Disaster Recovery Plan: Failing to plan is planning to fail




They say that “It takes years to build a business but takes only minutes to lose it.” VinnyTroia, a certified ethical hacker, disaster recovery specialist, and founder of Night Lion Security, wants every business owner to understand that the possibility of something unpleasant happening to a business is very high.

"This can't happen to me," Troia believes that several businesspersons were deceived by this mindset although it doesn’t excuse them to threats and dangers in future. Disaster recovery is necessary for the survival and prolonged existence of every company.

Disaster Recovery Plan (DRP) refers to specific steps taken to resume operations in the aftermath of a catastrophic natural disaster or national emergency. It contains a structured approach for responding to unplanned incidents that threaten an IT infrastructure, which includes hardware, software, networks, processes and people. Each business must possess a unique disaster recovery plan that is based on  company’s structure and necessities.

The beauty of using DRP includes the efficiency of asset, inventory and network management, task redundancy, cost savings, ability to test and a lot more. Benefits always encompass cost. A clever business owner always anticipates and prepares for future events.

Total absence or lack of plans can result to a great damage to company’s asset, loss of lots of money and in worst case scenario, shut down of business. One’s business is expose to greater risk from this time than any other time in history due to climate changes and presence of countless computer malware.

In accounting, a business project is accepted if benefits exceed cost. Having a DRP will always be a win-win operation to every business entities for the reason that while no plan can guarantee success, inadequate plans are proven contributors to failure.

Doug Rezner once said, “A business continuity planner is more powerful than all the king's horses and all the king's men, because with a plan in place we "can" put Humpty Dumpty back together again!”

Frontier of Data Privacy and National Security: When Liberty is Toll for Safety

Image result for data privacy and security clip art


In investigating a terrorist attack on U.S. soil that took 14 lives, a controversy has erupted around national security and data privacy.  Should the FBI be able to unlock a dead terrorist’s iPhone? The United States government thinks it should. Apple Inc. thinks otherwise. 


In an open letter to customers, Apple CEO Tim Cook explains, “We feel we must speak up in the face of what we see as an overreach by the U.S. government. Ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”


In midst of two colliding ideas, one has to choose between privacy rights of one individual vs. invasion of privacy for the national security. As one must say, keeping things in private is inevitable to one’s life, it’s my business and you’re out! Nevertheless, one’s right must not prevail if it obstructs others. With this, the battle between what is frontier for invading a person’s data without a need for consent; and when a government can impedes this right.

With the increasing trend of technological growth, new communication technologies are of obvious interest to law enforcement agencies. Some law enforcement officials see the Web sites that a person visits, or the e-mail that a person sends or receives, as information that could be relevant to the prosecution of criminals. On that basis, they have argued that law enforcement agencies should have legal access to such information equivalent to that available for telephone conversations. Law enforcement officials currently have access to pen registers and trap-and-trace registers on telephone calls, which show what calls were made from a particular phone (pen registers) or to the phone (trap and trace).
Image result for data privacy and security clip artOn the other hand, Information privacy is the privacy of personal information and usually relates to personal data stored on computer systems. The need to maintain information privacy is applicable to collected personal information, such as medical records, financial data, criminal records, political records, business related information or website data.
Me, as a blogger from this site, does not favor upon giving an absolute power to the government in invading ones’ privacy. However, I reserve some areas or situations where government can take over the privilege of mine, if and only if the higher court orders for the discovery an eminent information that can be used for a greater cause; provided that no other evidential matter can be obtained. By this means, the government maintains the power reasonable without exposing the personal details of alleged defendant.


Lastly, let me share this famous line by Benjamin Franklin, “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety”, the foundation of my point. 

The Great Black Game




THE GREAT BLACK GAME
a silent revolution series
inspired from Mr. Robot

I know why I can’t delete it, I know why I think this isn’t real, I know why I can’t make myself think that he is who I think he is, because he is the past…the past I’ve been trying so hard to forget.

