SHORT MESSAGE SERVICE SECURITY

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SHORT MESSAGE SERVICE SECURITY"

Transcription

1 SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express permission of the Government of the HKSAR. Disclaimer: Whilst the Government endeavours to ensure the accuracy of the information in this paper, no express or implied warranty is given by the Government as to the accuracy of the information. The Government of HKSAR accepts no liability for any error or omission arising from or related to the use of the information.

2 TABLE OF CONTENTS Summary... 2 I. Introduction... 3 What is Short Message Service (SMS)?... 3 Business Trends... 4 II. SMS Security... 6 The Basics of SMS Security... 6 SMS Security Threats... 7 SMS Security Considerations... 9 III. Conclusion Short Message Service Security Page 1 of 12

3 SUMMARY Short Message Service (SMS) has become a very popular way for mobile phone users to send and receive simple text messages to each other using mobile phones and portable devices. With SMS, users could send to or receive from a single person, or several persons, personal messages, notifications, information services, job dispatches, stock alerts and so on. With the advent of more powerful PDA-like mobile devices that come with sharper screens and convenient text input methods, SMS is now more and more common among mobile phone users. This paper provides a basic overview of SMS, and discusses the security issues around the use of SMS. Short Message Service Security Page 2 of 12

4 I. INTRODUCTION WHAT IS SHORT MESSAGE SERVICE (SMS)? SMS provides a convenient means for people to communicate with each other using text messages via mobile devices or Internet connected computers. Each message can contain at most 140 bytes (1120 bits) of data, the equivalent of up to 160 English characters, or 70 Chinese characters. Solutions for e-marketers are available to deliver bulk SMS messages 1 to a large group of people, instead of sending SMS messages one by one manually. Other utilities can collect phone numbers from imported text files or contact information stored in mobile phones. A Short Message Service Centre (SMSC), usually owned and run by a telecommunication operator, is responsible for the routing and delivery of SMS. When a SMS message is delivered to the SMSC, a store-and-forward message mechanism is implemented, whereby the message is temporarily stored, then forwarded to the recipient s phone when the recipient device is available. Similar to messages, a SMS message may pass through a number of SMSC or other SMS gateways (which act as bridges between two or more SMSCs running different SMSC protocols 2 ) before reaching the recipient s device. An SMSC helps route SMS messages and manage the process. If the intended SMS recipient is not online, the SMSC will keep the stored SMS message for a validity period before deleting it from storage Short Message Service Security Page 3 of 12

5 BUSINESS TRENDS SMS is a popular communication channel. On certain special days of the year, such as New Year Day or Valentine s Day, SMS usage volume can increase dramatically. According to statistics from the Office of the Telecommunications Authority (OFTA), there were around 15 million SMS messages sent on New Year Day 2007, a 55% increase over the number in Short messages are now used for both personal and business communications. Some common examples are: 1. Alerts and notifications to customers by stock brokers and banks on stock transaction status, credit card holders from credit card companies for high-risk transactions, system administrators in some organisations if critical events occur in IT systems, and so on. 2. One-time passwords being sent to the customers of banks or organisations via SMS messages for authorising or confirming high-risk on-line transactions. With this one-time password, the customers can be authenticated by the on-line transaction system before transactions are completed. 3. Two-way interactive text messaging used by people for chatting and gossiping via their mobile phones, or E-Marketers who provide a convenient means for target customers to respond and request products or services such as downloadable ringtones or wallpapers via an encoded object in the SMS message. 3 Short Message Service Security Page 4 of 12

6 In Hong Kong, sending bulk SMS messages is governed under regulations in the Unsolicited Electronic Messages Ordinance (UEMO) Short Message Service Security Page 5 of 12

7 II. SMS SECURITY THE BASICS OF SMS SECURITY The technical specifications for SMS are laid down in ETSI TS Certain options in the technical specification, such as the Security Parameter Index (SPI), the Ciphering Key Identifier (KIc), and the Integrity Value (RC/CC/DS), provide specifications for available security parameters. A Redundancy Check (RC), Cryptographic Checksum (CC) or Digital Signature (DS) might also be used for integrity verification of the data. However, these confidentiality and integrity mechanisms are only specified as optional security measures that can be made available, but they are not mandatory requirements for SMS system implementation 6. The availability of SMS services may also be interrupted by the SMSC. Without proper implementation of these SMS security options, everyday SMS messages transmitted on a network are only protected by the communication network itself such as a GSM network. In practical use, SMS messages are not encrypted by default during transmission. A cyclic redundancy check is provided for SMS information passing across the signalling channel to ensure short messages do not get corrupted. Forward error protection is also incorporated using conventional encoding. Cryptographic protection on confidentiality and integrity is not available for SMS messages Short Message Service Security Page 6 of 12

