encrypted messages and files from a trusted sender? Decryption key 3. When referring to IPSec tunnel mode, what two types of headers are available and how do they differ? Authentication Header is used to prove the identity of the sender and ensure the data is not tampered with while Encapsulated Security Payload provides authentication and encryption and encrypts the IP packets and ensures their integrity. 4. Provide a step by step progression for a typical Certificate Enrollment process with a Certificate Authority. Create Enrollment Object Set Enrollment Parameters Create Request Submit Request Process request Get Certificate Accept Certificate 5. When designing a PKI infrastructure what are the advantages and disadvantages of making the CA available publicly over the Internet or keeping it within the private network? Advantages Straight-forward Concept Chain-length limit Less time to obtain a usable certificate within the CA Disadvantages Scalability Single point of trust Still need an impeccable CA 6. Designing a PKI involves several steps. Per the Windows Best Practices for Designing a PKI, what are those steps? In your words, explain what each step is meant to do? * Outline the business scenario * Define the...
Words: 634 - Pages: 3
...information security. Ensuring a secure network involves good design, implementation, and maintenance. The information in your organization is potentially vulnerable to both internal and external threats. Identify these threats and create methods of countering them before they happen. Be able to identify the potential physical, operational, and management policy decisions that affect your information security efforts. It isn’t good enough to have a plan if the plan is unsound or has gaping holes. You must make sure that the plans you develop and the procedures you follow to ensure security make sense for the organization and are effective in addressing the organization’s needs. Be able to explain the relative advantages of the technologies available to you for authentication. You have many tools available to establish authentication processes. Some of these tools start with a password and user ID. Others involve physical devices or the physical characteristics of the person who is requesting authentication. This area is referred to as I&A. Be able to explain the relative capabilities of the technologies available to you for network security. In most situations, you can create virtual LANs, create connections that are encrypted, and isolate high-risk assets from low-risk assets. You can do so using tunneling, DMZs, and network segmenting. Be able to identify and describe the goals of information security. The three primary goals of information security are prevention...
Words: 5056 - Pages: 21
...What are the three main categories of objects to be protected by Access Controls? | | Information – any type of data asset Technology – Applications, Systems, and networksPhysical Location – buildings and rooms | What are the three elements of an Access Control System? | | Policies – RulesProcedures – nontechnical methods used to enforce policies Tools – Technical methods used to enforce policies | What are the three types of subjects when it comes to access control for specific resources? | | Authorized – presented credentials and have been approved for access Unauthorized – Don’t process the proper credentials or do not have the appropriate privileges for accessUnknown – Don’t possess any credentials at all: Don’t know if they should be given access or not | What are the three steps to the access control process? | | Identification – process of Identifying itself Authentication – verification of the subjects identity Authorization – allow or deny access to an object. | What are the principal components of Access Controls? | | Policies – who gets access to whatSubjects – User, Network, process, or applications requesting access to resources Objects – The resource to which the subject desires access | What are the basic...
Words: 2070 - Pages: 9
...IT@Intel Brief Intel Information Technology Computer Manufacturing Enterprise Security Network Access Control: User and Device Authentication August 2005 Intel IT is piloting new security methods to provide network access control by authenticating devices as well as users. Since networking has evolved to support both wired and wireless access, securing corporate networks from attack has become ever more essential. Therefore, to effectively enforce network access control policies in a proactive manner, we are developing a method to authenticate users and devices before they connect to the network. Network Access Control at Intel • Over 90,000 employees worldwide • 80 percent of knowledge workers are mobile and unwired • Over 50,000 remote access users Background As a global corporation, Intel IT supports more than 90,000 employees and contractors all over the world, and 80 percent of our knowledge workers are mobile and unwired. Network access depends more and more upon wireless LANs and WANs, as well as virtual private network (VPN) remote access. All of these technologies have the potential to open our network perimeter to threats. When we considered the threat of viruses and worms, it was evident that we needed additional controls to secure the enterprise network and its information assets from unauthorized devices and unauthorized people. Figure 1 shows how we could authenticate devices and users as part of the authentication pyramid. Figure 1. Authentication...
Words: 1319 - Pages: 6
...Scams of the day!!! © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 2 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 3 On to today’s lesson © 2012 Jones and Bartlett Learning, LLC www.jblearning.com FIRST OF ALL… § Let me clear up a misconception § RSA public/private key encryption is THE leader, in terms of security. For all practical purposes, it is impossible to crack a RSA algorithm. § PGP (Pretty Good Privacy) is probably the best implementation of RSA. It is now owned by Symantec. § Other free products (which do not tightly integrate into email, for example) are available § Understand that PKI is NOT the same thing as public key encryption Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 5 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 6 Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding...
