Cryptomagazine

CryptoMagazinE

TRADE FAIRS For the customers of Crypto AG, Switzerland 1 2009

DSEi, 8 to 11 September 2009 London, Great Britain

SEMINARS by InfoGuard AG Crypto AG, Headquarters For Information Security Professionals Crypto AG ISC09/1 20 – 24 April 2009 P.O. Box 460 ISC09/2 15 – 19 June 2009 CH-6301 Zug Switzerland ISC09/3 28 September – 02 October 2009 Tel. +41 41 749 77 22 ISC09/4 09 – 13 November 2009 Fax +41 41 741 22 72 [email protected] www.crypto.ch Contemporary Cryptography CCC09/1 27 April – 01 May 2009 Crypto AG, Regional Offices CCC09/2 22 – 26 June 2009 CCC09/3 16 – 20 November 2009 Abidjan Crypto AG 01 B.P. 5852 Ethical Hacking and Cyber Crime Abidjan 01 EHC09/1 08 – 12 June 2009 Ivory Coast Tel. +225 22 41 17 71 EHC09/2 05 – 09 October 2009 Fax +225 22 41 17 73 EHC09/3 23 – 27 November 2009 Abu Dhabi Crypto AG – Abu Dhabi Further information at www.infoguard.ch/crypto P.O. Box 41076 Abu Dhabi United Arab Emirates Tel. +971 2 64 22 228 PRESS REVIEW Fax +971 2 64 22 118 Buenos Aires Study confirms fears about personal data on the Internet Crypto AG To mark the third European data protection day on 28 January in Berlin, Maipu 1256 PB «A» 1006 Buenos Aires Privatim, the association of Swiss data protection registrars, commis- Argentina sioned a survey. Around 1,600 people were interviewed throughout Tel. +54 11 4312 1812 Fax +54 11 4312 1812 Switzerland and the results showed that Swiss inhabitants see data protection as being important. Kuala Lumpur Crypto AG Regional Office Pacific Asia Nine out of ten interviewed consider it important (22 percent) to very Level 9B Wisma E&C important (69 percent) that companies and administrative authorities 2, Lorong Dungun Kiri Damansara Heights protect personal data. More than four in five interviewees trust public 50490 Kuala Lumpur authorities such as the police, hospitals or residents’ registry offices to Malaysia Tel. +60 3 2080 2150 handle data carefully. Fax +60 3 2080 2140 Industry did not come off well in the survey. 44 percent mistrust their credit card company when it comes to data protection: the proportion Muscat Crypto AG is even worse (54 percent) for telecommunication suppliers. In general, Regional Office just 18 percent of those interviewed consider protection to be inade- P.O. Box 2911 Seeb PC 111 quate; 15 percent even claim to have been affected by data abuse at lease Sultanate of Oman once already. Tel. +968 2449 4966 Fax +968 2449 8929 Sources: www.werbewoche.ch and heise online, news from 27 January 2009

A member of CRYPTO AG – To Remain Sovereign The Crypto Group The World of Cryptography 2 CRYPTOMAGAZINE 1/2009 CONTENTS EDITORIAL 22 p. 4, 10, 15, 16, 18, 22 AG Crypto reserved rights All requested. copies courtesy www.crypto.ch (Switzerland), www.apostroph.ch www.apostroph.ch (Switzerland), Typesetting year a times three Published I wish you interesting and absorbing reading. absorbing and interesting you I wish security. information of issues in anonymity and constancy security, as such values customary offer partner- to us to allow that future, contribution the in and our now ships, are They catchwords. mere than more principles are three These Service. to Commitment A – Innovation – petency rate values must be and Com- backed practiced by employee. every Security corpo- our re- that again seminar It demonstrated employees. for a our conducted of cently name the is Design” Corporate and Identity “Corporate more. read 19 to page to turn Please clear. completely yet not are knowledge of field new this of benefits and significance The unanswered. still are questions Many us? for have science of branch this will sig- what But nificance cryptography. quantum with begun already has future The company our at security information 12). (page of history the into inter- us gives insights and past esting the into us transports that a is AG”articles of series Crypto new of History Company the in “Milestones products. quated employed in anti- today about techniques the be ingenious enthusiastic still Wecan day. tech every The admire to have. history corporate our in always something is they There as just today, years. the over eyes changed has that thing only the is nology prying from information tial the what confiden- their matter People protect or present no future. past, involved, period people time on fascination special a exerts Cryptography Reader Dear IMPRINT 10 16 19 12 7 5 3 Passwords – better protection against data theft data against protection –better Passwords sight in revolution no cryptography: Quantum implementation for partners competent requires security ICT (III) Services Crypto on Series “ mechanical using Encryption 1: part company of the 1950s history the in the Milestones management log centralised intelligent with security and availability Increasing Management Event and Information Security second at easy –quite glance first at Complex Manager of aSecurity world The perspective a philosophical from Security hacker cyber spy to From communication modern for threats and Dangers illugraphic, Sonnhalde 3, 6332 Hagendorn (Switzerland), www.illugraphic.ch www.illugraphic.ch (Switzerland), Hagendorn 6332 3, Sonnhalde illugraphic,

