ENCRYPTION

When we hear of data security, one of the terms we hear most often is encryption. But how many people does actually know what encryption is? Let’s get to know about encryption a little bit more.

The word encryption is derived from the Greek word kryptos, which means concealed or secret. The encryption use is almost as ancient as the art of communication itself. Before the introduction of the Diffie-Hellman key exchange and RSA algorithms, governments and their armies were the only real users of encryption. With the introduction of Diffie-Hellman and RSA led to the extensive use of encryption in the consumer and commercial areas to safeguard data both being sent across a network, which is called the data in transit and stored on flash drive, smartphone or a hard drive which is called data at rest.

Encryption is the method of changing an original message into an arrangement that cannot be used by unsanctioned persons. With this procedure, anybody that does not have the understanding and equipment to change an encrypted message back to its original format will be incapable of deciphering it. The science of encryption is known as cryptology and it incorporates two disciplines, which is known as cryptography and cryptanalysis. Cryptography comprises of procedures that is involved in coding and deciphering messages so that others cannot comprehend them. Cryptanalysis is the procedure of decrypting the original message or plaintext from an encoded message or ciphertext without the knowledge of keys and algorithms used to perform the encryption.

Data that is frequently signified to as the plaintext is encrypted using an encryption algorithm and an encryption key. This procedure creates ciphertext, which can only be viewed, in its original form if decrypted with the right key. Decryption is merely the opposite of encryption, following the same procedure but reversing the order in which the keys are applied. Currently encryption algorithms are separated into two categories: symmetric and asymmetric. Symmetric encryption algorithms can be separated into stream ciphers and block ciphers. Stream ciphers encrypt a single bit of plaintext at a time, while block ciphers take a number of bits, which is normally 64 bits in modern ciphers, and encrypt them as a single unit. Some of the example of common symmetric encryption algorithms is blowfish, cast 5, serpent etc. Asymmetric encryption algorithms also known as public key algorithms, on the other hand use different keys for encryption and decryption. The decryption key cannot be derived from the encryption key. Public key procedures are significant as they can be used for transmitting encryption keys or other data securely even when the parties have no chance to concur on a secret key in private. Some of the common asymmetric encryption algorithms are RSA encryption algorithm, Diffie-Hellman, Digital Signature Algorithm etc.

The knowledge of the distinctive states of data can be of help in choosing the kinds of encryption and security measures that are suitable for protecting it. There are three fundamental states of data: data at rest, data in motion, and data in use. Data at rest is a term that signifies to data stored on a device or backup medium in any arrangement. It can be data stored on hard drives, in offsite cloud backup, backup tapes, or even on mobile devices. It makes it a data at rest because it is an inactive data that is not presently being transferred across a network or actively being read or processed. Data at rest is normally in a constant state. The second stage of data is data in motion. It is a data that is presently moving across a network or sitting in a computer’s RAM prepared to be read, updated, or processed. Data passing through the networks from local to cloud storage or from a central mainframe to a remote terminal must be encrypted so that it becomes impossible to read or be manipulated by hacker or any machine amid the data’s destination and the source. This data in motion contains data moving through cables and wireless transmission and it can also be emails or files transferred over FTP or SSH. The third stage is the data in use. It is a data that is not just being kept inactively on an external storage media or hard drive but is being processed by one or more applications. The data is presently in the process of being created, updated, added, or deleted. It also comprises data being watched by users retrieving it through numerous endpoints. Data in use is vulnerable to different kinds of threats contingent upon where it is in the system and who is able to use it. The most defenseless point for data in use is at the endpoints where users are able to access and interact with it.

Data at rest may exist on any kind of long-lasting storage media, such as disk or tape. The media is protected using encryption procedures, which gives the advantage of preventing it from reading or writing of data without the accurate decryption key. Algorithms used in encryption guarantees that reading data without the right key is almost impossible. One of the big disadvantages of encrypting a data at rest as it relates to keys is that the security of data turns out to be the security of the encryption key. If one looses that security key then they successfully lose the data. Encrypting data and generating the keys is essential to encrypt and decrypt the data and it can be very expensive. Regardless of the type of encryption used, the systems performing the heavy lifting must have accessible resources.

