Wednesday, June 5, 2019
The Basic Concepts Behind Data Bases Information Technology Essay
The Basic Concepts Behind Data Bases In  replaceation Technology EssayDatabases are collection of raw  accompaniment and figures or in single word we  gutter say data in digital form, databases are classified on the basis of their content  worry text document, bibliographic and statistical etc. Databases are managed by software c everyed DBMS (Database Management System), DBMS are responsible of storing, retrieving,  get toing,  protective cover, backup and querying the data as fast as possible and in  roughly efficient way.One of the most  rely DBMS in market is ORACLE DBMS. ORACLE is the most trusted in market and almost each and every organization uses it. One of the best security features of ORACLE is Secure Database Access.SDA is based on  triad things which areUnder USER MANAGEMENT comes how much space has to be provided to each user, what level of access has to be provided to users, the space and rights of  star user does  non interfere with other. Under PASSWORD MANAGEMENT co   me the default passwords of users, defining the password complexity, deciding the password expiry time limit, password lock  quickness etc. Under RESOURCE LIMTS comes deciding CPU time, logical reads, concurrent session per user, idle time, amount of private SGA for shared sessions.The above mentioned security features comes with  each enterprise level operating  formation for example SUN SOLARIS a UNIX flavored OS has all this security features where  there is separate file system for all users, each and every file system and file has access permission  define for the root, the user and others, passwords for each user is there and they are stored in encrypted form and for each and every user the resources are defined.Briefly describe the purpose of firewalls and how they work, including a comparison of at least three principal types.Firewalls are a type of hardware or software which is used to protect the system or network. Firewall acts as fences a assail the system or network whi   ch do not allow anybody who wants unauthorized access or after access tries to do some sort of damage.To protect ones data and network Firewalls employ a  bit of technologies, of which the   come out of the closeting line one is simple set of rules means all the ports should be closed initially and as one goes with applications there must be ports defined for them and  just now those ports are opened for those applications to use, open ports are like holes which any hacker  jackpot use to access your system. There are 2  physiological types of firewalls software and hardware, software firewalls are mostly used in  root environment like the one provided by Nortel and McAfee, they are responsible for protecting you home pc against any sort of external attack. Hardware firewalls are commonly used in business environment, they are dedicated units which  pee-pee the external  knowledge domain plugged in  eruptside and the trusted network from  inner(a) and they are often available as a p   air so that failure of one unit does not make the network open for attack. Both type of firewalls use a number of different techniques to keep your system and network safe, the first thing described is a rules based or packet filter system, here all data in and out is s micklened to see that is in and out to trusted ports on the system and possibly even trusted IP addresses.Proxy server, this is in between the outside world internet and the trusted inside world network it scans all packets of data and make sure if they meet the packet filter rules before passing data to the machine in the trusted network. This adds a layer of security by never allowing the internet system come in direct contact with the trusted machine, network address  deracination do not make your internal IP address visible to the internet. A proxy server is great against brute force attacks.What are the differences between  normal key encryption methods and symmetric key encryption methods?  enchant provide one    example of each category.The  cryptanalytic technique based on two keys  a public key available to all and a private/secret key known only to the person intended to  stir it. An important part to the public key encryption is that the keys are related in such a manner that only the public key can be used in encryption of the messages and only the corresponding private key can be utilized in decryption of messages. By no chance one can get private  employ the public key.Public-key encryption like Pretty Good Privacy (PGP), are growing in popularity for transferring  cultivation through internet. They are highly secure and comparatively simple to use. The one difficulty with public-key encryption is that one need to be aware of the recipients public key so that he/she can encrypt a message. What is required therefore is a global registration of public keysSymmetric key encryption for both encryption and decryption uses a  very(prenominal) secret key. Exchange of message requires exchan   ge of keys also among users. Message encrypted with secret key can only be decrypted with same secret keySecret-key algorithm is used in symmetric key encryption. Symmetric key encryption techniques are also called content-encryption algorithms.The  massive limitation of secret-key algorithm is the requirement for sharing the secret-key. This can be overcome by deriving the same secret key at both ends by using a user supplied text string or we can say password based on password-based encryption algorithm, other way round is to securely exchange the secret-key among themselves.Size of the key defines the strength of the symmetric key encryption used.Consider the following  picture text EHWWHU EH GHVSLVHG IRU WRR DQALRXV DSSUHKHQVLRQV WKDQ UXLQHG EB WRR FRQILGHQW VHFXULWB (Edmund Burke)a) Decipher the cipher text above using a 26- portion Caesar Cipher. Explain your reasoningExplain how you would quickly determine if the above cipher text is the result of a simple  alternate or a tra   nsposition cipher, also explaining the difference between each.  divert justify your answer.The cipher text gets decrypted to BETTER BE DESPISED FOR TOO  anxious(p) APPREHENSIONS, THAN RUINED BY TOO CONFIDENT SECURITYA shift of 3 was used to give the output as the quote mentioned above. The above cipher can be determined as simple substitution cipher as we can list down the two alphabet words in English and shifting each alphabet to certain position gives any one of the word.Substitution cipher is all about replacing one character or alphabet with other and transposition cipher is all about jumbling of the words together instead of replacing characters, transposition cipher changes the order of the characters and can be analyzed by frequency analysis.Unfortunately your computer has been infected by some malicious code and you do not know when this  transmittance happened. Luckily you have performed backups on a weekly basis since you acquired your computer. Your idea is to use the b   ackups starting from the beginning, rebuilding the first backup and so on, applying all changes in order. Discuss the feasibility of this approach offering  slipway to improve it, if necessary.This is the safest way of rebuilding computer again and would definitely solve the issue as this is the  in small stages step by step up gradation of the system and would bring the system to state where it was infected but without the