Shaye Trenda

10/28/17

ITS 370

Chapter 8 Exercises

1.     Go to a popular online e-commerce site, like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks you for your credit card number, rick-click on the Web browser and select “Properties”. What can you find out about the cryptosystems and protocols in use to protect this transaction?

After placing an item in my cart on Amazon and then proceeding to check out, I found the “Security” tab in the Properties setting. This setting informed me that my connection to the site is using a valid, trusted server certificate issued by Symantec Class 3 Secure Server CA-G4. I also found out that my connection to the site was secure because it’s encrypted and authenticated using TLS 1.2 (a strong protocol), a strong key exchange, and a strong cipher. At the bottom of the Security tab it also says that all resources on the page are served securely. This makes me feel even better about shopping on Amazon. Inserted on the left is a screenshot of the Security tab I found. (182 words)

 

 

 

 

 

 

 

2.     Repeat Exercise 1, this time on a different online e-commerce site. Does this site use the same or different protocols? Describe them.

I repeated the exercise from question 1 this time using www.KateSpade.com (a very popular handbag company). The security settings were exactly the same as when I did the exercise on Amazon. Kate Spade is a very trusted company and I did not think that there website would not be trustworthy as well. Almost everyone on the Kate Spade website is over $100, so it’s a good thing that there site is safe. You would not want to spend that much money on an untrusted site. (108 words)

 

 

 

 

 

3.     Perform a Web search for “Symantec Desktop Email Encryption (powered by PGP Technology).” Download and install the trial version. Using the tool and your favorite e-mail program, send a PGP-signed email to your instructor. What looks different in this e-mail compared with your other e-mails?

The email is encrypted starting at the client instead of the mail server or gateway, ensuring only the authorized end users can access the content.

The problem with email is that users are often emailing sensitive information openly. According to Osterman Research, 74 percent of an organization's intellectual property resides in an email or attachment. Email is accessed everywhere from various endpoints, networks, and environments. By utilizing desktop, gateway, and mobile encryption solutions your data can be protected wherever it goes and wherever it resides - even the cloud. With Symantec™ Encryption Management Server, enterprises can centrally manage policy and security practices across the company from a single web-based console reducing management costs and hassles. (http://www.netsecuritystore.com/Symantec-Desktop-Email-Encryption.asp) (162 words)

4.     Perform a Web search for “Announcing the Advanced Encryption Standard (AES).” Read this document, which is a FIPS 197 Standard. Write a short overview of the development and implementation of this cryptosystem.

The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data. The NIST started development of AES in 1997 when it announced the need for a successor algorithm for the Data Encryption Standard (DES), which was starting to become vulnerable to brute-force attacks. This new advanced encryption algorithm would be unclassified and had to be “capable of protecting sensitive government information well into the next century," according to the NIST announcement of the process for development of an advanced encryption standard algorithm. It was intended to be easy to implement in hardware and software, as well as in restricted environments (for example, in a smart card) and offer good defenses against various attack techniques.

The document can be read here: https://www.cisco.com/c/dam/en/us/products/collateral/security/anyconnect-secure-mobility-client/fips.pdf. (177 words)

5.     Search the Web for “steganographic tools.” What do you find? Download and install a trial version of one of the tools. Embed a short text within an image. In a side-by-side comparison, can you tell the difference between the original image and the image with the embedded file?

You cannot tell the difference between an original image and an image that has been used with a steganographic tool because the point of steganography is to conceal messages or information within other nonsecret text or data. Images will look exactly the same, but they may include an embed virus or other malicious information. (103 words)