White Papers

Internet Security

Spoofing - Arts of attack and defense

How to spot and avoid potential spoof attacks. Covers DNS spoofing, IP address spoofing, email address spoofing, link alteration, name similarity and content theft.

How do you deal with Internet fraud?

This paper covers fraud that uses Internet technology as an integral part of the fraud and fraud that is already taking place by other means where the Internet is merely another method of delivery.

The changing face of web security

Are we winning or losing the battle of web security? Read this white paper backed by industry figures to ensure you are aware of the facts.

Authentication - who's site is it really?

Whilst a lot of work seems to have been done on personal authentication, little or no work has been done over or about web site authentication to users. Users should be just as entitled to authenticate web sites as web sites are to authenticate them.

How do you know where information came from?

In the ordinary world of the Internet you don’t really know where information comes from - a web site that you first linked to, or a completely different site. Hackers can also alter information without you being aware of any change. How can the person receiving the information to be aware that anything is wrong?

A matter of trust or is it?

Who do you know who you are really dealing with when disclosing your personal details over the Internet? How can you ensure the credit card details you submit are to the site you expected? How can you be sure the latest anti-virus, firewall, or operating system software upgrade you install is bona fida? How do you know the link you click on is indeed genuine?

This white paper explains the current methods available for proving the identity of a web site and explains why they fail. It offers an alternative solution to the problem of web site authenticity.

Why web site logos are phony security?

Probably the worst possible kind of Internet security we have today is the ‘secure site logo’. This white paper explains why.

General Security

Explaining encryption

Make any enquiry about computer security, and you will almost immediately fall over the terms cryptography and encryption (and also decryption), but what exactly is meant by this?

ID & Password or PKI for your security?

This paper reviews the arguments for and against each mechanism.

What makes a good Password?

This paper tells you what makes a good password and how to select one.

PKI

An introduction to PKI

This guide provides the reader with a basic introduction to key terms and concepts used in a PKI including Certificates, Keys and Authorities. It mentions the features and services used by the PKI and the techniques involved in public key cryptography.

PKI FAQs

Everything you wanted to know about PKI in one easy to read document. Certificates, digital signatures, public and private keys, CAs, etc.

PKI Certificates - a source of confusion?

There is a lot of misleading information on the internet about certificates, public and private keys, digital signatures, etc. - when and how you use them. This white paper sets the record using terminology for the non-technical person.

PKI - Managing Liability

One of the frequently quoted concepts of PKI is that of being able to do business with people you don’t know, with certainty. Who is held liable for these transactions?

PKI - A Technology or a hype too far?

PKI has been getting a lot of bad press of late, but is it justified? Has the technology failed or is it a problem of implementation?