You are reading the article Kicking Out Kazaa: Avoiding Security, Corporate Woes updated in February 2024 on the website Flu.edu.vn. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested March 2024 Kicking Out Kazaa: Avoiding Security, Corporate Woes
In a victory for proponents of file sharing, U.S. District Court Judge Stephen Wilson ruled this spring that two software companies — Grokster, which uses a branded version of the KaZaA Media Desktop, and Streamcast — had legitimate, legal uses and so were not liable for any copyright infringement done by their end users.
While that was good news for those particular firms, it did nothing to lessen the potential nightmare the KaZaA file-sharing program poses for IT administrators.
KaZaA, in fact, poses three main threats:
a) It opens up gaping security holes
As the Fizzer worm (w32.fizzer@mm) that hit in May demonstrated, KaZaA offers one more route for bringing harmful code into the network. This worm, which could spread either as an e-mail attachment or via KaZaA, seeks to disable any existing antivirus software and has a keystroke-logging component which can be used to steal passwords or credit card information. It also automatically sets up IRC and AOL Instant Messenger accounts to receive further instructions from the virus writer.
“People who do that believe that they are the only ones who will have access to the files, but they are really opening them up to the world,” says Peasley. “What spooks me is that it will be a large repository network drive somewhere.”
b) Resource consumption
The second problem lies in the area of consumption of resources. To begin with, there is the waste of company bandwidth to share MP3s or other files which aren’t part of company business. On top of that is all the spyware that comes loaded with it, which is both a resource hog and a security threat.
Peasley reports tracking down what appeared at first to be a port scan on the firewall, but then noticed it was the outgoing ports, not the incoming ports, that were being hit. He tracked it down to a machine running KaZaA.
“KaZaA was beating the life out of the firewall, starting another process and giving it the next higher IP address,” he says. “It was being real diligent about trying to get out.”
c) Copyright infringement penalties
But security holes and resource consumption may well be dwarfed in importance when compared to the threat posed by copyright infringement. Last year, for example, the Recording Industry Association of America (RIAA) reached a $1 million dollar settlement agreement with Integrated Information Systems, Inc. (Tempe, Ariz.) whose employees had been illegally downloading MP3s at work. That organization has ramped up its efforts to outlaw the downloading of copyrighted music files at work.
“The RIAA is looking for another ‘poster child’ of a corporation permitting illegal downloading,” Peasley says.
Shutting the Door
There are several approaches to take to keep KaZaA out of the network. Peasley has centrally managed personal firewalls from Zone Labs, Inc. (San Francisco) installed on all the company’s laptops. He has it configured to block the port KaZaA normally uses and also has the firewall set to block any outgoing traffic generated by the chúng tôi application. In addition, he uses a packet shaper at the border to limit the amount of traffic that users are allocated, which would also shut down the regular transfer of large files.
It would seem that shutting off file sharing in Windows would work as an additional means of protection, but Peasley found this not to be the case. He installed KaZaA on a test machine and when he was done with it he disabled file sharing, but left KaZaA installed. KaZaA then checked for updates and then automatically turned file sharing back on without any intervention from the user.
But, while these actions can block KaZaA from communicating once it is installed, what about removing it from your systems? And then, once you have done that, how do you locate and remove all the files that employees may have downloaded?
The first action is to do an inventory of what software is installed on all the machines in the network and filtering it for KaZaA, MP3s or any other file types you want to remove. If you already have an asset management program such as Computer Associates Inc.’s Unicenter Asset Management or Microsoft’s Systems Management Server, you already have the ability to conduct software inventories.
If you don’t have one of these packages, and don’t want to purchase one, there are several simpler and lower-cost inventory applications out there. These include Executive Software Inc.’s Sitekeeper 2.0 and Vector Networks Inc.’s PC-Duo Enterprise 2.0.
You're reading Kicking Out Kazaa: Avoiding Security, Corporate Woes
Blockchain has been the buzzword in the tech industry for the past few years since Bitcoin and other cryptocurrencies have surpassed other assets in terms of value. Bitcoin seems to satisfy one use case and sticks to it while other projects have forked, built and innovated on Bitcoin’s core promise of a decentralized, trust-less environment of immutable transactions. Notably, Ethereum opened up a world of decentralized applications or DApps that are being customized, designed and implemented to suit various use cases in different industries.
