Technology of Information Security

Why everyone should use encryption systems.

Ever since the first trade took place there has been fraud. There is whole lot of people on
the lookout for making easy money using unfair means, for that is the area of maximum return
and of course maximum risk. As increasing numbers of individuals and organizations use the
powers of Information and ommunication Technology !IT" the scope for cyber crime
increases in direct proportion. The use of the internet is made to transfer large amounts of
information and communications that may be of a sensitive nature or have financial ramifications
if they reach unauthorised hands.
In today#s world, and tomorrows, there is an increasing dependence on e$mail, cellular
communications, the internet and computers for accessing, computing and recording of
information and data. These are all open to unauthorized access and misuse and even vandalism.
As commerce and communications continue to move to computer networks, security is
becoming a vital issue. Attacks on network systems and individual computers exploit flaws and
vulnerabilities left by the software developers and suppliers. %arge scale attacks, such as the I
%ove &ou virus highlight such vulnerabilities. Anyone, be it organizations or individuals, is at
risk and need to take action to minimise this risk.
Invasion of privacy is another threat and this can include the unauthorized access to
someone else#s private and confidential communications, Industrial espionage and data
harvesting that may be put to use against the interests of the original owner. omputer vandalism
is another threat that has become a problem. 'andals may break into a system, not with an
interest to make money or some other unauthorized use of the information gathered but for sheer
perverse pleasure of causing harm and problems for others. The weaker the safeguards, the easier
it is for such people to break in and lower the risk of their ever getting caught.
Every individual or organization needs to allow access to their systems to some people in
order to make use of the technology in commerce, data transfer and storage. They need to ask
themselves as to how much and what level of security they need to protect themselves and other
people who have access to their system, and most important of all ( who can be trusted to set up
that security. If everyone uses a common security system that is trusted and proven this will
make it easier to trust each other and make it less expensive to implement.
)ifferent laws and enactments have been made by *tates to prevent and punish electronic
security breaches and fraud. +owever, no law can be a substitute for engineering. The security
provision should be such that it prevents break$in and theft, vandalism of data. Encryption
systems offer protection against breaches of security while using the internet for communications
and data transfer. -aking such communications proof against eavesdropping and resulting
losses. Encryption systems are built around the science of cryptography, a part of the number
theory, and have one purpose, that of ensuring privacy in the use of IT. .ood encryption
systems withstand attacks on the systems, resources and data up to a point where it is becomes
easier to for the attacker to obtain the information from other sources rather than through an
attack on the system guarded by the encryption system. Instead of every individual or
organization developing its own system of security and encryption, that might not be compatible
with others# systems and thus cause mayhem, there is a need for the development and use of a
common system that provides good protection. )esign of good security systems is an art and not
many are adept at it. *uch a system will help in making security an affordable and efficient $ /./
is one such system.
The most widely used system is the T/,I/ which is not very effective0 /./ an open
source encryption code is far superior. 1o system can provide an ironclad guarantee on its
effectiveness, for ways can be found to breach the tightest security, thus a compromise has to be
found between the possible and acceptable.
/retty .ood /rivacy !/./" is a encryption system that uses both public$key cryptography
and symmetric key cryptography, and includes a system that binds the public keys to user
identities !2ikipedia". /./ re3uires that a receipient must establish a linked key pair, public and
private, and the sender uses the receipients public key to encrypt the message being sent. The
secret key is protected by a password while the public key is not.The receipient deciphers the
message using the private key. 4se of two ciphers helps enhance the security of message or
infromation transfer. )ata that is encrypted with a public key can only be decrypted by the
matching secret key. This is also used to sign transfers. In order to sign, a hash is taken and
encoded with the secret key, since files encrypted by the secret key can be decoded using the
public key the recipient can then verify that the information is actually from the sender and has
not been tampered with by checking the encoded form of the signature.
/./ is believed to be capable of very high security e3ualling military level systems with
no known way for anyone to break into areas protected by /./. /./ protects data in long$term
data storage such as disk files as compared to other systems that only protect data during tranfer.
The earliest versions of /./ have no detected flaw as yet and newer versions have added
encryption algorithms making them even more secure. /./ has the additional benefit of now
being adopted by a large base of user and being compatible with a host of other systems and
software.
It is known that most electronic fraud takes place by or with the assistance an insider, no
systems can guard against such attacks. Even honest users can cause problems because in their
hurry to get the 5ob done and their desire to keep things simple they overlook security aspects
and this leaves flaws that can then be exploited by an outsider. Any system must be designed
keeping the convenience and the need of the users. 6nly then will it be able to guard and protect
their systems, resources and data.