Don’t Choke on Food in the South

Two hillbillies walk into a restaurant. While having a bite to eat, they talk about their moonshine operation. Suddenly, a woman at a nearby table, who is eating a sandwich, begins to cough, and after a minute or so, it becomes apparent that she is in real distress.

One of the hillbillies looks at her and says, ‘Kin ya swallar? The woman shakes her head no. Then he asks, ‘Kin ya breathe?’

The woman begins to turn blue and shakes her head no.

The hillbilly walks over to the woman, lifts up her dress, yanks down her drawers and quickly gives her right butt cheek a lick with his tongue. The woman is so shocked that she has a violent spasm and the obstruction flies out of her mouth. As she begins to breathe again, the Hillbilly walks slowly back to his table.

His partner says, ‘Ya know, I’d heerd of that there ‘Hind Lick Maneuver’ but I ain’t niver seed nobody do it!

Thawte Notary 10 Points

Today I took the train for about an hour and stopped at Kawasaki to meet a Japanese guy who worked at IBM. We filled out the necessary forms right there in the train station and then I had to fight rush hour traffic for an hour to get back home. That was my first time to Kawasaki and it was neat to meet another person with the same interests, but our conversation did not get too deep because he didn’t speak English and my Japanese speaking abilities doesn’t really get into technical words. It was an experience and now I’ve only got 90 more points to go in order to become a notary myself. Along the train ride I passed a place Shitte, I can’t say that I would want to live in Shitte town. Below is a photo of that. The second photo is inside Kawasaki train station. As you can see, it was pretty busy.

dsc03192dsc03193

Thawte Notary

I have recently embarked on a new venture and it is to obtain a Thawte web of trust notary status. In order to obtain this status I have to accumulate 100 points by meeting with different people face to face and filling out paperwork that verifies we met face to face and showing my identification to prove I am who I say I am. The notary who is validating my identity must maintain a record that we have met in person and protect this information for up to 5 years. Different notaries are able to give different amounts of points based on how many people they have notarized with a maximum of 35 points. This venture will give me my name on my digital certificate as well as notary status so that I will be able to assist others with getting their names on their digital certificates too. It may not be too impressive to most people, however having private data being protected when transmitted via electronic mail usually makes me feel a little bit safer. At first I didn’t think this was going to be very much fun at all, but once I met a couple different people, it is actually pretty fun to go places I probably normally would not go and meeting other people with the same interests as me. I will keep a log and track each place I go on upcoming posts.

Billy Bob Gets Deflowered

In a small town in Tennessee, Big Bubba decides it’s time for his son, 14 year old Billy Bob, to learn the facts of life. He takes him to the local house of ill repute, which is fronted by a beauty parlor.

Bubba introduces Billy Bob to the madam, and explains that it’s time for his indoctrination to sex.”

The madam says, “Bubba you’ve been such a good customer over the years, I’m going to see to this personally.”

So the madam takes Billy Bob by the hand and leads him upstairs, where she completes his deflowering.

Later, as they are walking downstairs the madam says, “Since this is your first time, I’m going to see that you get the full treatment before you leave, I’m going to give you a manicure.”

Two weeks later Bubba and Billy Bob run into the madam on the main street. Billy Bob is acting a little shy. so the madam smiles and says,

“Well, Billy Bob, don’t you remember me?”

“Yes ma’am the boy stammers, “You’re the lady that gave me the crabs and then cut off my fingernails so I couldn’t scratch ’em.”

Internet Protocol Security (IPsec)

Abstract
The purpose of this document is to provide a basic knowledge and understanding of the Internet Protocol Security otherwise known as IPSec to include additional protocols that are used as part of the IPsec suite. This document is intended for anybody looking to gain a basic knowledge and understand of what IPSec is and how it works.

Content
In order to ensure the confidentiality of data on a network there may be a need to use different forms of encryption or encryption techniques. The Open Source Interconnect (OSI) model can be used as a guideline to know how data is being protected and at which layer of the OSI model the data is being protected at (Teare, 1999). The seven layers of the OSI model are:

Application
Presentation
Session
Transport
Networking
Data link
Physical

One of those methods to ensure data is secure is by using Internet Protocol Security, otherwise known as IPsec. IPsec functions at the Networking Layer, which is the same layer of the OSI, model that the Internet Protocol works at. Because IPsec works at the Networking Layer all of the Layers above the Data Link Layer are being protected. Other security systems like SSL, TLS, and SSH, function at higher levels of the OSI model and a system needs to be designed to incorporate these security systems, however due to IPsec functioning at the Networking Layer it is more flexible and systems do not need to be designed to use IPsec.

IPsec uses different protocols to authenticate and encrypt each packet within a data stream. IPsec is a framework of open standards that uses protocols like Inter Key Exchange (IKE and IKEv2), Authentication Header (AH), and Encapsulation Security Payload (ESP) to ensure secure communications. During the beginning of a session of communications between hosts, the IKE protocol establishes a mutual agreement of which shared secret key will be used during a session. The sessions of secure communications can be established between different hosts, gateway and hosts, and gateway and firewall. Once two hosts establish which cryptologic key will be used secure communications can begin. When a packet is sent from one host to another the receiving host uses the AH protocol, which ensures the integrity of a packet and that the packet is being sent from an authenticated host. The authentication header protects against replay attacks by using a “sliding window technique” that discards any aging packets (Network Sorcery, Inc., 2004). The Encapsulation Security Payload (ESP) transforms the data by encrypting it with an encryption algorithm key and then repackaging the datagram to include and ESP header, ESP trailer, and ESP authenticated data. Even though IPsec sounds like one form of encryption it is actually a suite of protocols that are used in conjunction with each other by using their own methods to ensure the data is being transferred from one host to another securely.

In conclusion, IPsec is actually a suite a protocol that function at the network layer of the OSI model to ensure data is being transferred from one host to another securely. As part of the IPsec suite the inter key exchange, authentication header, and the encapsulation security payload each perform their own function and build upon each other. The inter key exchange protocol is responsible for negotiating from one host to another to come to a mutual agreement on which shared secret key will be used. The authentication header protocol is responsible for ensuring the integrity of the data and protecting against replay attacks. The encapsulation security payload is responsible for encrypting the data and transforming the datagram so that the remote host can successfully decrypt the datagram and read the data.

References
1. Teare, Diane (1999). Internetworking Technology Handbook – Internetworking Basic – Cisco Systems. Retrieved March 13, 2009, from Internetworking Technology Handbook – Internetworking Basic – Cisco Systems Web site: http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Intro-to-Internet.html#wp1020580
2. (2004, June 7th). AH, Authentication Header. Retrieved March 13, 2009, from Network Sorcery, Inc. Web site: http://www.networksorcery.com/enp/protocol/ah.htm

Pretty Good Privacy

Abstract
The purpose of this document is to provide a basic understanding Pretty Good Privacy (PGP) and how it applies to message security. Also included within this document is an explanation to provide a basic understanding of what functions PGP performs to ensure a message is secured. Finally this paper explains why the first two octets (16 bits) of the message digest are translated in the clear and how the writer views this as an issue to respect of security compromise of the hash algorithm.

