Friday, October 23, 2009

WEEK 11 (IT SECURITY)

LECTURE 11 

Last topic in my lecture is Cyberlaw. Cyberlaw is a term that encapsulates the legal issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies. It is less a distinct field of law in the way that property or contract are, as it is a domain covering many areas of law and regulation. Some leading topics include intellectual property, privacy, freedom of expression, and jurisdiction.

COMPUTERS CRIME ACT 1997 
As computing becomes more central to people’s life and work, computers become both targets and tools of crime. This Act offense everything that would harm the computer system.

COMMUNICATION AND MULTIMEDIA ACT 1998 
Convergence of technologies is driving convergence of telecommunications, broadcasting, computing and content. This art creates a new system of licenses and defines the roles and responsibilities of those providing communication and multimedia services and provides for the existence of the Communication and Multimedia Commission, the new regulatory authority

DIGITAL SIGNATURE ACT 1997 
Provides for the regulation of the public key infrastructure. The Act makes a digital signature as legally valid and enforceable as a traditional signature.

COPYRIGHT (Amendment) ACT 1997 
Copyright serves to protect the expression of thoughts and ideas from unauthorized copying and/or alteration. With convergence of Information and Communication Technology (ICT), creative expression is now being captured and communicated in new forms (example: multimedia products, broadcast of movies over the Internet and cable TV). These new forms need protection. Copy right act rules the new and converged multimedia environment.

TELEMEDICINE ACT 1997 
Healthcare systems and providers around the world are becoming interconnected. People and local healthcare providers can thus source quality healthcare advice and consultation from specialists from around the world, independent of geographical location. This act provide any registered doctor may practice telemedicine but healthcare providers must obtains the license to do so.


Thursday, October 22, 2009

WEEK 10 (IT SECURITY)

LECTURE 10

This lecture is about Legal and Ethical Issues in Computer Security. This lecture covers information security law and ethics.

LAW 
A rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority. Implies imposition by a sovereign authority and the obligation of obedience on the part of all subject to that authority

Category of law
Civil law: represents a wide variety of laws that govern a nation or state
Criminal law: addresses violations harmful to society and is actively enforced through prosecution by the state

The categories of laws that affect the individual in the workplace are private law and public law. 

Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law. 
Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances. Examples of public law include criminal, administrative, and constitutional law

ETHICS 
A set of moral principles or values. The principles of conduct governing an individual or a group. An objectively defined standard of right and wrong 

Ethics Concept
Ethical Differences Across Cultures
-Cultural differences can make it difficult to determine what is and is not ethical especially when considering the use of computers.

Software License Infringement
-the individuals surveyed understood what software license infringement was but felt either that their use was not piracy, or that their society permitted this piracy in some way

Illicit Use
-The individuals studied unilaterally condemned viruses, hacking, and other forms of system abuse as unacceptable behavior

Misuse of Corporate Resources
-Individuals displayed a rather lenient view of personal use of company equipment.

Ethics and Education
-Differences in the ethics of computer use are not exclusively international.

Deterrence to Unethical and Illegal Behavior
-It is the responsibility of information security personnel to do everything in their power to deter these acts and to use policy, education and training, and technology to protect information and systems

Saturday, October 17, 2009

WEEK 9 (IT SECURITY)

LECTURE 9

In this lecture I learn about Wireless Security. Wireless security is the prevention of unauthorized access or damage to computers using wireless networks.Wireless have quickly become part of today's corporate technology landscape. Yet the rapid pace of deployment has far outstripped the technology's suitability for a stable and secure network environment. Many information security specialists are on record saying that security protocols built into the early 802.11 standards are clearly inadequate for the task. Far worse, the security measures that are available often go unimplemented many times by non-technical employees who install Wi-Fi hardware without the expertise of network professionals. This opens major areas of vulnerability in corporate networks.

There were 3 basic security 
• Authentication – Provide security service to identify consumer identity communicate.
• Integrity – To be sure message unmodified during transaction between wifi clients and access point.
• Confidentiality – To provide privacy are achieved by a network wired.

802.1X authentication can help enhance security for 802.11 wireless networks and wired Ethernet networks. 802.1X uses an authentication server to validate users and provide network access. On wireless networks, 802.1X can work with Wired Equivalent Privacy (WEP) or Wi Fi Protected Access (WPA) keys. This type of authentication is typically used when connecting to a workplace network.

WPA encrypts information, and it also checks to make sure that the network security key has not been modified. WPA also authenticates users to help ensure that only authorized people can access the network. There are two types of WPA authentication: WPA and WPA2. WPA is designed to work with all wireless network adapters, but it might not work with older routers or access points. WPA2 is more secure than WPA, but it will not work with some older network adapters. WPA is designed to be used with an 802.1X authentication server, which distributes different keys to each user. This is referred to as WPA-Enterprise or WPA2-Enterprise. It can also be used in a pre-shared key (PSK) mode, where every user is given the same passphrase. This is referred to as WPA-Personal or WPA2-Personal.

Thursday, October 8, 2009

WEEK 8 (IT SECURITY)

LECTURE 8

This lecture is about security in application. It covers Electronic Mail Security and web security. What is e-mail? An e-mail is a message made up of a string of ASCII characters in a format specified by RFC 822. Email has two part, header and body. Header part used to state the sender and email recipient. Body part is content of the message or email. Security that provided in e-mail is confidentiality, data origin authentication, message integrity, non-repudiation of origin and key management. It have 2 main category of email security threat which is threats to the security of e-mail itself and threats to an organisation that are enabled by the use of e-mail.

Multipurpose Internet Mail Extensions (MIME)

Extends the format of Internet mail to allow non-US-ASCII textual messages, non-textual messages, multipart message bodies, and non-US-ASCII information in message headers.

Web Security include security of server, security of client and network traffic security between a browser and a server.

SSL/TLS
Like most modern security protocols, is based on cryptography. When an SSL session is established, the server begins by announcing a public key to the client. No encryption is in use initially, so both parties (and any eavesdropper) can read this key, but the client can now transmit information to the server in a way that no one else could decode. The client generates 46 bytes of random data, forms them into a single very large number according to PKCS#1, encrypts them with the server's public key, and sends the result to the server. Only the server, with its private key, can decode the information to determine the 46 original bytes. This shared secret is now used to generate a set of conventional RC4 cipher keys to encrypt the rest of the session. 

SSH (Secure Shell)
A network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, leaving them open for interception. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet.

SET 
An open encryption and security specification designed to protect credit card transactions on the internet