HomePurchaseProductsDownloadsInformation SecurityAboutSupportOur Customers
pgp data securitydownload pgp

Information Security Papers

This section covers an in-depth guide to information security and data security.   Topics include PKI (public key infrastructure), passwords, secure email and S/MIME, spoofing, Internet fraud and web security, SSL and biometrics.  

For information security papers in PDF format click on the it security icon.
 

PUBLIC KEY INFRASTRUCTURE (PKI)

  • An Introduction to PKI pki security
    Basic introduction to key terms and concepts used in a PKI including encryption, digital signatures, certificates, keys and Authorities, features and services used by the PKI and the techniques involved in public key cryptography.

  • Passwords vs PKI
    Simple chart that compares passwords and PKI for encryption of information.
     
  • PKI Security FAQs pki security
    Everything you wanted to know about PKI.   Certificates, digital signatures, public and private keys, Certificate Authorities (CAs), cross-certification.

  • Ten things I wished they warned me about PKI it security
    PKI has been reviewed as a technical infrastructure by a number of security experts.   In this paper we look at a number of pratical organizational issues that pure PKI suppliers often fail to mention.

  • Solving problems in PKI pki encryption
    The big players in PKI make you believe, by advertising, that there are no problems implementing PKI.   This paper exposes some of the real problems and some practical solutions.

  • PKI Certificates - a source of confusion? pki software
    There is a lot of misleading information on the Internet about certificates, public & private keys, digital signatures, etc. - when and how you use them.   This paper sets the record straight using terminology for the non-technical person.

  • PKI - Managing Liability pki certificates
    One of the frequently quoted concepts of PKI is that of being able to do business with people you don't know, with certainty.   Who is held liable for these transactions ?

  • PKI - A Technology or a hype too far? pki technology
    PKI has been getting a lot of bad press of late, but is it justified?   Has the technology failed or is it a problem of implementation?

  • What Root Certification Authority can you trust? certification authority
    Covering public key infrastructure frameworks, hierarchical structures, legal frameworks and commercial responses.

  • Making PKI simple pki solutions
    There are much simpler things that can be done with PKI if you don't set out to conquer the world.

 

PGP SECURITY

  • What is PGP?
    This paper covers what is PGP, how to use PGP and how PGP works including the use of PGP encryption and digital signatures in sending and receiving data securely.


PASSWORD SECURITY

EMAIL SECURITY

  • S/MIME - the reality of interoperability smime security
    People assume that when they buy an S/MIME compliant email application they can send digitially signed and encrypted emails to any other S/MIME compatible client.   The reality however is somewhat different...

  • The problems with Secure Email email security
    Find out why " Silver Bullet" Email security is problematic.   Learn to fully protect your data simply and securely while avoiding complex interactions between proprietary systems.

  • Who's Reading your Email?
    This article by IT Director Simon Bennett of Tarlo Lyons law firm, discusses how simple it is for others to read confidential email since email and that it is no more secure than sending information on a postcard.   It covers what can be done to ensure your emails are kept confidential.
     
  • Email Encryption Guide email encryption
    32-page, step-by-step tutorial that will have you up and running with industrial strength encryption in a single read-through (available for purchase).


INFORMATION SECURITY & DATA SECURITY

  • A Managers Guide to Information Security information security
    This guide was written by The Open Group. It covers why security matters to your business, information security from a business perspective - what security you need, what to expect from information security solutions, internal implementation and outsourcing (PDF format).

  • An Introduction to Encryption encryption
    Make any enquiry about computer security, and you will almost immediately fall over the terms cryptography and encryption (and also decryption), but what exactly is meant by this?
     
  • Plug-ins - a source of insecurity plugin security
    Written by LockLizard Limited, this paper examines and questions the claims often made by plug-in suppliers that they are secure, giving published examples of where they are not.

  • Self-extracting exe files - the hidden dangers exe security
    Self-extracting (decrypting) EXE files were developed so you didn't have to install proprietary software in order to share protected files.   But they also pose a significant, hidden risk to your organization, making them more flawed than the cryptographic algorithm DES already abandoned by industry.

  • Security can be Simple and Secure data security
    There has always been an attitude of 'no pain, no gain'in the security industry.   If one was to believe some of the comments made then you could be forgiven into thinking that security has to be complex in order to be secure...

  • Open Standards - why they are essential open standards
    Before choosing a information security solution it is wise to consider what you are actually buying into. This paper explains the cost of proprietary solutions and the benefits of Open Standards


INTERNET SECURITY

  • Security of the Internet
    Published by CERT and covering topics such as basic security concepts, security policies, network security incidents, Internet vulnerabilities, improving information security, security technology and tools, and the future of Internet security.

  • Managing Internet Security - Good Practise Guideinternet security
    This guide published by The Victoria Auditor-General's Office serves as a practical resource for for chief information officers, business managers, information technology staff and audit committees, to help assess and improve their agency's Internet security practices. It sets out the main issues that need to be considered when assessing the effectiveness of information security over an internet system providing a starting point for a planned and structured approach.


SSL (SECURE SOCKETS LAYER)

INTERNET SECURITY

  • Web Spoofing an Internet con game web security
    This paper written by Princeton University describes an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data.   The attack can be carried out on today's systems, endangering users of the most common Web browsers, including Netscape Navigator and Microsoft Internet Explorer.

  • Spoofing - Arts of attack and defense spoofing
    How to spot and avoid potential spoof attacks. Covers DNS spoofing, IP address spoofing, email address spoofing, link alteration, name similarity and content theft.

  • How do you deal with Internet fraud? internet fraud
    Covers fraud that uses Internet technology as an integral part of the fraud and fraud that is already taking place by other means where the Internet is merely another method of delivery.

  • The changing face of web security internet security
    Are we winning or losing the battle of web security?   Read this white paper backed by industry figures to ensure you are aware of the facts.

  • Authentication - who's site is it really? web authentication
    Whilst a lot of work seems to have been done on personal authentication, little or no work has been done over or about web site authentication to users.   Users should be just as entitled to authenticate web sites as web sites are to authenticate them.

  • How do you know where information came from? it security
    In the ordinary world of the Internet you don't really know where information comes from - a web site that you first linked to, or a completely different site. Hackers can also alter information without you being aware of any change.   How can the person receiving the information to be aware that anything is wrong?

  • A matter of trust or is it? data security
    Who do you know who you are really dealing with when disclosing your personal / credit card details over the Internet?   This explains the current methods available for proving the identity of a web site and explains why they fail.   It offers an alternative solution to the problem of web site authenticity.

  • Why web site logos are phony security web site security
    Probably the worst possible kind of Internet security we have today is the 'secure site logo'.   Read why.

  • It can't be fraud - or is it? website security
    Bad commercial behavior and practice may be no different from fraud as far as the customer is concerned.


BIOMETRICS

 

Home | Products | Purchase | Downloads | Information Security | About | Support | Our Customers | PGP Feed pgp products 

Information Security Papers by ArticSoft PGP specialists