Products     Downloads     Purchase     News     Security Education     Support     About     Sitemap

information security papers, it papers, security papers

 

 Papers in PDF format         Web Site Spoofing Demo      Useful Security Links

it security white papers on encryption, PKI, internet security, passwords, spoofing, etc.

Site Map
Beginners Guides


Introduction to information security - it security, security solutions  A Managers Guide to Information Security
This guide was written by The Open Group.  It covers why security matters to your business, security from a business perspective - what security you need, what to expect from security solutions, internal implementation and outsourcing.

Introduction to encryption - cryptography, encryption, decryption  An Introduction to PKI
Basic introduction to key terms and concepts  used in a PKI including Certificates, Keys and Authorities,  features  and services used by the PKI and the techniques involved in public key cryptography.

Introduction to encryption - cryptography, encryption, decryption  An Introduction to Encryption
Make any enquiry about computer security, and you will almost immediately fall over the terms cryptography and encryption (and also decryption), but what exactly is  meant by this?

what makes a good password, password guide  What makes a good Password?
This paper tells you what makes a good password and how to select one.



Information Security papers


PUBLIC KEY INFRASTRUCTURE (PKI)

PKI FAQs
Everything you wanted to know about PKI. Certificates, digital signatures, public and private keys, Certificate Authorities (CAs), cross-certification.

Solving problems in PKI
The big players in PKI make you believe, by advertising, that there are no problems implementing PKI.  This paper exposes some of the real problems and some practical solutions.

PKI Certificates - a source of confusion?
There is a lot of misleading information on the Internet about certificates, public &  private keys, digital signatures, etc. - when and how you use them.  This paper sets the record straight using terminology for the non-technical person.   

PKI - Managing Liability
One of the frequently quoted concepts of PKI is that of being able to do business  with people you don’t know, with certainty. Who is held liable for these transactions?

PKI - A Technology or a hype too far?
PKI has been getting a lot of bad press of late, but is it justified? Has the technology failed or is it a problem of implementation?

Making PKI simple
There are much simpler things that can be done with PKI if you don’t set out to conquer the world.



EMAIL SECURITY

S/MIME - the reality of interoperability
People assume that when they buy an S/MIME compliant email application they can send digitially signed and encrypted emails to any other S/MIME compatible client.
The reality however is somewhat different...

The problems with Secure Email
Find out why "Silver Bullet" Email security is problematic. Learn to fully protect your data simply and securely while avoiding complex interactions between proprietary systems.



GENERAL SECURITY

Self-extracting exe files - the hidden dangers
Self-extracting (decrypting) EXE files were developed so you didn’t have to install proprietary software in order to share protected files. But they also pose a significant, hidden risk to your organization, making them more flawed than the cryptographic algorithm DES already abandoned by industry.

Security can be Simple and Secure
There has always been an attitude of 'no pain, no gain' in the security industry. If one was to believe some of the comments made then you could be forgiven into thinking that security has to be complex in order to be secure...

ID & Password or PKI for your security?
This paper reviews the arguments for and against each mechanism.

The problems with Passwords
Most current Internet password systems are flawed.  This paper explains how such  systems came about and a new route forwards.



INTERNET SECURITY

Spoofing - Arts of attack and defense
How to spot and avoid potential spoof attacks.  Covers DNS spoofing, IP address spoofing, email address spoofing, link alteration, name similarity and content theft.

How do you deal with Internet fraud?
Covers fraud that uses Internet technology as an integral part of the fraud and fraud that is already taking place by other means where the Internet is merely  another method of delivery.

The changing face of web security
Are we winning or losing the battle of web security?  Read this white paper backed by industry figures to ensure you are aware of the facts.

Authentication - who's site is it really?
Whilst a lot of work seems to have been done on personal authentication, little or no  work has been done over or about web site authentication to users.  Users should be  just as entitled to authenticate web sites as web sites are to authenticate them.

How do you know where information came from?
In the ordinary world of the Internet you don’t really know where information comes from - a web site that you first linked to, or a completely different site.  Hackers can  also alter information without you being aware of any change. How can the person receiving the information to be aware that anything is wrong?

