计算机安全技术在电子商务中的应用探讨

电子商务目前是非常热门的一个词语,可以说在社会的任何一个角度都可以发现它的影子,但是安全技术是大家比较容易忽略的一个问题,而在实际过程中却是一个很重要的问题,计算机安全技术在电子商务中是非常重要的。本文主要围绕这个内容做详细阐述。     

基于多媒体应用的安全研究

网络的迅猛发展,让多媒体的应用更加广泛,多媒体的安全问题受到了越来越多的关注。本文首先对安全的相关技术进行了详细分析,描述了PKI/PMI技术及XML安全技术;其次对多媒体应用的安全框架进行了详细的分析和论述,将其分为三个层次模块,对每个模块进行初步的介绍;最后对部分模块的实现进行了分析。本文对于研究IT安全和多媒体工作人员有着积极的作用。     

对中小商业银行等级保护咨询服务探讨与研究

本文力求全面剖析中小商业银行的等级保护咨询服务项目,帮助将要开展信息安全等级保护的咨询方和银行信息安全管理者明确等级保护的咨询服务所涵盖的内容及所能达到的目标。     

Code Analysis for Software and System Security Using Open Source Tools

ABSTRACT

Software security helps in identifying and managing risks. One of the effective ways to identify software vulnerabilities is to analyze its code. Code analysis (Chess & West, 2007 Chess, B. and West, J. 2007. Secure programming with static analysis, Boston, MA: Addison-Wesley.  [Google Scholar]) helps in catching common coding mistakes such as buffer overflow, unused variables, memory leaks, and various race conditions, which in turn optimizes computer programs, both in storage and computation aspects. Software developers use either open source tools or commercial tools for verification and validation of software. Without proper validation of a software/system using some standard guidelines, potential attackers can find ways to exploit vulnerabilities and bugs and then can gain control over a system, if they are successful. In this paper, we discuss some of the open source static code analysis and dynamic analysis tools, their merits, and limitations with respect to some target codes that contain possible threats. We consider C/C++ and Java programming languages for our experiments. For static code analyzers, we consider Flawfinder, Splint, and Cppcheck; PMD, Findbugs, and Valgrind for dynamic code analysis, and its plug-in, Memcheck, to perform dynamic analysis on executables. We provide our observations in a comparison table, highlighting these tools strengths and weaknesses.     

Social Engineering: Hacking the Wetware!

ABSTRACT

Social engineering is a methodology that allows an attacker to bypass technical controls by attacking the human element in an organization. There are many techniques commonly used in social engineering including but not limited to Trojan and phishing email messages, impersonation, persuasion, bribery, shoulder surfing, and dumpster diving. Hackers rely on social engineering attacks to bypass technical controls by focusing on the human factors. Social engineers often exploit the natural tendency people have toward trusting others who seem likeable or credible, deferring to authority or need to acquiesce to social conformity. Mitigation of social engineering begins with good policy and awareness training, but there are a number of other approaches an organization can take to defend against this type of an attack. Social engineering attacks are likely to increase, and it is becoming increasingly important for organizations to address this issue.     

Managing Your Security Future

ABSTRACT

Information technology organizations within most corporations are spending significant time and resources securing IT infrastructure. This increased need for security is driven by a number of factors. These factors include increased dependency on the Internet, financial and legal liability, protection of personal identity information and sensitive corporate data, increased numbers and age of legacy systems with limited vendor support, deploying complex systems, and new regulations governing corporate transactions. There a number of technologies on the market today that can mitigate most of these security factors. However, managers in IT organizations need to identify potential future threats and security technologies to assess and potentially mitigate risk through the deployment of those technologies. This article investigates three areas critical to the successful deployment and securing of information technology.     

Detecting Insider Threats: Solutions and Trends

ABSTRACT

Insider threats pose significant challenges to any organization. Many solutions have been proposed in the past to detect insider threats. Unfortunately, given the complexity of the problem and the human factors involved, many solutions which have been proposed face strict constraints and limitations when it comes to the working environment. As a result, many past insider threat solutions have in practice failed in their implementations. In this work, we review some of the recent insider threat detection solutions and explore their benefits and limitations. We also discuss insider threat issues for emerging areas such as cloud computing, virtualization, and social networking.     

An Approach for Validation of Digital Anti-Forensic Evidence

ABSTRACT

e-crime is increasing and e-criminals are becoming better at masking their activities. The task of forensic data analysis is becoming more difficult and a systematic approach towards evidence validation is necessary. With no standard validation framework, the skills and interpretation of forensic examiners are unchecked. Standard practices in forensics have emerged in recent years, but none has addressed the development of a model of valid digital evidence. Various security and forensic models exist, but they do not address the validity of the digital evidence collected. Research has addressed the issues of validation and verification of forensic software tools but failed to address the validation of forensic evidence. The forensic evidence collected using forensic software tools can be questioned using an anti-forensic approach. The research presented in this paper is not intended to question the skills of forensic examiners in using forensic software tools but rather to guide forensic examiners to look at evidence in an anti-forensic way. This paper proposes a formal procedure to validate evidence of computer crime.     

物联网在安全技术防范课程教学实践中的应用探析

物联网的三层体系结构感知层、传输层和应用层与安防系统的数据采集、传输、应用三个主要部分有诸多相似之处,这种相似为公安院校安全技术防范课程教学实践提供了一个崭新的思路。文中对物联网的基本概念、数据感知、数据传输以及数据处理技术在安全技术防范课程的理论与实践教学方面的应用进行了研究,并探讨了物联网在安全技术防范教学实践中所面临的主要问题。     

关于计算机的数据安全策略分析

随着计算机行业的发展,计算机安全技术问题已经渗透到了各行各业,同时计算机数据的安全问题越来越引人瞩目。文章从不同角度出发,对计算机的数据安全问题进行了讨论分析,并提出了解决计算机数据安全问题的一些办法。