-

In the late 1960s, IBM initiated a Lucifer research project, led by Horst Feistel, for computer cryptography. This project ended in 1971 and LUCIFER was first known as a block cipher that operated on blocks of 64 bits, using a key size of 128 bits. Soon after this IBM embarked on another effort to develop a commercial encryption scheme, which was later called DES.

This research effort was led by Walter Tuchman. The outcome of this effort was a refined version of Lucifer that was more resistant to cryptanalysis. In 1973, the National Bureau of Standards (NBS), now the National Institute of Standards and Technology (NIST), issued a public request for proposals for a national cipher standard. IBM submitted the research results of the DES project as a possible candidate.

The NBS requested the National Security Agency (NSA) to evaluate the algorithm’s security and to determine its suitability as a federal standard. In November 1976, the Data Encryption Standard was adopted as a federal standard and authorised for use on all unclassified US government communications. The official description of the standard, FIPS PUB 46, Data Encryption Standard was published on 15 January 1977.


The DES algorithm was the best one proposed and was adopted in 1977 as the Data Encryption Standard even though there was much criticism of its key length (which had changed from Lucifer’s original 128 bits to 64 bits) and the design criteria for the internal structure of DES, i.e., S-box. Nevertheless, DES has survived remarkably well over 20 years of intense cryptanalysis and has been a worldwide standard for over 18 years. The recent work on differential cryptanalysis seems to indicate that DES has a very strong internal structure.

Since the terms of the standard stipulate that it be reviewed every five years, on 6 March 1987 the NBS published in the Federal Register a request for comments on the second five-year review. The comment period closed on 10 December 1992. After much debate, DES was reaffirmed as a US government standard until 1992 because there was still no alternative for DES. The NIST again solicited a review to assess the continued adequacy of DES to protect computer data.

In 1993, NIST formally solicited comments on the recertification of DES. After reviewing many comments and technical inputs, NIST recommend that the useful lifetime of DES would end in the late 1990s. In 2001, the Advanced Encryption Standard (AES), known as the Rijndael algorithm, became an FIPSapproved advanced symmetric cipher algorithm. AES will be a strong advanced algorithm in lieu of DES.

The DES is now a basic security device employed by worldwide organisations. herefore,it is likely that DES will continue to provide network communications, stored data, passwords and access control systems.


This is what all about the DES. Data Encryption Technique and its some little history about it.


Enjoy.....

-


Providing effective computer security requires a comprehensive approach that considers a variety of areas both within and outside of the computer security field. This comprehensive approach extends throughout the entire information life cycle.

1 Interdependencies of Security Controls :

To work effectively, security controls often depend upon the proper functioning of other controls. In fact, many such interdependencies exist. If appropriately chosen, managerial, operational, and technical controls can work together synergistically. On the other hand, without a firm understanding of the interdependencies of security controls, they can actually undermine one another. For example, without proper training on how and when to use a virus-detection package, the user may apply the package incorrectly and, therefore, ineffectively. As a result, the user may mistakenly believe that their system will always be virus-free and may inadvertently spread a virus. In reality, these interdependencies are usually more complicated and difficult to ascertain.

2 Other Interdependencies :

The effectiveness of security controls also depends on such factors as system management, legal issues, quality assurance, and internal and management controls. Computer security needs to work with traditional security disciplines including physical and personnel security. Many other important interdependencies exist that are often unique to the organization or system environment. Managers should recognize how computer security relates to other areas of systems and organizational management.

3Computer Security Should Be Periodically Reassessed :

Computers and the environments they operate in are dynamic. System technology and users, data and information in the systems, risks associated with the system and, therefore, security requirements are ever-changing. Many types of changes affect system security: technological developments (whether adopted by the system owner or available for use by others); connecting to external networks; a change in the value or use of information; or the emergence of a new threat. In addition, security is never perfect when a system is implemented. System users and operators discover new ways to intentionally or unintentionally bypass or subvert security. Changes in the system or the environment can create new vulnerabilities. Strict adherence to procedures is rare, and procedures become outdated over time. All of these issues make it necessary to reassess the security of computer systems.


Here i just changed my topic from Internet Hardwares and Protocols to Computer Security.


Enjoy.....

