8-4 What are the most important tools and technologies for safeguarding information resources?

Two methods for Encryption

Secure Sockets Layer (SSL) Secure Hypertext Transfer Protocol (S-HTTP)

Smart Card

a device about the size of a credit card that contains a chip formatted with access permission and other data.

Token

a physical device, similar to an identification card, that is designed to prove the identity of a single user. Small gadgets that typically fit on key rings and display passcodes that change frequently

Secure Hypertext Transfer Protocol (S-HTTP)

another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages, whereas SLL and TLS are designed to establish a secure connection between two computers

Fault-tolerant computer systems

contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service. Use special software routines or self-checking logic built into their circuitry to detect hardware failures and automatically switch to a backup device.

Digital Certificates

data files used to establish the identity of users and electronic assets for protection of online transactions. uses a trusted third party, known as a certificate authority (CA), to validate a user's identity.

Secure Sockets Layer (SSL)

enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session

Intrusion detection systems

feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks to detect and deter intruders continually. Generates an alarm if it finds a suspicious or anomalous event.

Deep packet inspection (DPI)

helps solve this problem of slow network connection. examines data files and sorts out low priority online material while assigning higher priority to business-critical files. based on the priorities established by a networks operators, it decides whether a specific data packet can continue to its destination or should be blocked or delayed while more important traffic proceed.

Two factor authentication

increases security by validating users through a multistep process. A user must provide two means of identification, one of which is typically a physical token, such as a smartcard or chip enabled back card and the other is typically data, such as a password or personal identification number (PIN). Biometric data can also be used as one of the authenticating mechanisms.

Passwords

known only to authorized users. uses specific word to long on to a computer system and for accessing specific systems and files

Managed security service providers (MSSPs)

monitor network activity and perform vulnerability testing and intrusion detection. AT&T, SecureWorks, Verizon, IBM, and Symantec are leading providers

Firewalls

prevent unauthorized users from accessing private networks. A combination of hardware and software that controls the flow of incoming and outgoing network traffic. Generally placed between the organization's private internal networks and distrusted external networks, such as the Internet, although firewalls can also be used to protect one part of a company's network from the rest of the network. Acts a gatekeeper that examines each user's credentials before it grants access to a network. Prevents unauthorized communication into and out of the network

Antivirus software

prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware. Most are effective only against malware already known when the software was written. Must be continually updated. Not always effective because some malware can evade antivirus detection. Need to use additional malware detection tools for better protection.

Encryption

process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver.

Downtime

refers to periods of time in which a system is not operational

Authentication

the ability to know that a person is who he or she claims to be. Established through passwords

Public key infrastructure (PKI)

the use of public key cryptography working with a CA, is now widely used in e-commerce.

Unified threat management (UTM)

to help businesses reduce costs and improve manageability, security vendors have combined into a single appliance various security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti spam software. -Fortinent, Sophos, Checkpoint

Online transaction processing

transactions entered online are immediately processed by the computer. Multitudinous changes to databases, reporting, and requests for info occur each instant.

Biometric authentication

uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny access. Based on the measurement of a physical or behavioral trait that makes each individual unique. Compares a person's unique characteristics against a stored profile of these characteristics to determine any differences between these characteristics and the stored profile.

Public key encryption

uses two keys, one shared (or public) and one totally private. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key.