8 As mentioned, each short message has a validity period whereby temporary storage is provided by the SMSC if the SMS message cannot be delivered to the intended recipient(s) successfully. The SMSC will delete stored SMS messages if they cannot deliver a message within the validity period. After a message is deleted, the intended recipient(s) will not be able to receive the original message. Usually this can happen if the recipient is not in the SMS coverage area, such as during a business trip out of the country. SMS SECURITY THREATS Understanding the basics of SMS security opens the door to preventing some common security threats in SMS usage and implementation: Message Disclosure Since encryption is not applied to short message transmission by default, messages could be intercepted and snooped during transmission. In addition, SMS messages are stored as plain text by the SMSC before they are successfully delivered to the intended recipient. These messages could be viewed or amended by users in the SMSC who have access to the messaging system. Spying programs such as FlexiSpy 7 enable intruders to automatically record all incoming and outgoing SMS messages and then upload the logs to a remote server for later viewing and analysis. 7 Short Message Service Security Page 7 of 12

9 Spamming While e-marketers are using SMS as a legitimate marketing channel, many people have had the inconvenience of receiving SMS spam. The availability of bulk SMS broadcasting utilities makes it easy for virtually everyone to send out mass SMS messages. Flooding / Denial of Service (DoS) Attacks Flooding or DoS attacks are made possible by sending repeated messages to a target mobile phone, making the victim s mobile phone inaccessible. Studies also show that weaknesses in the SMS protocol could be exploited to launch a DoS attack on a cellular phone network. For example, it was found that sending 165 text messages a second was enough to disrupt all the cell phones in Manhattan 8. SMS Phone Crashes Some vulnerable mobile phones may crash if they receive a particular type of malformed short message. Once a malformed message is received, the infected phone becomes inoperable. Media reports have shown that mobile phones are vulnerable to this type of attack Short Message Service Security Page 8 of 12

10 SMS Viruses There have been no reports of viruses being attached to short messages, but as mobile phones are getting more powerful and programmable, the potential of viruses being spread through SMS is becoming greater. In addition, the ability of SIM application toolkits that allows applications to access the dialling functions and phone book entries, might make SMS suitable platform for spreading self-replicating virus. SMiShing (SMS Phishing) SMiShing 10 is a combination of SMS and phishing. Similar to an Internet phishing attack using , attackers are attempting to fool mobile phone users with bogus text messages 11. When users are taken in by a bogus text message, they may connect to a website provided in the SMS message, and be tricked into download a malware application into their mobile phones. SMS SECURITY CONSIDERATIONS Short Message Service Security Page 9 of 12

11 To avoid security threats to SMS, users are advised to follow the following common precautions: Message Transmission When sending SMS messages via a web browser, security protection should be in place to prevent message disclosure, such as using Secure Socket Layer (SSL) to secure the transmission. For those applications that require secure transmission of a message, such as mobile banking, end-to-end encryption is advisable between the sender and the recipient. These transactional systems should have the end-to-end security built-in. For person-to-person communications, products such as CryptoSMS 12 are available to help users encrypt SMS communications using strong encryption algorithms. This can help protect against possible SMS interception threats. Storage Protection In the case of large-scale SMS broadcasts, customer mobile phone contact lists should be kept confidential and properly protected from disclosure. As contact lists are considered personal data, proper protection should be implemented in accordance with privacy laws and regulations. 12 Short Message Service Security Page 10 of 12

12 User authentication User login IDs and passwords should be used to authenticate users on web-based SMS services when sending short messages. User login IDs and passwords should not be disclosed to others. For secure transactions, user authentication should be protected by SSL. Protection of PCs for sending messages When sending short messages to an SMS gateway via the Internet, it is not advisable to use a public Internet terminal. If desktop utilities are used to send out SMS messages, the PC used to send the message should not be left unattended. Short Message Service Security Page 11 of 12

13 III. CONCLUSION SMS is now a very common communication tool. Security protection of SMS messages is not yet that sophisticated and difficult to implement in practice. With the increasing use of SMS for communication and information exchange, care should be taken when sensitive information is transmitted using SMS. Users should be aware that SMS messages might be subject to interception. Solutions such as encrypted SMS should be considered if there is a need to send sensitive information via SMS. Short Message Service Security Page 12 of 12

INSTANT MESSAGING SECURITY

INSTANT MESSAGING SECURITY INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

WEB ATTACKS AND COUNTERMEASURES

WEB ATTACKS AND COUNTERMEASURES WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

WEB CONTENT MANAGEMENT SYSTEM

WEB CONTENT MANAGEMENT SYSTEM WEB CONTENT MANAGEMENT SYSTEM February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

More information

PEER-TO-PEER NETWORK

PEER-TO-PEER NETWORK PEER-TO-PEER NETWORK February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Please read these Terms and Conditions of Use carefully. They govern the provision and use of the MyPAYE Online Payroll service and website.

