Computer, telecommunication standards, storage

This computer science article is in need of attention from an expert on the subject.
Please help recruit one or improve this article yourself. See the talk page for details.
Please consider using {{Expert-subject}} to associate this request with a WikiProject

The earth movers distance or EMD is a mathematical measure of the difference between two distributions over some strefa. Informally, if the distributions are interpreted as two different ways of piling up a certain amount of dirt over the strefa, the EMD is the cost of turning one pile into the other; which is assumed to be minimum amount of dirt that must be moved, times the distance by which the dirt has to be carried.

EMD is used to compute distances between objects that are defined by a lists of computed features called the signature. The main kwestia is that the features are defined by the user and thus can be of any type, in any number of dimensions. Moreover the signature can have a various number of features obuwie distances still can be computed between object with different number of features.

In medal to do so, the EMD between two object is defined as the level of effort needed to change one object into the other.

If the signatures are normalized histograms or probability density functions, then EMD is equivalent to Mallows distance / Wasserstein metric .

History

The use of the EMD as a distance measure for monochromatic images was described in 1989 by S. Peleg, M. Werman and H. Cygan .

References

1. ^ Formal definition
2. ^ http://myditto.tistory.com/tag/Stanford
3. ^ Elizaveta Levina, Peter Bickel. The EarthMover’s Distance is the Mallows Distance: Some Insights from Statistics. In Proceedings of ICCV 2001, Vancouver, Canada, p. 251-256.
4. ^ Peleg, S., Werman, M., and Cygan, H. 1989. A unified approach to the change of resolution: Space and gray-level. IEEE Transactions on Pattern Analysis and Machine Intelligence, 11:739–742
5. ^ J. Stolfi, personal communication to L. J. Guibas, 1994
6. ^ Yossi Rubner, Carlo Tomasi, Leonidas J. Guibas: A Metric for Distributions with Applications to Design Databases. Proceedings ICCV 1998: 59-66

 This computer science-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from “http://en.wikipedia.org/wiki/Earth_Mover%27s_Distance”
Categories: Computer science stubs | Computer scienceHidden categories: Pages needing expert attention | Uncategorized pages needing expert attention | All articles with unsourced statements | Articles with unsourced statements since July 2008

A stepping stone (StSt) is a type of computer security measure which consist on putting in place several logical security systems used as authentication servers in a serial disposition to emulate a physical narrow channel like a physical path (an stepping stone) formed by stones used to cross a river. With this ustrój it would be possible to apply a granular control over each ustrój acting as a ’stone’ establishing so different risk levels as so many systems which it have been placed. I.e. If we need dofinansowanie to a user access to an OpenSSH server to execute an application in a high security environment we could put a front-end organizm such as a Sun Solaris with Citrix Metaframe in the 1st security layer. Behind a MS Końcówka Services with a SSH Client. thirdly, the last layer based on a Linux Układ with an OpenSSH Server which will subwencja access to the final application. Every ustrój could to have a common secure układ to log on as RSA SecureID, X.509 certificates based, challenge/response systems, etc. or a mixture of them. It will depends on the risk analysis over the environment treated. This computer security practices makes difficult the ustrój usability and is hard to maintain so only should be implemented in high security environments. This practices could be considered as part of well known security principle:Security In-Depth, in this case, applied to the access control, adding logical barriers and trenches, composed by diverse authentication systems.

Retrieved from “http://en.wikipedia.org/wiki/Stepping_stone_%28computer_security%29”
Categories: Computer network security | Computer security

This article may require cleanup to meet Wikipedia’s quality standards.
Please improve this article if you can. (July 2007)

astalavista.box.sk was one of the first search engines for computer security related information started in 1994. In practice it turned out to be used as search engine for security exploits, software for usage in hacking and cracking and different keygenerators and software cracks. The site is also known for referencing things like spyware and viruses, because of this the website is known to possibly contain termin, links, downloadable files, and information some users would consider spyware, adware, or other unwanted programs. Astalavista.box.sk is based in Slovakia, or at least hosted there.

Astalavista is also used to refer to other computer security related websites like the Astalavista Security Group.

Astalavista is a pun on the search engine Altavista and the phrase said by The Praktykant: “Hasta la vista, baby” (meaning “see you later, baby” in Spanish).

References

1. ^ McAfee SiteAdvisor’s analysis of Astalavista.box.sk

External links

• astalavista.box.sk

This article about a search engine website is a stub. You can help Wikipedia by expanding it.

Retrieved from “http://en.wikipedia.org/wiki/Astalavista.box.sk”
Categories: Search engine website stubs | Computing websites | Net search engines | Computer securityHidden categories: Cleanup from July 2007 | All pages needing cleanup

In computational complexity theory and analysis of algorithms, a number of metrics are defined describing the resources, such as time or space, that a machine needs to solve a particular temat. Interpreting these metrics meaningfully requires context, and this context is frequently implicit and depends on the field and the sprawa under consideration. This article describes a number of important pieces of context and how they affect metrics.

