Welcome to SecurityDocs

A collection of 7,815 IT security white papers, carefully curated by professionals like yourself

SSL ATTACKS: Part 2

by Rorot Oct. 7, 2017 via INFOSEC Institute

In the first part of SSL attacks, we have seen details about two attacks, namely BEAST (browser exploit against SSL/TLS attack) and SSL renegotiation attack. In this second part, we are going to deal with CRIME, TIME, and Lucky13 attacks. Let us proceed further and try to understand each of these attacks in detail. Compression Ratio Info-leak Made Easy Attack This is a side-channel attack on SSL/TLS that can be used to predict sensitive information, such as the session tokens, etc. This is ...

EFF Releases HTTPS Everyhwere Firefox Plugin

Oct. 6, 2017 via ADMIN Magazine

The Electronic Frontier Foundation (EFF) has released version 1.0 of the HTTPS Everywhere plugin for the Firefox web browser to increase security on the web. It enforces HTTPS encryption for a list of about 1000 sites that require a login and therefore are transmitting security-sensitive credentials over the network. Among those sites are Google, Facebook, Twitter, Wikipedia, Paypal and the EFF itself. The plugin is free software licensed under the GPLv2. It can be installed from https://www....

Secure Data Transfer with FTP Alternative MFT

Oct. 6, 2017 via ADMIN Magazine

Security concerns related to FTP were one factor that produced a series of developments leading to the Secure FTP, Secure Copy Protocol (SCP), FTP over SSL (FTPS), and SSH File Transfer Protocol (SFTP). A new addition was made in 2008, Managed File Transfer (MFT), in which all files to be transferred are encrypted not only en route but also during storage on the server or on share points. Core functionalities of MFT include secure transmission and data storage coupled with reporting and audit...

Encrypting Files

Oct. 6, 2017 via ADMIN Magazine

The revelations of Edward Snowden caused a big upsurge in the use of encryption for protecting data from inappropriate access. People are now using encrypted filesystems as well as self-encrypted hard drives (SEDs). However, not everyone is using encryption. Recent revelations about accessing the data of individuals includes the story about how the NSA and Britain’s Government Communications Headquarters (GHCQ) supposedly gained access to SIM cards from Gemalto, allowing them to access any ce...

Getting a free TLS certificate from Let's Encrypt

Oct. 6, 2017 via ADMIN Magazine

Let's Encrypt [1] is an open-source project with the goal of making sure every website is encrypting with TLS. The Let's Encrypt project is sponsored by organizations such as Mozilla, Cisco, Akamai, EFF, gandi.net, and many more. The primary role of Let's Encrypt is to offer trusted and free TLS certificates for everyone. Users can even copy and integrate Let's Encrypt technology into their own networks, which means any website can now offer a encrypted option for no cost. On May 8th 2016, Le...

Data Storage Security

by Tom Olzak Oct. 1, 2017 via Infosecwriters

Data in transit, across and between company networks, are usually the focus of extensive security efforts. However, organizations typically regard data residing on internal storage devices as “secure enough.” Databases and flat files stored on server drives or on SAN disk arrays don’t move outside the security perimeter; so why worry?

Biometrics - The Wave of the Future?

by Gary Daniel Oct. 1, 2017 via Infosecwriters

Will biometrics be a factor in our future? Of course it will, at least to the extent that it has been in our past history. We as citizens must decide upon the best methods to use and the best way to utilize this technology. Biometrics can be defined in several ways such as the study of measurable biological characteristics. In reference to Information Security it specifically applies to the automated use of physiological or behavioral characteristics to determine or verify identity.

Biometrics. What and how.

by Moustafa Kamal El-Hadidi Oct. 1, 2017 via Infosecwriters

Humans have used body characteristics such as face, voice, gait, etc. from the day that mankind existed to recognize each other. Some characteristics don’t change over time and some do. And since each on has a unique characteristics that no other share we humans have thought of using that in our daily life, The main aim of using it after 9/11 is for security reasons. So what characteristics do we use? Are they accurate? Can we depend on them in our daily life routine?

Biometrics: 21st Century Security

by Stan Smith Oct. 1, 2017 via Infosecwriters

Since September 11 2001 security has been in the forefront of American concerns. Granted, the general population is most concerned with personal physical security, which basically translates to physical security at the work place. We all hear of the horrible stories of disgruntled employees who bring a gun to work to kill fellow coworkers. That is not to mention the dangerous world we live in this day and time with terrorism. I think biometrics will be the biggest security tool used in the 21...

