Secure Socket Layer (SSL) is a protocol developed by Netscape in 1996 which quickly became the method of choice for securing data transmissions across the Internet. SSL is an integral part of most web browsers and web servers and makes use of the public-and-private key encryption system developed by RSA.
In order...
In this guide you will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
We will also touch on the role of...
Security-naive machines are about to swarm onto your precious networks.
Brace yourself.
Brian McKenna is the editor of Infosecurity Today (www.infosecurity-magazine.com)
McKENNA: We know from surveying our readers that they are very focused on the medium term. In other words, what the security threats are going...
NIST Special Publication (SP) 800-56A, Recommendation for Pair-Wise Key
Establishment Schemes Using Discrete Logarithm Cryptography, is now
available . This document specifies key establishment schemes based on
standards developed by the Accredited Standards Committee (ASC) X9,
Inc.:
ANS X9.42 (Agreement of...
Draft FIPS 186-3 is the proposed revision of FIPS 186-2. The draft defines methods for digital signature generation that can be used for the protection of messages, and for the verification and validation of those digital signatures. Three techniques are allowed: DSA, RSA and ECDSA. This draft includes requirements...
Entities participating in the generation or verification of digital signatures depend on the authenticity of the process. This Recommendation specifies methods for obtaining the assurances necessary for valid digital signatures: assurance of domain parameter validity, assurance of public
key validity, assurances...
The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for the mobile workforce. While these devices provide productivity...
While the “human element” of information security may be easy to ignore; ignoring it is also dangerous and costly. Of this there is ample evidence.
This report presents an organizational security approach that corporate security managers can use as a roadmap to initiate an effective employee security awareness...
Goals Of This Presentation
-An overview of how Vulnerability Assessment (VA) & Penetration T An overview of how Vulnerability Assessment (VA) & Penetration Testing (PT) is esting (PT) is done
-Defining scope of the assessment Defining scope of the assessment
-Types of Penetration Testing Types of Penetration...
This white paper identifies the products and architecture's needed to aid in the process of procuring the following:
-Identifying *Possible* Attack Vectors
-Reasearching and discovering system vulnerabilities
-Exploitating found Vulnerabilities
-Preparaing Test Cases
-Compilating Final Security Testing...
Organizations publish information online including confidential data. Data is rendered in varied formats; it can vary from simple HTML pages to documents in Adobe's PDF or Microsoft's Word/Excel formats. Confidential data is restricted to a set of users who have to login and be authenticated on the website. A common...
This paper discusses and analyzes the internet-based, password reset functionality provided by many organizations for their customers. The average application user is being forced to remember more and more complex passwords to accomplish their daily routines. The very nature of complex passwords, sometimes results in...
What are the driving forces behind the rise of malware? Who’s behind it, and what tactics do they use? How are vendors responding, and what should organizations, researchers, and end users keep in mind for the upcoming future? These and many other questions will be discussed in this article, combining security...
This white paper discusses some actions financial institutions can take to make consumers more comfortable with online banking:
· Put consumer education about security and fraud prevention in a prominent place on your institution’s website home page.
· Establish a single point of contact within your...
In our ten years’ experience in detecting, locating, and prosecuting network intruders (hackers) we have seen that, as with many offline crimes, robust law enforcement alone cannot solve the network intruder problem. To be effective, any overall strategy must include the owners and operators of the...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.