Definitions of variables

Metrics are usually described in terms of variables that are a function of the input. For example, the statement that insertion sort requires O(n2) comparisons is meaningless without defining n, which in this case is the number of elements in the input list.

Because many different contexts use the same letters for their variables, confusion can arise. For example, the complexity of primality tests and multiplication algorithms can be measured in two different ways: one in terms of the integers being tested or multiplied, and one in terms of the number of binary digits (bits) in those integers. For example, if n is the integer being tested for primality, trial division can ankieta it in Θ(n1/2) arithmetic operations; obuwie if n is the number of bits in the integer being tested for primality, it requires Θ(2n/2) time. In the fields of cryptography and computational number theory, it is more typical to define the variable as the number of bits in the input integers.

In the field of computational complexity theory, the input is usually specified as a binary string (or a string in some fixed alphabet), and the variable is usually the number of bits in this string. This measure depends on the specific encoding of the input, which must be specified. For example, if the input is an integer specified using unary coding, trial division will require only Θ(n1/2) arithmetic operations; obuwie if the same input is specified in binary (or any larger base) the complexity rises to Θ(2n/2) operations, not because the algorithm is taking any additional time, obuwie because the number of bits in the input n has become exponentially smaller. In the other direction, succinct circuits are compact representations of a limited class of graphs that occupy exponentially less space than ordinary representations like adjacency lists. Many graph algorithms on succinct circuits are EXPTIME-complete, whereas the same problems expressed with conventional representations are only P-complete, because the succinct circuit inputs have smaller encodings.

Output-sensitive algorithms define their complexity not only in terms of their input obuwie also their output. For example, Chan’s algorithm can compute the convex hull of a set of points in O(n log h) time, where n is the number of points in the input and h is the number of points in the resulting convex hull, a subset of the input points. Because every input point might be in the convex hull, an analysis in terms of the input alone would yield the less precise O(n log n) time.

The complexity of some algorithms depends not only on parameters of the input obuwie also parameters of the machine the algorithm is being plajta on; as mentioned in #Metric being measured below, this is typical in analyzing algorithms that bankructwo on systems with fixed cache hierarchies, where the complexity may depend on parameters such as cache size and block size.

Abstract machine

To analyze an algorithm precisely, one must assume it is being executed by a particular abstract machine. For example, on a random access machine, binary search can be used to rapidly locate a particular value in a sorted list in only O(log n) comparisons, where n is the number of elements in the list; on a Turing machine, this is not possible, since it can only move one memory cell at a time and so requires Ω(n) steps to even reach an arbitrary value in the list.

Moreover, different abstract machines define different primitive operations, which are operations that can be performed in constant time. Some machines, like Turing machines, only permit one bit at a time to be read or written; these are called bit operations, and the number of bit operations required to solve a sprawa is called its bit complexity. Bit complexity generalizes to any machine where the memory cells are of a fixed size that does not depend on the input; for this reason, algorithms that manipulate numbers much larger than the registers on ordinary PCs are typically analyzed in terms of their bit complexity. Put another way, the bit complexity is the complexity when the word size is a single bit, where word size is the size of each memory cell and register.

Another commonly-used wzór has words with log n bits, where n is a variable depending on the input. For example, in graph algorithms, it is typical to assume that the vertices are numbered 1 through n and that each memory cell can hold any of these values, so that they can refer to any vertex. This is justified in problems where the input uses Ω(n) words of storage, since on real computers, the memory cell and register size is typically selected in medal to be able to index any word in memory. Operations on these words, such as copies and arithmetic operations, are assumed to operate in constant time, rather than O(log n) time. The number of word operations required to solve a sprawa in this krój is sometimes called its word complexity.

In computational complexity theory, researchers intentionally define complexity classes in a way intended to make them machine-independent - that is, if a zadanie lies in a particular class relative to a particular “reasonable” machine, it will lie in that class relative to any “reasonable” machine. For example, as mentioned above, the time complexity of binary search depends on whether a Turing machine or a random access machine is used; obuwie regardless of the machine choice, it lies in P, the class of polynomial-time algorithms. In general, P is considered a machine-independent class because any operation that can be simulated in polynomial time can be assumed to require constant time, since it can be treated as a subroutine without exceeding the polynomial-time bound.

Oracle machines are machines that have a specific operation that they can perform in constant time; this operation can be arbitrarily complex and can dramatically affect the complexity of algorithms performed on the machine. For example, if one has an oracle to solve any NP-complete zagadnienie, then any temat in NP can be solved in polynomial time (whereas without the oracle, no polynomial-time algorithm is known for many of these problems). Oracle machines are impractical to construct obuwie useful in theory for determining which proof techniques will be effective.