These distributed apps have one thing in common, they enable industry collaboration through transparency and security. One of the sectors that have been the focus of tech startups for a long time is the healthcare sector. Not only is it a critical sector but it also involves numerous stakeholders and actors coming together for the well-being of patients. Hospitals, different doctors, specialists, healthcare professionals, insurance companies, medical record maintainers, pathology labs and numerous other specialized service providers need to work in tandem for a seamless experience for a patient.
This creates a challenge for every service provider since they need to deal with data at a micro level but still need to have an overview of patient’s data that may be stored with some other entity. For example, an insurance provider will provide one specific service but they might need data about the patient’s health from the pathology lab, an opinion from the patient’s doctor, their expense report from the hospital, etc.
This data is usually hosted either on paper or on an individual business server. The industry has strict rules about privacy and the sharing of this data. The information held by these professionals is absolutely personal to the patient and hence utmost care is required to protect it.
The HIPAA [Health Insurance Portability and Accountability Act] provides strict guidelines about managing and protection of this information.
This creates difficulties and bureaucratic procedures for the transfer of patient’s data and has given rise to a host of tech startups aiming to create a repository of centralized Electronic Medical Records [EMR] data. What EMRs would do is store all the information related to a patient’s healthcare in one place and provide specific access to different stakeholders as and when authorized by the patient.
But this creates a challenge in itself because the patient should be able to trust this one entity with all their data. It creates a single point of weakness that can be exploited, thereby rendering all the information vulnerable to attack.
A hospital could upload the data about the patient’s treatment, the pathology lab could upload their medical records and only the patient could access these with the key. The selected list from these records could be sent to the insurance provider. The insurance provider could write data once their process is done. This creates a safe environment for every service provider to store, read and write data. This would not be possible without Blockchain’s pseudonymous encrypted data storage abilities.
Blockchain companies like Duality Solutions have come up with solutions like Blockchain as a Service [BaaS] where they take care of complete setup and maintenance of a blockchain setup for healthcare providers. Duality has a bouquet of solutions that take care of all back-end tasks such as setting up the servers, node setups, security, configurations, and maintenance.
Blockchain is said to be as revolutionary as the internet. Healthcare has been pegged to be one of the biggest beneficiaries of this revolution. EMR is one critical use case. Technology will make it simpler and seamless for all the service professionals and the patient.
In this fast-paced world of corporate training, it’s essential to have the right tools to design effective and engaging learning experiences. Instructional design tools can help trainers and educators create interactive and impactful courses that meet the diverse learning needs of their audiences. In this article, we’ll explore six instructional design tools that are popular among corporate trainers and provide an overview of their features.Best Instructional Design Tools Articulate 360
Articulate 360 also offers a content library that includes pre-designed templates, characters, and assets to help trainers speed up the course development process. Moreover, trainers can easily publish courses in multiple formats, including SCORM and xAPI making it easy to integrate with any Learning Management System (LMS).Adobe Captivate
One of the key features of Adobe Captivate is its ability to create simulations and software demonstrations. Trainers can record their screens and create interactive simulations, allowing learners to practice real-world scenarios. Moreover, captivate offers a responsive design feature that allows trainers to create courses that are optimized for all devices, including desktops tablets and smartphones.Lectora
Lectora is a powerful authoring tool that offers a range of features for creating engaging and interactive e-learning courses. One of its unique features is the ability to create accessible e-learning courses, ensuring that all learners including those with disabilities can access the content.
Lectora offers a wide range of interactive templates, making it easy to create engaging courses. Moreover, it also offers the ability to create responsive courses that are optimized for all devices, including desktops, tablets, and smartphones. Lectora also offers a built-in translation tool, making it easy to create courses in multiple languages.Camtasia
Camtasia is a screen recording and video editing tool that is ideal for creating engaging and informative video-based e-learning courses. It allows trainers to record their screen, add audio and visual effects and edit the video to create professional-looking e-learning courses.
One of the key features of Camtasia is its ability to create interactive quizzes and assessments within the video, making it easy to track learner progress. Moreover, Camtasia offers a range of customizable templates making it easy to create engaging and visually appealing courses.Elucidat
Elucidat is a cloud-based authoring tool that allows trainers to create highly interactive and engaging e-learning courses. It offers a range of features, including customizable templates, branching scenarios, and assessments, making it an ideal choice for creating complex e-learning courses.
