Region: Corporate      Government
You are not logged in    Login
IDS Emergencymanagement
  The Information Resource for the Emergency Management Industry!
Browse Emergency Products & Suppliers By Category
Browse Emergency Whitepapers By Sector
Browse Emergency Management Events By Category
Participation Options
Free Listing
Interested In Exhibiting?
Submit Events
About IDS Emergency
Submit News
Emergency Management Newsletter
News ReleaseClick Here to view News Releases
Exhibitor Category Logo
Five Mistakes of Data Encryption
February 26, 2007
Click HereView Participation Packages
Click Here
Submit Paper
   

If you follow the media today, you might conclude that data encryption is everywhere. However, is this "good" encryption? A classic saying "Encryption is easy; key management is hard" illustrates one of the pitfalls that await those implementing encryption enterprise-wide or even SMB-wide. This article covers some of the other mistakes that often occur when organizations try to use encryption to protect data at rest and data in transit and thus improve their security posture.

The first mistake is not using encryption when it is easy and accepted. I'm talking about those pesky plain text protocols such as telnet and FTP. One can argue that people should have abandoned the above protocols for a host of other reasons, but, as the latest Solaris telnet 0day fiasco indicates, enough people are still using them

Similarly, while using HTTP for sensitive online transaction is not common, one still sees such instances on lesser known e-commerce Web sites. Exposing sensitive information to known, actively used attacks, such as sniffing, is inexcusable. While risk of sniffing is typically overshadowed by the risks to stored data, there is indeed no excuse to not encrypting the data in transit when it is easy and does not cost any extra.

The second mistake has been mentioned by most cryptographers out there: inventing your own cryptographic algorithm. Sorry, but most of us are not that smart! Cryptography is a science just like physics and mathematics (in fact, we all know that it is based on the latter), and, amateurs have no place in it. On the other hand, if you are looking to secure a highly-sought spot in Bruce Schneier’s doghouse, go help yourself to a copy of Crypto for Dummies and start coding right away.

An interesting extension of this mistake has to do with failing to correctly implement a well-designed cryptographic algorithm. Indeed, algorithm design is hard, but quality implementation isn't an easy job either. As a result, people who chose to re-implement a "known good" crypto algorithm might be doing themselves a disservice, if a proven implementation exists (as a cryptographic library, for example)

Source
Other News
IBM and Red Hat Achieve Highest Security Certification for Linux on IBM Servers
FBI Working to Bottle up 'Botnet'Hackers
Microsoft Patches 17 Flaws in Client Products
Websense Unveils Industry’s First Information Leak Prevention Software with Web Intelligence
SSH Announces First End-to-End Security Solution for Securing Data across Multi-Platform U.S. Government Computing Systems Using Common Access Cards
More news
Featured Whitepaper
High-Volume Inbound Call Handling Capacity – Critical for Co...

During a crisis, an agency’s inbound telecommunication system can be overwhelmed ve...

                     Read more
Twenty First Century Communications
More white papers
 

Industry IDS, Inc.
Business Continuity Institute Continuity Central Open GIS Consortium, Inc Spatial Technologies Industry Association Ambulance Manufacturers Division
ACP
DELEGATES
13513
Conference Sectors  Case Studies  List of Papers  Exhibition Sectors  Vendor Presentation  List of Exhibitors  Industry News  Sponsors  All Exhibitors  All Papers  Sitemap  Registration Links ]

 :: IDS Plastics :: IDS Water ::IDS Packaging::IDS Publishing/Media ::IDS Healthcare Management ::IDS Environment::IDS Power/Energy::  

Industry IDS, Inc. – Online Tradeshow, Exhibition, & Buyers Guide Solutions