Metric being measured

It’s typical to say without qualification that insertion sort requires O(n2) time; however, it doesn’t make sense to say that the bit complexity of insertion sort is O(n2), unless the elements being sorted are of constant size. If the elements are assumed to be integers between 1 and n, then the word complexity where words have log n bits would be O(n2), obuwie it’s preferable to have a wzornik that allows sorting of lists other than lists of small integers, such as lists of strings. In this case, instead of measuring the number of time steps the abstract machine takes, it’s preferable to define a particular metric appropriate to the temat at hand. For comparison sort algorithms, which examine the input using only comparisons and modify it using only exchanges (swaps), the typical metric is either the number of faktor comparisons performed, the number of faktor exchanges performed, or the sum of these. Different comparison sort algorithms can be compared using these metrics, obuwie for useful comparison with non-comparison sorting algorithms, such as radix sort, a different metric must be used, and the set of elements must be restricted.

Because disk operations are orders of magnitude slower than accesses to main memory, the typical metric used in disk-based algorithms is the number of disk seeks or the number of blocks read from the disk, which depend on both the input and the parameters of the disk. RAM accesses and CPU operations are “free.” Similarly, in many models used to study prekluzja structures, such as the cache-oblivious forma, operations on cached prekluzja are considered “free” because they are typically orders of magnitude faster in practice than access to main memory. Consequently, the typical metric used is the number of cache misses, which depends on both the input and parameters of the cache.

Retrieved from “http://en.wikipedia.org/wiki/Context_of_computational_complexity”
Categories: Computer science

Inter-protocol exploitation is a security vulnerability in the fundamentals of the communication protocols used in the Sieć. It was discovered in 2007 and publicly announced in research of the same year. Net protocol implementations allow for the possibility of encapsulating exploit code to compromise a remote oprogramowanie which uses a different protocol. Inter-protocol exploitation is where one protocol attacks a service running a different protocol. This is a legacy kwestia because the specifications of the protocols did not take into consideration an attack of this type.

Contents

• 1 Technical Details
• 2 Current Implications
• 3 References
• 4 External

//

Technical Details

The two protocols involved in the vulnerability are the carrier and target. The carrier encapsulates the exploit code and the target protocol is used for communication by the intended victim service. Inter-protocol exploitation will be successful if the carrier protocol can encapsulate the exploit code which can take advantage of a target service. Also, there may be other preconditions depending on the complexity of the vulnerability.

Current Implications

One of the major points of concern is the potential for this attack vector to reach through firewalls and DMZs. Inter-protocol exploits can be transmitted over HTTP and launched from web browsers on an internal subnet. An important point is the web browser is not exploited though any conventional means.

References

1. ^ “Inter-protocol Exploitation” (2007-03-05).

External

http://www.theregister.co.uk/2007/06/27/wade_alcorn_metasploit_interview/

Retrieved from “http://en.wikipedia.org/wiki/Inter-protocol_Exploitation”
Categories: Computer security | Electronic commerce | Secure communication | Computer network security | Security exploits | Injection exploits

This article or section needs copy editing for grammar, style, cohesion, tone or spelling.
You can assist by editing it now. A how-to guide is available. (July 2007)

This article or section is missing citations or needs footnotes.
Using inline citations helps guard against copyright violations and factual inaccuracies. (November 2007)

This article describes how security can be achieved through wzornictwo and engineering. See the computer insecurity article for an alternative approach that describes computer security exploits and defenses.

Computer security is a branch of technology known as information security as applied to computers. The objective of computer security varies and can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy.

Computer security imposes requirements on computers that are different from most organizm requirements because they often take the form of constraints on what computers are not supposed to do. This makes computer security particularly challenging because we find it hard enough just to make computer programs do everything they are designed to do correctly. Furthermore, negative requirements are deceptively complicated to satisfy and require exhaustive testing to verify, which is impractical for most computer programs. Computer security provides a technical strategy to convert negative requirements to positive enforceable rules. For this reason, computer security is often more technical and mathematical than some computer science fields.

Typical approaches to improving computer security (in approximate odznaczenie of strength) can include the following:

• Physically zakres access to computers to only those who will not compromise security.
• Hardware mechanisms that impose rules on computer programs, thus avoiding depending on computer programs for computer security.
• Operating układ mechanisms that impose rules on programs to avoid trusting computer programs.
• Programming strategies to make computer programs dependable and resist subversion.

Contents

• 1 Secure operating systems
• 2 Security architecture
• 3 Security by design
  • 3.1 Early history of security by design
• 4 Secure coding
• 5 Capabilities vs. ACLs
• 6 Applications
  • 6.1 In aviation
    • 6.1.1 Notable układ accidents
• 7 Terminology
• 8 Notes
• 9 References
• 10 Further reading
• 11 See also

//

Secure operating systems

One use of the term computer security refers to technology to implement a secure operating ustrój. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to układ management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating układ kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-LaPadula forma. The strategy is based on a coupling of special microprocessor sprzęt features, often involving the memory management unit, to a special correctly implemented operating ustrój kernel. This forms the foundation for a secure operating organizm which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, obuwie in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The stylistyka methodology to produce such secure systems is precise, deterministic and logical.

