Common Criteria

Written by Robert Elam

Windows 2000 was awardedrepparttar Common Criteria Certificate. This isrepparttar 139958 first Microsoft Operating System to receive such a prestigious certification putting it onrepparttar 139959 same level as SecureOS Solaris Unix, both built on an operating system that has been around for over thirty years. This document will explain whatrepparttar 139960 Common Criteria Certificate is, how a vendor achieves it and why a vendor would want it.

Common Criteria is based onrepparttar 139961 idea of a sound way of evaluatingrepparttar 139962 security of an operating system. Common Criteria has evolved overrepparttar 139963 years. Security evaluation criteria goes back torepparttar 139964 ‘70’s. The first standard for this criteria was published inrepparttar 139965 United States Trusted Computer Systems Evaluation Criteria (TCSEC),repparttar 139966 “Orange Book.” It was published in 1985 byrepparttar 139967 National Security Agency. Europe came up with similar standards in an effort to create an international standard called Information Technology Security Evaluation and Certification (ITSEC) in 1991. This led torepparttar 139968 CC Editorial Board (CCEB) which was formed establishing globally recognized standards for security evaluation (dinopolis). Each country has its own organization that enforces and advertises these international standards. Inrepparttar 139969 United States, bothrepparttar 139970 NSA andrepparttar 139971 National Institute of Standards and Technology meetrepparttar 139972 security and testing needs of Information Technology producers and consumers. They do this through a joint program calledrepparttar 139973 National Information Assurance Partnership (NIAP). The responsibilities of these organization are outlined inrepparttar 139974 Computer Security Act of 1987 (epic).

In order for a vendor to be awardedrepparttar 139975 Common Criteria Certification it must pass all required tests for a security certification accepted in 15 countries. There are three parts torepparttar 139976 CC: 1) Introduction and general model, isrepparttar 139977 introduction torepparttar 139978 CC. It defines general concepts and principles of IT security evaluation and presents a general model of evaluation. 2) Security functional requirements, establishes a set of security functional components as a standard way of requirements for Targets of Evaluation (TOEs). 3) Security assurance requirements, establishes a set of assurance components as a standard way of expressingrepparttar 139979 assurance requirements for TOEs (CRYPTIC).

Seecrets On Security: A Gentle Introduction To Cryptography

Written by Stan Seecrets

Withrepparttar increasing incidence of identity thefts, credit card frauds, social engineering attacks,repparttar 139957 digital world is facing challenges inrepparttar 139958 years ahead. Obviously, cryptography, a young science, will play a prominent role inrepparttar 139959 security of protecting digital assets. This article tries to explainrepparttar 139960 basics of cryptography (encryption) using plain language.

Let us takerepparttar 139961 example of scrambling an egg. First, crackrepparttar 139962 shell, pourrepparttar 139963 contents into a bowl and beatrepparttar 139964 contents vigorously until you achievedrepparttar 139965 needed result - well, a scrambled egg. This action of mixingrepparttar 139966 molecules ofrepparttar 139967 egg is encryption. Sincerepparttar 139968 molecules are mixed-up, we sayrepparttar 139969 egg has achieved a higher state of entropy (state of randomness). To returnrepparttar 139970 scrambled egg to its original form (including uncrackingrepparttar 139971 shell) is decryption. Impossible?

However, if we substituterepparttar 139972 word “egg” and replace it with “number”, “molecules” with “digits”, it is POSSIBLE. This, my friend, isrepparttar 139973 exciting world of cryptography (crypto for short). It is a new field dominated by talented mathematicians who uses vocabulary like "non-linear polynomial relations", "overdefined systems of multivariate polynomial equations", "Galois fields", and so forth. These cryptographers uses language that mere mortals like us cannot pretend to understand.

Inrepparttar 139974 computer, everything stored are numbers. Your MP3 file is a number. Your text message is a number. Your address book is a longer number. The number 65 representsrepparttar 139975 character "A", 97 forrepparttar 139976 small "a", and so on.

For humans, we recognize numbers withrepparttar 139977 digits from 0 to 9, where else,repparttar 139978 computer can only recognize 0 or 1. This isrepparttar 139979 binary system which uses bits instead of digits. To convert bits to digits, just simply multiplyrepparttar 139980 number of bits by 0.3 to get a good estimation. For example, if you have 256-bits of Indonesian Rupiah (one ofrepparttar 139981 lowest currency denomination inrepparttar 139982 world), Bill Gates’ wealth in comparison would be microscopic.

The hexadecimal (base 16) system usesrepparttar 139983 ten digits from 0 to 9, plusrepparttar 139984 six extra symbols from A to F. This set has sixteen different “digits”, hencerepparttar 139985 hexadecimal name. This notation is useful for computer workers to peek intorepparttar 139986 "real contents" stored byrepparttar 139987 computer. Alternatively, treat these different number systems as currencies, be it Euro, Swiss Franc, British Pound andrepparttar 139988 like. Just like an object can be priced with different values using these currencies, a number can also be "priced" in these different number systems as well.

Cont'd on page 2 ==> © 2005
Terms of Use