Lecture #9

information protection. Standards and specification in ICT field. Digital signature.

Political, Economic, and Social as well as Technical
Information has an

increasing intrinsic value
Protection of critical information now a critical concern in Government, Business, Academia

Damage to public image
Legal definitions often vague or non-existent
Legal prosecution

is difficult
Many subtle technical issues

– Information retains intended content and semantics
Availability – Information retains

access and presence
Importance of these is shifting, depends on organization

that may be exploited”
Attack - “human originated perpetration”
Threat -

“potential for exposure”
Control - “preventative measure”

is only as strong as its weakest link
Problems multiply with

number of nodes

stores, parking areas, loading areas, warehouses, offices, equipment, machines, tools,

vehicles, products, materials
Personnel
Protect employees, customers, guests
Information
The rest of this course

Have Physical Consequences

one commodity that can be stolen without being “taken”
Physically

barring access is first line of defense
Forces those concerned to prioritize!
Physical Security can be a deterrent
Security reviews force insights into value of what is being protected

Storage

Personnel Security Practices
Limited Access
Training
Consequences/Deterrence

and discourage trespassing
Provide distance from threats

perimeter, positive controls
Purpose
Alert threat, segment protection zones

only
Purpose
Establish controlled areas and rooms
95752:1-

conscious effort to violate
Protects against inadvertent transmission
Removable Media
Removable Hard

Drives
Floppy Disks/CDs/ZIP Disks
Remote Storage of Data
Physically separate storage facility
Use of Storage Media or Stand Alone computers
Updating of Stored Data and regular inventory

95752:1-

of a message have not been altered in transit.
When you,

the server, digitally sign a document, you add a one-way hash (encryption) of the message content using your public and private key pair.
Your client can still read it, but the process creates a "signature" that only the server's public key can decrypt. The client, using the server's public key, can then validate the sender as well as the integrity of message contents.
Whether it's
an email
an online order
or a watermarked photograph on eBay
if the transmission arrives but the digital signature does not match the public key in the digital certificate, then the client knows that the message has been altered.

considered as a numerical value that is represented as a

sequence of characters. The creation of a digital signature is a complex mathematical process that can only be created by a computer.

How do I create a Digital Signature?
You can obtain a digital signature from a reputable certificate authority such as Comodo, or you can create it yourself. You need a digital certificate to digitally sign a document. However, if you create and use a self-signed certificate the recipients of your documents will not be able to verify the authenticity of your digital signature. They will have to manually trust your self-signed certificate.
Types of digital signatures

others
Beware of contests, clubs, prizes, & gifts
Beware of strangers
Don’t break

the law
Practice Netiquette

anyone private information about yourself
Don’t use your real name -

invent a nickname*

number
Don’t tell your age or where you go to school
Don’t

tell where or when you’re going on vacation
Never send your picture

anyone, not even your best friend
Don’t use something obvious:
Name
Address
Phone number
Birthday
BE

UNIQUE
Change your password often

your family or friends
Never tell anyone where your parents work
Never

give private numbers to anyone

names of your friends or where they live
Never enter the

email or text files of anyone else without permission

contest
Joining a club
Accepting a prize or gift
Purchasing anything
Creating a myspace

or other social networking account
You could be sharing private information without meaning to.

because they ask doesn’t mean you have to tell

to meet with a stranger in person
Never agree to speak

on the phone

a picture to you
If a stranger is asking you to

meet them, to call them or to send a picture, DON’T WAIT--Tell a parent right away!

the law
Never send hateful or threatening email
Never use someone else’s

passwords

copy and use commercial software or music files

be cruel

the enter key when you’re not sending a message

or “girl”
Don’t use one that has sexual or drug related

connotations. If you “know” what it means, then it’s a sure thing that someone else will too.

or bad
Show weird messages to a parent or adult right

away
Don’t get suckered into a “cyberfight”
Remember, you always have the power to leave