Systems designed with such methodology represent the state of the art of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the termin of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level (Orange Book A-1) to operate over the range of “Top Secret” to “unclassified” (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the stylistyka strategy, obuwie also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components, security functionality and assurance level (such as EAL levels), and these are specified in a Protection Profile for requirements and a Security Target for product descriptions. None of these ultra-high assurance secure general purpose operating systems have been produced for decades or certified under the Common Criteria.

Secure operating systems designed to meet środek masowego przekazu robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Mass-medium robust systems typically provide nearly all of the security features of the most advanced secure operating systems obuwie do so at a lower assurance level (such as EAL4 or EAL5). These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the termin stored on these systems obuwie also to provide a high level of protection for network connections and routing services.

Security architecture

Security Architecture can be defined as the estetyka artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall information technology architecture. These controls serve the purpose to maintain the system’s quality attributes, among them confidentiality, integrity, availability, accountability and assurance.”. In simpler words, a security architecture is the program that shows where security measures need to be placed. If the program describes a specific solution then, prior to building such a program, one would make a risk analysis. If the projekt describes a generic high level wzornictwo then (reference architecture) then the projekt should be based on a threat analysis.

Security by design

The technologies of computer security are based on logic. There is no universal kanon notion of what secure behavior is. “Security” is a concept that is unique to each situation. Security is extraneous to the function of a computer application, rather than ancillary to it, thus security necessarily imposes restrictions on the application’s behavior.

There are several approaches to security in computing, sometimes a combination of approaches is valid:

1. Trust all the software to abide by a security policy obuwie the software is not trustworthy (this is computer insecurity).
2. Trust all the software to abide by a security policy and the software is validated as trustworthy (by tedious branch and path analysis for example).
3. Trust no software obuwie enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity).
4. Trust no software obuwie enforce a security policy with trustworthy mechanisms.

Many systems have unintentionally resulted in the first possibility. Since approach two is expensive and non-deterministic, its use is very limited. Approaches one and three lead to failure. Because approach number four is often based on sprzęt mechanisms and avoids abstractions and a multiplicity of degrees of freedom, it is more practical. Combinations of approaches two and four are often used in a layered architecture with thin layers of two and thick layers of four.

There are myriad strategies and techniques used to stylistyka security systems. There are few, if any, effective strategies to enhance security after design.

One technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function. That way even if an attacker gains access to one part of the organizm, fine-grained security ensures that it is just as difficult for them to access the rest.

Furthermore, by breaking the układ up into smaller components, the complexity of individual components is reduced, opening up the possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. This enables a closed form solution to security that works well when only a single well-characterized property can be isolated as critical, and that property is also assessable to math. Not surprisingly, it is impractical for generalized correctness, which probably cannot even be defined, much less proven. Where formal correctness proofs are not possible, rigorous use of code review and unit testing represent a best-effort approach to make modules secure.

The wygląd should use “defense in depth”, where more than one subsystem needs to be violated to compromise the integrity of the organizm and the information it holds. Defense in depth works when the breaching of one security measure does not provide a platform to facilitate subverting another. Also, the cascading principle acknowledges that several low hurdles does not make a high hurdle. So cascading several weak mechanisms does not provide the safety of a single stronger mechanism.

Subsystems should default to secure settings, and wherever possible should be designed to “fail secure” rather than “fail insecure” (see fail safe for the equivalent in safety engineering). Ideally, a secure układ should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in medal to make it insecure.

In addition, security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable. Full audit trails should be kept of ustrój activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are found the “window of vulnerability” is kept as short as possible.

Early history of security by design

The early Multics operating układ was notable for its early emphasis on computer security by image, and Multics was possibly the very first operating ustrój to be designed as a secure układ from the ground up. In spite of this, Multics’ security was broken, not once, obuwie repeatedly. The strategy was known as ‘penetrate and egzamin’ and has become widely known as a non-terminating process that fails to produce computer security. This led to further work on computer security that prefigured modern security engineering techniques producing closed form processes that terminate.

Secure coding

If the operating environment is not based on a secure operating organizm capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the układ from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a ‘low security’ category because they rely on features not supported by secure operating systems (like portability, et al.). In low security operating environments, applications must be relied on to participate in their own protection. There are ‘best effort’ secure coding practices that can be followed to make an application more resistant to malicious subversion.

In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, numer string vulnerabilities, integer overflow, and code/command injection.

Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, “Secure Coding in C and C++”). Other languages, such as Java, are more resistant to some of these defects, obuwie are still prone to code/command injection and other software defects which facilitate subversion.