“One wrong move and everything you had will be on the internet, give me what I want.” I hear Al from the other side.

“This is mad, Mello, I told you so many times that we shouldn’t meet them in person.” I say, but he scoffs.

“Are you afraid? Al can handle himself,” he says without looking at me. “That person is angry, we just invaded his private life and now we want money for our silence.” He’s not listening, all I can hear from him is the clicking of the keyboard.

“We’re did not invade his private life, we hacked him. We do not want money for our silence, we are extorting him. Learn our language, don’t be too discrete,” he says without looking at me.

“How long will we be doing this?” I ask him.

“As long as it takes, it’s fun. Don’t tell me you don’t miss the thrill of hacking,” he says, I can almost hear a smile from him.

The truth is, I am not sure. We are amateurs. We aren’t that good. We hack. We extort. That’s what we do. Sometimes, we look for vulnerabilities to exploit, secrets to spill, that’s what we do for a living. We are good, but we are amateurs.

“He know now—” All of a sudden, I heard a gunshot. My heart stopped. I feel my mind go numb. My breathing is shallow. I look at Mello, I can hear him, but I don’t understand him. I feel my ears ringing from the gun shot.

Mello looks at me, “L-lenniel!!! C-contact him!” 

“A-al! A-al!” There’s nothing, I can hear nothing.

“A-al—”

“I know he’s not the only one. Don’t bother to call an ambulance, your bold friend is dead. You too, if you continue to play with me.” Then there’s a beep and everything is gone. No sound. No one. Al is dead, because of us.

“What now?” I ask him.

“Join me.” I look at Mello, the madhatter. The man I’ve been seeing all day, the one is who is following me. I thought I will never see him again.

“Never again.” I stand up. I will never be part of his little games.

“I found him. I found the man that killed Al, he’s an executive of Villain Corp.”

“I know.” I say, that is one of the reasons I hate Villain Corp. He is Villain Corp. He’s the Chief Technology Officer, I don’t know why he let amateurs hack him years ago.

“Help me bring Villain Corp down, bring him down,” I look at him. “Why would I?”

“Do I have to say anything? I know deep down you want to do it, you miss the thrill, like the thing you did with Leo, why else would you leave the rootkit there? Why didn’t you delete it? Because you’re curious. Help me. The servers are fully protected with honeypot, help me remove it, be the person inside,” he says. He’s right. He still knows me.

Sht, what will I do?

“I can bypass their security protocol, I can gain access to their system but nothing will move them, I know people. I am part of something bigger now, I want you to be part of it as well, I want you in the revolution.” 

“What made you think that I will join you?”

“Nothing made me think you’ll join us, I know you’ll join us…” he pauses, “…we’ll hack into the system and steal their data, their financial data, their trade secrets, but with me it will be limited, you know where you’ll find me.” He stands up and walks away without looking back.

“What made you think I won’t contact the police?”

“We’re pass that now, Lenniel. I know you won’t.”

As soon as he’s out, I look at the card he left. How long have I waited for this moment? How long have I waited to bring Villain Corp and that man down?

This is bad. This is for me. But this is personal. I clasp the paper and stand up.

A month later…

“The biggest blackhat hacking causes a massive crisis with the Villain Corp, sources says that they may not retrieve the deleted data…”
“Villain Corp’s financial data are destroyed…”
“Villain Corp’s data warehouses are burned…”
“Villain Corp’s secrets exposed…”

I sit silently and watch the news diligently. Everything that I did lead me to this moment. I smile. The revolution is everywhere. Silent revolution is always the noisiest.

END

BLACKHAT
(n) something bad is bad


A Study in White



A STUDY IN WHITE
a silent revolution series
inspired from Mr. Robot

"Where have you been? I've been calling you all night," Kirsten asks, my childhood friend.