Content
With more and more governments, businesses, and people using the Internet more and more of our information is becoming digital and thus creating an increased demand for the security of personal or private information. One method for ensuring information is being protected is to encrypt e-mail or message traffic. There are different means of encrypting messages, however one method called Pretty Good Privacy, or PGP for short, was created by Phil Zimmerman to “create an awareness of the privacy issue in the digital age (Poole, Caftori, Lal, Rosenburg, 2005).”

Pretty Good Privacy (PGP) is a computer program that provides encryption and authentication to increase the security of e-mail communications. PGP binds a message to an e-mail address or a username with the use of the public-key cryptography. Because PGP uses the public-key cryptography it uses a public and private key. PGP can be used with a “Web of Trust” or through an automated key management server architecture for public key distribution, however the private key kept secure by the user. When a message is encrypted the private key is used to encrypt the message, which can be a key based off the RSA, DSS, or Diffie-Hellman encryption algorithms. The combination of the digital signature, which uses a SHA-1 for hash coding, in conjunction with the RSA provides an effective digital signature scheme. After a user generates a message they wish to encrypt the SHA-1 generates a 160-bit hash code of the message (Stallings, 2007, p.439). The hash coded is then encrypted with the user’s private key and the result is placed at the beginning of the message. Once the recipient of the message receives the message, the sender’s public key is used to decrypt the message and obtain the hash code. The receiver of the message then generates a new hash code of the message and then the two hash codes are compared. If the hash code obtained from the sender’s message and the generated hash code from the receiver match, then the message is considered authentic.

The message digest is the 160-bit SHA-1 hashed code that is encrypted using the message sender’s private key. Using the signature timestamp and combining this with the message calculate the message digest. Because the digest uses the signature timestamp, this helps to protect against replay attacks. The first 16 bits of the message digest are not encrypted, but are actually used by the receiver of the message to identify if the correct public key was used. Although this may seem like a security vulnerability because the first 16 bits are not encrypted, it actually is not because these first 16 bits are used as a frame check for the message. The frame check is able to take place by the message recipient by using these first unencrypted 16 bits and comparing them to the first 16 bits of the decrypted digest and thus performing authentication of the message (Stallings, 2007, p.448). When the process is broken down, it is apparent that the first 16 bits that are in plaintext are not a security vulnerability, but rather used to compare the decrypted digest with these plaintext bits for a message frame check and authentication purposes.

In conclusion, Pretty Good Privacy was first developed by Phil Zimmerman to produce awareness of ensuring private data is secure. Pretty Good Privacy is widely used today and works by using public-key cryptography and methods of a web of trust or automated key management servers to distribute public keys. The process PGP uses to encrypt and decrypt messages is an elaborate process, which includes using 16 bits of plaintext in conjunction with a decrypted message digest to authenticate the message sender’s public key. When asked if these unencrypted first 16 bits of the message digest pose a security concern the answer can clearly be stated, “The plaintext 16 bits of the message digest pose no security threat to the hash algorithm.”

References
1. Poole, Caftori, Lal, Rosenburg, Bernie, Netiva, Pranav, Bob (2005, November 7th). A Tutorial for Beginners to PGP. Retrieved March 14, 2009, from A Tutorial for Beginners to PGP Web site: http://www.pitt.edu/~poole/PGP.htm
2. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 439-448). Upper Saddle
River, NJ: Pearson Prentice Hall.

I Was Drugged

Digital Signature Properties

Abstract
The purpose of this document is to explain specific properties that a digital signature should have. This document also provides an explanation of the differences between direct and arbitrated digital signatures. Lastly this document explains what a suppress-replay attack entail. This document is intended for anybody looking to gain a basic understanding or a general knowledge about different types of digital signatures and vulnerabilities.

Content
When working with computer security, information assurance, information privacy, etc. there may be a time when you may have to deal with digital signatures. It is good to know a little bit about digital signatures including the properties of a digital signature. There may also be a time that you might want to know differences between digital signatures. You may also want to know about security vulnerabilities when dealing with digital signatures. Instead of going out and finding trusted sources for information and then having to research each specific item, you can look no further and find the information you are looking for right here.

There are some properties that a digital signature must have in order to serve its purpose. A digital signature must be authentic (Leiwo, 2003). This means that person who signed the document deliberately did so. A digital signature must be unforgeable. This means that somebody else cannot act on behalf of a person and only the signer is the individual who signed the document. The signed document must be unaltered. This means that after the document was signed, nothing within that document has changed. Digital signatures must not be reusable. This means that after a document has been signed, any part of the document cannot be used elsewhere. Digital signatures cannot be repudiated. This means that once a document is digitally signed, the signer of the document cannot say that they did not sign the document. If any of these properties do not exist for a digital signature the whole digital signature scheme collapses and is essentially unusable. The properties that a digital signature must have pertain to the sender of the document is who they say they are, the receiver of the document is who they say they are and that no part of the document was changed, altered, or allowed to be used at a later point in time.

In order to better understand direct digital signatures and arbitrated digital signatures, it is first important to know what the differences are. A direct digital signature is a signature that a sender of a message contacts the receiver and gives the receiver the sender’s public key. The sender then sends a secure message to the receiver where the receiver uses the sender’s public key to unencrypt the message and read the contents. Although this method seems more secure than having a 3rd party involved, however there are some drawbacks to it. One major drawback is that the sender can deny sending a message simply by claiming that their key was compromised (Yoon, 2004). Another major drawback is that the security of the message being sent is only as good as the security of the sender’s private key. Lastly, if a digital key was compromised a message could be sent with a compromised key. An arbitrated digital signature is a signature in which a sender sends a message, and a receiver receives a message and that there is a 3rd party that validates the sender is who they say they are, the receiver is who they say they are, and that the message was not compromised in any way. Much like the direct digital signature, the arbitrated digital signature has some drawbacks to it too. A major drawback to an arbitrated digital signature is that there must be a trusted 3rd party involved. The trusted 3rd party needs to maintain an active role in validating entities and contents of messages and therefore provides a bottleneck in message traffic. The arbitrated method does, however, solve the problems seen in the direct digital signatures. Direct and arbitrated digital signatures are methods used to send data from one validated person to another validated person without any data being changed.

A message replay attack is where a legitimate data transmission is delayed or captured and then replayed by an adversary in attempts to gain unauthorized access to data or resources. A replay attack can be used in conjunction with a masquerade where an unauthorized user pretends to be somebody else. There are countermeasures that can be taken in order to prevent these types of attacks from happening. One countermeasure is to use a timestamp on data or a message. Another countermeasure is by using tokens to verify timestamps of messages. Another countermeasure is to use a message authentication code (MAC). They’re using proper precautions these attacks, however, can prevent attacks that are designed to retransmit or delay data in attempt to gain unauthorized access.

In conclusion, digital signatures have certain properties to them that are part of the digital signature design scheme that is aimed at validating a sender, recipient, and a message and the contents of the message. A direct digital signature is where a sender of a message is responsible for ensuring the receiver obtained the sender’s public key securely and the sender’s private key is secure so that a message transfer can take place without any compromise, however there are some drawbacks to this method. An arbitrated digital signature is a method that uses a trusted 3rd party to validate the sender, the receiver, and the message contents and this method was designed to fix some of the drawbacks in the direct digital signature method. One security vulnerability is called a message replay attack, this is where a legitimate transmission of data is delayed or captured and replayed at a later point in time in order to gain unauthorized access, however if the proper security precautions are taken this attack can be prevented.