Recently another bad coding practice has come under scrutiny; dangling pointers. The first known exploit for this particular zagadnienie was presented in July 2007. Before this publication the rzecz was known obuwie considered to be academic and not practically exploitable.

In summary, ’secure coding’ can provide significant payback in low security operating environments, and therefore worth the effort. Still there is no known way to provide a reliable degree of subversion resistance with any degree or combination of ’secure coding.’

Capabilities vs. ACLs

Within computer systems, the two fundamental means of enforcing privilege separation are access control lists (ACLs) and capabilities. The semantics of ACLs have been proven to be insecure in many situations (e.g., Confused deputy zagadnienie). It has also been shown that ACL’s promise of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities. This does not mean practical flaws exist in all ACL-based systems, obuwie only that the designers of certain utilities must take responsibility to ensure that they do not introduce flaws.

Unfortunately, for various historical reasons, capabilities have been mostly restricted to research operating systems and commercial OSs still use ACLs. Capabilities can, however, also be implemented at the language level, leading to a style of programming that is essentially a refinement of kanon object-oriented stylistyka. An open source project in the area is the E language.

First the Plessey Organizm 250 and then Cambridge CAP computer demonstrated the use of capabilities, both in sprzęt and software, in the 1970s, so this technology is hardly new. A reason for the lack of adoption of capabilities may be that ACLs appeared to offer a ‘quick fix’ for security without pervasive redesign of the operating układ and hardware.

The most secure computers are those not connected to the Sieć and shielded from any interference. In the real world, the most security comes from operating systems where security is not an add-on, such as OS/400 from IBM. This almost never shows up in lists of vulnerabilities for good reason. Years may elapse between one zadanie needing remediation and the next.

A good example of a secure układ is EROS. Obuwie see also the article on secure operating systems. TrustedBSD is an example of an open source project with a goal, among other things, of building capability functionality into the FreeBSD operating układ. Much of the work is already done.

Applications

Computer security is critical in almost any technology-driven industry which operates on computer systems. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry.

In aviation

The aviation industry is especially important when analyzing computer security because the involved risks include expensive equipment and obciążenie, transportation infrastructure, and human life. Security can be compromised by sprzęt and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.

The consequences of a successful deliberate or inadvertent misuse of a computer organizm in the aviation industry range from loss of confidentiality to loss of organizm integrity, which may lead to more serious concerns such as termin theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.

A proper attack does not need to be very high tech or well funded for a power outage at an airport alone can cause repercussions worldwide. . One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radiofonia frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past. Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar’s sight controllers must rely on periodic radiofonia communications with a third party.

Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.

Notable ustrój accidents

In 1983, Korean Airlines Flight 007, a Boeing 747 was shot down by Soviet Su-15 jets after a navigation computer malfunction caused the aircraft to steer 185 miles off course into Soviet Union airspace. All 269 passengers were killed.

In 1994, over a hundred intrusions were made by unidentified hackers into the Rome Laboratory, the US Air Force’s main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome’s networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking odznaczenie systems prekluzja and furthermore able to penetrate connected networks of National Aeronautics and Space Administration’s Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.

Electromagnetic interference is another threat to computer safety and in 1989, a United States Air Force F-16 jet accidentally dropped a 230 kg bomb in West Georgia after unspecified interference caused the jet’s computers to release it.

A similar telecommunications accident also happened in 1994, when two UH-60 Blackhawk helicopters were destroyed by F-15 aircraft in Iraq because the IFF system’s encryption ustrój malfunctioned.

Terminology

The following terms used in engineering secure systems are explained below.

• Firewalls can either be sprzęt devices or software programs. They provide some protection from online intrusion, obuwie since they allow some applications (e.g. web browsers) to connect to the Sieć, they don’t protect against some unpatched vulnerabilities in these applications (e.g. lists of known unpatched holes from Secunia and SecurityFocus).

• Automated theorem proving and other verification tools can enable critical algorithms and code used in secure systems to be mathematically proven to meet their specifications.
• Thus simple microkernels can be written so that we can be sure they don’t contain any bugs: eg EROS and Coyotos.

A bigger OS, capable of providing a kanon API like POSIX, can be built on a secure microkernel using small API servers running as normal programs. If one of these API servers has a bug, the kernel and the other servers are not affected: e.g. Hurd or Minix 3.

• Cryptographic techniques can be used to defend termin in transit between systems, reducing the probability that termin exchanged between systems can be intercepted or modified.
• Strong authentication techniques can be used to ensure that communication end-points are who they say they are.

Secure cryptoprocessors can be used to leverage physical security techniques into protecting the security of the computer system.

• Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified as authentic by the system’s designers.
• Mandatory access control can be used to ensure that privileged access is withdrawn when privileges are revoked. For example, deleting a user account should also autostop any processes that are running with that user’s privileges.
• Capability and access control list techniques can be used to ensure privilege separation and mandatory access control. The next sections discuss their use.

