Business and Marketing Solutions Business Solutions Marketing Solutions Marketing and Business Solutions  Business and Marketing  Business and Marketing  Business and Marketing
      About Us  |  Contact Us  |  Careers  |  Site Map  

IT Business & Marketing Solutions

  Blog  |  Facebook  |  Twitter  |  Skype  
      Español  |  Français  |  Polski  

Home  |  Security  |  Solutions  |  ERP Systems  |  MKT Services  |  IT Services  |  SEM/eCommerce  |  Alliances  |  Partners  |  Locations  | 


eCLIPse© in the mainframe and business application arena. Additional provided functionality for eCLIPse© Security
by Leslie Satenstein
March, 2010

    This article answers the following questions:
- What are the real threats to data today?
- Where do you really need to encrypt data first?
- How does key management fit into your encryption plans?
- What shifts in the industry and vendor developments will mean to your storage environment and strategy?

eCLIPse© consists of
a) A key management system including physical token and virtual (tcp/ip) server.
b) A fully functional and integrated Application programming (encryption) API.
c) A laptop/desktop MS explorer interface for encryption / decryption management
d) An eCLIPse© explorer interface to work with encrypted files on the laptop
e) An API to permit developing your own programs for the laptop and the server.
f) On the server, eCLIPse© provides the ability to offer full encryption field management.
    - Database field encryption
    - Flat file encryption of files with fixed length records
    - Encryption for files with variable length records
    - Cipher Block Chaining
g) 90 different keys possible to cover a full range of business applications
h) A command processor, allowing the setup of automatic distribution of encrypted files and reception of encrypted files.

Where are the Real Threats to Data Security Today?

Mobile Workforce IT Security Threats to Business

If you have employees working remotely from home, airports, hotels, coffee shops or other public spaces with some sites having unprotected or weakly protected networks, monitoring transmission is an easy way to steal data. Breaches can and have occurred when the employee works from home, and uses the same laptop to access the web, or to read personal emails that have not passed through the corporate email server, Similarly, if the laptop is stolen or lost what would be the impact to the corporation if the laptop contained your organization’s most sensitive information; information such logons and passwords, access to your customer database, business critical intellectual property such as client identification and financial information or to the most guarded business secrets? Don’t think that this cannot happen to you. What is the true cost and lawsuit impact to your business if sensitive and important business information is leaked?

If you have satellite offices or employees that remotely connect to your corporate network, your existing security measures may no longer protect you. You may need to take further steps to ensure that you are protected beyond the traditional physical boundaries to include your new extended perimeter.

Online System Protection

If your business offers any on-line transactions or has confidential data accessible from any form of e-business, and the critical data is not encrypted, your business is in danger of attack from outside that penetrates the SSL security and sends confidential data out to the internet.

Backup Software

Database backups are usually to tape or to remote servers in the “Clouds”. Database backups must be encrypted to protect the contents confidentiality. Imagine if on requesting a restore of data, the file delivered has all data in the clear. There is a need for encryption and decryption.

Cloud Computing

Cloud computing poses several separate but related security risks. Stored data could be stolen by hackers or lost to breakdowns, In 2008, Amazon’s Simple Storage Service (S3) had a single corrupted bit in messages between servers. Amazon had to shut down for several hours. In early 2009, a hacker who correctly guessed the answer to a Twitter employee's personal e-mail security question was able to grab all the documents in the Google Apps account the employee used. (The hacker gleefully sent some to the news media.) another breach occurred when a bug compromised the sharing restrictions placed on some users' documents in Google Docs.

Encrypting the Cloud

What is required is a security product that can encrypt data destined to the cloud, and decrypt the data on the way down. Security keys to be managed in a semi-automatic way. (An automatic way can result in the algorithm being discovered and security compromised).

Who are the attackers?

A hacker is one that writes code to provide functionality that did not exist before, or as a software specialist. He normally corrects or improves a working business application. The honest hacker’s intent is to do no harm.

A thief is a thief, and may be a hacker. A hacker in one way has become the wrong name for internet thieves. As technology advances, so do the skills of thieves and fraud artists. This new breed of thief knows no boundaries. Working from every continent, including Russia, Africa, Europe, Asia, and the Americas, they have formed clubs of collaborators.

Whom do they attack and how?

The how is easier to answer. The attackers go against any online system that has sensitive corporate data. Data such as customers, bank account numbers, social security numbers, Credit and Debit card information, mortgages, inventory, manufacturing processes, and more. The main job is identity theft; the theft of an individual’s identity, secondary theft includes competitive information that can be sold. One relatively easy method is to become the intermediary between sender and receiver. For example, the destination address is intercepted and another, for the thief, is substituted. The thief copies all traffic or modifies some, and then forwards on the message. The response is intercepted and is acted upon in a similar manner. This thievery is done via international collaboration. Expertise is distributed amongst thieves. If you have identified that your business is at risk you are probably asking yourself: ”What do I do to protect myself and where do I start?”

What to do first?

First is not the correct word. Begin protection on various fronts. Start with anti-virus and Spam filters. Then protect the software with the most exposure. If that exposure is on a corporate database which can be reached via the web, this protection becomes a priority approach.