Elucidat also offers a unique feature called Learning Accelerator, which provides pre-built modules that can be customized to meet the needs of the learners. Moreover, Elucidat offers a built-in analytics tool, making it easy to track learners.Wrapping Up
In conclusion, instructional design tools can be a game-changer for corporate trainers looking to create engaging and effective e-learning courses. From Articulate 360 to Elucidat, these six instructional design tools provide a range of features to meet the diverse needs of trainers and learners. Whether you’re looking to create simple interactive courses or complex simulations and assessments, these tools can help you create engaging and impactful learning experiences for your audience. By leveraging the power of these tools corporate trainers can save time also improve learner engagement and also create courses that meet the evolving needs of their organizations.
Apple on Thursday confirmed via a press release that its annual summer pilgrimage for developers, Worldwide Developers Conference (WWDC), will be kicking off on Monday, June 2, at San Francisco’s Moscone West.
The five-day conference will focus on “the future of iOS and OS X,”, indicating that Apple will give us a preview of iOS 8 and the next iteration of its desktop operating system for Macs, OS X.
There will be more than a hundred technical sessions and over a thousand Apple engineers will be available to registered developers to help them integrate new technologies and fine tune their apps.
Apple will also hold its traditional Apple Design Awards to showcase the best apps from the past year and of course hold the keynote on the first day to update us on latest business metrics and hopefully announce “exciting new products” CEO Tim Cook has been teasing for months now…
Apple’s marketing honcho Phil Schiller said:
We have the most amazing developer community in the world and have a great week planned for them..
Apple sold out last year’s WWDC tickets in 120 seconds.
According to Apple, developers can apply for tickets via the WWDC website now through Monday, April 7 at 10:00am PDT. Similar to Google which employed a random selection for its I/O 2014 conference which runs June 25-26, Apple said tickets will be issued to attendees through random selection.
Developers will know their status by Monday, April 7 at 5:00 p.m. PDT. There will also be 200 Student Scholarships available, giving students around the world the chance to earn a free ticket.
This year the National Center for Women & Information Technology (NCWIT) and its alliance partners will help promote scholarships to female engineers and coders.
The WWDC website has this motivational message for developers:
Over the past six years, a massive cultural shift has occurred It’s changed how we interact with one another. Learn new things. Entertain ourselves. Do our work. And live our daily lives. All because of developers and the apps they create.
For five days, one thousand Apple engineers and five thousand developers will gather together. And life will be different as a result.
Write the code. Change the world.
Some of the highlights of WWDC 2014 include:
More than 100 technical sessions presented by Apple engineers on a wide range of topics for developing, deploying and integrating the latest iOS and OS X technologies;
more than 1,000 Apple engineers supporting over 100 hands-on labs and events to provide developers with code-level assistance, insight into optimal development techniques and guidance on how they can make the most of iOS and OS X technologies in their apps;
the latest innovations, features and capabilities of iOS and OS X, and how to enhance an app’s functionality, performance, quality and design;
the opportunity to connect with thousands of fellow iOS and OS X developers from around the world—last year more than 60 countries were represented;
a new series of get togethers for attendees focused on particular topics with special guest speakers and activities;
engaging and inspirational lunchtime sessions with leading minds and influencers from the worlds of technology, science and entertainment; and
Apple Design Awards which recognize iPhone, iPad and Mac apps that demonstrate technical excellence, innovation and outstanding design.
Apple said that Monday’s State of the Union session (read: the keynote) and the Apple Design Awards will be live streamed via the WWDC website. Like every year, Apple will post videos from all technical sessions throughout the week on its Developer website, available to all registered iOS and Mac developers.
During the last year’s event, Apple showed off iOS 7, announced iTunes Radio, gave us a sneak peek into the radical new Mac Pro, released developer preview of OS X Mavericks and refreshed the ultra-thin MacBook Air family around the latest chips and all-day battery life.
Kremlinologists among you, what are your predictions for WWDC 2014?
Inflatable Art Fills 808 Gallery Top to Bottom Claire Ashley’s sculptures offer whimsy with a political undertone
An exhibition of large-scale inflatable objects by artist Claire Ashley is on view at the 808 Gallery through December 3.
If you’ve passed the 808 Gallery during the past few weeks, chances are you’ve noticed passersby craning their necks for a better view inside. The massive interior has been filled with bold, exuberant inflatables, some so large they touch the 17-plus-foot ceilings, others nestled together in piles, one atop the other. Some suggest animal shapes, with an eye, limb, or hand visible, while others look like a bouncy house that’s seen a bit too much wear and tear.