Tunneling Protocols

by John Slawson Oct. 1, 2017 via Infosecwriters

A tunneling protocol can be defined as the action of a network protocol, otherwise known as the delivery protocol, to encapsulate a different payload protocol or to provide a secure path through an untrusted network. This payload can be any data that was compressed for transmission in order not to congest a network. In order to understand tunneling protocols and how they operate, a network engineer must first be familiar with TCP/IP networking model. The Transmission Control Protocol and the ...

Biometric Security Past and Future

by David Ludington Oct. 1, 2017 via Infosecwriters

Biometrics is the science of measuring and analyzing biological data. Biometric security is using the biological data to authenticate users that are attempting to access a secured device. The use of biometric security in authentication for personal devices has started to become more and more popular. This technology is being used to secure laptops, tablets and phones. In this paper I will be discussing the different types of fingerprint scanners and their birth into to the personal device mar...

Management of Smart Grid Technology

by John Whitenton Oct. 1, 2017 via Infosecwriters

This paper will address the topic of smart grid technology and how information technology is an integral part of its management. Smart Grid technology is frequently used as a common terminology but its often misunderstood; this will be clarified by a thorough definition and an elaboration of how this technology works with a focus on the integration of information technology.

Cryptosystems that Secure Web Browsers

by E. Craig Luther Oct. 1, 2017 via Infosecwriters

The need to secure Web browsers from eavesdropping of unauthorized parties or stealing of data pushed the development of cryptosystems that work to secure Web browsers. This was of particular importance for users trust of any Web based business such as electronic commerce sites as internet users wouldn’t purchase goods over the web unless the technology existed for transmitting data securely via a Web browser. [1] There are numerous cryptosystems that provide this technology, including Secure...

Using Digital Certificates to Identify Web Site Owners and Protect Against Phishing

by Edwin Aldridge Oct. 1, 2017 via Infosecwriters

Phishing exploits the ordinary Internet user’s inability to be sure that a web site which they have been induced to visit is actually operated by the company or organization whose name appears on screen.

Biometric Security Now And In The Future

by Justice E. Thurman Oct. 1, 2017 via Infosecwriters

Biometric technology has become the newest thing to implement in mobile devices, office building and is even being used to keep track of employees start and end time for work through a finger print clock out system. Biometric has come a long way since its first uses as just a filing system for criminals. With the rise of more and more private date like bank account information being stored on servers and even peoples mobile devices the need for something more secure than just a password is mo...

Salted hashes demystified

by Andres Andreu Oct. 1, 2017 via Infosecwriters

This primer will provide a basic level explanation of how seeded (or salted) hashes of clear text data are structured / created. The original formalization of this concept comes from RFC-31121. This document is written so that an understanding of this type of functionality becomes possible to anyone with a good computer science foundation. For the purposes of this exploratory journey we will use the Secure Hash Algorithm (SHA-1) hashing algorithm (NIST FIPS 180-22, RFC-31743). The salting con...

Demystifying - IPSec VPN’s

by Abhishek Singh Oct. 1, 2017 via Infosecwriters

In this article I will cover the basics of IPSec and will try to provide a window into the mystical world of the IPSec VPNs. The intended audience is anyone who wants to have a quick go through of the IPSec VPNs. This article will suite to readers of range Beginners to Intermediate.

Creating VPN’s with IPsec

by Wilson Chance Hinchman Oct. 1, 2017 via Infosecwriters

This paper will define the term VPN, explain for what and why VPNs are used. IPsec, which is vital to the functionality of VPNs will also be touched on. I will start by defining the term VPN, the acronym VPN stands for "Virtual Private Network”. This is an ambiguous term that gets thrown around a lot in the information technology industry. Many types of networks fall under the classification of virtual private network when taken out of context. For instance, frame relay networks, or private p...

Defeating Encryption: Security is More than Just Good Crypto

by John C. A. Bambenek Oct. 1, 2017 via Infosecwriters

Encryption is good. It helps make things more secure. However, the idea that strong cryptography is good security by itself is simply wrong. Encrypted messages eventually have to be decrypted so they are useful to the sender or receiver. If those end-points are not secured, then getting the plain-text messages is trivial. This is a demonstration of a crude process of accomplishing that.

User Authentication Through the Use of Public Key Infrastructure (PKI)

by Robert Meacham Oct. 1, 2017 via Infosecwriters

The information I would like to cover in this paper will be in the use of the Public Key Infrastructure (PKI). The key area of focus will be on its use in the authentication of users in relation to network access for segments of the Department of Defense (DoD) Global Information Grid (GIG) infrastructure. I will discuss views from its implementation, expansion, benefits, issues and management perspective briefly in order to provide a better understanding of the impact this change has had on s...

Subscribe

We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.