"What happened?" I ask. She walks past me and attends to her computer. "There's an attack at the Villain Corp. A DDoS attack, we've been trying to stop it for over an hour, but they won't just stop." She says, every word faster than the other, it is almost impossible for me to understand her.

When it seems that it is hopeless, she looked up, worn out from the stress. “This time, it’s bad.”  

"Have you tracked their IP address, have you blocked it yet?" I ask, looking over her shoulder, I see a stream of attacks over the black screen on her computer.

“Is Rommel here? Is he talking to their tech department?”

“He’s online with them, but so far nothing…I don’t think Rommel can handle this. Look, Ms. Jeanibeth put me with this account and I can’t screw up in my big break. I need you. Please.”

You don’t have to ask Kirsten. Even if I don’t want to help you, my mind is already running through the things I saw from your computer screen. The attack is spontaneous. Whoever is doing this, they are making sure to down the servers of Villain Corp.

“Lenniel? Will you help me?” I am out of my reverie as soon as I heard her speak.

I’ve been working for a month now with Cybersafe, my job? To keep hackers away from the servers of the clients, our biggest account is with Villain Corp. Villain Corp, it’s actually V Corp, but I like to call it Villain Corp, they are the biggest conglomerate that is almost everywhere, had business everywhere. I hate them. They control everyone. But not me. I hate them, yet I am working for them.

“Lenniel?” I look blankly at her. I am overthinking again.


“Did you reconfigure the DNS?” I finally ask.
“Yes.” She looks at the screen where Rommel is working.
“Stop the services.”
“I already stopped the services.”

“I tried to reboot the servers but they’re not coming back up. Dude, someone is straight up fingerblasting their entire network right now.” Rommel says, not looking away from the computer screen.

“They just started reporting on the outage,” she says while looking at her phone.

I sit beside Rommel and starts to look up the attack.

Sht. This is worse than I thought. They’re in the network?

“What’s the status update? I thought we set up security protocols so that this doesn’t happen,” Ms. Jeanibeth says as soon as she steps in the office.

“Where’s the attack coming from?” She asks, looking at Rommel.

“Everywhere, obviously. The Philippines, USA, Thailand, China….”

“Start restaring the services, load sharing, redirect the traffic,” she’s tense. I can feel it.

“I don’t think this is just a DDoS attack. I think…” I pause, their attention is focused in me. “…they got a rootkit sitting inside the servers.”

“What’s a rootkit?” Kirsten asks.

“It’s malicious code that completely takes over their system. It can delete system files and stop programs. Viruses, worms…” Rommel explains.

“How do we stop it?” Kirsten anxiously ask.

“That’s the thing. It’s fundamentally invisible…you can’t stop it.” Rommel says in defeat.

“All of their servers are timing out,” Ms. Jeanibeth says while looking at the screen.

“None of them are coming back up,” Kirsten says.

“That’s because every time we restart the server the virus replicates itself during boot up and crashes the host,” I say. Leaning on the chair, they’re good. Those hackers are good.

“How are we supposed to bring up the network if we can’t restart the servers?” Ms. Jeanibeth asks.

“We can’t, which is what they wanted. By defending ourselves, we ended up spreading the virus everywhere. Only thing we can do is we’ve got to take the whole system offline, wipe the infected servers clean, then bring them back up,” I explain.

“You’re coming with me,” Ms. Jeanibeth says, then dial something in her phone before she disappears from the office.

--

We went to Villain Corp’s server farm through their private jet, the smell of the velvet seat is suffocating me, and it smells new.

The servers are placed in a neat and organized way. We look at the big screen inside, they’re already booting the network back.

“Stop, tell Rommel to stop.”

“Why?” Ms. Jeanibeth asks.

“There’s an infected server up and running. What’s the ETA before it hits this server?” I ask, pointing at the green circle with a blinking yellow outline, server CS30.

“The back up server up and running?” I ask.

“It’s ready but it’s not configured for auto switch.” The employee from the server farm says.

