Domain Name System (DNS) is the magical ability of Internet hosts to translate the machine-readable IP address numbers like 216.109.112.135 to something meaningful to humans, like www.yahoo.com. A sophisticated hierarchical database system in the Internet is required to accomplish this task. One of the core components of that system is the DNS server, which serves […]
TCP/IP (Transmission Control Protocol / Internet Protocol) is a set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. However, from a security standpoint, it is not inherently secure. To understand why, we must first look at the history of TCP/IP. TCP/IP was designed more than 30 […]
There are many possible physical security threats associated with electrical power supply. A few examples, and ones you may already be familiar with, include : Blackout: a complete loss of power. Sag or Brownout: a decrease in voltage levels, usually of short duration but may last anywhere from fractions of a second to hours. Surge: […]
Work Factor is defined as the amount of effort (usually measured in units of time) needed to break a cryptosystem. The Work Factor of a cryptosystem is related to its key-length and the working mechanism used (encryption and decryption algorithms). For example, if the brute force attack method is used to break the system (trying […]
To understand Environmental Physical Control, we need to understand how your HVAC system affects your computing environment. HVAC stands for three words: Heating, Ventilation and Air Conditioning. Your HVAC system controls various environmental factors that must be monitored to ensure that your computing equipment operates effectively. Temperature: Between 21 and 23 degrees Celsius (70 to […]
Google hacking refers to the use of Google as a powerful search engine to uncover websites with security bugs and technical issues. Google, with its crawling engine, searches and indexes the content of websites around the world 24/7. It essentially captures everything from normal website presentation to websites with technical problems, displaying error messages into […]
Many factors should be considered when choosing the best facility for hosting computer equipment. Some of these factors include: Local Crime: Is the site a prime area for criminal activities? Natural Hazards: Does the location have a high occurrence of flooding, earthquakes, thunderstorms, or other natural hazards? Power Supply: Is there a stable power supply […]
Physical security is the lifeblood of all security controls. If physical security is compromised, all other controls are irrelevant. Why? Think about it. If someone manages to get into your server, physically accessing your computers, he or she can cause serious damage. Some examples of damage possible can include: removing the hard drives from your […]
The accountability portion of security control refers to holding system users responsible for their actions by constantly monitoring all activities within the system. Consistently logging and auditing activities are ways that we monitor the system to ensure proper tracking of computer misuse. For example, as part of the auditing process, the following activities should be […]
Now we’ll cover some of the administrative aspects of Operations Control. Separation of Duties is a preventative measure that prevents one person from performing a full function from beginning to an end. This policy reduces the possibility of any one person committing an act against policy unless there is collusion amongst two or more people. […]