Words: 1799 - Pages: 8
...Denver, Colorado * Los Angeles, California * Montreal, Canada * New York City, New York * Washington, D.C The North American offices have a total of 5,000 employees who use desktop, laptops, and wireless devices. All offices deal with several sensitive applications. Management from each office shares application information hosted at the corporate office. Database research and industry, and there has also been increasing interest in the problem of building accurate data mining models over aggregate data, while protecting privacy at the level of individual records. Instead of building walls around servers or hard drives, a protective layer of encryption is provided around specific sensitive data-items or objects. This prevents outside attacks as well as infiltration from within the server itself. This also allows the security administrator to define which data stored in databases are sensitive and thereby focusing the protection only on the sensitive data, which in turn minimizes the delays or burdens on the system that may occur from other bulk encryption methods. Encryption can provide strong security for data at rest, but developing a database encryption strategy must take many factors into consideration. Design an enterprise encryption strategy –a public key infrastructure (PKI) that supports internal employees, external business partners, and clients. Include the design and reasoning for using the select encryption strategy. The strategy...
Words: 993 - Pages: 4
...10/29/13 Data encryption is the only thing that will secure data transmission. Powerpoint: Confidentiality: Keeps information secret from all but authorized people Integrity: Can enforce integrity with hashes Authentication: Provides a way to authenticate entities Non-repudiation: Prevents a party from denying a previous statement or action Cryptology in Business • Increasing concern about the security of data. • More sophisticated attacks • Tremendous growth of computer-related fraud and data theft • Data protection as a business priority Intrabusiness Security: Privacy, integrity, authorization, and access control. Interbusienss Security: Message authentication, signature, receipt and conformation, and non-repudiation Extrabusiness Security: Anonymity, time stamping, revocation, and ownership Applications and Uses • Cryptography uses can be found in categories, such as: o Anti-malware o Compliance or auditing o Forensics o Transaction security o Wireless security Symmetric Key Crypto Standards Triple DES (Data Encryption Standard): Consists of three passes of DES using multiple keys IDEA (International Data Encryption Algorithm): Uses a 128-but key and runs faster than DES Blowfish: Faster than DES or IDEA AES (Advanced Encryption Standard): Strong and fast. Defacto standard today. RC2: Designed by Ronald Rivest RC4: Used in Internet browsers Symmetric Key Principles • The same key encrypts and decrypts • Symmetric Algorithms...
Words: 365 - Pages: 2
...ACCESS CONTROL IN SUPPORT OF INFORMATION SYSTEMS SECURITY TECHNICAL IMPLEMENTATION GUIDE Version 2, Release 2 26 DECEMBER 2008 Developed by DISA for the DoD UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD This page is intentionally blank. ii UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD TABLE OF CONTENTS Page SUMMARY OF CHANGES...................................................................................................... IX 1. INTRODUCTION................................................................................................................. 1 1.1 1.2 1.3 1.4 1.5 1.6 1.7 2. Background ..................................................................................................................... 1 Authority ......................................................................................................................... 2 Scope............................................................................................................................... 3 Writing Conventions....................................................................................................... 3 Vulnerability Severity Code Definitions ........................................................................ 4 STIG Distribution .......
Words: 38488 - Pages: 154
... | |NW490 – Senior Seminar | |Vanesa Weeks | |James Hawkins | |Justin Ossai | | | |10/6/2009 | | | Company Overview The purpose of this proposal is to implement wireless communication at Westwood Resort, address the current network status and how to improve network capabilities throughout the resort. The goal of the company is to provide free Wi-Fi access to guests and at the same time ensure that the internal network remain secure. In addition, the resort wants to provide better cell phone access in the Fitness Center. Westwood Resort is located in Atlanta GA; it is a single building structure which is composed of ten stories, 500 guest rooms, two banquet halls, seven meeting rooms, hotel lobby, reception, coffee shop, fitness center, and poolside. The Business Center and half the guest rooms are wired for internet access with a dedicated T-1 connection. The hotel currently runs an Ethernet network...
Words: 2827 - Pages: 12
...2/6/2011 Wireless on the Move | Thomas Byrd | Warriors Solutions | Wireless on the Move | Warriors Solutions | Wireless on the Move | Table of Contents Executive Summary 2 Introduction 3 Company 3 Industry 3 Assessment 4 Need for WLAN 4 Business Entity 4 Mission of the organization 4 Growth potential 4 Current Network 5 Applications 5 Number of Users 5 Strengths and Weaknesses 6 Anticipated Growth 7 Benefits 7 Hard 7 Soft 7 Solution 8 Deployment Scenario 8 Select Network Type 9 Access Point Management 9 Location of Wireless Devices 9 Deploying Wireless network 10 User Support 10 Training 10 Support 11 Conclusion 11 Bibliography 12 * Executive Summary As wireless LANs (WLANs) continue to grow in popularity, particularly in enterprise networks, your enterprise might be considering deploying a WLAN to leverage the different advantages that come with this type of technology. The ability to do away with massive amounts of cabling to mobile workplace is a very obvious advantage. There are many more. Mobile, ubiquitous access to enterprise IT systems throughout the global enterprise yields a more productive and efficient workforce, allowing employees to access resources without being tethered to a traditionally static wired network connection. WLANs allow workers to access and contribute information far more quickly than before, boosting the productivity of all workers who depend on that critical information...
