C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Information
Basics
Checklists
CIA
Glossary & Acronyms
References and
Acknowledgments
Windows 98
Windows NT4
Windows XP
On this page:
Security vs. Risk
Encryption and Decryption
Absolute Security
Related Links
Sysinternals Security Freeware (now owned by MS)
A great range of freeware tools for the beginner and expert alike.
Cerberus
Cerberus, an IPsec implementation from NIST. This implementation contain many different encryption cypher (including all the AES finalists), but is subject to US export controls.
An alternative OS for iPAQ
If you like Linux and have an iPAQ you can replace the OEM O/S with a Linux kernel.
PPTP-Linux
PPTP-Linux, a PPTP client for Linux.
Using Active Directory to Lock Down Your Network
Microsoft Active Directory provides the means to manage the identities and relationships that make up your network environment. Find webcasts, virtual labs, and other resources that show how you can use Active Directory to help establish secure administrative policies and practices.

Security vs. Risk

Print view

Security and risk are two terms that are frequently used interchangeably. Just remember; a risk does not automatically imply a security threat (a power outage is a risk, but not necessarily a security threat). However, a security threat does imply a risk.

Encryption and Decryption

  • Encryption is used to provide confidentiality for data.
  • Encrypted data is termed “ciphertext”.
  • Ciphertext is transformed back into data using decryption.
  • The mathematical process of encryption is an algorithm.
  • Many common algorithms operate on blocks (chunks) of data during an encryption or decryption operation. For this reason, these algorithms are commonly referred to as block cipher algorithms.
  • Data is encrypted using an algorithm in conjunction with a key, also known as a certificate.
  • The key is a number.
  • Data can be recovered from ciphertext only by using the same key that was used to encrypt the data.
  • Unauthorized recipients of the ciphertext who know the cryptographic algorithm, but do not have the correct key, should not be able to decrypt the ciphertext.
  • However, anyone who has the key and the cryptographic algorithm can easily decrypt the ciphertext and obtain the original data.

Although much has been written on this subject, a great place to start is the RSA Laboratories whitepaper "Frequently Asked Questions About Today's Cryptography".

Absolute Security

Sorry, but there is no such thing. A more practical approach is by the 80/20 rule. It is like locking your car at night. It will cause the casual opportunist to move on. Use a steering lock and it will stop the amateur thief. Install a car alarm and it will stop all but the skilled and dedicated criminals (who usually are neither). Include a tracking system, for example Lo-Jack, and you stand a good chance of recovering your vehicle after a successful theft.

There are some fundamental steps that all companies, from sole proprietor up, should have at least considered as the beginning of security strategy. A proactive approach now will reduce the impact of a violation.

Don’t let the word “strategy” put you off. As soon as you install a virus checker (and if you haven’t done that, stop reading and go do it now! Anything is better than nothing but if you pick one of the big names, Symantec, McAfee, etc. you won’t go far wrong), you have started planning your security strategy.

The categories listed on the Basics page are your starting point. If this is the first time you have been to this site, we highly recommend you scan through the sections and ensure you have hit the main points. These sections are not meant to be exhaustive, and they are dealt with in other areas in much greater detail, but if you are looking to start somewhere, this will give you an idea of what you should be considering.

Once you have scanned these sections, and you still have questions, use the links to take you to pages with more information. If you still have unanswered questions, and you know your business better than anyone, talk to a security consultant. Obviously we hope it will be C3SC, but do call someone.

Firewalls

A firewall separates one portion of a network from another and allows only authorized network traffic to pass through. A firewall typically separates the local private network from the Internet. Some firewalls examine the traffic that flows in and possibly out of the network to make sure it is legitimate. Firewalls hide the identities of computers within your private network to make it harder for criminal hackers to target individual computers. Firewalls can be combined with other devices to reduce the resource requirements.
▲Top of page
Did you know?
Live CD
If you want to test a new/different version of Linux, there are many "live CD" distributions that allow you to boot into the operating system without needing to install it on the hard drive.
Almost half of all companies surveyed spend less than 2% of their IT budget on security.
And of that figure, 40% spent less than 1% citing the engagement of senior management as a significant obstacle.
Only and estimated 25% of companies report computer intrusions to law enforcement.
They site bad publicity and loss of credibility as major concerns.
Spam problems?
Microsoft filters out over three billion spam messages a day.
Folder views.
If you want all your files and folders to be listed the same way in Explorer, display the format you want in the right pane, e.g. details view, sorted by file type. Then Tools>Folder Options and the Views tab. Hit the Apply to All Folders button and the next time you traverse to a folder it will be in your "standard " display format.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com