References

ASPG. (2015, n.d n.d). The Three States of Digital Data. Retrieved January 28, 2016, from Advanced Software Products Group: http://aspg.com/three-states-digital-data/#.VVdx01yNQRY

E&D.com. (2015, n.d n.d). Encryption Algorithms. Retrieved January 28, 2016, from Encryption and Decryption.com: http://www.encryptionanddecryption.com/algorithms/encryption_algorithms.html

Mattord, M. E. (2014). Management of Information Security (Fourth ed.). Stamford, Connecticut: Cengage Learning.

Rouse, M. (2015, n.d n.d). Encryption. Retrieved January 28, 2016, from Tech Target Search Security: http://searchsecurity.techtarget.com/definition/encryption

Tangient LLC. (2015, n.d n.d). Encryption Advantages and Disadvantages. Retrieved January 28, 2016, from Networking116: http://networking116.wikispaces.com/Encryption+Advantages+and+Disadvantages

Rakhmanov, M. (2011, February 23). Picture Credit: Network Encryption in Modern Relational Database Management Systems. Retrieved January 28, 2016, from Team Shatter: http://www.teamshatter.com/topics/general/team-shatter-exclusive/network-encryption-in-modern-relational-database-management-systems/ 

COMMONLY DEFINED CYBERCRIME CATEGORIES

     Last week, we talked about some of the information on the most common Internet crimes that takes place on a regular basis. This week, we will talk about most commonly defined cybercrimes.

So what are they? If you haven’t already guessed, here are some.

In the world of technological advancement and the increasing dependence on the technology, cybercrime can occur anytime and anyplace. There are several methods that criminals use to commit a cybercrime. Cybercrime however depends on the skill-set and nature of the criminal. This should not be surprising: cybercrime is, after all, simply 'crime' with some sort of 'computer' or 'cyber' aspect. Most commonly defined cybercrimes are categorized into four types: The Computer as a Target, The Computer as an Instrument of a Crime, The Computer as Incidental to Crime, and Crimes Associated with the Prevalence of Computer.

The Computer as a Target: The offender uses the computer to obtain information or to damage operating programs in this nature of crime. Crimes related to the computer as a target include theft of intellectual property, theft of marketing information, stealing (personal, business, and the government) data by gaining the access to the owner’s computer. Accessing the confidential government records is another crime that targets the computer directly. Most concurrent examples of this crime that were see and hear about on a daily basis are manipulating the criminal history data of an individual, creating a fake legal documents, deleting the negative records from the tax and credit history and tampering and interfering with the proprietary information.

The Computer as the Instrumentality of the Crime: Computer as the Instrumentality of the Crime defines the criminal activities where the computer analytical processes are manipulated or tampered by the programs designed by the criminals. New programming codes are introduced to break the existing process and get access to the data. In this category, the processes of the computer facilitate the crime. Crimes in this category include fraudulent use of Debit/Credit cards and accounts, theft of money from accrual, money transfer tampering, credit card fraud, computer transactions and telecommunications fraud.

Computer is Incidental to Other Crimes: In incidentals, computers are only related to the criminal act but are not essential for the crime. In this scenario, crime can take place without the use of technology and even if it does, it only acts as a catalyst to the entire crime. It make the crime to occur at a faster pace, provides more information to the criminals and ultimately helps in concealing the identity of the criminal by making it difficult to identify the criminal. Changing a patient’s medication by hacking into the computer system is an example of a crime where computer has worked as an incidental than the crime itself.

Crimes Associated With the Prevalence of Computers: In the world of computation and technology, criminal activities are not only limited to the traditional crimes. Technological growth has invited the new series of criminal activities. Software piracy, distributions of software without permission, unlawful copy of the software are few examples of criminal activities that fall under this category. Common example of such crime can be seen on the third world countries where we find the huge trades of copyright software are being reproduced and sold on a daily basis. In international market, the price of the original computer software is reasonably high. In such countries, people depend on illegal software because of the high price. Software companies are losing a significant amount of money.