-


The purpose of computer security is to protect an organization's valuable resources, such as information, hardware, and software. Through the selection and application of appropriate safeguards, security helps the organization's mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. Unfortunately, security is sometimes viewed as thwarting the mission of the organization by imposing poorly selected, bothersome rules and procedures on users, managers, and systems. On the contrary, well-chosen security rules and procedures do not exist for their own sake they are put in place to protect important assets and thereby support the overall organizational mission. Security, therefore, is a means to an end and not an end in itself. For example, in a private- sector business, having good security is usually secondary to the need to make a profit. Security, then, ought to increase the firm's ability to make a profit. In a public-sector agency, security is usually secondary to the agency's service provided to citizens. Security, then, ought to help improve the service provided to the citizen.To act on this, managers need to
understand both their organizational mission and how each information
system supports that mission. After a system's role has been defined, the
security requirements implicit in that role can be defined. Security can then
be explicitly stated in terms of the organization's mission.
The roles and functions of a system may not be constrained to a single
organization. In an interorganizational system, each organization benefits from
securing the system. For example, for electronic commerce to be successful,
each of the participants requires security controls to protect their resources.
However, good security on the buyer's system also benefits the seller; the
buyer's system is less likely to be used for fraud or to be unavailable or
otherwise negatively affect the seller. (The reverse is also true.)


Here i just changed my topic from computer hardwares and the protocols to the computer security.


Enjoy.....

-


Information and computer systems are often critical assets that support the mission of an organization. Protecting them can be as critical as protecting other organizational resources, such as money, physical assets, or employees. However, including security considerations in the management of information and computers does not completely eliminate the possibility that these assets will be harmed. Ultimately, organization managers have to decide what the level of risk they are willing to accept, taking into account the cost of security controls.

As with many other resources, the management of information and computers may transcend organizational boundaries. When an organization's information and computer systems are linked with external systems, management's responsibilities also extend beyond the organization.

his may require that management (1) know what general level or type of security is employed on the external system(s) or (2) seek assurance that the external system provides adequate security for the using organization's needs.


Here i just changed my topic from Internet Hardwares and Protocols to Computer Security.


Enjoy.....

-


Computer Security Should Be Cost-Effective. The costs and benefits of security should be carefully examined in both monetary and nonmonetary terms to ensure that the cost of controls does not exceed expected benefits. Security should be appropriate and proportionate to the value of and degree of reliance on the computer systems and to the severity, probability and extent of potential harm. Requirements for security vary, depending upon the particular computer system.

In general, security is a smart business practice. By investing in security measures, an organization can reduce the frequency and severity of computer security-related losses. For example, an organization may estimate that it is experiencing significant losses per year in inventory through fraudulent manipulation of its computer system. Security easures, such as an improved access control system, may significantly reduce the loss. Moreover, a sound security program can thwart hackers and can reduce the requency of viruses. Elimination of these kinds of threats can reduce unfavorable publicity as well as increase morale and productivity. Security benefits, however, do have both direct and indirect costs.

Direct costs include purchasing, installing, and administering security measures, such as access control software or fire-suppression systems. Additionally, security measures can sometimes affect system performance, employee morale, or retraining requirements. All of these have to be considered in addition to the basic cost of the control itself. In many cases, these additional costs may well exceed the initial cost of the control (as is often seen,

for example, in the costs of administering an access control package). Solutions to security problems should not be chosen if they cost more, directly or indirectly, than simply tolerating the problem.


Here i just changed my topic from Internet Hardawers and Protocols to Computer Security.


Enjoy.....

-


Computer Security Responsibilities and Accountability Should Be Made Explicit. The responsibilities and accountability of owners, providers, and users of computer systems and 10 other parties concerned with the security of computer systems should be explicit. The 11 12 assignment of responsibilities may be internal to an organization or may extend across organizational boundaries.

Depending on the size of the organization, the program may be large or small, even a collateral duty of another management official. However, even small organizations can prepare a document that states organization policy and makes explicit computer security responsibilities.

This element does not specify that individual accountability must be provided for on all systems. For example, many information dissemination systems do not require user identification and, therefore, cannot hold users accountable


Here i just changed my topic from Internet Hardwares and Protocols to Computer Security.


Enjoy.....