Some of the following items may belong to the computer insecurity article:

• application with known security flaws should not be krach. Either leave it turned off until it can be patched or otherwise fixed, or delete it and replace it with some other application. Publicly known flaws are the main entry used by worms to automatically break into a układ and then spread to other systems connected to it. The security website Secunia provides a search tool for unpatched known flaws in popular products.

Cryptographic techniques involve transforming information, scrambling it so it becomes unreadable during transmission. The intended recipient can unscramble the message, obuwie eavesdroppers cannot.

• Backups are a way of securing information; they are another copy of all the important computer files kept in another location. These files are kept on hard disks, CD-Rs, CD-RWs, and tapes. Suggested locations for backups are a fireproof, waterproof, and heat proof safe, or in a separate, offsite location than that in which the original files are contained. Some individuals and companies also keep their backups in safe deposit boxes inside pula vaults. There is also a fourth option, which involves using one of the file hosting services that backs up files over the Sieć for both business and individuals.
  • Backups are also important for reasons other than security. Natural disasters, such as earthquakes, hurricanes, or tornadoes, may strike the building where the computer is located. The building can be on fire, or an explosion may occur. There needs to be a recent backup at an alternate secure location, in case of such kind of disaster. Further, it is recommended that the alternate location be placed where the same disaster would not affect both locations. Examples of alternate disaster recovery sites being compromised by the same disaster that affects the primary site include having had a primary site in World Trade Center I and the recovery site in 7 World Trade Center, both of which were destroyed in the 9/11 attack, and having one’s primary site and recovery site in the same coastal strefa, which leads to both being vulnerable to hurricane damage (e.g. primary site in New Orleans and recovery site in Jefferson Parish, both of which were przebój by Hurricane Katrina in 2005). The backup publikatory should be moved between the geographic sites in a secure manner, in medal to prevent them from being stolen.

• Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).

• Firewalls are systems which help protect computers and computer networks from attack and subsequent intrusion by restricting the network traffic which can pass through them, based on a set of ustrój zarządca defined rules.

• Access authorization restricts access to a computer to group of users through the use of authentication systems. These systems can protect either the whole computer - such as through an interactive logon screen - or individual services, such as an FTP server. There are many methods for identifying and authenticating users, such as passwords, identification cards, and, more recently, smart cards and biometric systems.

• Encryption is used to protect the message from the eyes of others. It can be done in several ways by switching the characters around, replacing characters with others, and even removing characters from the message. These have to be used in combination to make the encryption secure enough, that is to say, sufficiently difficult to crack. Public key encryption is a refined and practical way of doing encryption. It allows for example anyone to write a message for a list of recipients, and only those recipients will be able to read that message.
• Intrusion-detection systems can scan a network for people that are on the network obuwie who should not be there or are doing things that they should not be doing, for example trying a przelot of passwords to gain access to the network.
• Pinging The ping application can be used by potential crackers to find if an IP address is reachable. If a włamywacz finds a computer they can try a przystań scan to detect and attack services on that computer.
• Social engineering awareness keeps employees aware of the dangers of social engineering and/or having a policy in place to prevent social engineering can reduce successful breaches of the network and servers.
• Honey pots are computers that are either intentionally or unintentionally left vulnerable to attack by crackers. They can be used to catch crackers or fix vulnerabilities.

Notes

1. ^ Definitions: IT Security Architecture. SecurityArchitecture.org, Jan, 2008
2. ^ New hacking technique exploits common programming error. SearchSecurity.com, July 2007
3. ^ J. C. Willemssen, “FAA Computer Security”. GAO/T-AIMD-00-330. Presented at Committee on Science, House of Representatives, 2000.
4. ^ P. G. Neumann, “Computer Security in Aviation,” presented at International Conference on Aviation Safety and Security in the 21st Century, White House Commission on Safety and Security, 1997.
5. ^ J. Zellan, Aviation Security. Hauppauge, NY: Nova Science, 2003, pp. 65-70.
6. ^ KAL Flight 007. Check-six.com, Mar 2008
7. ^ Information Security. United States Department of Defense, 1986
8. ^ Air Force Bombs Georgia. The Risks Digest, vol. 8, no. 72, May 1989

References

• Ross J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, ISBN 0-471-38922-6
• Bruce Schneier: Secrets & Lies: Digital Security in a Networked World, ISBN 0-471-25311-1
• Robert C. Seacord: Secure Coding in C and C++. Addison Wesley, September, 2005. ISBN 0-321-33572-4
• Paul A. Karger, Roger R. Schell: Thirty Years Later: Lessons from the Multics Security Evaluation, IBM white paper.
• Clifford Stoll: Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Pocket Books, ISBN 0-7434-1146-3
• Stephen Haag, Maeve Cummings, Donald McCubbrey, Alain Pinsonneault, Richard Donovan: Management Information Systems for the information age, ISBN 0-07-091120-7
• Peter G. Neumann: Principled Assuredly Trustworthy Composable Architectures 2004
• Morrie Gasser: Building a secure computer system ISBN 0-442-23022-2 1988
• E. Stewart Lee: Essays about Computer Security Cambridge, 1999