problem. What I feel like if we start restoring the system from back rather than doing from start and checking for the stability of the system. This approach saves time and effort as after restoring first only you have the probability of  work out the issue or what we can do is not do one by one incremental steps but keep an interval of the backups and do.Please compare and contrast  nonessential  solvent plans and business continuity plans. List heir key elements (what would one expect to see in such a document?)The  hazard  answer plan is defined as what make u   p a security  accident and highlight the phases of incident response. The incident response plan document is focused on how information reaches the appropriate personnel, investigation of the incident, bringing down damage and  outline to respond, documentation and evidence preservation. The incident response plan consists of responsibility area and pen down and brings in effect procedures for handing security incidents. The document emphasizes on the considerations required to create an incident response plan.The incident is formulated to safeguard against intrusion to organizational resources. An incident is defined as information confidentiality loss, data integrity compromise, theft or damage of IT assets like computer,  newswriter etc, service denial, misuse of assets or services or data, system infection by malicious software, unauthorized access, system abnormal behavior, alarms for intrusion detection and their responses.The incident response goals are incident occurrence ve   rification, business restoration continuity, minimized incident impact, determine the way of attack, prevention against future attacks, response time of security and incident should be improved, illegal activity prosecution, situation and response has to be made aware to management.The incident response life cycle begins by incident preparation, then comes the discovery of the incident, notification, analysis and assessment, response strategy, containment, re infection prevention, affected system restoration, documentation, preservation of evidence, external agencies notification, update policies and response review.The business continuity  proviso is required for making an organization safe from internal and external threats and identifies the soft and hard assets to provide effective recovery and prevention of the organization. The following threats are there to an organization asStaff death or injury, building are damaged, loss of communication and IT infrastructure, disruption i   n transport making staff unavailable,  nidus and demoralization in staff, other business disruption or closing down on which a company is dependent, reputation damage and business change  aims. To cover up the following threats following steps should have been planned sufficient workforce with right expertise and motivation to manage and lead the organization, access to key IT system and records, staff communication should be reliable and clear, ability of paying the staff in case of crisis also, product and services procurement and media demand responses. The steps involved in developing a business continuity plan in systematic way are analysis of business, risk assessment, strategy development, plan development and plans should be rehearsed.One hundred years ago, Louis Brandeis and Samuel Warren warned us that, Numerous mechanical devices threaten to make good the prediction that what is  mouth in the closet shall be proclaimed from the housetops.Cryptography is an enabling techno   logy for self-help privacy. Conversely, cryptography can be used to conceal criminal conspiracies and activities, including espionage.a) How have computers changed the ways in which we have to keep certain information private?b) What new threats do computer systems and networks pose to personal privacy? Conversely, what threats are enabled or  intensify by computer systems and networks?c) How does cryptography help or hinder protection of privacy and public safety?d) What policies are needed and appropriate in a networked world regarding the use of cryptography?e) Consider a public key encryption. Ann wants to send Bill a message. Let Annpriv and Annpub be Anns private and public keys respectively. The same for Bill (Billpriv and Billpub).i) If Ann sends a message to Bill, what encryption should Ann use so that only Bill can decrypt the message (secrecy)?ii) Can Ann encrypt the message so that anyone who receives the message is assured that the message only came from Ann (authentici   ty)?iii) Is it possible for Ann to devise a method that will allow for both secrecy and authenticity for her message? Please justify your answer.Computers help a lot in keeping private informations secure. With all the security features into the system like firewalls and other security features one can keeps his/her information secure from un authorized access. Initially for keeping the information private one has to classify the physical files or documents having information as classified or confidential and have to be kept in safe custody so that unauthorized access is not there, the initially the information transfer has to be taken through physically under supervision but with computers and secure software systems and various encryptions which are efficient and complex to break, transport of information has  decease easy without any extra effort. With increasing use of information technology in form of computers has also created new types of threats where hackers who are experts    in breaking the system security and network security and get easy access of ones private data. People use the information transfer and other IT means to transfer information which cannot be scanned by authorities for example terrorist organizations uses the networks and other safe methods to transport the information which could not be easily get hold of decrypted by organizations  working against them.The biggest advantage of public key cryptography is the secure nature of the private key. In fact, it never needs to be transmitted or revealed to anyone. It enables the use of digital certificates and digital timestamps, which is a very secure technique of signature authorization. We will look at digital timestamps and digital signatures in a moment, but as discussed above cryptography can be used by organizations or individuals involved in wrong activities to transfer data which cannot be caught or decrypted by authorities working against them, hence cryptography can go against wor   ld peace. Cryptography use should be mandated for the right purposes.There are few cryptographic policies that have been challenged, both literally and figuratively. In particular export controls, key escrow and government control have been issues argued recently, with final decisions still unresolved. International agreements and foreign decisions regarding these topics have influenced the current U.S. position.Ann should use the public key encryption method to send a message to Bill.Ann can create her digital signature of the message using the private key which can be verified using public key to see message is authentic.Yes Ann can use public key encryption for encrypting the message to maintain the confidentiality or secrecy of message and she can use digital signatures with public key encryption to maintain the authenticity of the message.  
Subscribe to:
Post Comments (Atom)
 
 
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.