TRANSACTION
SECURITY
Transaction Security means
the Security created or expressed to be created in favor of the Security
Trustee pursuant to the Security Documents.
Transaction Security means
the Security created or expressed to be created in favor of the Security Agent
and/or the Secured Parties pursuant to the Security Documents or this
Agreement.
Transaction Security means the security created or
expressed to be created in favor of the relevant Agent pursuant to the
Assignment of Contracts, the Assignment of KfW Refund Guarantees, the
Assignment of Management Agreement, the Assignments of Earnings and Insurances,
the Assignment of Charters, and any other agreement which is governed by the
laws of England and Wales and which creates or purports to create Security in
favor of the Secured Creditors.
Security tips
Web browser privacy mode
If you're running Internet Explorer 8, Google Chrome, Safari 2.0 or Firefox
3.5, you've got a tool in your arsenal to keep you safer online — privacy mode.
Privacy mode in browsers sets up a separate browser window that (in theory)
keeps data only as long as the browser window is open. Once you close it, the
cache clears, keeping your private data out of the public domain. While privacy
modes aren't perfect — there are reported issues with how some browsers clear
the cache, as well as some issues with Adobe Flash — they do offer a good
option for when you're using a highly public computer, especially in net cafes.
Keep your browser and AV software up-to-date
Internet Explorer has been the public whipping boy for security issues, at
least in part because it's still the predominant browser in use today. IE8 is
better than IE7, and the same is true of every other browser out there. Security
holes are patched in updated versions, and running older browsers opens you up
to exploits that might be ancient history in newer versions.
Likewise, most malware targets identity information
— either for straight up fraud or identity theft. Keeping your AV software
up-to-date will stop the inadvertent installation of keyloggers, screen capture
utilities and other security-beating applications. It's not enough to just
install an antivirus and firewall application — you have to keep them
up-to-date.
Disable Autocomplete/Password storage in-browser
Browsers keep a cache of your sites and will, on prompting, offer to save
passwords for you. This is both a convenience and security issue; if you
disable it you'll have to enter passwords and URLs constantly, but keep your
data secure if your PC were stolen or compromised. Keep it enabled and you'll
have a slightly easier — but potentially poorer life.
Passwords — make them complex, change them
frequently
We've already discussed ideal password length, but it's a point worth
re-stating. Any password that's easily guessed, or a dictionary word, is worse
than no password at all. You wouldn't hand your bank account details out to a
random stranger in the street, and a poor password is the online equivalent of
just that. Likewise, sticking to a single password, especially across multiple
sites is a very bad idea. If just one of them is compromised (an action that
might have nothing to do with your own actions) then all your accounts could
quickly be compromised. Ideally, you should have a distinct password for each
online service you use, and change those passwords at least a couple of times
per year.
Public Key Infrastructure (PKI) is a technology
for authenticating users and devices in the digital world. The basic idea is to
have one or more trusted parties digitally sign documents certifying that a
particular cryptographic key belongs to a particular user or device. The key
can then be used as an identity for the user in digital networks.
The users and devices that have keys are often just called entities. In general, anything can be associated with a key that it can use as its identity. Besides a user or device, it could be a program, process, manufacturer, component, or something else. The purpose of a PKI is to securely associate a key with an entity.
A public key
infrastructure relies on digital signature technology, which uses public-key cryptography. The basic idea is that the secret key of each entity is
only known by that entity and is used for signing. This key is called the private key. There is another key derived from it, called the public
key, which is used for verifying signatures but cannot be
used to sign. This public key is made available to anyone and is typically
included in the certificate document.
PROCESS OF PKI
Encryption/Decryption –
Learn the basics of PKI
Encryption is the process to protect (encoding) the content (data) of a file/message, in such a way that only the intended entity will be able to retrieve the content from the file/message. Decryption is the process of retrieving (decoding) the content from an encrypted file/message.
Digital Signature –
Digital Signature is used to prove the authenticity of
origin. The sender entity uses its private key to sign the message. Since the private
key is private to the sender and is not available publicly, thereby proves the
authenticity of origin.
The sender generates SIGNATURE as below
- Hash of the message is generated cryptographically
- The Hash as generated is then encrypted with
the sender private key to produce the SIGNATURE
The SIGNATURE is attached to the message
and then sent.
The receiver verifies the signed data to check Sender
authenticity as below
- Tries to decrypt the SIGNATURE using
the sender public key, which if successful, will give back the Original
Hash value that was computed when the sender signed the message.
- Computes a Hash of the message received using the same
algorithm used by the sender to produce a Current Hash value.
If the Original Hash matches the Current Hash value,
means the signature is valid – the message has come from the sender and not
from an impersonator and also the hash value match signifies the message has
not been tampered with during the transmit.
Establishing Trust – Learn
the basics of PKI
When working with a CA-generated certificate,
the important topic that comes is Trust.
For an entity to make a certificate request to the
CA, the CA first needs to be trusted by the entity. The trust is established
via the exchange of public keys initiated by an actor who the entity trusts by
default.
In the case of Enterprise CA, the PKI trust is established by default
when the device becomes a domain member and automatically receives the enterprise
CA public key cert for trust establishment. For devices that cannot become a
domain member – mobile devices like iOS/Android or Workgroup Windows devices,
the trust needs to be established by an out-of-band method – admin
exports the public certificate of the CA and installs it on the device
as a Trusted Certificate to explicitly establish
Chain Building – Learn the basics of PKI
The above is considering there is only an
Enterprise Root CA, which itself is the Issuing CA. In the real world, most
organizations that have invested in on-premise PKI infrastructure will have
a multi-tier PKI infrastructure – one Enterprise Root CA per AD
forest and multiple levels of Sub CA, and any one of those Sub CA is
configured as the Issuing CA.
In such a scenario, when the Requestor reaches
out to Challenger to get access, the Challenger will verify the
complete chain of trust to the Root.
This is commonly referred to as “PKI Chain Building” where the Challenger verifies the digital signature of each CA public certificate until forming the chain of hierarchy to the Root.
What is Transaction security? what is public key infrastructure?
what is a firewall and SET: (click)
.png)
0 Comments