Cryptography, or cryptology, derived from the Greek words for “hidden” writing or speaking, is the practice and study of hiding information.

Until modern times, cryptography referred almost exclusively to encryption, the process of converting ordinary information (plain text) into unintelligible gibberish (confidentiality). Cryptography is now considered to be a branch of both mathematics and computer science, and is closely related to the study of information theory, computer security, and engineering. Now we apply this technology to achieve the other two objectives – integrity (using a digital signature) and availability (protecting the data from being corrupted and destroyed).

The key, a parameter that determines the functional output of a cryptographic algorithm, is the important element of cryptography. In encryption, a key specifies the particular transformation of plaintext into ciphertext (or vice versa during decryption).

This concept was introduced in cryptography in 1466 by Leon Battista Alberti, the famous Italian Renaissance architect.

Let’s consider a parallel situation in the physical world to describe how a key works in cryptography. Your own front door lock is mass produced by a company, and each lock is sold with a unique key that works only with the door locking mechanism within the door lock that it is designed for. Other people may own the same lock model made by the company, with the same basic locking mechanism. However, you are the only one who can unlock the door because your key, which is different from the keys of other people, is the only one in the world that fits the specific combination design inside of your door lock, making your home secure (theoretically!).

Computer security works in a similar way. A key used to “unlock” a cryptographic algorithm. And the longer the key, the more difficult it is to break into the system by trial and error. The hacking technique of attempting to break a cryptographic algorithm by trial and error is called a brute force attack, and the time and effort needed to break the system is called the work factor.

For more information about cryptography, refer to various posts in the blog found here:

http://www.bestinternetsecurity.net/category/cryptography/

Tags: Cryptographic Key More news by category Topic -: Buy phentermine saturday delivery ohio Tramadol hydrochloride tablets Picture of xanax pills Free shipping cheap phentermine Buying phentermine without prescription Safety of phentermine Pyridium Generic viagra cialis Cialis generic india Pink oval pill 17 xanax identification Buy free phentermine shipping Best price for generic viagra Information about street drugs or xanax bars Ordering viagra Snorting phentermine Hydrocodone overdose Lithium Amiodarone Get online viagra Order viagra prescription Order xanax paying cod Cheap phentermine free shipping Imiquimod Tramadol next day Linkdomain buy online viagra info domain buy onlin Pfizer viagra sperm Vidarabine Cheapest viagra price Prevacid Viagra cialis levitra comparison Dutasteride Lisinopril Thiotepa Female spray viagra Black market phentermine Betamethasone Cialis forums What does xanax look like Loss phentermine story success weight Order xanax overnight Viagra alternative uk Diet online phentermine pill Order xanax cod Mecamylamine Eulexin Cheap hydrocodone Buy cheapest viagra Viagra xenical Phentermine with no prior prescription Xanax in urine Macrodantin Cheap phentermine with online consultation Epivir Buy phentermine epharmacist Ditropan Woman use viagra Cialis erectile dysfunction Xanax withdrawl message boards Viagra online store Atorvastatin Generic ambien Is phentermine addictive Next day delivery on phentermine Buy online viagra Ethanol Natural phentermine Avandamet Xanax long term use Diet page phentermine pill yellow 5 cheap Cheapest secure delivery cialis uk Information medical phentermine Cialis experience Phentermine no perscription Compare ionamin phentermine Viagra cialis levivia dose comparison Noroxin Effects of viagra on women Buy cheap cialis Viagra shelf life Hydroxyurea Phentermine discount no prescription Buy cheap online viagra Dog xanax Online cialis Viagra class action Viagra price Phentermine without prescription and energy pill Hydrocodone cod only Nicoumalone Cheapest viagra Cheap ambien Vicodin without prescription Phentermine prescription online Phentermine snorting Mirtazapine Quazepam Isradipine Buy generic viagra online Xanax look alike Moxifloxacin Viagra experiences Piroxicam Nicorette Free try viagra Sotalol Cash on delivery shipping of phentermine How do i stop taking phentermine Xanax prescriptions Cheapest phentermine 90 day order Niacinamide Phentermine weight loss Phentermine

Technorati Tags: Cryptography, cryptology, encryption, confidentiality, integrity, availability, ciphertext, decryption, Leon Battista Alberti, work factor, Cryptographic Key

An Intrusion Prevention System (IPS) is a computer security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. It is an in-line device that scans traffic and, based on a set of rules, determines whether data packets are legitimate or malicious. An IPS is based upon an Intrusion Detection System (IDS), with the added component of taking real time action to prevent an intrusion once detected by the IDS.