The exhibition, with the seemingly indecipherable title (((CRZ.F.4NRS.AAK))), which when deciphered is Crazy Female Foreigners Alive and Kicking, is the work of Oak Park, Ill.–based artist Claire Ashley, who somewhat self-deprecatingly describes her art as “a Macy’s Day Parade–scaled SpongeBob meets a My Little Pony toy meets a bounce house or blimp meets an alien life form from another dimension.” (She’s an avowed Star Trek fan.)
The sculptures are on view through early December. Many bear graffiti-like abstract designs painted in phosphorescent pink, orange, and yellow-green, giving the whole space a kind of psychedelic energy. Ashley admits to having “a terrible obsession with neon pink and yellow.” Originally from Scotland, she says her palette was inspired not by the Haight Ashbury of the 1960s, but by the New Wave youth culture that gripped the United Kingdom during the 1980s. “The street art and neon fashion palettes of the 1980s are ingrained in my history, and today I very much understand that urgent need for counterculture at this moment in space and time,” she says.
Ashley says that her inflatables explore the intersection of painting, sculpture, installation, and performance art, and through them she’s trying to push the preconceived boundaries of those art forms. At the show’s opening reception last week, four College of Fine Arts students recruited from a movement class taught by Yo-EL Cassell, a CFA assistant professor of movement, rolled around inside some of the inflatables. “It is more about upsetting the applecart somehow in terms of how people understand painting or sculpture as potentially existing,” she told one interviewer.
Trained as a painter, she’s always sought out a “more physical, sculptural, irreverent challenge to the traditions of the medium,” she says. Dissatisfied with the flat surface or straight edge of painting, she turned to inflatables a decade ago while raising three small children who gravitated toward plush toys, balloons, cartoons, and bouncy houses. “I was interested in harnessing that kinetic energy in my work,” she says, adding that she was trying to embed a sense of humor as well.
And there’s no debating that there’s something whimsical, even goofy, about some of the work. But behind that whimsy, Ashley is making a serious statement, both artistically and politically. “I work within a deeply feminist critique of the contemporary art world,” she writes. “I use humor, acidic color, obnoxious scale, and absurd pop-culture references to challenge art’s historical precedence and current art world power dynamics.” Her goals are ambitious: she says that she’s trying to explode “the structural possibilities of abstract painting, expanding the kinetic possibilities of monumental sculpture, and enlivening the dialogue around contemporary art across class, gender, age, and education.”
Even the translation of the coded title of the 808 show, Crazy Female Foreigners Alive and Kicking, is political, and in a way, defiant.
“As a female foreigner myself, I, like many, am simply dumbfounded and frankly terrified by the current political situation, so it felt like a coded response was necessary, something that could be interpreted by the next generation as a call to arms,” Ashley says. “My feminist response is always to be as loud and brash as possible through my work. My monumentally obnoxious sculptural painted inflatables are foreign female bodies in space, self-portraits as it were, living and breathing, alive and kicking, making their presence felt.”
Joshua Buckno (GRS’05, Questrom’14), managing director of the BU Art Galleries (BUAG), says he and colleague Lynne Cooney (GRS’10,’16), BUAG artistic director, had been thinking about the growing presence of inflatable art for a while. Ashley’s inflatables have been exhibited internationally, and her name kept surfacing as they researched contemporary artists working in the medium. Buckno says they were drawn to the painterly aspect of her work and the fact that like many of the visual arts students at CFA, her work combines elements of both painting and sculpture. “It seemed really fascinating and a great way to show students what you can do with your creativity,” he says.
Cooney hopes visitors think about their own physical scale as it relates to Ashley’s sculptures, especially the more monumental ones. “It’s nice to walk in and out of different scales. There’s a nice sort of resonance with your own body,” she says. “Claire’s work conveys the body in an abstract and playful way.”
And it’s that sense of playfulness that Ashley hopes visitors engage with. “Humor is vital in my work. It keeps the work real and alive,” she says. “It keeps me grounded and makes the work immediately available to those looking at it, which I believe is urgently needed in the art world right now.”