Please read these Terms and Conditions of Use carefully. They govern the provision and use of the MyPAYE Online Payroll service and website. Terms and Conditions of Use Your online payroll is run via for MyPAYE Online Payroll Service Please read these Terms and Conditions of Use carefully. They govern the provision and use of the MyPAYE Online

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Secure Email Frequently Asked Questions

Secure Email Frequently Asked Questions Secure Email Frequently Asked Questions Frequently Asked Questions Contents General Secure Email Questions and Answers Forced TLS Questions and Answers SecureMail Questions and Answers Glossary Support

More information

VOICE OVER IP SECURITY

VOICE OVER IP SECURITY VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Wakefield Council Secure email and file transfer User guide for customers, partners and agencies

Wakefield Council Secure email and file transfer User guide for customers, partners and agencies Wakefield Council Secure email and file transfer User guide for customers, partners and agencies The nature of the work the council carries out means that we often deal with information that is sensitive

More information

Guidelines for E-mail Account Management and Effective E-mail Usage

Guidelines for E-mail Account Management and Effective E-mail Usage Guidelines for E-mail Account Management and Effective E-mail Usage October 2014 Version 1.0 Department of Electronics and Information Technology Ministry of Communications and Information Technology Government

More information

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis

CMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems

More information

Secure Email User Guide

Secure Email User Guide Secure Email User Guide Contents Secure email at HSBC. 2 About SecureMail... 2 Receiving a secure email sent via SecureMail 3 Opening a secure email sent via SecureMail... 4 Resetting your SecureMail password..

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

MUNICIPAL WIRELESS NETWORK

MUNICIPAL WIRELESS NETWORK MUNICIPAL WIRELESS NETWORK May 2009 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Keep Hackers Guessing: Protecting Corporate Information While On The Go

Keep Hackers Guessing: Protecting Corporate Information While On The Go Keep Hackers Guessing: Protecting Corporate Information While On The Go Proactive tips for wireless information security for traveling professionals. In today s world where WiFi hotspots are available

More information

Protect your personal data while engaging in IT related activities

Protect your personal data while engaging in IT related activities Protect your personal data while engaging in IT related activities Personal Data (Privacy) Ordinance Six Data Protection Principles Principle 1 purpose and manner of collection of personal data Collection

More information

USER GUIDE. General Information... 2. The BeAnywhere Service... 2. BeAnywhere Server... 2. BeAnywhere DRIVE... 2. Security... 2

USER GUIDE. General Information... 2. The BeAnywhere Service... 2. BeAnywhere Server... 2. BeAnywhere DRIVE... 2. Security... 2 USER GUIDE TABLE OF CONTENTS General Information... 2 The BeAnywhere Service... 2 BeAnywhere Server... 2 BeAnywhere DRIVE... 2 Security... 2 Level 1 User Security... 3 Level 2 Communications Security...

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

redcoal EmailSMS for MS Outlook and Lotus Notes

redcoal EmailSMS for MS Outlook and Lotus Notes redcoal EmailSMS for MS Outlook and Lotus Notes Technical Support: support@redcoal.com Or visit http://www.redcoal.com/ All Documents prepared or furnished by redcoal Pty Ltd remains the property of redcoal

More information

Avaya G700 Media Gateway Security - Issue 1.0

Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise

More information

WHITE PAPER. GoToMyPC. Citrix GoToMyPC Corporate Security FAQs. Common security questions about Citrix GoToMyPC Corporate. www.gotomypc.