References

RCMC. (2014, December 14). Cybercrime: an overview of incidents and issues in Canada. Article and Photo Credit: Retrieved January 20, 2016, from Royal Canadial Mounted Police: http://www.rcmp-grc.gc.ca/pubs/cc-report-rapport-cc-eng.htm

Symantec Corporation. (2015, n.d-n.d). What is Cyber Crime. Retrieved January 20, 2016 from Symantec Corporation: http://us.norton.com/cybercrime-definition

Ngubeni, T. (2014, 14-November). Photo Credit: How cyber-crime-as-a-service stays alive. Retrieved January 20, 2016 from IT Web: http://www.itweb.co.za/index.php?option=com_content&view=article&id=139316

TOI. (2014, 28-December). Photo Credit: India logs 40 per cent annual increase in cyber crime cases. Retrieved January 20, 2016 from The Economic Times: http://articles.economictimes.indiatimes.com/2014-12-28/news/57462649_1_cyber-crime-cyber-attack-cyber-space

INTERNET AND CRIME

Just like the different form of physical crimes (murder, arson, robbery etc.) that we hear about on a regular basis, there are many virtual crimes that takes place over the Internet.

How many of you are aware of cybercimes?  

If you are not aware, here are some of the information on the most common Internet crimes that takes place on a regular basis. These are only few. But, keep in mind that they are not limited to the list below.

The past decades have brought a massive increase in the availability of electronic resources. With the increased availability has come a new form of criminal activity that takes gain from electronic resources, namely computer crime and computer fraud. Today, these new forms of crime are developing and pose a new and lasting challenge to law enforcement agencies at all levels including how to prevent, investigate, and prosecute these crimes. Law enforcement agencies from local all the way to the federal level are beginning to establish specific units dedicated to handling computer-related offenses. But currently there is no uniform method to define or address computer crime and computer fraud. Technologies such as cellular phones, iPad, desktop computers, the Internet, websites, have added a whole new aspect to crime. Many categories of crimes, such as fraud, theft, organized crime rings, prostitution, harassment, stalking, and child pornography have been fused into the digital world. Offenders find new opportunities to perpetrate their crimes using this new digital medium.

Internet piracy is better known form of theft in a digital world. Piracy is the act of replicating or reproducing copyrighted material without consent or approval. For the past few years, private and law enforcement organizations have been putting a concentrated effort on stopping this offense. Organizations such as the Recording Industry and the Motion Picture routinely engage in both civil as well as criminal lawsuits to curb piracy. The Motion Picture alone estimates its potential revenue loss because of piracy to be over three billion dollars a year.

Internet fraud is another most quickly growing forms of computer crime. Internet fraud is also commonly stated as Computer fraud. Basically, Computer or Internet fraud is any type of fraud scheme that uses one or more components of the Internet-such as chat rooms, e-mail, social network, or world wide web to present fraudulent transactions to financial institutions or to others connected with the scheme. There are multiple forms of Internet fraud. One form of Internet Fraud is the Nigerian e-mail fraud. In this particular crime, the victim receives e-mail from someone in Nigeria, who happens to be the heir to millions of dollars. The e-mail recipient is made to believe that they are to receive some of the fortune but in exchange they need to help them with a lawyer’s fee of several thousand dollars in order to claim the money. The people who fall prey to this crime send their money through Money Gram, Western Union and others sources thinking that their luck changed. They believe that soon they are going to get thousands of dollars but they never receive their expected fortunes.

Another form of Internet crime is spam mail. Spam mail is the dispersal of bulk e-mail that offers recipients deals on products or services. The purpose of spam mail is to trick people into believing that they are going to receive product or service at a low-price. For example, the cost of the Mac Book Pro is $1200 in the market. The spam mail leads them to believe or gives them an offer that they will receive the Mac Book Pro for $500 if they order within certain minute or hour. People actually fall into this trick. However, before the deal can occur, the sender of the spam asks for payment, the recipients’ credit card number or other personal information. The customer will enter their payment information on the computer and never receive the product nor hear from the spammer.

Individuals all over the world use the Internet to commit numerous amounts of crimes, some of it is not known to public and they cannot even imagine that it is capable of being done electronically. As a result, it is challenging to establish the full scope and nature of Internet crime. The absence of suitable empirical evidence creates an intimidating challenge to precisely establish the course of Internet crime rates, and the psychological, physical and financial results on Internet crime victims.