A matter of trust or is it?
Who do you know who you are really dealing with when disclosing your personal / credit card  details over the Internet?  This explains the current methods available for proving the identity of a  web site and explains why they fail. It offers an alternative solution to the problem of web site authenticity.

Why web site logos are phony security
Probably the worst possible kind of Internet security we have today is the ‘secure site logo’.  Read why.

It can't be fraud - or is it?
Bad commercial behaviorand practice may be no different from fraud as far as the customer is concerned.



SSL (SECURE SOCKETS LAYER)

SSL - A false sense of security
There are a lot of misleading statements about what SSL actually protects.  This spells out the truth.

Why SSL is not enough to secure your credit card details
SSL is the security technology everyone uses to be sure that their web connections are secure.  But it does not provide the security that users believe?

SSL - The condom that protects the pipe
For the last five or so years, SSL has been paraded as the technology that secures the Internet.  All you have to do is look and see the padlock on the bottom of the  screen and you can be sure it’s safe.  Is it true?

What does SSL 128 bit encryption achieve?
Is 128 bit SSL encryption secure or is the implementation at fault?



BIOMETRICS

Biometrics - A problem or a solution?
Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems.




 SSL Spoofing in Action


ssl spoofing demo  So you think this padlock icon means your credit card details are safe during e commerce transactions?

Dartmouth EDU spoofed site demo

"We believe that there can be no secure electronic commerce on the Web until the Web Spoofing vulnerability has been addressed" - Princeton University


 Security Glossary


Information security glossary

Explains the most common information security terminology


 Security & Technical Tutorials


Tech Tutorials
Free tutorials addressing a wide range of computer topics including security across various Operating Systems.


 Security Links


Links to useful security sites


 Security Facts


credit card fraudidentity fraud  In 2002 Identity fraud cost businesses
     $6 billion.

internet fraudonline fraud  In 2001 $700 million in online sales
     was lost to fraud.

password encryption, passwordsssl, secure sockets layer  Passwords and SSL are powerless
    against determined hackers

email securityinternet security  80% of major US companies monitor
     their employees Email & Internet use

credit card theftencrypted  Only 45% of credit card details stored
     on merchants servers are encrypted

internet fraudweb fraud, fraud on the internet  At least 25,000 web sites sell phony
     goods. They flourish because
     customers can never be sure of the
     legal validity of the web entities they
     deal with

email scamsinternet scams  Email scams continue to flourish
     despite software being available that
     solves this problem


 Security Issues in the News


Related security issues in the news.  

fake web site  Can you tell which one is the fake site?
web security locks seals  Seals, locks, don't assure web security
IE bug undermines SSL security  IE flaw undermines SSL security
email scam ebay  Ebay users fall foul of email scam
email scam ebay  Top 10 flaws in ecommerce sites

information security news 


 Other Organization's works


Papers written by Princeton University and Dartmouth college.

web spoofing  Web Spoofing an Internet con game

web spoofing Web Spoofing revisited - SSL & beyond


Papers written by Simon R Grant & Steve Mathews

certificate authority (ca)  What Root Certification Authority can you trust?  Australia shows you the way


Other Useful Documents

certificates and PKI  Explanation of certificates and PKI

security on the internet, internet security  Security of the Internet 

security on the internet, internet security  ISO / IEC 17799
 


public key infrastructure, pki, public key cryptography, public key, private key 

it security papers, information security, it security, white papers

 


certificates, certification authority, certification authorities, digital certificates


passwords, password, password protected, password encryption

encryption, encrypt, decrypt, cryptography, protect, secure, it security

spoofing, internet spoofing, web spoofing, spoof attacks, dns spoofing, ip address spoofing, email address spoofing



internet fraud, content theft, id theft

information security, beginners guide to it security, implementing security, security solutions
ssl, ssl security, secure sockets layer, ssl 128 bit

email scams, internet scams, id theft
 
secure email, email security, smime, s/mime, email encryption
 

biometrics

 

© Copyright 2001-2003 ArticSoft Limited.  All rights reserved.  Page updated 11 March 2003.