The corporate or laptop firewall should be set on. Do not allow telnet, or ftp, insist on the use of secure versions of these software’s. Insist on the use of VPN. All communication should be SSL protected. (Secure Socket Layer bidirectional encryption). NB. Some older SSL software has flaws that allow it to be compromised. Make sure your SSL software is up-to-date. The next parallel approach is for the corporate laptop or desktop. We presume that the usual anti-virus and spam filters are installed, and that rules pertaining to connectivity are burned into the software.

Email functionality is next. All email attachments should be encrypted.

How does eCLIPse© Enterprise Security Fit into all of this?

eCLIPse© has multiple components and provides :
- Laptop security components that is matched by a head office component
- Key security and key management from Authorized Administrator
- Complete key confidentiality. Keys are encrypted, and not known by administrative or operational staff. Keys are only known by the authorized persons who initially established them.
Keys are accessed by key number. (Encrypt by Key x followed by Key y).
- For the laptop, a USB managed security token allows for off-line decryption/encryption of confidential data. It is a signature, as without the token, the encrypted data is not decrypt-able in a lifetime. The token is kept on the same key ring along as with car keys.
- Mainframe Security Server, paralleling USB token Security,
- Support for laptops, multiple Virtual Machines, remote desktop.
- Full API encryption management library, permitting terminal to mainframe encryption and decryption of critical information.
- Your Desktop JavaScript application can call the encryption API functions. The JavaScript code complements SSL code by encrypting the sensitive field data before it is transmitted to the host (Account numbers, social security numbers, etc.). JavaScript application can decrypt the received fields to permit viewing in the clear on the laptop.
- Encrypted file transfer.
- Multiple programming languages, (.COM and .STD Microsoft interfaces).

How eCLIPse© can Mitigate Security Threats to your Business

eCLIPse© is geared to maintaining encrypted data from the source to the endpoint delivery, and thereafter, keeping the encrypted form until it is used.

A Wikipedia article quotes Cipher Technology experts who determined that encryption with 3DES using a single laptop will require about 137 million years on average to break the encrypted files back to the input. That amount of time is longer then known existence of the world.

One eCLIPse© laptop scenario is as follows :
a) User receives an encrypted file and downloads it to the work folder.
b) Using eCLIPse©, he clicks on the downloaded file icon, which causes four successive steps
- eCLIPse© decrypts the file and creates an unencrypted version.
- eCLIPse© starts the application that works with the decrypted version
- User updates the decrypted file and exits the related application program.
- eCLIPse© re-encrypts the file, and deletes the unencrypted version.

eCLIPse© Command Processor Encryption Management.

eCLIPse© includes a command processor with over 30 commands and the ability to operate with eight concurrent multiple sessions. For example, decrypt a file or field via session 1, and re-encrypt the clear file or clear field with new keys via session 2. This type of operation is typically used when one wants to insure that the head office operational staff cannot read the files sent to the end-users.

Multiple Encryption Methods

eCLIPse© supports DES and 3DES with optional cipher block chaining. Cypher Block Chaining ensures that a file containing lines with duplicate data will have different encrypted results.

Database Encryption

eCLIPse© can encrypt fields in a database without encrypting the entire record. The same functionality applies to the encryption of Flat Files (ASCII). Although it can be done, the usual procedure is to not encrypt key fields or external keys. Two different algorithms can be used for encryption of text fields. One algorithm allows for a null embedded character, and the second algorithm does not allow this.

eCLIPse© can encrypt fields in databases such that the theft of this information would not result in the loss of business data that would make the enterprise subject to lawsuits.

Application Programmer’s Interface.

eCLIPse© includes a full encryption API facility. The API allows .COM and .STD code to use the provided encryption facilities. Programmers in C, C++, VB, etc are able to include all the API functionality in their own business applications.

One user applications over TCP/IP has screen sessions receive the record with encrypted data, decrypt the information for presentation, and also re-encrypt the captured information for transfer back to the host. The implementation was used to prevent network snoopers from knowing critical field contents.

Copyright 2010 - © - itBMS Inc.

    Follow us on Twitter
Previous Articles

Does your IT model lead or
follow the competition?

by Alex Hankewicz and Leslie Satenstein
November, 2009

Read the Article

The role of eCLIPse
in Security

by Leslie Satenstein
October, 2009

Read the Article

Does This Cloud
have a Silver Lining

by Alex Hankewicz / Leslie Satenstein
September, 2009

Read the Article

Supply Chain Management and Industry Best Practices
by Leslie Satenstein
August, 2009

Read the Article

Why go ERP? A Baker’s dozen questions to ask before you buy an ERP solution
by Leslie Satenstein
July, 2009

Read the Article

  The leading professional web-based Open Source ERP


Search Engine Optimization
Search Engine Analysis
Search Engine Marketing

General Info
Wholesale / Retail Distribution
Retail Point of Sales (POS)
Fashion and Apparel
Service Industries

Sales and Representation
Business Development
Build Channel of distribution
Pre-Sales-Customer Service
Technical SupporT
Call Centers

Web Site Solutions
Viral Marketing

Market Report
Business Analysis Report
Executive Report
Survey Report
Product Review
Case Study





Validate by Valid XHTML 1.0 Transitional Valid CSS! itBMS - IT BUSINESS & MARKETING SOLUTIONS INC. - © 2009 - Powered by eGRAPH