Claire Ashley: (((CRZ.F.4NRS.AAK))) is on view at the 808 Gallery, 808 Commonwealth Ave., through Sunday, December 3. Gallery hours are Tuesday to Sunday, noon to 5 p.m., Thursday noon to 8 p.m., closed Monday and major holidays. The exhibition is free and open to the public.
Explore Related Topics:
Network Security – Application Layer
Various business services are now offered online though client-server applications. The most popular forms are web application and e-mail. In both applications, the client communicates to the designated server and obtains services.
While using a service from any server application, the client and server exchange a lot of information on the underlying intranet or Internet. We are aware of fact that these information transactions are vulnerable to various attacks.
Network security entails securing data against attacks while it is in transit on a network. To achieve this goal, many real-time security protocols have been designed. Such protocol needs to provide at least the following primary objectives −
The parties can negotiate interactively to authenticate each other.
Establish a secret session key before exchanging information on network.
Exchange the information in encrypted form.
Interestingly, these protocols work at different layers of networking model. For example, S/MIME protocol works at Application layer, SSL protocol is developed to work at transport layer, and IPsec protocol works at Network layer.
In this chapter, we will discuss different processes for achieving security for e-mail communication and associated security protocols. The method for securing DNS is covered subsequently. In the later chapters, the protocols to achieve web security will be described.E-mail Security
Nowadays, e-mail has become very widely used network application. Let’s briefly discuss the e-mail infrastructure before proceeding to know about e-mail security protocols.E-mail Infrastructure
The simplest way of sending an e-mail would be sending a message directly from the sender’s machine to the recipient’s machine. In this case, it is essential for both the machines to be running on the network simultaneously. However, this setup is impractical as users may occasionally connect their machines to the network.
In general, the e-mail infrastructure consists of a mesh of mail servers, also termed as Message Transfer Agents (MTAs) and client machines running an e-mail program comprising of User Agent (UA) and local MTA.
Typically, an e-mail message gets forwarded from its UA, goes through the mesh of MTAs and finally reaches the UA on the recipient’s machine.
The protocols used for e-mail are as follows −
Simple mail Transfer Protocol (SMTP) used for forwarding e-mail messages.
Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) are used to retrieve the messages by recipient from the server.MIME
Basic Internet e-mail standard was written in 1982 and it describes the format of e-mail message exchanged on the Internet. It mainly supports e-mail message written as text in basic Roman alphabet.
By 1992, the need was felt to improve the same. Hence, an additional standard Multipurpose Internet Mail Extensions (MIME) was defined. It is a set of extensions to the basic Internet E-mail standard. MIME provides an ability to send e-mail using characters other than those of the basic Roman alphabet such as Cyrillic alphabet (used in Russian), the Greek alphabet, or even the ideographic characters of Chinese.
Another need fulfilled by MIME is to send non-text contents, such as images or video clips. Due to this features, the MIME standard became widely adopted with SMTP for e-mail communication.E-Mail Security Services
Growing use of e-mail communication for important and crucial transactions demands provision of certain fundamental security services as the following −
Confidentiality − E-mail message should not be read by anyone but the intended recipient.
Authentication − E-mail recipient can be sure of the identity of the sender.
Integrity − Assurance to the recipient that the e-mail message has not been altered since it was transmitted by the sender.
Non-repudiation − E-mail recipient is able to prove to a third party that the sender really did send the message.
Proof of submission − E-mail sender gets the confirmation that the message is handed to the mail delivery system.
Proof of delivery − Sender gets a confirmation that the recipient received the message.
Security services such as privacy, authentication, message integrity, and non-repudiation are usually provided by using public key cryptography.
Typically, there are three different scenarios of e-mail communication. We will discuss the methods of achieving above security services in these scenarios.One-to-One E-mail
In this scenario, the sender sends an e-mail message to only one recipient. Usually, not more than two MTA are involved in the communication.
Let’s assume a sender wants to send a confidential e-mail to a recipient. The provision of privacy in this case is achieved as follows −
The sender and receiver have their private-public keys as (SPVT, SPUB) and (RPVT, RPUB) respectively.
The sender generates a secret symmetric key, KS for encryption. Though the sender could have used RPUB for encryption, a symmetric key is used to achieve faster encryption and decryption.
The sender encrypts message with key KS and also encrypts KS with public key of the recipient, RPUB.
The sender sends encrypted message and encrypted KS to the recipient.
The recipient first obtains KS by decrypting encoded KS using his private key, RPVT.