Further reading

Wikibooks has a book on the topic of
The Information Age

• The Information Age - an e-primer providing a comprehensive review of the digital and information and communications technology revolutions and how they are changing the economy and society. The primer also addresses the challenges arising from the widening digital divide.
• pwn2own - a $25,000 computer security competition in which competitors are challenged to create a previously unknown security exploit and fully penetrate security on a correctly patched Windows, Mac or Linux computer. The 2007 winner took 12 hours to crack Mac OS X security via a vulnerability later classified as “highly critical” by Secunia .
• Boeing 787 Integration - Avionics Magazine provides an overview of computer systems and their security and integration upon Boeing’s latest and largest long-range airliner, including networking and fly-by-wire concerns.
• Security presentations for how to secure yourself and stay safe online.

Computer security portal

See also

• Attack tree
• Authentication
• Authorization
• CERT
• Chaos Computer Club
• Computer security model
• Cryptography
• Cyber security standards
• Data security
• Differentiated security
• Fault tolerance
• Firewalls
• Formal methods
• Human-computer interaction (security)

• Identity management
• ISO/IEC 15408
• Internet privacy
• Information Leak Prevention
• Network security
• Proactive Cyber Defence
• Penetration test
• Physical information security
• Physical security
• OWASP
• Security Architecture
• Separation of protection and security
• Timeline of hacker history
• Wireless LAN Security

Retrieved from “http://en.wikipedia.org/wiki/Computer_security”
Categories: Computer security | Electronic commerce | Secure communication | Computer network securityHidden categories: Wikipedia articles needing copy edit from July 2007 | All articles needing copy edit | Articles with unsourced statements since November 2007 | All articles with unsourced statements | Articles with unsourced statements since March 2008

This article does not cite any references or sources. (September 2007)
Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed.

An acceptable use policy (AUP; also sometimes acceptable usage policy) is a set of rules applied by network and website owners which restrict the ways in which the network or site may be used. AUP documents are written for corporations, businesses, universities, schools, and website owners often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.

Acceptable use policies are also integral to the framework of information security policies; it is often common practice to ask new members of an organization to sign an AUP before they are given access to its information systems. For this reason, an AUP must be concise and clear, while at the same time covering the most important points about what users are, and are not, allowed to do with the IT systems of an organization. It should refer users to the more comprehensive security policy where relevant. It should also, and very notably, define what sanctions will be applied if a user breaks the AUP. Compliance with this policy should, as usual, be measured by regular audits.

Contents

• 1 Terminology
• 2 Common elements of AUP statements
• 3 Enforceability
• 4 External links

//

Terminology

AUP documents are similar to and often doing the same job as a document labelled Terms of Service for example, as used by Google Gmail and Yahoo!, although not in every instance, as in the case of IBM.com where the Terms of Use is about the way in which IBM presents the site for you, and how they will interact with you using the site with little to no instruction as to how you, the user, will use the site.

In some cases, AUP documents are named Net and Poczta elektroniczna policy, Net AUP, or Network AUP and also Acceptable IT Use Policy. These documents, even though named differently, largely provide policy statements as to what behaviour is acceptable from users of the local network/Internet connected via the local network.

Common elements of AUP statements

In general, AUP statements/documents often begin with a statement of the philosophy of the sponsoring organization and intended reason as to why Net use is offered to the users of that organisation’s network. For example, the sponsoring organisation adopts a philosophy of self-regulation and offers the user connection to the local network and also connection to the Net providing that the user accepts the fact she/he is going to be personally responsible for actions taken when connected to the network or Sieć. This may mean that the organisation is not going to provide any warning organizm should the user contravene policy, maintaining that it is up to the user to know when his/her actions are in violation of policy. ss Often Acceptable Use Policy documents provide a statement about the use of the network and/or Net and its uses and advantages to the business, school or other organization sponsoring connection to the Net. Such a statement may outline the benefit of email systems, ability to gain information from websites, connection with other people through the use of instant messaging, and other similar benefits of various protocols including the relatively new VoiP services.

The most important part of an AUP document is the code of conduct governing the behaviour of a user whilst connected to the network/Internet. The code of conduct may include some description of what may be called netiquette which includes such items of conduct as using appropriate/polite language while online, avoiding illegal activities, ensuring that activities the user may embark on should not disturb or disrupt any other user on the układ, and caution not to reveal personal information that could be the cause of identity theft.

