C3 Security Consulting LLC
Confidentiality
Integrety
Availability		 company banner
HomeSecurityServicesVistaInformationCompany
  
floating layer default test box
Information
Basics
Checklists
CIA
Glossary & Acronyms
References and
Acknowledgments
Windows 98
Windows NT4
Windows XP
On this page:
Security vs. Risk
Encryption and Decryption
Absolute Security
Related Links
Newbie?
Whether brand new or looking for expansion, LinuxFromScratch is a great resource.
PPTP-Linux
PPTP-Linux, a PPTP client for Linux.
Latest Info on Linux Versions
Great site for all the Linux releases you could want. With help, popularity ratings, and homw sites it's well worth a look if Linux is your bag.
Linux Devices
To see a range of devices that run on Linux look at www.linuxdevices.com.
Definitive site for running Linux on Laptops
Reports and resources for running Linux on a notebook or laptop computer.

Security vs. Risk

Print view

Security and risk are two terms that are frequently used interchangeably. Just remember; a risk does not automatically imply a security threat (a power outage is a risk, but not necessarily a security threat). However, a security threat does imply a risk.

Encryption and Decryption

  • Encryption is used to provide confidentiality for data.
  • Encrypted data is termed “ciphertext”.
  • Ciphertext is transformed back into data using decryption.
  • The mathematical process of encryption is an algorithm.
  • Many common algorithms operate on blocks (chunks) of data during an encryption or decryption operation. For this reason, these algorithms are commonly referred to as block cipher algorithms.
  • Data is encrypted using an algorithm in conjunction with a key, also known as a certificate.
  • The key is a number.
  • Data can be recovered from ciphertext only by using the same key that was used to encrypt the data.
  • Unauthorized recipients of the ciphertext who know the cryptographic algorithm, but do not have the correct key, should not be able to decrypt the ciphertext.
  • However, anyone who has the key and the cryptographic algorithm can easily decrypt the ciphertext and obtain the original data.

Although much has been written on this subject, a great place to start is the RSA Laboratories whitepaper "Frequently Asked Questions About Today's Cryptography".

Absolute Security

Sorry, but there is no such thing. A more practical approach is by the 80/20 rule. It is like locking your car at night. It will cause the casual opportunist to move on. Use a steering lock and it will stop the amateur thief. Install a car alarm and it will stop all but the skilled and dedicated criminals (who usually are neither). Include a tracking system, for example Lo-Jack, and you stand a good chance of recovering your vehicle after a successful theft.

There are some fundamental steps that all companies, from sole proprietor up, should have at least considered as the beginning of security strategy. A proactive approach now will reduce the impact of a violation.

Don’t let the word “strategy” put you off. As soon as you install a virus checker (and if you haven’t done that, stop reading and go do it now! Anything is better than nothing but if you pick one of the big names, Symantec, McAfee, etc. you won’t go far wrong), you have started planning your security strategy.

The categories listed on the Basics page are your starting point. If this is the first time you have been to this site, we highly recommend you scan through the sections and ensure you have hit the main points. These sections are not meant to be exhaustive, and they are dealt with in other areas in much greater detail, but if you are looking to start somewhere, this will give you an idea of what you should be considering.

Once you have scanned these sections, and you still have questions, use the links to take you to pages with more information. If you still have unanswered questions, and you know your business better than anyone, talk to a security consultant. Obviously we hope it will be C3SC, but do call someone.

Firewalls

A firewall separates one portion of a network from another and allows only authorized network traffic to pass through. A firewall typically separates the local private network from the Internet. Some firewalls examine the traffic that flows in and possibly out of the network to make sure it is legitimate. Firewalls hide the identities of computers within your private network to make it harder for criminal hackers to target individual computers. Firewalls can be combined with other devices to reduce the resource requirements.
▲Top of page
Did you know?
Live CD
If you want to test a new/different version of Linux, there are many "live CD" distributions that allow you to boot into the operating system without needing to install it on the hard drive.
Almost half of all companies surveyed spend less than 2% of their IT budget on security.
And of that figure, 40% spent less than 1% citing the engagement of senior management as a significant obstacle.
Frozen Explorer session?
If your explorer session has stopped responding, hit CTRL+SHFT+ESC to bring up taskmanager. On the processes tab, look for explorer.exe in the Image Name column and hit the End Process button. Your windows session will now seem to disappear. It can be restarted in taskmanager by going to File>New Task (Run) and typing explorer.exe.
Windows XP and beyond include firewall technology.
If you have a gateway to the internet or are just using Windows XP Internet Connection Sharing, Windows has a great firewall, but you need to tune it to get the best from it.
Need to grant admin access for a single app to a specific user or group?
Don't just give out root. Use Sudo to define and control admin access to all resources - and you are the admin, do the same thing for yourself. You will be much less likely to step on yourself.
Trademarks© Copyright (2006) C3 Security Consulting LLC, Washington DC. (+1 866 799 2969) - Hosted by Webmasters.com