The recipient then decrypts message using the symmetric key, KS.
If message integrity, authentication, and non-repudiation services are also needed in this scenario, the following steps are added to the above process.
The sender produces hash of message and digitally signs this hash with his private key, SPVT.
The sender sends this signed hash to the recipient along with other components.
The recipient uses public key SPUB and extracts the hash received under the sender’s signature.
The recipient then hashes the decrypted message and now compares the two hash values. If they match, message integrity is considered to be achieved.
Also, the recipient is sure that the message is sent by the sender (authentication). And lastly, the sender cannot deny that he did not send the message (non-repudiation).One-to-Multiple Recipients E-mail
In this scenario, the sender sends an e-mail message to two or more recipients. The list is managed by the sender’s e-mail program (UA + local MTA). All recipients get the same message.
Let’s assume, the sender wants to send confidential e-mail to many recipients (say R1, R2, and R3). The provision of privacy in this case is achieved as follows −
The sender and all recipients have their own pair of private-public keys.
The sender generates a secret symmetric key, Ks and encrypts the message with this key.
The sender then encrypts KS multiple times with public keys of R1, R2, and R3, getting R1PUB(KS), R2PUB(KS), and R3PUB(KS).
The sender sends encrypted message and corresponding encrypted KS to the recipient. For example, recipient 1 (R1) receives encrypted message and R1PUB(KS).
Each recipient first extracts key KS by decrypting encoded KS using his private key.
Each recipient then decrypts the message using the symmetric key, KS.
For providing the message integrity, authentication, and non-repudiation, the steps to be followed are similar to the steps mentioned above in one-to-one e-mail scenario.One-to-Distribution List E-mail
In this scenario, the sender sends an e-mail message to two or more recipients but the list of recipients is not managed locally by the sender. Generally, the e-mail server (MTA) maintains the mailing list.
The sender sends a mail to the MTA managing the mailing list and then the mail is exploded by MTA to all recipients in the list.
In this case, when the sender wants to send a confidential e-mail to the recipients of the mailing list (say R1, R2, and R3); the privacy is ensured as follows −
The sender and all recipients have their own pair of private-public keys. The Exploder Server has a pair of private-public key for each mailing list (ListPUB, ListPVT) maintained by it.
The sender generates a secret symmetric key Ks and then encrypts the message with this key.
The sender then encrypts KS with the public key associated with the list, obtains ListPUB(KS).
The sender sends encrypted message and ListPUB(KS). The exploder MTA decrypts ListPUB(KS) using ListPVT and obtains KS.
The exploder encrypts KS with as many public keys as there are members in the list.
The Exploder forwards the received encrypted message and corresponding encrypted KS to all recipients in the list. For example, the Exploder forwards the encrypted message and R1PUB(KS) to recipient 1 and so on.
For providing the message integrity, authentication, and non-repudiation the steps to be followed are similar as given in case of one-to-one e-mail scenario.
Interestingly, the e-mail program employing above security method for securing e-mail is expected to work for all the possible scenarios discussed above. Most of the above security mechanisms for e-mail are provided by two popular schemes, Pretty Good Privacy (PGP) and S/MIME. We discuss both in the following sections.PGP
Pretty Good Privacy (PGP) is an e-mail encryption scheme. It has become the de-facto standard for providing security services for e-mail communication.
As discussed above, it uses public key cryptography, symmetric key cryptography, hash function, and digital signature. It provides −
Along with these security services, it also provides data compression and key management support. PGP uses existing cryptographic algorithms such as RSA, IDEA, MD5, etc., rather than inventing the new ones.Working of PGP
Hash of the message is calculated. (MD5 algorithm)
Resultant 128 bit hash is signed using the private key of the sender (RSA Algorithm).
The digital signature is concatenated to message, and the result is compressed.
A 128-bit symmetric key, KS is generated and used to encrypt the compressed message with IDEA.
KS is encrypted using the public key of the recipient using RSA algorithm and the result is appended to the encrypted message.
The format of PGP message is shown in the following diagram. The IDs indicate which key is used to encrypt KS and which key is to be used to verify the signature on the hash.
In PGP scheme, a message in signed and encrypted, and then MIME is encoded before transmission.PGP Certificate
PGP key certificate is normally established through a chain of trust. For example, A’s public key is signed by B using his public key and B’s public key is signed by C using his public key. As this process goes on, it establishes a web of trust.
