C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Information
Basics
Checklists
CIA
Glossary & Acronyms
References and
Acknowledgments
Windows 98
Windows NT4
Windows XP
On this page:
Security vs. Risk
Encryption and Decryption
Absolute Security
Related Links
Microsoft Shadow Copy
Microsoft Windows Server 2003 includes Shadow Copies of Shared Folders to help prevent inadvertent loss of data.
OpenSSH
OpenSSH, an Open Source implementation of the SSH protocol. A favorite for Unix users.
Security Focus
A great selection of tools and utilities.
Micrsoft Midsize Business: Security
Use the resources below to find security solutions geared toward midsize businesses with 25 — 500 PCS.
linux-wlan project
The goal of the linux-wlan project is to develop a complete, standards based, wireless LAN system using the GNU/Linux operating system.

Security vs. Risk

Print view

Security and risk are two terms that are frequently used interchangeably. Just remember; a risk does not automatically imply a security threat (a power outage is a risk, but not necessarily a security threat). However, a security threat does imply a risk.

Encryption and Decryption

  • Encryption is used to provide confidentiality for data.
  • Encrypted data is termed “ciphertext”.
  • Ciphertext is transformed back into data using decryption.
  • The mathematical process of encryption is an algorithm.
  • Many common algorithms operate on blocks (chunks) of data during an encryption or decryption operation. For this reason, these algorithms are commonly referred to as block cipher algorithms.
  • Data is encrypted using an algorithm in conjunction with a key, also known as a certificate.
  • The key is a number.
  • Data can be recovered from ciphertext only by using the same key that was used to encrypt the data.
  • Unauthorized recipients of the ciphertext who know the cryptographic algorithm, but do not have the correct key, should not be able to decrypt the ciphertext.
  • However, anyone who has the key and the cryptographic algorithm can easily decrypt the ciphertext and obtain the original data.

Although much has been written on this subject, a great place to start is the RSA Laboratories whitepaper "Frequently Asked Questions About Today's Cryptography".

Absolute Security

Sorry, but there is no such thing. A more practical approach is by the 80/20 rule. It is like locking your car at night. It will cause the casual opportunist to move on. Use a steering lock and it will stop the amateur thief. Install a car alarm and it will stop all but the skilled and dedicated criminals (who usually are neither). Include a tracking system, for example Lo-Jack, and you stand a good chance of recovering your vehicle after a successful theft.

There are some fundamental steps that all companies, from sole proprietor up, should have at least considered as the beginning of security strategy. A proactive approach now will reduce the impact of a violation.

Don’t let the word “strategy” put you off. As soon as you install a virus checker (and if you haven’t done that, stop reading and go do it now! Anything is better than nothing but if you pick one of the big names, Symantec, McAfee, etc. you won’t go far wrong), you have started planning your security strategy.

The categories listed on the Basics page are your starting point. If this is the first time you have been to this site, we highly recommend you scan through the sections and ensure you have hit the main points. These sections are not meant to be exhaustive, and they are dealt with in other areas in much greater detail, but if you are looking to start somewhere, this will give you an idea of what you should be considering.

Once you have scanned these sections, and you still have questions, use the links to take you to pages with more information. If you still have unanswered questions, and you know your business better than anyone, talk to a security consultant. Obviously we hope it will be C3SC, but do call someone.

Firewalls

A firewall separates one portion of a network from another and allows only authorized network traffic to pass through. A firewall typically separates the local private network from the Internet. Some firewalls examine the traffic that flows in and possibly out of the network to make sure it is legitimate. Firewalls hide the identities of computers within your private network to make it harder for criminal hackers to target individual computers. Firewalls can be combined with other devices to reduce the resource requirements.
▲Top of page
Did you know?
Email is a hackers gateway to your network.
Make sure you have adequately trained your employees in good email hygiene to reduce virus attacks.
Wireless networks are more vulnerable to hackers - so they need additional protection.
Encryption technologies such as Wi-Fi Protected Access can help. Although there are weaknesses with WEP, some legacy systems do not support more modern protocols like WPA, and so WEP is still better than nothing and will deter most casual eavesdropping.
Patch management is the cheepest security fix available.
Having an automated patchmanagement system is straight forward to setup with almost no administrative overhead. Set it up once for your environment and it will do the work.
Only and estimated 25% of companies report computer intrusions to law enforcement.
They site bad publicity and loss of credibility as major concerns.
Windows XP and beyond include firewall technology.
If you have a gateway to the internet or are just using Windows XP Internet Connection Sharing, Windows has a great firewall, but you need to tune it to get the best from it.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com