- Page 1: Internet and Intranet Security Mana
- Page 5 and 6: Linda Lau, Longwood College/ISBN: 1
- Page 7 and 8: Part III: Cryptography and Technica
- Page 9 and 10: Three authors discuss issues relate
- Page 11 and 12: PART I— STATE OF THE ART Chapter
- Page 13 and 14: Security Policy Primarily, a securi
- Page 15 and 16: management, a visual cross-referenc
- Page 17 and 18: Firewalls A growing security concer
- Page 19 and 20: and a private key. The public key,
- Page 21 and 22: third party intermediary. Value add
- Page 23 and 24: Security policy responses were gene
- Page 25 and 26: I access the public Internet. 3.07
- Page 27 and 28: the number of individuals with that
- Page 29 and 30: Figure 1. Security Issues and Respo
- Page 31 and 32: http://www.infosecnews.com. This re
- Page 33 and 34: latest Internet Domain Survey (Inte
- Page 35 and 36: sensitive data such as credit card
- Page 37 and 38: 2) Before connecting a local comput
- Page 39 and 40: There are several issues regarding
- Page 41 and 42: without confidentiality) to IPv6 pa
- Page 43 and 44: Hicks, Roger (1996). "Submission to
- Page 45 and 46: creates the perception in many peop
- Page 47 and 48: consumers and the supplier. With th
- Page 49 and 50: 6. Trust needs touch and personal c
- Page 51 and 52: Confidence A number of researchers
- Page 53 and 54:
Risk and Trust Risk is an essential
- Page 55 and 56:
to interception and modification wh
- Page 57 and 58:
trust (1.0) or complete distrust (.
- Page 59 and 60:
A degree of uncertainty appears to
- Page 61 and 62:
employees must be trusted to regula
- Page 63 and 64:
transactions can be at various stag
- Page 65 and 66:
electronic networks are secured in
- Page 67 and 68:
• We trust, with cautious faith,
- Page 69 and 70:
zones according to their products (
- Page 71 and 72:
• Assigned tasks are non-routine
- Page 73 and 74:
ased trust requires a move from kno
- Page 75 and 76:
Web. WebTrust provides the framewor
- Page 77 and 78:
London. Deutsch M. (1958) "Trust an
- Page 79 and 80:
Zand D.E. (1972) "Trust and Manager
- Page 81 and 82:
These techniques and methods operat
- Page 83 and 84:
• The primary object of security
- Page 85 and 86:
category. Only two systems in the w
- Page 87 and 88:
• Evaluation of technical physica
- Page 89 and 90:
• EAL2 - structurally tested •
- Page 91 and 92:
Integration Principle Measures, pra
- Page 93 and 94:
usiness or computing environment. M
- Page 95 and 96:
A systematic approach would reduce
- Page 97 and 98:
• General and specific responsibi
- Page 99 and 100:
''Critical/Essential" to "No benefi
- Page 101 and 102:
must be prepared very carefully and
- Page 103 and 104:
O and M only are authorised to cont
- Page 105 and 106:
References Amoroso, E. (1994). Fund
- Page 107 and 108:
von Solms, R. (1999). ''The Informa
- Page 109 and 110:
Figure 1. Basic Web Client-Server M
- Page 111 and 112:
Communication or network security i
- Page 113 and 114:
activities. These log files must be
- Page 115 and 116:
Dependencies of Security Services c
- Page 117 and 118:
• User authentication. The users
- Page 119 and 120:
In a communication network (such as
- Page 121 and 122:
has not been altered during transmi
- Page 123 and 124:
S-HTTP is also more flexible than S
- Page 125 and 126:
The components of this set represen
- Page 127 and 128:
Figure 11. Directory-based Security
- Page 129 and 130:
distinguished names (RDNs) of the a
- Page 131 and 132:
Figure 14. User-Role and Role Permi
- Page 133 and 134:
• trust management. Figure 16 dep
- Page 135 and 136:
assignment are stored in the direct
- Page 137 and 138:
Microsoft Corporation (1999). Activ
- Page 139 and 140:
use. For the most part the many and
- Page 141 and 142:
Obtaining cryptographic tools depen
- Page 143 and 144:
honour and reputation. Everyone has
- Page 145 and 146:
Figure 1 Figure 2 send a secure mes
- Page 147 and 148:
data to be encrypted or decrypted.