References
1. Leiwo, Jussipekka (2003, June 16h). Digital Signatures. Retrieved March 5th, 2009, from Cyptologic Protocols Web site: http://www.tml.tkk.fi/Studies/T-110.498/2003summer/Slides/lecture04.pdf
2. Yoon, H (2004, August 26th). Digital Signatures. Retrieved March 8th, 2009, from Digital Signatures and Authentication Protocols Web site: [URL Removed Broken link]

Message Authentication

Abstract
The purpose of this document is to define message authentication, as well as, to identify different types of attacks that message authentication was designed to protect against. This document is intended for anybody looking to gain a basic knowledge or understanding of message authentication.

Content
A Message Authentication Code (MAC) is a short piece of information used to authenticate a message between two parties. The MAC functions by using a message and a secret key to produce a fixed-length value that is used as an authenticator (Stallings, 2007, p.320). The message authentication performs two primary functions. The first function is to use the secret key and the message to produce the authenticator. The second primary function is to enable the receiver of a message to verify the authenticity of a message. A MAC is different from public-key encryption methods, such as digital signatures, because a MAC value is generated and verified by using the same secret key. Message Authentication Code, although similar to a cryptographic hash, does possess different security requirements. Message Authentication Code uses a message and a secret key to produce an authenticator that is used by a recipient of a message to authenticate the origin of the message and verify the authenticity of the message.

Message Authentication was designed to protect information against certain types of security vulnerabilities. Masquerading is the threat of message being sent from a fraudulent source or a fraudulent acknowledgement of a message receipt in which message authentication protects against (Ajarvi, 2001). Another threat that is protected against is the threat of content modification. Content modification is when information that is contained within a message is altered in some way. Sequence modification is a threat of changing the order of messages between parties and is minimized by message authentication. Another threat is called timing modification and this threat consists of delaying or replaying messages in order to gain unauthorized access. Message authentication protects against the security threats of masquerading, content modification, sequence modification, and even timing modification.

In conclusion, message authentication was designed to ensure a message can be sent from one person to another without being modified while in transit and to guarantee the message is being sent from the person the message says its from. Message authentication works by taking a message in conjunction with a secret key to produce a fixed-length item called an authenticator and then once the message is received the receiver of the message can verify the messages authenticity. Message authentication protects against different security threats like content modification, sequence modification, timing modification, and masquerading.

References
1. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 320-321). Upper Saddle
River, NJ: Pearson Prentice Hall.
2. Ajarvi, (2001, March 2nd). Message Authentication and Hash functions. Retrieved March 8, 2009, from Message Authentication and Hash functions Web site:

Two Plastic Bags

A little old lady was walking down the street dragging two large plastic garbage bags behind her. One of the bags was ripped and every once in a while a $20 fell out onto the sidewalk.

Noticing this, a policeman stopped her, and said, “Ma’am, there are $20 bills falling out of that bag. Oh really? Darn it!” said the little old lady. “I’d better go back and see if I can find them. Thanks for telling me officer.” Well, now, not so fast,” said the cop. Where did you get all that money? You didn’t steal it, did you?”

“Oh, no, no”, said the old lady. “You see, my back yard is right next to the football stadium parking lot. On game days, a lot of fans come and pee through a knot hole in the fence, right into my flower garden. It used to really tick me off. Kills the flowers, you know. Then I thought, ‘why not make the best of it? So, now, on game days, I stand behind the fence by the knot hole, real quiet, with my hedge clippers.

Every time some guy sticks his pecker through my fence, I surprise him, grab hold of it and say, ‘O.K., buddy! Give me $20, or off it comes.’

“Well, that seems only fair,” said the cop, laughing. “OK. Good luck! Oh, by the way, what’s in the other bag?”

“Well, you know”, said the little old lady, “not everybody pays.”

Bass Pro Shop

A woman goes into Bass Pro Shop to buy a rod and reel for her grandson’s birthday. She doesn’t know which one to get; so she grabs one and goes over to the counter. A Bass Pro Shop associate is standing there wearing dark glasses.

She says, ‘Excuse me, sir. Can you tell me anything about this rod and reel?’

He says, ‘Ma’am, I’m completely blind; but if you’ll drop it on the counter, I can tell you everything from the sound it makes.’

She doesn’t believe him but drops it on the counter anyway.

He says, ‘That’s a six-foot Shakespeare graphite rod with a Zebco 404 reel and 10-LB test line. It’s a good all around combination and it’s on sale this week for only $20.00.

‘It’s amazing that you can tell all that just by the sound of it dropping on the counter’, she says. “I’ll take it!” As she opens her purse, her credit card drops on the floor.

‘Oh, that sounds like a Master Card,’ he says.

She bends down to pick it up and accidentally “toots”. At first she is really embarrassed, but then realizes there is no way the blind clerk could tell it was she who tooted. Being blind, he wouldn’t know that she was the only person around.

The clerk rings up the sale and says, ‘That’ll be $34.50 please.’

The woman is totally confused and says, ‘Didn’t you tell me the rod and reel were on sale for $20.00? How did you get $34.50?’

He says, ‘Yes, Ma’am. The rod and reel is $20.00, but the Duck Call is $11.00 and the Bear Repellent is $3.50.

Wife 1.0

Dear Tech Support:

Last year I upgraded from Girlfriend 7.0 to Wife 1.0. I soon noticed that the new program began unexpected child processing that took up a lot of space and valuable resources. In addition, Wife 1.0 installed itself into all other programs and now monitors all other system activity, such as Poker Night 10.3, Football 5.0, Hunting and Fishing 7.5, and Racing 3.6. I can’t seem to keep Wife 1.0 in the background while attempting to run my favorite applications. I’m thinking about going back to Girlfriend 7.0, but the uninstall doesn’t work on Wife 1.0. Please help!

Thanks,

A Troubled User.

______________________________________

REPLY:
Dear Troubled User:

This is a very common problem that men complain about.

Many people upgrade from Girlfriend 7.0 to Wife 1.0, thinking that it is just a Utilities and Entertainment program. Wife 1.0 is an OPERATING SYSTEM and is designed by its Creator to run EVERYTHING!!! It is also impossible to delete Wife 1.0 and to return to Girlfriend 7.0. It is impossible to uninstall, or purge the program files from the system once Installed!

You cannot go back to Girlfriend 7.0 because Wife 1.0 is designed to not allow this. Look in your Wife 1.0 manual under Warnings-Alimony-Child Support. I recommend that you keep Wife1.0 and work on improving the situation. I suggest installing the background application “Yes Dear” to alleviate software augmentation.

The best course of action is to enter the command C:\APOLOGIZE because ultimately you will have to give the APOLOGIZE command before the system will return to normal anyway. Wife 1.0 is a great program, but it tends to be very high maintenance. Wife 1.0 comes with several support programs, such as Clean and Sweep 3.0, Cook It 1.5 and Do Bills 4.2.

