The Security Guide Security Guide RSS Feed


Internet and Data Security Knowledgebase

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 


E-Mail encryption E-mail is the most widely used online communication medium. Yet it is based on insecure protocols, with no authentication and no security.
Anyone can send an e-mail with a fake header, pretending to be anyone else, and once sent, anyone listening in can see the full text of the message, where it came from and where it's going.
PGP, which stands for Pretty Good Privacy, is an e-mail mechanism that was invented to solve both the authentication and the encryption part.
The way authentication and encryption works in with PGP is called Public Key Cryptography. Each person who wants to authenticate or encrypt messages needs to first create what's called a private and a public key.
The private key is what they need to keep secret, and the public key is what they publish online, and what other people use both to encrypt messages for them, and verify their identity.
PGP, and the open source alternative, GPG, is the most popular implementation, but there are other solutions such as S/MIME.
EVC Secure web connections The current system provides a padlock showing that your connection is encrypted when you connect to a secure web site. It does not however provide authentication information.
Malware sites can get their own certificates and pretend they are your e-commerce, e-mail or banking site, and show up with a padlock on your screen.
The new system of certificates called EVC allows the latest browser versions to not only show a padlock, but the name of the company behind the web site. They are recognizable by the green bar in your browser.
These certificates are provided after extensive offline verification, proving that the site you are connecting to is not only encrypted, but truly the site you believe it is.
On top of the green bar and name of the company, clicking on that name will easily show you extra information such as the organization that did the extensive background check of that web site.
Easter Egg An unexpected æfeatureÆ built into a computer program by the author.
Eavesdropping Listening to the information as it is transmitted over the air.
Elevation of privilege When a user (particularly a malicious user) gains more access rights than they normally have.
Email filter Software that scans incoming email for spam or other unwanted material and filters it accordingly.
Encryption The process of converting data into cipher text to prevent it from being understood by an unauthorized party.
Escrow When money or other assets are held by a trusted third party pending completion of a transaction.
Expertise Smaller IT departments may lack personnel with appropriate security expertise. This can lead to overlooked security issues. In this situation, using standard security templates can be beneficial.

© RuleWorks - All Rights Reserved - Policy -