Why can’t encryption be impenetrable?

Encryption & Authentication

Encryption is highly effective when protecting data across networks and the internet. Most encryption falls under two forms including symmetric key encryption and public key encryption. These methods are the standards for protecting data in networks and across the internet.

Symmetric key encryption works on the basis of both users having the same keys on the sending and receiving end of communication. Without the same keys data is not accessible. Public key encryption works on the basis of having a public key encryption that is available to everyone but only the receiver has the specific decryption key. Both systems work well and the real problem is not with the encryption but with the users.

Message authentication is typically setup using MAC or message authentication codes. This works by a message being sent through a cryptographic sequence that assigns it a specific signature. This message is received by an application and is verified using the MAC (Kroenke, 2013). As along as the messages have not been altered the signatures are the same and the decryption will take place. Where things begin to go wrong is from the user point. The best decryption is easily defeated by poor security protocols and management. For this reason it is imperative that the design of the network security be balanced using the CIA triad.

If one were to design a security system for a company to ensure data protection then a number of concepts need to be considered. As such, the access of information across the network becomes a design requirement. The design must take into account access, security, and many other aspects of functionality.

There many areas of business requirements such as:

1. User Requirements- access to specific types of information and areas on the network.
2. Customer management- CRM, access, communication internal and external
3. Financial constraints size of network, processor speeds, types of hardware
4. Enterprise functions such as billing and accounting
5. Information security such as permissions for access and firewalls

There are many design requirements for networks that would include:

1. Software Requirements- What forms of software are needed for the business to function such as database and financial software.
2. Hardware Requirements- What servers or types of computers are needed, this could include devices such as routers and modems.
3. OS Requirements- what type of operating system is needed such as Lenox or Microsoft Server 2012.
4. Antivirus software

Encryption can be impenetrable but the real problem is securing the user end to keep codes and other information out of the hands of hackers. Three specific ways that security information is compromised is through phishing for users’ private information, malware and spyware, and social-networking sites. Phishing is a means of trying to get computer users to respond to fraudulent request masqueraded as legitimate request. Malware and spyware are means through which fraudsters collect user’s sensitive personal information by planting malicious programs onto their computer. The third method is that users of social media such as Facebook put too much personal information such as birthdays, mothers’ maid names, and full names on their social media sites. Identity thieves patrol the social media sites looking for ways to steal people’s identity. Phishing can be controlled by strong security policies. Computer users can also install software to alert them of phishing. Problems of malware and spyware can be eliminated by installing antimalware and antispyware as well as keeping the software up to date. Problem of social media can be eliminated by avoiding posting personal information on the sites. While there are solutions these are not perfect. Because spyware and malware are constantly evolving new threats emerge faster than the software makers can upgrade them.

The design and business requirements need to be considered together when designing the network typology. The linking of information concerning internal processes and functions is only a fraction of the design (Laudon & Laudon, 2005). When creating a network, the types of hardware and software needed must be balanced against the need of the company. Perhaps one of the most important considerations is the economics due to the fact that, cost will prohibit the size of the network as well as the speed due to the cost of equipment and software.

References

Kroenke, D. (2013). Experiencing MIS (4th Edition). New Jersey: Prentice Hall.

Laudon, K. C., & Laudon, J. P. (2005). Management Information Systems: Managing the Digital Firm. NJ: Prentice Hall.

Photo by Shahadat Rahman on Unsplash