Editor-in-chief Kursiv: cover · cover Kursiv: rn run Print Gabriela Hofmann, Crypto AG, Tel. +41 41 749 77 81, Fax +41 41 741 22 72, E-mail [email protected] [email protected] E-mail 72, 22 741 41 +41 Fax 81, 77 749 41 +41 Tel. AG, Crypto Hofmann, Gabriela Printing Roger Casper: p. 11Casper: · Roger Arabic) Russian, Spanish, French, English, (German, 6000 Ennetsee AG, Bösch 35, 6331 Hünenberg (Switzerland) (Switzerland) Hünenberg 633135, Bösch AG, Ennetsee Illustrations Illustrations calculators Shutterstock: cover, p. 5, 19,· Shutterstock: 21 Crypto: p. 2, Crypto: 8, 13, 14, 15 ” Translation Fotosearch: cover, p. 4 · Fotosearch: Reproduction Publisher psrp A, öfrtas 5 PO Bx 60 Lcre 6 Lucerne 6000 Box, P.O. 5, Töpferstrasse AG, Apostroph - Crypto AG, P.O. Box 460, 6301 Zug (Switzerland), Free of charge with the consent of the editorial office, office, editorial the of consent the with charge of Free Getty: p. 18 · Getty: sec illugraphic: p. 6 · illugraphic: Executive Officer Executive Chief and President Otth Giuliano urity a urity t ec Imagepoint: cover, · Imagepoint: Int w hnology se ar e rvi se rview FO FO FO e Design/ n ri C C C ces ess U U U e S S S S