“Give me your laptop, we need to redirect the traffic, we need to switch DNS.”

“You got this, you got this, you got this.” I say the mantra in my head.

“This impossible. Its almost back t the server,” Ms. Jeanibeth says, pressuring me. I try to concentrate with what I am doing. I got this, I got this.

I hear a sigh of relief as the infected server has been transferred to idle one, the server can’t be affected by now.

“I’m gonna take a look at the infected server, give me a minute.” I say.

“Yes, I’ll meet you at the elevator,” she says, standing up.

I focus my attention with the logs of the attack. They must have left a mark or something. Every hacker loves attention. They just don’t do DDoS attacks for no reason.

I stumble upon a log. This is it. The madhatters. Is this supposed to be a joke.

LEAVE IT HERE, the readtxt says. They tell me to leave it here. But why? Doesn’t matter.

Time to shut them down.

Why can’t I delete it? I don’t…

This is good. I know it’s good. This is for Cybersafe. I help them.

WHITEHAT
(n) something bad is good


A Scandal of Grey




A SCANDAL OF Grey
a silent revolution series
 inspired from Mr. Robot


Sht, I think someone's following me.
No, someone really is following me.
It must be the thing I pulled off last night.
They might have been listening all along, or they're already there right before I did it.
Or I have done something wrong.
Sht, what have I done?
I should've just gone to my boss' party, but instead...I went to...

I sat there, at the corner of the coffee shop while waiting for Leo. It was past nine pm, the shop will be closing soon but I know he'll be here, I checked his phone. He'll be taking rounds of the shops he owned nearby.

I heard the bells chime when the door opened. I saw him. Leo. One of the attendants went to him immediately, brought him coffee and greeted him, "Hello, Leo."

I walk at the almost empty shop. "Good evening, Leo." I say, I don't mean to frighten him but I don't know not to do that. I have that tendency.

He looks up, a crease forming between his eyebrows. I sit at the chair in front of him and stare at him. "Your name is Leonardo Cruz, you're Leo." I point at the embossed letters read as LEO'S COFFEE.

"You have 13 coffee shops, six years since you opened the first one. You'll have three before the year ends." I say, nonchalant. Mostly because this is the way I usually talk.

"Excuse me, do I know you?" He asks.

"I love going here, the coffee is good and the wi-fi is fast." I say. "May I help you with something?" He looks at me intently. "You're one of the few spots that has a fiber connection with gigabit speed. It's good."

He nods and go back to his tablet, looking at the spreadsheets, maybe about the sales of the coffee shop, expenses or maybe about the money he earned from his other business.

"So good, it scratched that part of my mind, part that doesn't allow good to exist without condition, so I started intercepting all the traffic on your network. That's when I noticed something strange. It's when I decided to hack you," he stops abruptly and a look of surprise written in his face.

"Hack..." he says, as if the word is foreign to him.

"I know you run a website called Wild Fantasies. Sorry I didn't ask for your permission." I say, looking straight at him, void with any emotion.

"Pardon me," he says in disbelief.

"You're using Tor networking to keep the servers anonymous. You made it really hard for anyone to see it, but I saw it. The onion routing protocol, it's not as anonymous as you think it is. Whoever's in control of the exit nodes is also in control of the traffic, which makes me...the one in control." He looks around. Maybe looking for someone to approach the table and help him or maybe checking if someone's listening. I don't know. I don't mind. I don't care.

"I must ask you to kindly leave," his voice is hoarse, like something is stuck in his throat.

"I own everything," I pull out a folder out of my bag. "All your e-mails. All your files. All your...pics." He scans the folder I left on the table and looks harshly at me. "You have to leave now or I'll call the—"

"Police? You want them to find out about the 100 terabytes of child pornography you serve to your 400,000 users? Personally man, I was just going to hack the network, to see how secured it was, to check for vulnerabilities, and later on, tell that on you, fix the problem. And it will be done. I was hoping it will be just some BDSM stuff, I thought I will be doing you a favor, but I found something else."