In a PGP environment, any user can act as a certifying authority. Any PGP user can certify another PGP user’s public key. However, such a certificate is only valid to another user if the user recognizes the certifier as a trusted introducer.
Several issues exist with such a certification method. It may be difficult to find a chain leading from a known and trusted public key to desired key. Also, there might be multiple chains which can lead to different keys for desired user.
PGP can also use the PKI infrastructure with certification authority and public keys can be certified by CA (X.509 certificate).S / MIME
S/MIME stands for Secure Multipurpose Internet Mail Extension. S/MIME is a secure e-mail standard. It is based on an earlier non-secure e-mailing standard called MIME.Working of S/MIME
S/MIME approach is similar to PGP. It also uses public key cryptography, symmetric key cryptography, hash functions, and digital signatures. It provides similar security services as PGP for e-mail communication.
The most common symmetric ciphers used in S/MIME are RC2 and TripleDES. The usual public key method is RSA, and the hashing algorithm is SHA-1 or MD5.
S/MIME specifies the additional MIME type, such as “application/pkcs7-mime”, for data enveloping after encrypting. The whole MIME entity is encrypted and packed into an object. S/MIME has standardized cryptographic message formats (different from PGP). In fact, MIME is extended with some keywords to identify the encrypted and/or signed parts in the message.
S/MIME relies on X.509 certificates for public key distribution. It needs top-down hierarchical PKI for certification support.Employability of S/MIME
In practice, although most e-mailing applications implement S/MIME, the certificate enrollment process is complex. Instead PGP support usually requires adding a plug-in and that plug-in comes with all that is needed to manage keys. The Web of Trust is not really used. People exchange their public keys over another medium. Once obtained, they keep a copy of public keys of those with whom e-mails are usually exchanged.
Implementation layer in network architecture for PGP and S/MIME schemes is shown in the following image. Both these schemes provide application level security of for e-mail communication.
One of the schemes, either PGP or S/MIME, is used depending on the environment. A secure e-email communication in a captive network can be provided by adapting to PGP. For e-mail security over Internet, where mails are exchanged with new unknown users very often, S/MIME is considered as a good option.DNS Security
In the first chapter, we have mentioned that an attacker can use DNS Cache Poisoning to carry out an attack on the target user. Domain Name System Security Extensions (DNSSEC) is an Internet standard that can foil such attacks.Vulnerability of Standard DNS
In a standard DNS scheme, whenever the user wants to connect to any domain name, his computer contacts the DNS server and looks up the associated IP address for that domain name. Once IP address is obtained, the computer then connects to that IP address.
In this scheme, there is no verification process involved at all. A computer asks its DNS server for the address associated with a website, the DNS server responds with an IP address, and your computer undoubtedly accepts it as legitimate response and connects to that website.
DNS lookup, when performed using DNSSEC, involves signing of replies by the responding entity. DNSSEC is based on public-key cryptography.
In DNSSEC standard, every DNS zone has a public/private key pair. All information sent by a DNS server is signed with the originating zone’s private key for ensuring authenticity. DNS clients need to know the zone’s public keys to check the signatures. Clients may be preconfigured with the public keys of all the top-level domains, or root DNS.
With DNSSEC, the lookup process goes as follows −
Computer checks the root zone’s signing key and confirms that it is the legitimate root zone with true information.
Domain Name Time to live Type Value
86400 A 36..1.2.3
86400 KEY 3682793A7B73F731029CE2737D…
86400 SIG 86947503A8B848F5272E53930C…
Thus, it is considered that when DNSSEC is fully rolled out, the user’s computer is able to confirm that DNS responses are legitimate and true, and avoid DNS attacks launched through DNS cache poisoning.Summary
The process of securing e-mails ensures the end-to-end security of the communication. It provides security services of confidentiality, sender authentication, message integrity, and non-repudiation.
Two schemes have been developed for e-mail security: PGP and S/MIME. Both these schemes use secret-key and public-key cryptography.
Standard DNS lookup is vulnerable to the attacks such as DNS spoofing/cache poisoning. Securing DNS lookup is feasible through the use of DNSSEC which employs the public-key cryptography.
In this chapter, we discussed the mechanisms used at application layer to provide network security for end-to-end communication.
Update the detailed information about Kicking Out Kazaa: Avoiding Security, Corporate Woes on the Flu.edu.vn website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!