In case you are unfamiliar with IDSs, refer to my posts here:
http://www.bestinternetsecurity.net/19/
http://www.bestinternetsecurity.net/18/

IPS System

The term “Intrusion Prevention System” was coined by Andrew Plato, who was a technical writer and consultant for NetworkICE.¹ While these systems were originally an extension of Intrusion Detection Systems (IDSs), which focus on detection only, today’s IPSs are designed to stop attacks and intrusions in real time, protecting valuable assets.

Attacks

An IPS won’t protect you against password attacks or Trojan horse attacks, such as screen capturing and keyloggers, etc. However, there are still many reasons you might want to use an IPS. Among these are extra protection from denial-of-service attacks and protection from many critical exposures found in software such as Microsoft Windows. An IPS device must utilize “Stateful Inspection” (a firewall technology) to perform advanced protection against new types of attacks, as well as defend against the growing frequency and scale of Distributed Denial of Service (DDoS) attacks.  The IPS prevents a large amount of downtime that would occur if nonexistent, by stopping any damage that may have made its way to the databases from internal or even external attacks. The most significant advantage offered by inline IPS technologies is that attacks are detected as they occur.

IPS And Firewall

While some IPS products have the ability to implement firewall rules, this not a core function of the product. Also, some application layer firewalls have integrated IPS-style signatures into their products to provide real-time analysis and blocking of traffic. Other closely related terms include “Unified Threat Management” (UTM), sometimes called “Next Generation Firewalls.”

Commercial IPS Products

There are just a few examples of IPS systems on the market today:

Check Point IPS-1 is a hybrid IDS/IPS solution with management features that include the company’s Dynamic Shielding Architecture for vulnerability alerts and Confidence Indexing.

McAfee IntruShield is a purpose-built intrusion detection/prevention appliance performing up to 10 Gbps packet analysis, which will continue to be enhanced through the company’s risk management strategy including NAC integration. The company recently announced the availability of a Windows VMWare version of Strata Guard Free, a freeware version of its intrusion prevention system.

3Com’s TippingPoint IPS System provides Application Protection, Performance Protection, and Infrastructure Protection at gigabit speeds through total packet inspection.

IPS Technologies

A considerable improvement over firewall technologies, IPS can make access control decisions based on application content rather than IP addresses or ports, as traditional firewalls do. But that also implies that IPSs are slower in performance.

An IPS must also be a very effective Intrusion Detection System in order to enable a low rate of false positives. Just like IDSs, when deploying network-based IPSs (NIPSs), consideration should be given to whether the network segment is encrypted, since not as many products are able to support inspection of such traffic.

According to some news sources regarding a new breed of IPS – the “Distributed IPS” – an IPS’s automatic responses can range from throttling inappropriate traffic and/or blocking individual user/device access, assigning packets to a quarantine VLAN, or turning off the port.²

Customization and Performance Issues

The design and configuration of an IPS is a major part in the effective use of the hardware and software available on the market today. Therefore, I’ll address some key issues for an efficient IPS.

If the IPS fails the flow of packets stops and the network becomes unavailable, this is something which should not be allowed to occur. The solution is to make sure that the product selected is able to maintain signatures, and also provides a well built interface that is easy to understand and navigate. Network administrators should be able to minimize false positives and false negatives by thoroughly training the IPS, taking care to not only train during the initial installation phase, but also continuing to train the system as it is online.

As time goes by, faster IPSs will be created. In fact, most IPSs available today can handle up to a gigabit of traffic. Network administrators should be aware of the bandwidth capabilities of each IPS and be sure to choose one suitable for their level of network traffic.

¹http://www.safensoft.com/security.phtml?c=587
²http://www.enterasys.com/company/press-release-item.aspx?id=748

Tags: DOS, Denial of Service Attack, Distributed Denial of Service Attack, false negative

Technorati Tags: Intrusion Prevention System, IPS, Intrusion Detection System, IDS, DDoS, Check Point IPS-1, McAfee IntruShield, 3Com’s TippingPoint IPS System, false positives, Distributed IPS, DOS, Denial of Service Attack, Distributed Denial of Service Attack, false negative