However, be very careful how you use these programs. Improper use will cause the system to launch the program Nag Nag 9.5. Once this happens, the only way to improve the performance of Wife 1.0 is to purchase additional software. I recommend Flowers 2.1 and Diamonds 5.0! WARNING!!! DO NOT, under any circumstances, install Secretary With Short Skirt 3.3. This application is not supported by Wife 1.0 and will cause irreversible damage to the operating system.

Best of luck,
Tech Support

When Daddy Calls

‘Hello?’

‘Hi honey.

This is Daddy. Is Mommy near the phone?’

‘No Daddy. She’s upstairs in the bedroom with Uncle Paul.’

After a brief pause, Daddy says, ‘But honey, you haven’t got an Uncle Paul.’

‘Oh yes I do, and he’s upstairs in the room with Mommy, right now.’

Brief Pause. ‘Uh, okay then, this is what I want you to do. Put the phone down on the table, run upstairs and knock on the bedroom door and shout to Mommy that Daddy’s car just pulled into the driveway.’

‘Okay Daddy, just a minute.’ A few minutes later the little girl comes back to the phone. ‘I did it Daddy.’

‘And what happened honey?’

‘Well, Mommy got all scared, jumped out of bed with no clothes on and ran around screaming. Then she tripped over the rug, hit her head on the dresser and now she isn’t moving at all!’

‘Oh my God!!! What about your Uncle Paul?’

‘He jumped out of the bed with no clothes on, too. He was all scared and he jumped out of the back window and into the swimming pool. But I guess he didn’t know that you took out the water last week to clean it. He hit the bottom of the pool and I think he’s dead.’

***Long Pause***

***Longer Pause***

***Even Longer Pause***

Then Daddy says, ‘Swimming pool? Is this 486-5731?’

Public-key Directory

a laptop computer sitting on a stage in front of a building

Abstract
The purpose of this document is to explain the four key elements to a public-key directory. Also included in this document is an explanation of what a public-key certificate is. This document is intended for anybody looking to gain knowledge about public-keys and public-key certificates.

Content
When working with the public-key cryptography there is a need to distribute public keys so that users are able to encrypt messages using the recipient’s public key. One method for distributing public-keys is by using a public-key directory. The public-key directory acts as a central repository for storing and distributing public-keys that have been established. The public-key directory is a listing where users can publish their public key to and then other users can find their public-key in order to send an encrypted message.

A public-key directory is a central repository where users who have registered and obtained cryptographic public and private keys can publish their public key in order to search the directory to find others or let others find them so that secure message traffic can be passed. By having a third-party maintain the public-key directory a greater level of security can be achieved (Stallings, 2007, p.291-292). In order for the directory to maintain a heightened level of security, it must first be maintained by a trusted organization. The trusted authority of the public directory would have to maintain four key elements for the directory. The first key element is that the directory stores a name and public key for each participant of the directory. The second key element is that each participant registers, either in person or over some authenticated means, with the directory authority. The third key element to the public directory is that all participants need to have the ability to update or change their keys at any time in the event that a key has been compromised. Lastly, all participants of the directory need to have the ability to access the directory electronically over some sort of secure means. Although the public-key directory provides a more secure means to distribute public keys, it does provide a single point of weakness in the even the directory’s private key has been cracked or illegally obtained. Another drawback to the public-key directory is that it provides a bottleneck for sending encrypted message traffic. The public-key directory is a centralized repository that has four key elements that must be achieved in order for the directory to be successful and even though the directory is more secure than individually distributing keys, it dos have some drawbacks.

An alternative method to using a public-key directory is similar, however it does not require requesting a recipients keys from a public-key authority. The alternative method would instead use digitally signed certificates that contains and identifier of the owner of a public key’s with the public-key and then it would be signed by a trusted third-party. Using this method a user can present their public key in a secure message in order to obtain a certificate. Then when the user wants to send an encrypted message to another user, all they have to do is provide the certificate of the person they want to encrypt a message to and then they know the key is valid because the certificate can only be created by the owner of that public key. This method has a need for a certificate authority to have the function of being the only entity that can create or update certificates. This method allows any participant to read a certificate in order to determine the name of the owner of a public key; the public keys itself, and the currency of the public key (Stallings, 2007, p.294). Using a public-key certificate method provides the means for users to lookup public keys and owners of the public keys based upon certificates, however the certificates can only be created or updated by certificate authorities.

In conclusion, there are multiple ways for users to send encrypted data to each other when using public-key cryptography. One method is for users to distribute their public keys themselves. Another method is using a public-key directory in which a public-key authority maintains the directory and provides public keys over secure channels. The public-key directory is more secure than users distributing keys themselves, however there are some drawbacks. Another method of establishing secure communications between users is by a user publishing their public key to a certificate authority in order to obtain a certificate. The certificate can then be used to verify the owner of the public-key, as well as, the keys authenticity. No matter which method is used, it is important to understand how they work and what is being accomplished by each of these methods.

References
1. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 291-292). Upper Saddle
River, NJ: Pearson Prentice Hall.
2. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 291-292). Upper Saddle
River, NJ: Pearson Prentice Hall.

Public-key Cryptography

Abstract
The purpose of this document is to provide a basic understanding of public-key cryptography. Also included within this document is a description of the basic components to the public-key cryptography system. This document is intended for anybody looking to gain a basic understanding or knowledge of public-key cryptography.

Content
When the Internet was first developed security was not a major concern as it was for different networking devices to have the ability to communicate with each other. As the Internet grew and evolved there became more of a need to ensure personal or private information was being protected from threats like: eavesdropping, impersonation, tampering, misrepresentation, and even spoofing. One method for protecting against these threats is by using public-key cryptography. Public-key cryptography protects against all of these threats by using an asymmetrical encryption process that provides encryption and decryption, tamper detection, authentication, and nonrepudiation (Sun Microsystems, 1998).

There are two primary uses of public-key cryptography, digital signing and encryption (RSA Security, 2009). When a person wants to send a digitally signed message to another person they must first register with a certifying authority (CA) to obtain a public and a private key. Once the keys have been obtained a user is able to use the key to authenticate onto a network and lookup the intended recipient in a global address listing (GAL). The person wanting to send a digitally signed message to a recipient then types up a message and chooses to digitally sign the message before sending to the recipient. Once the person pushes the send button within the e-mail client the system then performs a mathematical computation based on the private key and the message itself. When the recipient receives the message another mathematical computation is performed based on the message, the sender’s public key, and the purported signature. If the computation is correct then the signature has been verified, if the computation is incorrect then the message has been tampered or the signature is fraudulent. The mathematical computation that took place is based upon a mathematical relationship that exists between all public and private keys. Once the signature has been verified the recipient is able to read the message, knowing that is has not been altered and from a trusted source. If the message sender does not want to digitally sign a message or wants to include encryption, this process can be completed using similar steps. First the sender registers with a CA in order to obtain a public and a private key. The sender is then able to use their public key to authenticate onto a network. Once they have been authenticated onto the network they can then lookup the intended recipient in a GAL. Once the recipient has been identified the message is then encrypted using the recipients public key that was retrieved from the GAL to encrypt the message. The message is then sent to the recipient and when they are ready to read the message, the recipient uses their private key to decrypt the message knowing that any unauthorized viewers have not intercepted this message.

In conclusion, the public-key cryptography system was designed to protect against threats of eavesdropping, impersonation, tampering, misrepresentation, and spoofing. By the use of a certifying authority along with a users public and private keys the recipient of a digitally signed message will know immediately if a message was altered or sent from an untrusted source because the mathematical computation that takes place between the public and private keys will return an error. When a message is encrypted the recipient’s public key is used to encrypt the message in which the recipient will use their private key to decrypt the message knowing that it was sent and received without being altered or intercepted.

References
1. Microsystems, Sun (1998, October 9th). Introduction to Public-Key Cryptography. Retrieved February 28, 2009, from Sun Microsystems Web site: (2009). Network Security.
2. Security, RSA (2009). 2.1.1 What is public-key cryptography?. Retrieved February 28, 2009, from RAS Laboratories Web site:

How to Stop Him from Snoring


A couple has a dog that snores. Annoyed because she can’t sleep, the wife goes to the vet to see if he can help. The vet tells the woman to tie a ribbon around the dog’s testicles, and he will stop snoring. “Yeah right!” she says.

A few minutes after going to bed, the dog begins snoring, as usual. The wife tosses and turns, unable to sleep. Muttering to herself, she goes to the closet, grabs a piece of red ribbon, and ties it carefully around the dog’s testicles. Sure enough, the dog stops snoring! The woman is amazed. Later that night, her husband returns home drunk from being out drinking with his buddies. He climbs into bed, falls asleep and begins snoring loudly.

The woman thinks maybe the ribbon trick might work on him, too. So, she goes to the closet again, grabs a piece of blue ribbon, and ties it around her husband’s testicles. Amazingly, it also works on him! The woman sleeps soundly. The husband wakes from his drunken stupor and stumbles into the bathroom. As he stands in front of the toilet, he glances in the mirror and sees a blue ribbon attached to his privates. He is very confused, and as he walks back into the bedroom, he sees the red ribbon attached to his dog’s testicles..

He shakes his head and looks at the dog and whispers, “I don’t know where we were or what we did. But, by God, we took first and second place!”

How the Fight Started

One year, a husband decided to buy his mother-in-law a cemetery plot as a Christmas gift. The next year, he didn’t buy her a gift.

When his wife asked him why, he replied, “Well, she still hasn’t used the gift I bought her last year!”

And that’s how the fight started…

————————–

My wife walked into the den & asked “What’s on the TV?”

I replied “Dust”.

And that’s how the fight started…..

————————–

A woman is standing nude, looking in the bedroom mirror.

She is not happy with what she sees and says to her husband, ‘I feel horrible; I look old, fat and ugly. I really need you to pay me a compliment.’

The husband replies, ‘Your eyesight’s damn near perfect.’

And that’s how the fight started…..

————————–

My wife was hinting about what she wanted for our upcoming anniversary. She said, ‘I want something shiny that goes from 0 to 200 in about 3 seconds.

I bought her a scale..

And that’s how the fight started…..

————————–

I asked my wife, ‘Where do you want to go for our anniversary?’

It warmed my heart to see her face melt in sweet appreciation.

‘Somewhere I haven’t been in a long time!’ she said.

So I suggested, ‘How about the kitchen?’

And that’s when the fight started….

————————–

My wife and I are watching Who Wants To Be A Millionaire while we were in bed.. I turned to her and said, ‘Do you want to have sex?’

‘No,’ she answered.

I then said, ‘Is that your final answer?’

She didn’t even look at me this time, simply saying ‘Yes.’

So I said, ‘Then I’d like to phone a friend.’

And that’s when the fight started….

————————–

I tried to talk my wife into buying a case of Miller Light for $14.95.

Instead, she bought a jar of cold cream for $7.95. I told her the beer would make her look better at night than the cold cream.

And that’s when the fight started…..

————————-

I took my wife to a restaurant. The waiter, for some reason, took my order first.

‘I’ll have the strip steak, medium rare, please.’

He said, ‘Aren’t you worried about the mad cow?’

‘Nah, she can order for herself.’

And that’s when the fight started…..

Women Should Take Their Own Messages

I Like Hores

R.A.P.E.D

Dear Employees,

Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement…This scheme will be known as RAPE (Retire Aged People Early).

Persons selected to be RAPED can apply to management to be eligible for the SHAFT scheme (Special Help After Forced Termination). Persons who have been RAPED and SHAFTED will be reviewed under the SCREW program (Scheme Covering Retired Early Workers). A person may be RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Persons who have been RAPED can only get AIDS (Additional Income for Dependants & Spouse) or HERPES (Half Earnings for Retired Personnel Early Severance). Obviously persons who have AIDS or HERPES will not be SHAFTED or SCREWED any further by Management.

Persons who are not RAPED and are staying on will receive as much SHIT (Special High Intensity Training) as possible. Management has always prided itself on the amount of SHIT it gives employees. Should you feel that you do not receive enough SHIT, please bring to the attention of your Supervisor. They have been trained to give you all the SHIT you can handle.

Sincerely,

The Management.

Data Encryption Standard and 3DES

Abstract
The purpose of this document is to explain how Data Encryption Standard (DES) works and why 3 DES is now used. Also included within this document is an explanation of why the middle portion of 3DES is a decryption instead of an encryption. The last item talked about within this document is a nonce and a key distribution center.

Content
IBM developed the Data Encryption Standard (DES) in 1974 and submitted to the National Bureau of Standards as a Lucifer encryption algorithm (Tropical Software, 2007). IBM also solicited assistance from the National Security Agency (NSA) to evaluate the security of the Lucifer algorithm. In 1976, the National Institute of Standards and Technology (NIST) changed the name of the Lucifer algorithm to the Data Encryption Standard (DES) where it was widely used in a short amount of time. Over time as computers became more powerful the amount of time needed to crack the DES key was greatly reduced. In 1997 the NIST abandoned the DES and started working on a replacement.

DES encryption works by running a line of plain text through a block cipher sixteen times and then outputting a cipher text. The DES encryption has 64-bit blocks, however the 8th bit is a parity bit, so it makes the DES actually a 56-bit encryption. Prior to running the plain text through the block cipher there is an initial phase that does not play a part with encryption, but rather with ensuring compatibility with older equipment. There is also a final phase that undoes the block facilitation, which took place in the initial phase. Although DES was used for quite a long period of time it was found that as computers became more powerful, DES could be cracked with a brute force attack. DES successfully protected data by putting data through 16 rounds of data encryption, however it was eventually outgrown as it became easy to break with a brute force attack.

Triple DES was a successor to DES and it even uses the same encryption algorithm. The triple DES uses a key length of 168 bits. It is essentially the same as a DES, however it performs three rounds of encryption that is the same as 48 DES equivalent rounds. The triple DES was anticipated to only be a temporary solution until the completion of the AES encryption in 2001, however the NIST anticipates triple DES to be used until the year 2030. The triple DES is susceptible to a meet-in-the-middle attack, however for this attack to work there needs to be a 232 known plaintexts, which is not very practical (Wikipedia, 2009). The triple DES works by passing data through a 56-bit key in the initial phase, then decrypting using a 56-bit key in the second phase, and then encrypting again using a 56-bit key in the last phase of encryption.

Nonce’s and key distribution centers ensure communications on a network are secure by encrypting data. A nonce is an encryption key that is used one time to establish a secure communication and then never used again. A good use of a nonce is for establishing secure communications between a client and a server via authentication protocols because any previous keys or communications are obsolete and cannot be used in the event a replay attack is staged. Key Distribution Centers (KDC) use encryption techniques to authenticate users when a user requests a service. The KDC will then verify the user has authorization to use the requested service. Once the verification has taken place the KDC will then issue a ticket to the requestor so that secure communications can begin. A KDC is typically found in symmetric encryption techniques like on networks that use Kerberos (Microsoft, 2007). Nonce’s and key distribution centers ensure there is secure communication between a client and server by using encryption techniques.

In conclusion, the Data Encryption Standard was created to ensure private data is secure. DES worked effectively, however as the power of computers grew DES was outgrown and was superseded by triple DES. Triple DES works by using the same encryption algorithm that can be found in DES, but it passes data through three rounds of encryption. The triple DES was developed to be temporary solution until a newer encryption technology came out. Both nonce’s and key distribution centers ensure communications are secure between a client and a server by using encryption techniques.

References
1. (2007). DES Encryption. Retrieved February 21, 2009, from DES Encryption Web site: http://www.tropsoft.com/strongenc/des.htm
2. (2009, February 3rd). Triple DES – Wikipedia, the free encyclopedia. Retrieved February 21, 2009, from Triple DES – Wikipedia, the free encyclopedia Web site: http://en.wikipedia.org/wiki/Triple_DES
3. (2007, November 30th). Kerberos Key Distribution Center. Retrieved February 22, 2009, from Kerberos Key Distribution Center Web site: http://technet.microsoft.com/en-us/library/cc734104.aspx

Link and End-to-End Encryption Techniques

Abstract
The purpose of this document is to provide fundamental differences between link and end-to-end encryption techniques. Also included within this document is a description of traffic padding and what its fundamental purpose is. The last item that can be found within this document is a description of differences between a session key and a master key.

Content
Although similar, there is a major difference between end-to-end encryption and link encryption. Both end-to-end encryption and link encryption is used to ensure data being passed along a network is secure. For both end-to-end encryption and link encryption to work both sides need to have a prearranged key and algorithm established. End-to-end encryption works by encrypting the payload of a packet and leaves the header information unencrypted to allow for routing to be done without the need of decrypting the packet (Net Security, 2009). End-to-end encryption works between two end systems on a network. Link encryption works by having an encryption device on two ends of a communication path and encrypting everything that enters those encryption devices. Link encryption is good, however on a large network there is a need for numerous encryption devices (School of Electronics and Communications Engineering, 2009). Also for link encryption, a major disadvantage is that data needs to be decrypted before entering a network device. The major difference between link encryption and end-to-end encryption is that link encryption encrypts everything and end-to-end encryption only encrypts the payload of a packet and leaves the header information clear to allow for switching or routing.

What is traffic padding? Traffic padding is the ability to generate additional data and input that data into a data stream in order to make data analysis or data monitoring more difficult. Traffic padding can be found within encryption devices in order to make communications more secure. Traffic padding is used to ensure the confidentiality of private information is not compromised.

In order to best understand what the difference between a session key and a master key is, it is important to know about each. A session key is a key that is used to encrypt all communications between devices during an entire session. Once the session has been broken, a new session key needs to be generated in order to establish secure communications. A master key is a key that is used to create other keys from. Since a master key is used to create other keys from, it is important that a master key is handled appropriately and is stored in a secure location (Sibbald, 2008). A master key is used to create other keys, while a session key is a one-time use key that is used to ensure communications are secured during an entire session.

In conclusion, there are similarities between different types of encryption and different types of keys, but even though it seems they are the same there are differences. End-to-end encryption encrypts only the information within a body of a packet, whereas link encryption encrypts everything between two points. Traffic padding is used to ensure secure communications remain secure by generating pieces of information and placing that information into a data stream in order to make monitoring more difficult. A session key is used to ensure data is securing for the duration of a session between devices, whereas a master key is used to derive other keys from.

References
1. (2009, February 13th). Distributed end-to-end encryption of sensitive data with SecureData. Retrieved February 22, 2009, from Distributed end-to-end encryption of sensitive data with SecureData Web site: http://www.net-security.org/secworld.php?id=7045
2. (2009). Network Security. Retrieved February 22, 2009, from Network Security and Encryption Web site: [URL Removed Broken link]
3. Sibbald, Kern (2008, January 26th). Data Encryption. Retrieved February 22, 2009, from Bacula Web site: [URL Removed Broken link]

Aids or Alzheimer’s

The phone rings and the lady of the house answers, ‘Hello, Mrs. Sanders, please. ”Speaking. ‘Mrs. Sanders, this is Doctor James at Saint Agnes Laboratory. When your husband’s doctor sent his biopsy to the lab last week, a biopsy from another Mr. Sanders arrived as well. We are now uncertain which one belongs to your husband. Frankly, either way the results are not too good. ‘What do you mean?’ Mrs. Sanders asks nervously. ‘Well one of the specimens tested positive for Alzheimer’s and the other one tested positive for HIV. We can’t tell which is which. ‘That’s dreadful! Can you do the test again?’ questioned Mrs. Sanders. ‘Normally we can, but Medicare will only pay for these expensive tests once and once only. ‘Well what am I supposed to do now? ‘The folks at Medicare recommend that you drop your husband off somewhere in the middle of town. If he finds his way home, don’t sleep with him.’

She Will Make it Greater

“Whatever you give a woman, she will make greater.
If you give her sperm, she’ll give you a baby.
If you give her a house, she’ll give you a home.
If you give her groceries, she’ll give you a meal.
If you give her a smile, she’ll give you her heart.
She multiplies and enlarges what is given to her.
So, if you give her any crap, be ready to receive a ton of shit.”

Shibuya Crossing


Went to Shibuya crossing in Tokyo, Japan today. Here are some of the photos of the experience. You can see Tower records, Disney store, and the most busy intersection in the world.

It’s Just a Catfish

This would be ‘all the catfish you can eat.’ Each year, a few people were drowning or disappearing mysteriously in Huadu, China’s Furong Reservoir. It was not until recently, when the son of a government official went swimming, in the reservoir and was drowned, that the secret was revealed. It is a 3 meter long man-eating catfish whose head alone is 1 meter wide! After cutting up the catfish, people were surprised to find the remains of another man inside! Swimming in the reservoir is now forbidden because it is feared another similar man-eating catfish is still lurking in the waters.

holy_catfish_batmanholy_catfish_batman-1

Encryption Techniques

[Abstract]
The purpose of this document is to analyze cryptographic transposition techniques by showing a few examples of some different techniques. The next portion of this document is to provide an answer to the question “Is it possible to decrypt the message that was encrypted with a two-stage transposition technique with a different key?” The last part of this document provides supporting information to the argument, “The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography.” This document provides a basic knowledge and understanding of how different encryption techniques can be used and is intended for use by anybody interested in gaining a basic knowledge of encryption techniques.

[Content]
Three different encryption techniques are primitive in nature, however they illustrate different techniques that can be used to secure data. The three different techniques used will use the following message as an example of the data to be protected: “The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography.” One technique that is used is called the rail fence technique. This method works by offsetting every other letter in a message and then putting the second line of text behind the first line. This method is illustrated in the following example.

Transposition Technique: Rail Fence
Plain Text: thetranspositionciphertechniqueworksbypermutingthelettersoftheplaintextitisnotverysecurebutitisgreatforlearningaboutcryptography
Cipher Text: ternpstocpetcnqeokbpruighltesfhpanettsovrscrbttsrafrerigbucytgahhtasoiinihrehiuwrsyemtnteetrotelitxiinteyeueuiigetolannaotrporpy

The next technique is called the columnar transposition. This method works by using a key and inputting the message in a number of columns that is identified by the key and then the number of characters in the message itself identifies the number of rows. After the message is placed into the rows and columns then the characters in each column is placed in the order identified by the key (Stallings, 2006). This is illustrated in the following example.

Transposition Technique: Columnar Transposition
Key: 2315746
Plain Text: thetran
spositi
onciphe
rtechn
iquewo
rksbyp
ermuti
ngthele
ttersof
thepla
intexti
tisnotv
erysecu
rebutit
isgreat
forlear
ningabo
utcrypt
ography
Cipher Text: eoceusmteetsybgrncrtsorirentiterifnuohpntqkrgthniresoitgathhwytlolttciaabphtsicebuhrpeosurlgranienopiefaiyuttrotyripcebuespxoeteeayp

The last technique is called the double transposition. This method is very similar to the columnar transposition, except that after the cipher text is determined after the initial encryption, then the cipher text in put back through the matrix and encrypted a second time. This is illustrated in the following example.

Transposition Technique: Double Transposition
Key: 2315746
Plain Text (1st Cipher Output): eoceusm
teetsyb
grncrts
orirent
iterifn
uohpntq
krgthni
resoitg
athhwyt
lolttci
aabphts
icebuhr
peosurl
granien
opiefai
yuttrot
yripceb
uespxoe
teeayp
Cipher Text (2nd Cipher Output): ceniehgshlbeoaitiseetgoiukralaipgoyyutoerrtoretoacerpureesytnftntycthreaoeoyetcrrptohtpbsnetppambstnqigtisrlnitbeusreinhiwthuuifrcxy

When the question is asked, “Is it possible to decrypt the double transposition message with a different key?” the answer is simply “yes.” The matrix transposition ciphers can be cracked because they use a fixed number of characters to develop a matrix. By simply counting the total number of letters can help to guess what size matrix is to be used. Once the total number of letters is known, then it is a matter of trying all variations of different sizes of matrices. By filling in the matrix with the characters both horizontally and vertically a person can look for patterns. By using this methodology, with a little trial and error, a person can continue to try different sized matrices and filling in the letters to look for patterns of letters to spell words (NOVA, 2000). This methodology is essentially recreating the key, but the whole key may not be needed to completely understand the message. Due to the fixed size of matrices used for the matrix transposition method, it is possible to crack the message by using a different or incomplete key.

“The Transposition cipher technique works by permuting the letters of the plaintext. It is not very secure, but it is great for learning about cryptography,” is a true statement. To better understand this statement it is important to understand what the statement is saying. The statement is saying that the transposition cipher technique works by changing the letters of plaintext. As previously illustrated in the previous examples, one can clearly see that this technique of encryption works by simply changing the order of the characters in the original plain text and therefore that is a true statement.

In conclusion, the transposition techniques of changing the order of the characters in the original plain text message are primitive means of encrypting the original message. Although the rail fence, matrix transposition, and the double transposition methods are good for learning about encryption techniques, they are not ideal for encrypting any real messages. Due to using the original plain text of the message, one is able to crack the encryption technique by using a different or incomplete key.

References
1. Stallings, William (2006). Cryptography and Network Security (Fourth Edition). Upper Saddle river, NJ: Pearson Prentice Hall. (2000, November).
2. The Double Transposition Cipher. Retrieved February 11, 2009, from >NOVA Online | Decoding Nazi Secrets | The Double Transposition Cipher Web site: http://www.pbs.org/wgbh/nova/decoding/doubtrans.html

Definition Distinction Between Guts and Balls

We’ve all heard about people “having guts” or “having balls”. But do you really know the difference between them? In an effort to keep you informed, the definition for each is listed below…

Guts – is arriving home late after a night out with the guys, being met by your wife with a broom, and having the guts to ask: “Are you still cleaning or are you flying somewhere?”

Balls – is coming home late after a night out with the guys, smelling of perfume and beer, lipstick on your collar, slapping your wife on the butt and having the balls to say: “You’re next.”

Helicopter Ride

Buddy and his wife Edna went to the state fair every year, and every year Buddy would say, ‘Edna,I’d like to ride in that helicopter’ Edna always replied, ‘I know Buddy, but that helicopter ride is fifty bucks, And fifty bucks is fifty bucks.’ One year Buddy and Edna went to the fair, and Buddy said, ‘Edna, I’m 85 years old. If I don’t ride that helicopter, I might never get another chance.’ To this, Edna replied, “Buddy that helicopter ride is fifty bucks, and fifty bucks is fifty bucks.’ The pilot overheard the couple and said, ‘Folks I’ll make you a deal. I’ll take the both of you for a ride. If you can stay quiet for the entire ride and don’t say a word I won’t charge you a penny! But if you say one word it’s fifty dollars.’ Buddy and Edna agreed and up they went. The pilot did all kinds of fancy maneuvers, but not a word was heard. He did his daredevil tricks over and over again, But still not a word. When they landed, the pilot turned to Buddy and said, ‘By golly, I did everything I could to get you to yell out, but you didn’t. I’m impressed!’ Buddy replied, ‘Well, to tell you the truth, I almost said something when Edna fell out, but you know, “Fifty bucks is fifty bucks!’

Business Continuity

[Abstract]
The purpose of this document is to provide a basic knowledge of how having a business backup plan can maintain business continuity. Also included within this document are guidelines to maintain business continuity and an explanation of some consequences for not following the business continuity guidelines.

[Content]
When the September 11th attacks on the New York world trade center towers happened, it was a major wakeup call, not only for national security, but also for the amount of business data that was lost when the two buildings collapsed. As tragic as the attacks were, many businesses found out how effective or ineffective their computer network backups worked. In many cases companies’ lost large amounts of data. If companies had better business continuity procedures established, then there would be minimal data lost.

Maintaining a backup of all network systems and its respective data will maintain business continuity in the event of a catastrophic event. Previously the main concerns with maintaining backups of all computer systems and their data was in the event of a natural disaster like an earthquake, hurricane, fire, tidal wave, flooding, landslides, etc. In recent years there has been another reason identified and that is due to terrorist or militaristic attacks. The September 11th attacks on the world trade centers tested many companies with maintaining business continuity and many of those companies failed to maintain off-site backups so their businesses were greatly affected (Shore, 2002). There are different strategies when considering a backup and disaster recovery plan. One strategy consists of four parts that those parts are to detect, notify, isolate, and repair (Mitchell). The detect portion of the strategy is to quickly determine the source of the failure. The notify portion of the strategy is to notify all parties that are involved with recovering from the failure, as well as, the parties that are affected from the failure. The next step is to isolate the affected systems and minimize the failure from affecting any additional systems. The last step is to repair any affected systems or recover from the failure. There are also different backup strategies when considering a disaster recovery plan. One backup strategy is to backup all critical data and then either electronically transfer or physically ship the backups to an offsite location. This method is typically cheaper, however in many cases it is much slower to recover and restore systems to their previous state. Another backup strategy is to have a coop site, which all necessary data is completely backed up to another location. The coop site strategy comes at a much higher cost, however it has the ability to recover much quicker and provides a much more efficient recovery process in the event of a disaster. There are difference disaster recovery and backup strategy plans that are designed to maximize business continuity in the event of a disaster or catastrophic failure.

When applying disaster recovery guidelines to a business continuity strategy it is important to know about the recommended guidelines and the consequences if the guidelines are not followed. One of the first and foremost guidelines to recommend to any organization is to have a policy that states which disaster recovery strategy the company is going to use. Without having this policy in place, every different office within the organization may choose to follow their own guidelines and do what they think is best. The next policy that should be implemented should identify which backup strategy the company chooses to employ. This backup strategy should be chosen based upon company goals, cost, importance of data, and the desired minimal downtime the company determines as acceptable. Without the company identifying the backup strategy, there is a possibility different offices within the organization could waste time, money, and effort employing their own desired methods. The 3rd guideline for a company should be to implement a policy that states when backups are to be completed, where they will be stored, how often they are to be tested, and which offices or organizations are responsible for maintaining documentation of the procedures for backing up, storing, and testing. When a company chooses to not have a policy that identifies the company’s proper backup and testing procedures the results are drastic due to loss of data, loss of money, loss of resources, and many wasted man-hours. When a company chooses to put policies in place that identify business goals for minimizing loss of data, time, and money during a time of disaster, all offices or organizations within that company must comply with the policies or be held accountable.

In conclusion, there are information assurance lessons that have been learned from previous disasters, which should pave the way for future business continuity strategies. In order for companies to employ a successful business continuity strategy there needs to be policies put in place to identify which disaster recover and backup plans best suite the company. It is critical to ensure all offices and organizations within the company follow the company’s policies otherwise be held accountable in the event there is a loss.

References
1. Shore, Dave (2002, May 17th). Sept. 11 reaches real lessons in disaster recovery and business continuity planning. Retrieved February 8, 2009, from Tech Republic Web site: http://articles.techrepublic.com.com/5100-10878_11-1048799.html
2. Mitchell, Bradley Network Disaster Recovery . Retrieved February 8, 2009, from Network Disaster Recovery – Overview Web site: http://compnetworking.about.com/od/itinformationtechnology/l/aa083102a.htm

Choosing a Location for a Network Operations Center (NOC)

[Abstract]
The purpose of this document is to provide a basic understanding of network operation centers by identifying three key factors to consider when choosing a location for a network operation center. Also included within this document are five areas of physical security to consider when constructing a network operation center.

[Content]
When considering constructing a network operations center, otherwise known as a NOC, there are some key factors to consider when choosing an ideal location. Many large globalized organizations choose geographic locations to host their network operations centers. This is in part so that the NOC for an area covers a region of the globe and ensures their communications operate optimally. Another part of the reason is due to different industry standards for different geographical regions. In the United States a network may traverse a T-1 circuit, however in Europe the network may traverse E-1 circuits (Patton Electronics Co., 2001). Even though this may not seem like a significant different, it does illustrate different standards for different geographical locations and having a NOC that is familiar with its specific region will greatly reduce downtime in the event of a failure and maintain an overall general knowledge base of the networks in their geographical region. Another factor to consider when choosing a location for a NOC is choosing a city that has the surrounding infrastructure to ensure a maximum uptime of building power. Ensure that local businesses, including Internet Service Providers, can meet or exceed the needs that are required to support the capabilities of a NOC. When choosing a facility to host a NOC there are many considerations to be taken into account, but to name a few the overall building power and redundant backup power, such as a building generator, are requirements. Access to the building, to include any combination locks, biometric access points, loading area security, perimeter security fencing, and local security guards, are all instrumental elements to ensuring that the facility maintains a high level of security. Part of the overall building requirements when choosing an ideal facility is to first ensure that it has enough space and cooling to accommodate all of the necessary equipment that will be operated within. Once inside a building it is dire to ensure that all network cables are secured whenever they leave the NOC by putting them in a protective covering, such as a conduit, to ensure the network is not being monitored or tampered with in any way. There are many elements to take into account when choosing a location that can accommodate a high level of security and importance as with that which is needed to house a network operations center.

As part of ensuring the overall physical security for a facility to host critical operations that are provided by a NOC there are many different considerations. First and foremost is to ensure the building is secure by having locks on all doors, security cameras put in place, guards posted and logging all access into the building, and any necessary alarms installed onto any doors. Part of ensuring the overall security of a building is to monitor the state of the building by monitoring door alarms, monitoring security cameras watching for any suspicious activity, signing in any visitors to the building and ensuring they have access to only areas they have the clearance for, and lastly conduct background investigations on employees to ensure they are trustworthy to protect the building and its contents. Another area of physical security to consider is to secure all networking cables by placing the cables in a secure housing, such as a metal conduit, whenever they traverse an unsecured room or area. Another part of physical security is to ensure all networking equipment is secure by having it in a locked room or locked equipment rack with only authorized persons having access (Bogue, 2003). Much like with ensuring security personnel are trustworthy, any and all employees who work inside the NOC should have background investigations to ensure they are trustworthy to work with or handle the level of security classification for the data they are handling. Another part of physical security is to have policies in place to ensure all computers and documentation is put in an authorized secure location, like a safe, when the systems or documentation is not being used. One portion of the policies should identify that all backups must be stored in a secure different geographical location. There are many different areas of consideration when ensuring the physical security for a network operations center.

In conclusion, when choosing a location to host a network operations center there are many factors to consider that apply to where the network operations center will reside. Some of the concerns are with the facility itself, but there are also concerns that go beyond the facility and are related to the surrounding area. When hosting a network operations center there are many physical secure concerns to take into account. Ensuring the physical security of the facility and networking equipment aids in ensuring the data that is being monitored and housed inside the NOC is secured.

References
1. (2001, May 11th). T1/E1/PRI Technology Overview. Retrieved February 7, 2009, from Patton Electronics Co. Web site: [URL Removed Broken link]
2. Bogue, Robert (2003, August 11th). Lock IT Down: Don’t overlook physical security on your network. Retrieved February 7, 2009, from Lock IT Down: Don’t overlook physical security on your network Web site: http://articles.techrepublic.com.com/5100-10878_11-5054057.html