"That...is my personal life." He says in defeat. "What do you need?"

"You don't have to worry—"

"Money? This is about money? Then it's a no. If I gave you money now, you'll ask for more, but you'll tell the police anyway," he stands up, "I'm afraid you'll have to leave now!!!" He shouts, pointing his finger at me, I can almost hear something ringing on my ears, the few people in the coffee shop must've been staring now.

"I don't understand." I say, unmoved by his sudden outburst.

"You're blackmailing me and you don't understand," he scoffs. "Let me tell you this, you also broke the law," he says. I know what he is thinking now, how he will be able to get out of this mess. So slowly, I let my back rest on the chair.

"You'd tell your sys admin to take your servers down, wipe all the data. So I made sure to include the current time and location on my anonymous tip." I stand up with my bag.

His furious face is replaced by terror. "Wait. Hold on. I'll give you money. I'll pay you. How much do you want? I'll pay you."

I hear the police sirens wailing from here, that when I started to move. "I thought I was going to give you my service but I guess I'll be a help to the government to bring your kind down." Before I go out of the door, I stop and look at his frightened stature. "That's the part you were wrong, Leo. I don't give a shit about money."

It's bad. And it's good. It's in between. I don't know. All I know is that...it started there. And now, someone is following me.

"Roosevelt station..." I hear the voice looming over as the train approaches the platform. I stand up and walk near the automatic sliding door of the train. And just when it opens, I saw him. That guy who I've been seeing all day. Looking at me, smug even, I don't fear anything but sht, this is not good.


GREYHAT
(n) something good, something bad, something in between


Malicious Code




The use of computers in industry has expanded dramatically in the last decade. With the use of this technology, working has become more convenient, faster and easier. It has become the spine of the business and requirement as well. However, ensuring the security of the processes and the privacy data of these machines access is a difficult dilemma.
Many companies around the world lost vast amounts of time, money and resources due to poor defense systems and lack of knowledge in computer security. Companies must ensure that all data processing equipment are tough enough to withstand any type of malicious attack.
A malicious code is a code causing damage to a computer or system. It is a code not easily or solely controlled through the use of anti-virus tools. Malicious code can either activate itself or be like a virus requiring a user to perform an action, such as clicking on something or opening an email attachment.
Malicious code does not just affect one computer. It can also get into networks and spread. It can also send messages through email and steal information or cause even more damage by deleting files. It can be in the form of scripting languages, ActiveX controls, browser plug-ins, Java applets and more.
Malicious codes can come in various forms. The following are the most common types of malicious codes:
Computer Virus
A computer virus is a self replicating computer program which can attach itself to other files/programs, and can execute secretly when the host program/file is activated. When the virus is executed, it can


perform a number of tasks, such as erasing your files/hard disk, displaying nuisance information, attaching to other files, etc. Computer Virus includes memory-resident virus, program file virus, polymorphic virus, boot sector virus, stealth virus, macro virus, and email virus.

