If someone tell you, “ I don’t need security. I have no secret, nothing to hide,” respond by saying, “OK, let me see your medical files. How abaout your paycheck, bank statement, investment portofolio, and credit card bills?Will you let me write down your Social Security Number, credit dard number and bank account number? What is the PIN for your ATM, credit card or phone card? What is your password to log on to the network at work? Where do you spare house key?”
The point is that we all have information we want kept private. Sometimes the reason is simply our natural desire for privacy, we would feel uncomportable if the whole world knew our medical history or financial details. Another good reason is self protection-thieves could use some kinds of information to rob us. In other words, the motives for keeping secret are not automatically nefarious.
Corporations also have secrets-strategy report, sales forecast, technical product details, rsearch result, personnel files,and so on. Although dishonest companies might try to hide villainous activities from thr public, most firms simply want to hide valuable information from dishonest people. This people may be working for competitors, they might be larcenous employees, or they could be hacker or crackers : people whobreak into computer networks to steal information, commit vandalism, disrupt services, or simply to show what they can do.
For your secrets to be secure, it may be necessary to add protections not provided by your computer systems OS.The built in protections may be adequate in some cases.If no one ever tries to break into or steal data from particular computer, its data will be safe.Or if the intruder has not learned how to get around the simple default mechanism, they are sufficient. But manu attackers do have the skills and resources to break various security system. If you decide to do nothing and hope that no silled crackers targets your informations, you may get lucky, and nothing bad will happen. But most people aren’t willing to take that risk.
One of the most important tools for protecting data is cryptography, any various method that are used to turn readable files into gibberish. For example, suppose your sensitive material look like this:
“do not believ that the competition can match the new feature set, yet their support, services,and consulting offering pose a serious threat to our salability. We must invest more money in our”
Here is what the data look when it encrypted:
Even if attacker obtains the contentof the file, it is gibberish. It does not matter whether or not the OS protections worked. The secret is still secret.
In addition to keeping secrets, cryptography can add security to the process of authentication people ‘s identity. Because the password method used in almost all commercial operating systems is probably not very strong against a sophisticated ( or even an unsophisticated) attackers want to pose as someone else, it’s not a matter simply of guessing a password. Attackers must also solve an intractable mathematical problem.
In the physical world, security is a fairly simple concept. If the lock on your haouse’s doors and windows are so strong that a thief cannot break into steal your belongings, the house id secure. For further protection against intruders breaking through the locks, you migh have security your bank account but the teller asks for identification and does not trust the thief’s story, your money is secure. When you sign a contract with another person, the signatures are the legal driving force that implies both parties to honor their word.
In the digital world, security works in a similar way. One concept is pripacy, meaning that no one can break into files to read your sensitive data (such as medical record) or steal money (by, for example,obtaining credit card numbers or online brokerage account information). Privacy is the lock on the door. Another concept, data integrity, refers to a mechanism that tell us when something has been altered. That’s the alarm. By Applying the practice of authentication, we can verify identities. That is comparable to the ID required to withdraw money from a bank account (or conduct a transaction with online broker). And finally, non repudiation is a legal driving force that impels people to honor their word.
Cryptography is by no means the only tool needed to ensure data security, nor will it solve all security problems. It is one instrument among many. Moreover, cryptography is not foolproof. All cryto can be broken, and more importantly, if it is implemented incorrectly, it adds no real security.