Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Every registered user of Paul Gray\'s online share trading company is advised to

ID: 3597451 • Letter: E

Question

Every registered user of Paul Gray's online share trading company is advised to read the safety and privacy page of the portal. As a secure portal, it has Secure Socket Layer (SSL) as a security measure. Gray has asked you to help him with this aspect of security as well. On the basis of your understanding, respond to the following:

In addition to SSL, which other security measure may be deployed to ensure the privacy of users in an online environment? Provide at least two security measures and explain why they would be beneficial. What benefit does each provide to the user? How can the user be sure it is working properly?

As many of Gray's clients would also like to know about tax saving measures when they trade, Gray has hired Steve Davis as a tax consultant. Davis works from home and travels to his clients all over the country. Occasionally, he visits client sites, and takes his laptop with him on all such trips.

Gray has asked for recommendations for Davis on the following as well:

Which top two security measures should he take to ensure that his data and the connection to Gray's network are best protected against attack? Describe the security provided by each measure and explain why it is important. Defend your choice of measures in the discussions that follow.

Are these two measures sufficient to call the laptop secure? Why or why not? If not, what aspect of security is still missing?

Explanation / Answer

In addition to SSL, the security measure that may be deployed to ensure the privacy of users in an online environment are as follows:

Secure E-mail

Standard Internet e-mail is usually sent as plaintext over networks. Intruders can monitor mail servers and network traffic to obtain sensitive information.

There are currently two actively proposed methods for providing secure e-mail security services: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME). These services typically include authentication of the originator and privacy for the data. They can also provide a signed receipt from the recipient. At the core of these capabilities is the use of public key technology and large-scale use of public keys requires a method of certifying that a given key belongs to a given user.

PGP is a military grade encryption scheme available to all computer users. It works using paired sets of keys. The public key can be used to encode a message that can only be decoded with the matching private key. Likewise, e-mail "signed" with a private key can be verified as authentic with its matching public key.

S/MIME is the same cryptographic method used for secure e-mail, adopted by every major e-mail vendor in the industry. S/MIME uses public key cryptography to digitally sign and encrypt each message sent between trading partners. This ensures that not only can the message not be read, but also that the message came only from the sender and was not altered in transport.

Encryption File System

Data encryption has become an increasingly important factor in everyday work. Users seek a method of securing their data with maximum comfort and minimum additional requirements on their part. They want a security system that protects any files used by any of their applications, without resorting to application-specific encryption methods.

In today's world of advanced technology, your electronic records are your business. Previously, using networked computers or remote laptops meant either sacrificing productivity or risking loss. Traveling with copies of important business databases was out of the question, but not anymore.

Today, critical enterprise information no longer resides solely on mainframe computers or central servers. Strategic planning, research, product development, marketing data, third-party information, and other corporate secrets are widely distributed on individual computers throughout an enterprise. These workstations, regular desktop computers, individual computers in home offices, and notebook computers are the most numerous, most vulnerable entry points to any enterprise, and they're all open to intrusion and theft. Even if an enterprise uses advanced network access security, an unattended workstation offers instant access to files on the hard drive and also the network. Similarly, a stolen notebook computer offers easy access to critical data by competitors, unauthorized employees, and others whose knowledge of such information can profit at the expense of the victimized organization.

To solve the problem of attackers being able to read the files on the disks, you can use Encrypting File System (EFS). EFS is a new feature in Microsoft Windows 2000 that allows the protection and confidentiality of sensitive data by using symmetric key encryption in conjunction with public key technology. Only the owner of the protected file can open it and read just like a normal document. EFS is integrated into the NT file system (NTFS). You can set the encryption attribute for folders and files just as you would for other attributes.

EFS provides users with privacy. Besides the user who encrypts the file, only a designated administrator can decrypt the file in cases of emergency recovery. EFS is a transparent operation in which file encryption does not require the user to encrypt and decrypt the file.

Top two security measures that should he taken to ensure that data and the connection to network are best protected against attack are as follows:

SSH Keys

SSH keys are a pair of cryptographic keys that can be used to authenticate to an SSH server as an alternative to password-based logins. A private and public key pair are created prior to authentication. The private key is kept secret and secure by the user, while the public key can be shared with anyone.

To configure the SSH key authentication, you must place the user's public key on the server in a special directory. When the user connects to the server, the server will ask for proof that the client has the associated private key. The SSH client will use the private key to respond in a way that proves ownership of the private key. The server will then let the client connect without a password.

How They Provide Security?

With SSH, any kind of authentication, including password authentication, is completely encrypted. However, when password-based logins are allowed, malicious users can repeatedly attempt to access the server. With modern computing power, it is possible to gain entry to a server by automating these attempts and trying combination after combination until the right password is found.

Setting up SSH key authentication allows you to disable password-based authentication. SSH keys generally have many more bits of data than a password, meaning that there are significantly more possible combinations that an attacker would have to run through. Many SSH key algorithms are considered uncrackable by modern computing hardware simply because they would require too much time to run through possible matches.

VPNs and Private Networking

Private networks are networks that are only available to certain servers or users. For instance, in DigitalOcean, private networking is available in some regions as a data-center wide network.

A VPN, or virtual private network, is a way to create secure connections between remote computers and present the connection as if it were a local private network. This provides a way to configure your services as if they were on a private network and connect remote servers over secure connections.

How They Provide Security?

Utilizing private instead of public networking for internal communication is almost always preferable given the choice between the two.

Using a VPN is, effectively, a way to map out a private network that only your servers can see. Communication will be fully private and secure. Other applications can be configured to pass their traffic over the virtual interface that the VPN software exposes. This way, only services that are meant to be consumable by clients on the public internet need to be exposed on the public network.

These two measures are sufficient to call the laptop secure because

Many SSH key algorithms are considered uncrackable by modern computing hardware simply because they would require too much time to run through possible matches.

A VPN is, effectively, a way to map out a private network that only your servers can see. Communication will be fully private and secure

Related Questions

Every few years, the National Assessment of Educational Progress asks a national
Question #3246375
Every few years, the National Assessment of Educational Progress asks a national
Question #3261091
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #778515
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #1567713
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #1616292
Every few years, winds in Boulder, Colorado, attain sustained speeds of 45.0 m/s
Question #2030908
Every field of study is replete with questions that are controversial and diffic
Question #123260
Every file has a name and might also have a file extension. The rules that speci
Question #3813799
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Every reference I find says that they are \"essentially\" the same, which we all
Next
Every registered user of Paul Gray\'s online share trading company is advised to

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.