Words: 2278 - Pages: 10
...common email encryption is called PKI. In order to open the encrypted file an exchange of keys is done. Many infrastructures such as banks rely on secure transmission protocols to prevent a catastrophic breach of security. Secure transmissions are put in place to prevent attacks such as ARP spoofing and general data loss. Software and hardware implementations which attempt to detect and prevent the unauthorized transmission of information from the computer systems to an organization on the outside may be referred to as Information Leak Detection and Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF) or Extrusion Prevention systems and are used in connection with other methods to ensure secure transmission of data. ------------------------------------------------- [edit]Secure transmission over wireless infrastructure Main article: Wired Equivalent Privacy WEP is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio, so are more susceptible to eavesdropping than wired networks. When introduced in 1999, WEP was intended to provide confidentiality comparable to that of a traditional wired network. A later system, called Wi-Fi Protected Access (WPA) has since been developed to provide stronger security. ------------------------------------------------- [edit]Web-based secure transmission Main article: secure socket layer Transport Layer Security (TLS) and its predecessor, Secure...
Words: 586 - Pages: 3
...Wingtip Toys Professor Michael Chu Rodney Wakefall Strayer University CIS332 September 8, 2013 With a host of new features to Microsoft Windows Server 2008, I believe that this utility will utilize Wingtips Toys IT investment more efficiently. Combining this new OS with powerful computer hardware and services solutions can result in a tremendous productivity boost from: • Enhanced virtualization features that help you increase system availability • Streamlined management over your remote systems • Improved security to help ensure the confidentiality, integrity and availability of your data • Seamless, secure internet connection by mobile workers to your corporate network without the need for a virtual private network (VPN) • Faster file downloads for branch office users • Dedicated features, such as Direct Access and BranchCach, aimed specifically at maximizing the synergy between Windows Server 2008 clients to enable powerful remote access capabilities Migration steps are different based on the server role or the applications to be migrated. There is no single step to migrate all types of server roles or applications, hence there are quite a lot of factors we will need to consider. A typical migration process involves clean installation of the operating system, installation of server roles, move data and settings from source to destination new server and point the clients to the new server. Microsoft has tons of tools available to ensure a smooth migration...
Words: 1736 - Pages: 7
...Special Publication 800-48 Wireless Network Security Tom Karygiannis Les Owens 802.11, Bluetooth and Handheld Devices NIST Special Publication 800-48 Wireless Network Security 802.11, Bluetooth and Handheld Devices Recommendations of the National Institute of Standards and Technology Tom Karygiannis and Les Owens C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 November 2002 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director W IRELESS NETWORK SECURITY Note to Readers This document is a publication of the National Institute of Standards and Technology (NIST) and is not subject to U.S. copyright. Certain commercial products are described in this document as examples only. Inclusion or exclusion of any product does not imply endorsement or non-endorsement by NIST or any agency of the U.S. Government. Inclusion of a product name does not imply that the product is the best or only product suitable for the specified purpose. Acknowledgments The authors wish to express their sincere thanks to numerous members of government, industry, and academia who have commented on this document. First, the authors wish to express their thanks to the staff at Booz Allen Hamilton...
Words: 52755 - Pages: 212
...INFORMATION SECURITY IN THE DIGITAL WORLD NAME Abstract Information security is the process of detecting and preventing unauthorized users access to your network, computer, and ultimately your personal information. Information security is huge and many casual users do not even think about it, or if they do, only as an afterthought. This is one of the worst things that you can do in this day and age especially with the abundance of technology in our everyday lives. Everyone should care and be concerned about all levels of information security as a breach in security could mean financial ruin, personal embarrassment, stolen trade secrets, and much more. Intruders come from a wide variety of places and could be someone as simple as your next door neighbor stealing wireless internet from you to Chinese agents stealing classified weapon system designs from the US government. With the complexities of software these days there will always be vulnerabilities to expose and utilize which is why every user needs to stay on top of their own security. This typically means applying the latest operating system and software patches, maintaining a firewall and up to date virus scanning software, being intelligent about where you web surf and what you click on, and just being as smart in the digital world as you are in the physical world. This paper will cover some of the types of network attacks that are out there...
Words: 1542 - Pages: 7
...Access Responsibility. Use of any government provided wireless service is for official use and authorized purposes as set forth in DoD 5500.7-R, Joint Ethics Regulation, or as further limited by this policy. Minimum Security Requirements. The following minimum security requirements apply to the use of wireless devices and services. I will be held responsible for damage caused to a Government system or data through negligence or a willful act. I understand that all charges incurred in excess of the normal monthly service charge will be the responsibility of the user. Charges will be incurred for the following misuses of the device: exceeding allocated minutes per month, use of text messaging, downloading of any services, ring tones, games, etc.; neglect or abusive damage to the device or accessory. I am not authorized and will not use Bluetooth technology (to include voice transmission) with Blackberry devices except for the authorized CAC sled found on the Army approved list. I will ensure the Blackberry handheld device is cradled or synchronized at least once every 30 days to the Blackberry Enterprise Server (BES) to receive updated keys and/or software updates. I understand that the BlackBerry will not be connected to the desktop or other network device for battery charging. Only the A/C travel charger will be used. I understand that the Security Timeout feature will be set to fifteen minutes. I understand that wireless devices will not be carried in a...
Words: 984 - Pages: 4
