Weekly Website: academicearth.org

With the revolution of the internet, online schooling is now a reality.  Many reputable Universities offer distance learning opportunities via the web.  Some courses would have to be purchased, however there are plenty of other topic materials that are uploaded free for the public good.  Academic Earth has a plethora of academic resources at great quality streams, categorized, and at no cost to you.  Just so you know, these are not   quick how-to videos.  It's a solid semester of respected professors through an assortment of subject matter.  In fact, it so closely simulates the college lecture expirence that I dozed off during class.

Pick your vice! From Science to Religion,  it's great to have this much access to remarkable knowledge.

Technical Difficulties

Data Encryption

Data encryption is one way to secure client information.  As fast as digital communications are secured, attackers will test the security method and attempt to breach the system.  To stay one step ahead and protect the data in your organization, you'll need to have an understanding of the fundamentals of data encryption  and the choices you have for implementing data encryption in your network.

All data encryption depends on the use of a key to control how information is encoded and decoded.  There are two main categories of key-based encryption.

• In shared-key, or symmetric, encryption systems, the same key is used both to encode and to decode the message. The secret key must somehow be communicated securely between the two parties to the communication.
• In key-pair, or asymmetric, encryption systems, each party has two keys: a public key, which anyone can obtain, and a private key, known only to the individual.  Anyone can use the public key to encrypt data; only the holder of the associated private key can decrypt it.

Data Encryption Standard (DES) is a shared-key encryption standard that is based on a 56-bit encryption key that includes an additional 8 parity bits. DES applies the encryption key to each 64-bit block of the message.  Triple DES or 3 DES is a more-secure variant of DES that uses three separate DES keys to repeatedly encode the message.

A digital certificate is an electronic document that associates credentials with a public key.  Both users and devices can hold certificates.  The certificate validates the certificate holder's identity and is also a way to distribute the holder's public key.  A server called a Certificate Authority (CA) issues certificates and the associated public/private key pairs.

Public Key Infrastructure (PKI) is a hierarchical system that is composed of CAs, certificates, software, services, and other cryptographic components, for the purpose of authenticating and validating data and entities. To secure transactions over the Internet for example.  A PKI issues and maintains public/private key pairs and certificates.

The PKI hierarchy consists of at least one top-level CA called the root CA.  It can include addtional, subordinate CAs.  The root CA issues itself a self-signed certificate.  It is then possible for the root CA to provide certificates and key pairs directly to clients.  However, it is more typical for the root CA to issue certificates to subordinate CAs, which handle the client certificates.

A private root CA is set up for internal use by a particular organization.  Although it follows the hierarchical PKI structure, certificates from a private root CA are not available outside the organization that maintains it.

A public root CA is set up by a commercial vendor or other public authority for the express purpose of providing a common authentication structure between different organization and entities.  For example, an e-commerce website might contract with a public CA provider, such as VeriSign, to obtain a certificate to demonstrate to customers that its website is secure and reliable.

Certificates can be used for data encryption.  In the certificate encryption process:

1. A security principal obtains a certificate and public/private key pair from a CA.
2. The party who is encrypting the data obtains the user's public key from the user or from the CA's certificate repository.
3. The encrypting party uses the public key to encrypt the data and sends it to the other user.
4. The other user uses the private key to decrypt the data.

The Encrypting File System (EFS) is a file-encryption tool available on Windows systems that have partition formatted with NTFS.  EFS encrypts file data by using digital certificates.  If a CA is not avaible to ussue a file-encryption certificate, the local system can issue a self-signed encryption certificate to users who want to encrypt files.  Unlike NTFS permission, which control access to the file, EFS protects the contents of the data.  With EFS, you can keep data secure even if NTFS security is breached.

A sender can verify it's identity by attaching a small piece of encrypted data, called a digital signature, to a message.  The digital signature is encrypted with the sender's private key; the receiver decrypts it by using the public key as obtained from the certificate repository.  Because only the public key associated with the sender can decrypt the signature, it verifies the sender's identity and provides that the data has not been altered in transit.

Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with RSA public-key data encryption.  SSL is a server-driven process; a client that supports SSL does not need a registered certificate to connect securely to an SSL-enabled server.  SSL is widely deployed on the web.  A website that supports the secure HTTPS protocol must have an SSL security certificate.

The RSA encryption algorithm, named for its inventors (Rivest, Shamir, and Adelman) is a well known and widely implemented public-key data encryption standard.  Mathematically, it is based on the difficulty of factoring extremely large numbers.  Most web browsers, including Internet Explorer, support RSA encryption.

The SSL process starts with a client requesting a session from a server.  The server sends its digital certificate and public key to the client.  The server and client negotiate an encryption level.  The client then generates and encrypts a session key using the server's public key, and returns it to the server.  The client and server then use the session key for data encryption.

For more information, tips, and tricks, be sure to follow me on Twitter.