- Page 149 and 150:
Figure 5. algorithm with a key spac
- Page 151 and 152:
Everyone has heard the phrase ''if
- Page 153 and 154:
Then the second would be: exactly w
- Page 155 and 156:
possible. 16 Cracking DES: Secrets
- Page 157 and 158:
Statements of this nature can be fo
- Page 159 and 160:
2. The above assertion is only true
- Page 161 and 162:
As we have seen, non-repudiation re
- Page 163 and 164:
the host. Physical security would p
- Page 165 and 166:
A second paradigm shift occurred be
- Page 167 and 168:
etween A and B and if X is a messag
- Page 169 and 170:
of this list has to be protected by
- Page 171 and 172:
een evaluated to level E6 (UK ITSEC
- Page 173 and 174:
The foundations that anchor cryptog
- Page 175 and 176:
UK ITSEC Scheme. (1999). UK Certifi
- Page 177 and 178:
Scope of This Chapter However, desp
- Page 179 and 180:
The National Standards bodies (memb
- Page 181 and 182:
• SC17: Identification cards and
- Page 183 and 184:
those not appropriately authorised.
- Page 185 and 186:
and Pervasive security mechanisms,
- Page 187 and 188:
. Proprietary name(s) of algorithm.
- Page 189 and 190:
and hence P = dK(eK(P)). Electronic
- Page 191 and 192:
Encipherment operates as follows. F
- Page 193 and 194:
• Method 2 (also known as Ciphert
- Page 195 and 196:
More specifically, if the n-bit dat
- Page 197 and 198:
• A new (3rd) padding method has
- Page 199 and 200:
information. The output is the MAC
- Page 201 and 202:
Overview The ISO/IEC 9796 standard
- Page 203 and 204:
discarded. Finally the least signif
- Page 205 and 206:
2. Message recovery. This step yiel
- Page 207 and 208:
ISO/IEC 9796-2 was published in 199
- Page 209 and 210:
• ISO/IEC 14888-1: 1998: General,
- Page 211 and 212:
scheme are specified in the standar
- Page 213 and 214:
If V = R then the signature is veri
- Page 215 and 216:
Method 1 (Single Length Hash-Codes)
- Page 217 and 218:
ISO/IEC 10118-4 (Modular arithmetic
- Page 219 and 220:
To protect a message in a protocol,
- Page 221 and 222:
These sequence numbers take the rol
- Page 223 and 224:
The mechanism has two message passe
- Page 225 and 226:
This example can be found in clause
- Page 227 and 228:
protocol is used for time synchroni
- Page 229 and 230:
• Non-repudiation of delivery, pr
- Page 231 and 232:
We now consider the multi-part ISO/
- Page 233 and 234:
Key establishment includes key agre
- Page 235 and 236:
valid. This is typically done by me
- Page 237 and 238:
combine them mean that neither enti
- Page 239 and 240:
this implies that F(·,g) is one-wa
- Page 241 and 242:
Other Standards A multi-part standa
- Page 243 and 244:
ISO. (1994b). ISO/IEC 9798-2, Infor
- Page 245 and 246:
ISO. (1999a). ISO/IEC DIS 9594-8, I
- Page 247 and 248:
Regardless of what many employees m
- Page 249 and 250:
State and local public employees al
- Page 251 and 252:
wrongful discharge in violation of
- Page 253 and 254:
one expert puts it, a hacker ''has
- Page 255 and 256:
printing and saving the hard copies
- Page 257 and 258:
protection in the event employee e-
- Page 259 and 260:
Coie, Perkins. (1999). Does Your Em
- Page 261 and 262:
G. David Garson. Idea Group Publish
- Page 263 and 264:
Restuccia v. Burk Technologies, Inc
- Page 265 and 266:
distinguished from the application
- Page 267 and 268:
Electronic mail poses the most imme
- Page 269 and 270:
interferences with individual priva
- Page 271 and 272:
However, such restrictions are just
- Page 273 and 274:
Principle 12 deals with unique iden
- Page 275 and 276:
conceptual barrier, certain difficu
- Page 277 and 278:
Another recommendation targets the
- Page 279 and 280:
Privacy Commissioner's office, that
- Page 281 and 282:
Finally the existing obligations re
- Page 283 and 284:
16 See infra. 17 Several Internatio
- Page 285 and 286:
Mark Sweat is a consultant and anal
- Page 287 and 288:
Chapter 7 Dieter Gollmann was a sci