WHITE PAPER. GoToMyPC. Citrix GoToMyPC Corporate Security FAQs. Common security questions about Citrix GoToMyPC Corporate. www.gotomypc. Citrix Corporate Security FAQs Common security questions about Citrix Corporate www.gotomypc.com Q: What are the Corporate software components that I need to install on the host and client computers? A:

More information

SecureMail User Guide

SecureMail User Guide SecureMail User Guide Contents Secure email at HSBC. 2 About SecureMail... 2 Receiving a secure email sent via SecureMail 3 Opening a secure email sent via SecureMail... 4 Using SecureMail to reply to

More information

COUNSEL S CHAMBERS LIMITED

COUNSEL S CHAMBERS LIMITED COUNSEL S CHAMBERS LIMITED CCL s Acceptable Use Policy Policy for the use of CCL Network A. APPLICATION 1. This policy sets out terms and conditions on which Users may access and use CCL s Network. Please

More information

User guide Business Internet e-mail features

User guide Business Internet e-mail features User guide Business Internet e-mail features Page 1 de 1 Table of content Page Introduction 3 1. How do I access my web based e-mail? 3 2. How do I access/alter these enhancements? 3 A. Basic Features

More information

Network Security - ISA 656 Review

Network Security - ISA 656 Review Network Security - ISA 656 Review Angelos Stavrou December 4, 2007 Material Test Conditions 7:20pm - 9:30pm, Thursday, Dec 11th, in the Lab (STI-128) Same style of questions as the midterm I m not asking

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

QuotePower International Limited

QuotePower International Limited QuotePower International Limited Transaction Services QuotePower-Trade The Global Electronic Trading Solution for the Next Generation E-Brokerage Getting Started with On-line Trading Electronic trading

More information

Nova ADSL Broadband Service Application Form

Nova ADSL Broadband Service Application Form Nova ADSL Broadband Service Application Form User ID (your access login; in lowercase, no more than 30 characters & no punctuation): Contact: Surname: Given Name: Company (optional): Charge Company Address:

More information

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation. eblvd enables secure, cloud-based access to a PC or server over the Internet. Data, keyboard, mouse and display updates are transmitted over a highly compressed, encrypted stream, yielding "as good as

More information

1.0 Overview. 4.0 Policy 4.1 General Use and Ownership

1.0 Overview. 4.0 Policy 4.1 General Use and Ownership 1.0 Overview Keuka College provides access to modern information technology in support of its mission to promote excellence and achievement across its mission areas of instruction, research, and service.

More information

PASSWORD MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PASSWORD MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1 Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations

More information

AN OVERVIEW OF VULNERABILITY SCANNERS

AN OVERVIEW OF VULNERABILITY SCANNERS AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole

More information

IT OUTSOURCING SECURITY

IT OUTSOURCING SECURITY IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY Babul K Ladhe 1, Akshay R Jaisingpure 2, Pratik S Godbole 3, Dipti S Khode 4 1 B.E Third Year, Information Technology JDIET, Yavatmal ladhebabul23@gmail.com

More information

9236245 Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

9236245 Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation 9236245 Issue 2EN Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation Nokia 9300 Configuring connection settings Legal Notice Copyright Nokia 2005. All rights reserved. Reproduction,

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Terms and Conditions for Online Services of BOC Credit Card (International) Limited

Terms and Conditions for Online Services of BOC Credit Card (International) Limited Terms and Conditions for Online Services of BOC Credit Card (International) Limited Online Services of BOC Credit Card (International) Limited ("BOCCC") are provided to you by Bank of China (Hong Kong)

More information

World Summit on Information Society (WSIS) Forum 2013. 16 May 2013

World Summit on Information Society (WSIS) Forum 2013. 16 May 2013 World Summit on Information Society (WSIS) Forum 2013 Toolkit for creating ICT-based services using mobile communications for e- government services 16 May 2013 Hani Eskandar ICT Applications coordinator

More information

BOC Credit Card (International) Limited - Terms and Conditions for Online Services

BOC Credit Card (International) Limited - Terms and Conditions for Online Services BOC Credit Card (International) Limited - Terms and Conditions for Online Services These terms and conditions are applicable to all users of the Online Services and govern the use of the Online Services,

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness William F. Pelgrin Chair Page 1 Introduction Information is a critical asset. Therefore, it must be protected from unauthorized modification, destruction and disclosure. This brochure

More information

MOBILE TECHNOLOGIES SECURITY

MOBILE TECHNOLOGIES SECURITY MOBILE TECHNOLOGIES SECURITY July 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

More information

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure MANUAL: Hospital Wide SECTION: Information Technology SUBJECT: Acceptable Use of Information Systems Policy IMPLEMENTATION: 01/2011 CONCURRENCE:

More information

The Bishop s Stortford High School Internet Use and Data Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable

More information

Trust Digital Best Practices

Trust Digital Best Practices > ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or

More information

SECURITY IN OPERATING SYSTEM VIRTUALISATION

SECURITY IN OPERATING SYSTEM VIRTUALISATION SECURITY IN OPERATING SYSTEM VIRTUALISATION February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in