References

Aung, Y. (2013, May 19). Photo Credit: Internet Piracy . Retrieved January 14, 2016, from Prezi: https://prezi.com/ve-1csnrvh7m/internet-piracy-ye-aung/

Elgin, C. (2014, January 16). Photo Credit: Fraud Knowledge & Prevention. Retrieved January 14, 2016, from William Vaughan Company: http://blog.wvco.com/tag/internet-fraud/

Emaze. (n.d, n.d n.d). Photo Credit: The Internet Age And... Retrieved January 14, 2016, from Emaze Amazing Presentation: https://www.emaze.com/@AORFQFFR/The-Internet-Age-and-Cybercrime(1).pptx

Kunz, M., & Wilson, P. (2004,16-February). Computer Crime and Computer Fraud. Retrieved 2016, 12-January from montgomerycounty: http://www.montgomerycountymd.gov/content/cjcc/pdf/computer_crime_study.pdf

Schweber, A. (2012, July 11). Beward Pop-Up Software Updates While. Retrieved January 12, 2016, from Absolute Software Corporation: http://blogs.absolute.com/lojack-for-laptops/2012/07/beward-pop-up-software-updates-while-traveling/

UPENN. (2010, April 23). Photo Credit: Junk E-mail and Newsgroup Postings, a.k.a. "spam". Retrieved January 14, 2016, from Information Systems and Computing, University of Pennsylvania: http://www.upenn.edu/computing/security/advisories/spam.php

STATIC AND DYNAMIC WEB PAGES

Millions of people visit different web pages every time they browse the Internet. To many of them, a web page is merely a web page. How many people visiting the web page can actually tell the kind of web page they are visiting? I am guessing not many. To some reading this blog, the question may raise. Wait; there are different types to web pages?

Yes. As a matter of fact there is. So what are the different types of web pages and which one is more or less secure?

Static means it is unchanging or constant. Every time a page is loaded in static web pages, it comprise of the same prebuilt content. This means that it stays the same (static) for every viewer of the site. Standard HTML pages are static web pages and they comprise of HTML code, which describes the build and content of the web page. When the HTML page loads every time, it appears identical. The only way the content of an HTML page changes is if the web developers updates and publishes the file.

A dynamic website encompasses information that varies contingent on the viewer, the time when the site is being looked at, the viewers language and other elements. It can comprise of client-side scripting (XML, Ajax techniques, Flash ActionScript) or server-side scripting (languages like ASP, JSP, Perl, PHP, Python) to make the altering content and it can also comprise of both scripting combination. For the basic structure these sites also comprise of HTML programming. Numerous dynamic pages use server-side code to get access to the database information and this allows the page's content to be made from information stored in the database.

Static pages are more secure, less disposed to technology blunders and failure, and easily visible by search engines then the dynamic webpages. Static webpages are the securest method to serve content since there is a zero server side processing or any back end storing data. It is almost impossible to hack or get the server to execute any unplanned actions. The weak part is the web server and not the website itself. The traffic is typically from the server to the client and there is no communication with the server later.

In a dynamic webpage, one of the most common types is the database driven webpages. In this type of web page, it pulls the information from a database. Basically the web page is linked to the database by programming and it pulls out that information into the web page each time it is loaded. Anytime the information saved in the database varies, the web page linked to the database will alter accordingly and automatically. Individual involvement is not necessary. One of the examples of this type of webpages is online banking. Customers enter their user name and password in order to look at their account information. The customers account information is stored in the banks database and that database is connected to the web page with programming therefore allowing one to see their account information. Since dynamic webpages use database and needs Internet login for CRUD (Create, Retrieve, Update and Delete) operations, this can make it more secure and more vulnerable.

References

Abdulhadi. (2010, January 20). Photo Credt: Difference Between Static and Dynamic Web Pages. Retrieved January 04, 2016, from Difference btw.com: http://www.differencebtw.com/difference-between-static-and-dynamic-web-pages/

Computer Hope. (2015, n.d n.d). Dynamic website. Retrieved January 04, 2016, from Computer Hope: http://www.computerhope.com/jargon/d/dynasite.htm

Killersites.com. (n.d, n.d n.d). What are Database Driven Websites, and how are they built? Retrieved January 04, 2016, from Killersites Web Designing Resources: http://www.killersites.com/articles/articles_databaseDrivenSites.htm

PC.net. (2015, n.d n.d). What are static and dynamic Web pages? Retrieved January 04, 2016, from PC.net: http://pc.net/helpcenter/answers/static_and_dynamic_web_pages

Wagner, C. (2015, November 05). Photo Credit: 5 things that Bluehost does that HostGator can’t. Retrieved January 04, 2016, from HostingPill.com: http://hostingpill.com/bluehost-vs-hostgator/