Principles Of Information Technology
Tanenbaum (2003) mentions that firewall is a collection of security measures specifically designed for providing unauthorized access in a networked computer system for an organization. The very questions in consideration are detailed as follows: 1. What is the level of threat my organization is facing? The level of threat is attached with the type of business one does over the internet. The type of electronic transactions and exchange of personal and financial records enable one to secure their system for any tampering and malicious programs (Simson Garfinkel and Gene Spafford, 2007). 2.
How much importance do we attach to the data? The importance of business data is crucial for their success and enables them to fetch all desired objectives for the business. The safety of the data is very crucial for continuing the business confidence and safeguarding against any threats. 3. How much can be the disaster for unauthorized access? The risk management plan and action would entail better handling of the resource and ensure that all the various threats are identified for ensuring proper action and better strategies for giving a sense of satisfaction to the customers that their data is in safe storage.
Answer 2: The concept borrows from public-private key concept in cryptography named as Public Key Cryptography and ensures greater flexibility and security of the transferred item or message (Stallings, 2003). On the sender’s side, there are two set of keys: 1. Private key (only known by the sender) 2. Public key (known by both the sender and receiver) The operation would be as under: The sender first encrypts using his/her private key and then transforms the encrypted using public key and then sends the message across to the receiver.
The operation is as follows: 1. The 200 carat polished diamond in the container is termed as D 2. After encrypting it with sender’s private key, the container takes the shape of SPriv(D) 3. Finally the encrypted container is further encrypted with senders public key, CPub(SPriv(D)) = > A On the receivers end, the decryption is done as follows: 1. The receiver knows about the public key used for encryption, CPub() 2. The receiver has his own private key namely RPriv() The operation is done as follows:
1. The receiver decrypts the encrypted container with the public key first => CPub(A) 2. Finally the receiver decrypts it with his own private key known to him alone = RPriv (CPub(A)) => B The carrier’ cannot check its contents as he does not know the following: 1. He is not aware of the public key, even if he knows it would be of no good to him because he does not know the private keys used finally for decryption purpose. 2. He does not possess the private keys of either the sender or the receiver.
In this way using the untrustworthy carrier’ is not able to fetch the contents inside. References/Bibliography Data Encryption Standard Federal Information Processing Standards (2003). Publication 46-2. December. Stallings, William (2003). Network Security Essentials, 2nd Edition. Prentice Hall. Simson, Garfinkel and Gene Spafford (2007). Web Security & Commerce, First edition; June. OReilly & Associates, Inc. Tanenbaum, S. Andrew (2003). Computer Networks, 4th Edition. Pearson Education International.Sample Essay of Paperial.com