More information

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Cyber Security Awareness

Cyber Security Awareness Cyber Security Awareness User IDs and Passwords Home Computer Protection Protecting your Information Firewalls Malicious Code Protection Mobile Computing Security Wireless Security Patching Possible Symptoms

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

SECURING INFORMATION SYSTEMS

SECURING INFORMATION SYSTEMS SECURING INFORMATION SYSTEMS (November 9, 2015) BUS3500 - Abdou Illia - Fall 2015 1 LEARNING GOALS Understand security attacks preps Discuss the major threats to information systems. Discuss protection

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation

(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation (U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation DR. C. NTANTOGIAN 1, DR. C. XENAKIS 1, DR. G. KAROPOULOS 2 1 DEPT. O F DIGITAL SYST EMS,

More information

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

THE SECURITY OF HOSTED EXCHANGE FOR SMBs THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Welcome to the Protecting Your Identity. Training Module

Welcome to the Protecting Your Identity. Training Module Welcome to the Training Module 1 Introduction Does loss of control over your online identities bother you? 2 Objective By the end of this module, you will be able to: Identify the challenges in protecting

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications Draft ITU-T Recommendation X.805 (Formerly X.css), architecture for systems providing end-to-end communications Summary This Recommendation defines the general security-related architectural elements that

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Optus EmailSMS for MS Outlook and Lotus Notes

Optus EmailSMS for MS Outlook and Lotus Notes Optus EmailSMS for MS Outlook and Lotus Notes Service Description, August 2005. OVERVIEW This document provides an overview of the Optus EmailSMS service delivered jointly by Optus and redcoal. It highlights

More information

E-mail Policy Of Government of India

E-mail Policy Of Government of India E-mail Policy Of Government of India October 2014 Version 1.0 Department of Electronics and Information Technology Ministry of Communications and Information Technology Government of India New Delhi -

More information

Infocomm Sec rity is incomplete without U Be aware,

Infocomm Sec rity is incomplete without U Be aware, Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN

More information

Economic and Social Council

Economic and Social Council UNITED NATIONS E Economic and Social Council Distr. GENERAL ECE/TRANS/WP.30/AC.2/2008/2 21 November 2007 Original: ENGLISH ECONOMIC COMMISSION FOR EUROPE Administrative Committee for the TIR Convention,

More information

Avaya TM G700 Media Gateway Security. White Paper

Avaya TM G700 Media Gateway Security. White Paper Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional

More information

Spring Hill State Bank Mobile Banking FAQs

Spring Hill State Bank Mobile Banking FAQs Spring Hill State Bank Mobile Banking FAQs What is Mobile Banking? Mobile Banking enables you to access your account information using the Bank online banking website. You must first be enrolled as an

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

OKPAY guides. Security Guide

OKPAY guides. Security Guide Название раздела OKPAY guides www.okpay.com Security Guide 2012 Contents SECURITY GUIDE Contents Introduction 1. OKPAY Security Overview 2. Security Tips 3. Security Center 3.1. Basic Protection 3.2. Email

More information

PrivyLink Internet Application Security Environment *

PrivyLink Internet Application Security Environment * WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

The Ministry of Information & Communication Technology MICT

The Ministry of Information & Communication Technology MICT The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.

More information

Using a Firewall General Configuration Guide

Using a Firewall General Configuration Guide Using a Firewall General Configuration Guide Page 1 1 Contents There are no satellite-specific configuration issues that need to be addressed when installing a firewall and so this document looks instead

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

Three attacks in SSL protocol and their solutions

Three attacks in SSL protocol and their solutions Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer

More information

March 2005. PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

March 2005. PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools March 2005 PGP White Paper Transport Layer Security (TLS) & Encryption: Complementary Security Tools PGP White Paper TLS & Encryption 1 Table of Contents INTRODUCTION... 2 HISTORY OF TRANSPORT LAYER SECURITY...

More information

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer 1 Terms & Conditions In this section you can find: - Website usage terms and conditions 1, 2, 3 - Website disclaimer -Acceptable internet use policy 1,2,3,4 - Acceptable email use policy 1, 2 - Copyright

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are: Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Federal Trade Commission Privacy Impact Assessment

Federal Trade Commission Privacy Impact Assessment Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal

More information

Secure Your Information and Communication Technology Devices

Secure Your Information and Communication Technology Devices You should pay attention to the following items bef the Internet: Secure Your Information and Communication Technology Devices Install proper anti-virus software P.3 Log on as a user and not as an administrator

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information