Worms
A worm is a self-replicating program that does not need to attach to a host program/file. Unlike viruses, worms can execute themselves. Worms have the ability to spread over a network and can initiate massive and destructive attacks in a short period of time.
Trojan Horse
A trojan horse is a non-replicating program that appears legitimate, but actually performs malicious and illicit activities when executed. Attackers use trojan horses to steal a user's password information, or they may simply destroy programs or data on the hard disk. A trojan horse is hard to detect as it is designed to conceal its presence by performing its functions properly.
Spyware & Adware
Spyware is a type of software that secretly forwards information about a user to third parties without the user's knowledge or consent. This information can include a user's online activities, files accessed on the computer, or even user's keystrokes.
Adware is a type of software that displays advertising banners while a program is running. Some adware can also be spyware. They first spy on and gather information from a victim's computer, and then display an advertising banner related to the information collected.
Rootkit
A rootkit is a collection of files that alter the standard functionality of an operating system on a computer in a malicious and stealthy manner. By altering the operating system, a rootkit allows an attacker to act as system administer on the victim's system. (Or the "root" user in a Unix system - hence the name "rootkit".) Many rootkits are designed to hide their existence and the changes they made to a system. This makes it very difficult to determine whether a rootkit is present on a system, and identify what has been changed by the rootkit. For example, a rootkit might suppress directory and process listing entries related to its own files. Rootkits may be used to install other types of attacker tools, such as backdoors and keystroke loggers. Examples of rootkits include LRK5, Knark, Adore, and Hacker Defender.
Active Content
Unlike the traditional methods of working with static data files using a software program, today's data objects, such as web pages, email and documents can interweave data and code together, allowing dynamic execution of program code on the user's computer. The fact that these data objects are frequently transferred between users makes them efficient carriers of viruses. The transparency of code execution can be a security concern. The two main 'active content' technologies are ActiveX controls and Java. In general, ActiveX poses a greater threat because it has direct access to native Windows calls, and hence any system functions.  Java, on the other hand, is "sandboxed" or insulated from operating system services by the Java Virtual Machine. However, this does not mean that there will never be a Java virus.
Zombies and Botnets
A zombie computer, usually known in the short form zombie, is a computer attached to the Internet that has been compromised and manipulated without the knowledge of the computer owner.
A botnet refers to a network of zombie computers that have been taken over and put under the remote control of an attacker. A botnet might consist of thousands of zombie computers, and even more. The zombie computers in the botnets can consist of computers at homes, schools, businesses and governments scattered around the world.
Scareware
Scareware, or sometimes called rogueware, comprises several classes of ransomware or scam software with malicious payloads. While pretending as legitimate anti-virus software or the likes, scareware is in fact dummy software without functions, or sometimes even a malicious software which may, for example, steal the victim's personal information and credentials such as passwords or credit card details. Scareware usually entices victims by convincing them that a virus has infected their computer, then suggesting that they download (and pay for) an anti-virus software to remove it. Very often, the virus is entirely fictional, and the software installed is the scareware itself. In additional to the loss of money paid for the scareware, the personal details and credit card information provided by the victim during the purchase of the scareware can be used by criminals in further fraud or sold on black market forums.

Ransomware makes your computer files inaccessible. The victim is then requested to pay a fee ("ransom") to regain access to their files. Ransomware is a twisted form of scareware. One of common tactics is that the malware attacks victims through phishing emails with a malicious attachment. Once infected, the malware makers of ransomware can "kidnap" user’s computer and hold it to ransom by, for example, stopping the computer working, encrypting key system files or locking up some of the personal information. The victim needs to pay ransom to free their machines and get their files back.


Sources:
-https://www.techopedia.com/definition/4014/malicious-code
-http://www.infosec.gov.hk/english/virus/types.html

Solving The Codes

Ever wondered how our everyday transactions are kept in private? Such as signing in to our SNS accounts (social networking sites), doing banking transactions, or sending confidential information in a company, etc. especially nowadays with our ever changing and fast developing technology it can’t be helped to wonder how do this things are kept private and secured. 

Especially with this thing called “Internet” which is comprised of millions of interconnected computers and allows nearly instantaneous communication and transfer of information around the world people now depend on it for making transactions and communication. The World Wide Web is now often use for online business, data distribution, marketing, research, learning, and a myriad of other activities. Credit card information, sss numbers, personal details, even bank information are sometimes are inevitable to put when making online transactions so with these people needed some assurance for the information they send and received online is secured and protected. This is where cryptography comes in, it makes secure web sites and electronic safe transmissions possible.

"A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. 

A cryptographic algorithm works in combination with a key — a word, number, or phrase — to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys."

