Information theft and cryptographic attacks

When sensitive information is transmitted outside of trusted systems, it should be encrypted to preserve confidentiality. Few consumers would want their credit card information transmitted through the Internet as plain text. Even when data is stored on an organization's own devices, it is sometimes encrypted to prevent information theft. Several high-profile laptop thefts have raised awareness about the dangers of storing large quantities of personally identifying information on mobile devices.

Even when encryption is used, threats to confidentiality still exist. Two such threats are cryptographic attacks, or attempts to break the encryption code, and the loss of a private key in a public key cryptography system. The best method for countering cryptographic attacks is to use strong cryptography and properly manage the private key. Strong cryptography is based on sound encryption algorithms and long keys. For example, the Advanced Encryption Standard (AES), adopted as a standard by the U.S. government, can use 256-bit keys. Although in theory, a brute force search of all possible keys could be used to break this encryption, the time required to conduct such a search is so long as to be impractical. Of course, anyone in possession of the private key can decrypt even the most strongly encrypted message. It is imperative that private keys be securely distributed and stored to ensure that security is not compromised.

An important factor in the use of cryptography is that information should be encrypted only as long as that information is useful or not publicly available. Documents detailing a merger negotiation would be kept confidential during the negotiations, but once the deal is finalized and announced, the contents of those documents are far less valuable.

How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Threat and Vulnerability Management Zeus botnet temporarily disrupted, but back in full force Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 Database Security Tools and Techniques Multifunction security device safeguards SOA, streamlines company's infrastructure Safend expands data leakage prevention product to plug more gaps How to prevent memory dump attacks Database activity monitoring lacks security lift Report: Firms avoid encrypting backup tapes, databases Cryptography for the rest of us Recent breaches show data theft prevention basics lacking Unpatched vulnerability discovered in Microsoft SQL Server How to use Excel for security log data analysis SQL injection continues to trouble firms, lead to breaches

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary