In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely “off” state. The attack relies on the data retention property of DRAM and SRAM to retrieve memory contents which remain readable in the seconds to minutes after power has been removed.
Full Disk Encryption-Software based or Hardware based?
It is quite common these days to hear of sensitive information being lost when laptops are either stolen or lost. Rarely does a month go by without an organisation revealing the loss or theft of a laptop brimming with sensitive data. Full disk encryption, or FDE, is the preferred mechanism to address this threat. Continue reading “Full Disk Encryption-Software based or Hardware based?”
What is a Packet
What is a network packet?
It turns out that everything you do on the Internet involves packets. For example, every Web page that you receive comes as a series of packets, and every e-mail you send leaves as a series of packets. Networks that ship data around in small packets are called packet switched networks. Continue reading “What is a Packet”
PCI Compliance-Code Review or Web Application Firewall
Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.
Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.
Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.
Continue reading “PCI Compliance-Code Review or Web Application Firewall”
What is Cloud Computing
Cloud computing is getting tons of press these days. Big names such as IBM , Amazon are already in the market with service offerings.So what exactly is cloud computing and how does it work.
Essential IT Governance Concepts
To build a successful GRC solution it is absolutely critical to get Management support for GRC project. However to achieve this you must be able to demonstrate the value that GRC projects can add to the business. In this post we look at some essential governance concepts
Continue reading “Essential IT Governance Concepts”
James Bond Meets The 7 Layer OSI Model-Technology Demystified
The OSI model describes the flow of data in a network, from the lowest layer (the physical connections) up to the layer containing the user’s applications. Data going to and from the network is passed layer to layer. Each layer is able to communicate with the layer immediately above it and the layer immediately below it. This way, each layer is written as an efficient, streamlined software component. When a layer receives a packet of information, it checks the destination address, and if its own address is not there, it passes the packet to the next layer. Continue reading “James Bond Meets The 7 Layer OSI Model-Technology Demystified”
A History of Public Key Cryptography
Public key cryptography as we know it is actually the outcome of efforts to solve a major issue with symmetric encryption systems (such as the DES)-key distribution. Concepts such as private key and public key represent the final step in the solution to the problem of key distribution. Continue reading “A History of Public Key Cryptography”
IT Governance Institute’s New Framework-Risk IT
IT risk is gaining increased attention from executive management, stakeholders and regulators alike. The COBIT framework provides a generally accepted framework for IT but this does not deal with risk management in a comprehensive manner. The ITGI has now remedied this gap with their latest initiative-a framework for IT related risk management. Continue reading “IT Governance Institute’s New Framework-Risk IT”