When we talk about cryptography we would come across the word encryption which is the process of encoding messages or information in such a way that only authorized parties can read it. It uses a code or a key to make the message hidden and to be able to read it.

And when talking about encryption, it’s important to make the distinction that all modern encryption technology is derived from cryptography

Starting off, cryptography is the act of creating and (attempting to) decipher a code. While electronic encryption is relatively new in the grander scheme of things, cryptography is a science that dates back to ancient Greece and where soon followed by the Romans.

The Greeks were the first society credited with using cryptography in order to hide sensitive data in the form of written word, from the eyes of their enemies, and the general public. 

They used and relied on a tool called the scytale to create a transposition cipher (answer key) to decode encrypted messages.
                                                 
The scytale is a cylinder used to wrap parchment around order to decipher the code. Whenthe two sides communicating used a cylinder of the same thickness, the parchment would display the message when read left to right. When the parchment was unrolled, it would appear as a long, thin piece of parchment with seemingly random numbers and letters. 


While Romans introduced what commonly known as the “Caesar’s cipher” which is a substitution cipher that involved substituting a letter for another letter shifted further down the alphabet. For example, if the key involved a right shift of three, the letter A would become D, the letter B would be E, and so on.

Other breakthroughs are:

• The Polybius Square
                                                      

• Enigma Machine
                                      


• Data Encryption Standard
          
       DES was the first modern symmetric key algorithm used for encryption of digital data and was the foundation for which modern encryption technologies were built.
  

                                                        
Modern Encryption Technology

       Modern encryption technology uses more sophisticated algorithms as well as larger key sizes in order to better conceal encrypted data. The larger the key size, the more possible combinations that a brute force attack would have to run in order to successfully find decrypt the ciphertext.

Triple DES

       Encryption standards have come a long way since DES was first adopted in 1977. In fact, a new DES technology, known as Triple DES (3DES) is quite popular, and it’s based on a modernized version of the original DES algorithm. While the original DES technology was rather limited with a key size of just 56 bits, the current 3DES key size of 168-bits make it significantly more difficult and time consuming to crack.


AES (Advance Encryption Standard)

       The Advanced Encryption Standard is is a symmetric cipher based on the Rijandael block cipher that is currently the United States federal government standard.

                                     
RSA Encryption

       RSA is one of the first widely used asymmetric cryptosystems for data transmission. The algorithm was first described in 1977, and relies on a public key based on two large prime numbers and an auxiliary value in order to encrypt a message.


ECC (Elliptic Curve Cryptography)

    Elliptic curve cryptography is among the most powerful and least understood forms of encryption used today. Proponents of the ECC approach cite the same level of security with faster operational times largely due to the same levels of security while utilizing smaller key sizes.

  

Public Key Encryption

       Public Key – or asymmetric – encryption uses the recipient’s public key as well as a (mathematically) matching private key.
  
                                              
Private Key Encryption

       Where Private Key – or symmetric – encryption differs from Public Key encryption is in the purpose of the keys themselves. There are still two keys needed to communicate, but each of these keys is now essentially the same.
                                                  


Conclusion:

As we have seen in the history of cryptography cryptographers creates new ciphers which are unbreakable and cryptanalyst trying to break unbreakable cipher. Any algorithm who creates cipher text and if it contains frequency of plain text then it’s not considered to be secure.

Key management is also very important aspect of the cryptography which in overlooked by most of the organizations. Key should be stored in secure manner and still should be accessible in easy way when required. Further, central key management helps to apply common encryption policies across all devices and data.

“ENCRYPT EVERYTHING” is not the correct view and reasonable as well one cannot consider encryption as a sole solution for all the security issues rather it should be based on risk assessment and priority basis.


Sources:
https://en.wikipedia.org/wiki/Encryption
http://www.brighthub.com/computing/enterprise-security/articles/65254.aspx
http://www.makeuseof.com/tag/encryption-care/
http://www.quotium.com/resources/importance-cryptography/