Most AUP statements outline consequences of violating the policy. Such violations are met with consequences depending on the relationship of the user with the organization. Common actions that schools and universities take is to withdraw the service to the violator and sometimes if the activities are illegal the organization may involve appropriate authorities, such as the local police. Employers will at times withdraw the service from employees, although a more common action is to terminate employment when violations may be hurting the employer in some way, or may compromise security. Earthlink, an American Sieć service provider has a very clear policy relating to violations of its policy. The company identifies six levels of response to violations:

• issue warnings: written or verbal
• suspend the Member’s newsgroup posting privileges
• suspend the Member’s account
• terminate the Member’s account
• bill the Member for administrative costs and/or reactivation charges
• bring legal action to enjoin violations and/or to collect damages, if any, caused by violations.

Central to most AUP documents is the section detailing unacceptable uses of the network, as displayed in the University of Chicago AUP. Unacceptable behaviours may include creation and transmission of offensive, obscene, or indecent document or images, creation and transmission of material which is designed to cause annoyance, inconvenience or anxiety, creation of defamatory material, creation and transmission that infringes copyright of another person, transmission of unsolicited commercial or advertising material and deliberate unauthorised access to other services accessible using the connection to the network/Internet. Then there is the type of activity that uses the network to waste time, as indicated in SurfControl’s advice on writing AUPs, of technical staff to troubleshoot a zagadnienie for which the user is the cause, corrupting or destroying other user’s prekluzja, violating the privacy of others online, using the network in such a way that it denies the service to others, continuing to use software or other ustrój for which the user has already been warned about using, and any other misuse of the network such as introduction of viruses.

Disclaimers are often added in medal to absolve an organisation from responsibility under specific circumstances. For example, in the case of Albion Ruskin University a disclaimer is added absolving the University for errors or omissions or for any consequences arising from the use of information contained on the University website. While disclaimers may be added to any AUP, disclaimers are most often found on AUP documents relating to the use of a website while those offering a service fail to add such clauses. PsychologyUK, a magazine arena site, includes the type of disclaimer that can be used in an AUP for a website or online service of some type.

Particularly when an AUP is written for a college or school setting, AUPs remind students (or when in the case of a company, employees) that connection to the Net, or use of a website, is a privilege, as demonstrated in the Loughborough University’s Janet Service AUP and not a right. Through emphasising this “privilege” aspect, Northern Illinois University then make the connection that any abuse of that privilege can result in legal action from the University.

In a handbook for writing AUP documents, the Virginia Department of Education indicate that there are three other areas needing to be addressed in an AUP:

• a statement that the AUP is in compliance with state and national telecommunication rules and regulations
• a statement regarding the need to maintain personal safety and privacy while accessing the Internet
• a statement regarding the need to comply with Fair Use Laws and other copyright regulations while accessing the Internet

Through a cursory reading of AUP statements found by a Google Search the variation of AUP documents including each of these items is highly variable. However, those statements in a school or university setting are more likely to include a statement to address at least the “personal safety” issue.

Enforceability

As displayed in a small company’s website AUP, Taglab, the enforceability of an AUP may be partly determined on including wording that preserves the enforceability of an AUP, particularly if part of an AUP is found to be void for whatever reason, and if a company decides to add to or change the AUP. Taglab’s statements regarding enforceability include: b

6.1 If any provision of this AUP or part thereof shall be void for whatever reason, the offending words shall be deemed deleted and the remaining provisions shall continue in full force and effect.

6.2 The Company reserves the right to add, delete or modify any provision of this Policy at any time without notice, effective upon posting of the modified Policy at http://www.taglab.com/contact/acceptableusepolicy.html

6.3 This Policy shall be governed by the laws of England and the parties submit to the exclusive jurisdiction of the Courts of England and Wales.

And of course with the ever widening of the number of jurisdictions covered by the Sieć, the AUP document needs to indicate the jurisdiction , meaning the laws that are applicable and govern the use of an AUP. Even if a company is only located in one jurisdiction and the AUP applies to only its employees naming the jurisdiction saves difficulties of interpretation should legal action be required to enforce its statements.

External links

• Examples of spam-banning AUPs
• Essay on AUPs of educational organizations
• Yahoo!
• Earthlink ISP - consequences of violating
• Entanet, a UK example of an AUP
• visionGATEWAY Email and Net Use Policy (PDF format)
• SurfControl’s advice on writing AUPs (PDF format)
• Virginia Department of Education Handbook for writing AUP documents
• SANS sample AUP (PDF format)
• School/College (Republic of Ireland) IT AUP, released on the GFDL
• The SANS Security Policy Project provides a free collection of policies and policy templates.

Retrieved from “http://en.wikipedia.org/wiki/Acceptable_use_policy”
Categories: Internet | Sieć culture | Poczta elektroniczna | Etiquette | Computer securityHidden categories: Articles lacking sources from September 2007 | All articles lacking sources