Professional Documents
Culture Documents
Security
The industry of computer and information
security is thriving
Firewalls
Access Controls
Encryption
Client/Server security
LAN/WAN Security
Web Security
Network/Communications Security
Disaster Recovery
Email Security
Mainframe Security
(c) 2004 West Legal S
Firewalls
Moat with gateways
VPNs = private intranets and networks that
the public cannot get to
Offers protection from outside, but not from
inside security breaches
Firewall may be defective = liability
Access Control
Checkpoints
Password Protection/Script-based Single
Sign-On (SSO)
Certificate Authorities and Digital Certificates
Attribute certificates can be created to allow
access to only certain parts of data
Biometrics
Tokens
(c) 2004 West Legal S
Checkpoints
Checkpoints along the way while traveling
into and out of the secure area
Secure data and information as it is being
transmitted
Password Protection/Script-based
Single Sign-On (SSO)
People forget the passwords
SSO usually not usable between external
users such as clients and business
partners.
10
Attribute Certificates
can be created to allow access to only certain
parts of data
(c) 2004 West Legal S
11
Biometrics
Authenticates users by employing
technologies that capture human
characteristics for identification purposes:
face, iris, voice, or signature, fingerprints
or retinas, palm prints, hand or finger
geometry, and DNA
12
Smart cards = digital credentials, but can also store and retrieve data,
contains and imbedded processor and operating systems = used in
telephones
Electronic signatures
13
Cryptography
Private Key Encryption : System of coding and
then de-coding the message
Encrypt the plaintext by use of a mathematical
algorithm and stores it in ciphertext. Then transmit.
Then de-code it or decrypt it back into plaintext after
transmission.
Need the same key to decode it - to solve the
mathematical algorithm and reassemble the message
(c) 2004 West Legal S
14
15
16
17
18
19
20
21
Case
Universal City Studios, Inc., Paramount
Pictures, Metro-Goldwyn-Mayer, Tri-Star
Pictures, Columbia pictures, Time Warner
Entertainment, Disney Enterprises,
Twentieth Century Fox v. Corley
22
1998 Regulation
Regulation controlled the export of certain
software: downloading or causing the
downloading of controlled encryption
course code and object code to locations
outside the United States; must get
government approval
Case law on cryptography is in flux
(c) 2004 West Legal S
23
24
Junger cont.
1st Amendments purpose: to foster the spread of ideas
and to assure unfettered interchange of ideas.
Court held:
expressive software contains an exposition of ideas
functional software is designed to enable a computer to do a
designated task. It does not explain a cryptographic theory or
describe how the software functions - it merely carries out the
function of encryption.
Used to transfer functions, not to communicate ideas - doesnt
tell how to do it, but does it
Not protected
Not a prior restraint because not directed at expressive conduct
25
26
27
28
New Rules:
Must still report post-export for any products exceeding 64 bits to the
government
29
30
31
32
33
Steganography
Process of hiding messages within a text
or graphic
Not apparent that there is a message at all
Commercially water marks
Used by terrorists to hide instructions
34
Fourth Amendment:
Govt. collecting of recovery keys is equal
to a warrant less search and seizure?
Katz v. United States: reasonable
expectation of privacy in a public phone
booth
Is just collecting the the keys and not
using them a violation of the 4th
Amendment?
(c) 2004 West Legal S
35
Businesses Beware
Businesses should know the encryption
policies of governments around the world
if you are going to do business using
encryption in these countries
36
37
9/11
Department of Homeland Security
Chief of Cybersecurity
U.S. Patriot Act
38
39
40
41
42
43
Patchwork of laws
No boundaries
Have to balance with usability
Most systems out there are vulnerable
44
45
46
Awareness
Responsibility
Response
Ethics
Democracy
Risk assessment
Security design and implementation
Security management
Reassessment
(c) 2004 West Legal S
47
48
49