F Dangers an like have grown enormously. It seems business can these tools. no even without longer function the and GSM phone, Internet, satellites, as such communication of means on dependencies Our Internet. the on and communications modern in mainly are threats big the today, whereas War Cold the during The world of threats and dangers changes so rapidly. Spies are the figuresthat keptthe worldin suspense simply. somewhat it put to thieves, modern some They more kind. are little than of gain commercial a promises that information sensitive acquiring itly illic- on mainly focus and training of rudimentary have hackers century 21st the The expertise. puter com- had excellent to have involved people The them. for game a was It collapse. to their force the networks into programs defective feeding on fixated were hackers Internet days, for als responsible them. In the early individu- the of characteristics the have too so have years the over changed dangers and threats as Just hackers of face changing The networked. deeply too we are dependency; this for from us escape any longer no is There tics. logis- global and aviation culture, agri- disrupt and influence greatly could and inaccuracy Any Internet. the networks computer cations, communi- satellite without impossible today be would forecasts er weath- precise For events. instance, and political and sporting at monitoring surveillance out carrying to and materials to hazardous crucial tracking also is networks these of reliability The borders. national the patrol and resources of check availability disasters, monitor have they to all, After particular. in governments for important mously These enor- are networks communication information. the of for exchange network global national depend inter- on a well-functioning heavily sectors economic Many ro m threats for d mothreats s py to d handling of information. Can a per a Can daily information. of their handling in governments even and companies individuals, occupy and affect that applications the of payrolls a few just are purchases online and returns, tax information. of E-banking, exchange our in security of issue the address to but choice no We have attack. an of tim vic- the be can anyone Internet, the and satellites over of communication prevalence increased the With us all affects that A danger eiie N” Al f s ae to have us of All “No”. a definite is question above the to the answer So, channel. conceivable any covert come and can through and invisible are attacks the physically; work. You no longer net- see the attackers information global the in sion on take ger a and threat new dimen- the and Dan- information? of that exchange information secret sensitive and for protection effective son feel safe still completely without dangerous attacks with the aid of ultra-modern software tools. software ultra-modern of aid the with out attacks carry now can dangerous individuals trained poorly Even network. entire an of takeover” “hostile regular the to today way has given as password the out a of began game figuring What decades. over the changed have of attacks The types Sophistication c ern ern communication Knowledge yb Intruder Attack High Low 1980 e r ha password guessing disabling audits 9519 1995 1990 1985 self-replicating code password cracking exploiting knownvulnerabilities back doors c burglaries k sweepers - packet spooﬁng e sessions hijacking well as diallers. What all of them them of all What diallers. as as well scareware spyware, attacks, service of denial horses, attacks, backdoor Trojan worms, computer viruses, computer of types various distinguishes Malware unnoticed. completely background the in runs software the or disguised are usually functions damaging these so programs, harmful any tolerate ly In a general, user does not knowing- functions. harmful and undesirable perform that programs harmful of issue. The refers to term malware all types essential an is Internet the over infection malware danger, this by affected be can everyone As ing. grow steadily is it on dependency our and intensifying is use Internet ramifications and definition – malware from Threats defence. and/or resistance of means quate ade- applying of ways about think sniffers r 1 network mgmt.diagnostics By Philipp Birrer, Marketing Manager Marketing Birrer, Philipp By denial ofservice scanning techniques GUI “stealth“/advanced automated probes/scans cross-site scripting www attacks command &control attack tools(DDoS) distributed Attackers 2000 sophisticated Tools -

3 focus 2 CRYPTOMAGAZINE 1/2009 CONTENTS EDITORIAL 22 p. 4, 10, 15, 16, 18, 22 courtesy copies requested. All rights reserved Crypto AG Crypto reserved rights All requested. copies courtesy (Switzerland), www.apostroph.ch www.apostroph.ch (Switzerland), Typesetting www.crypto.ch year a times three Published I wish you interesting and absorbing reading. absorbing and interesting you I wish security. information of issues in anonymity and constancy security, as such values customary offer partner- to us to allow that future, contribution the in and our now ships, are They catchwords. mere than more principles are three These Service. to Commitment A – Innovation – petency rate values must be and Com- backed practiced by employee. every Security corpo- our re- that again seminar It demonstrated employees. for a our conducted of cently name the is Design” Corporate and Identity “Corporate more. read 19 to page to turn Please clear. completely yet not are knowledge of field new this of benefits and significance The unanswered. still are questions Many us? for have science of branch this will sig- what But nificance cryptography. quantum with begun already has future The company our at security information 12). (page of history the into inter- us gives insights and past esting the into us transports that a is AG”articles of series Crypto new of History Company the in “Milestones products. quated employed in anti- today about techniques the be ingenious enthusiastic still Wecan day. tech every The admire to have. history corporate our in always something is they There as just today, years. the over eyes changed has that thing only the is nology prying from information tial the what confiden- their matter People protect or present no future. past, involved, period people time on fascination special a exerts Cryptography Reader Dear IMPRINT 10 16 19 12 7 5 3 Passwords – better protection against data theft data against protection –better Passwords sight in revolution no cryptography: Quantum implementation for partners competent requires security ICT (III) Services Crypto on Series “ mechanical using Encryption 1: part company of the 1950s history the in the Milestones management log centralised intelligent with security and availability Increasing Management Event and Information Security second at easy –quite glance first at Complex Manager of aSecurity world The perspective a philosophical from Security hacker cyber spy to From communication modern for threats and Dangers illugraphic, Sonnhalde 3, 6332 Hagendorn (Switzerland), www.illugraphic.ch www.illugraphic.ch (Switzerland), Hagendorn 6332 3, Sonnhalde illugraphic,

F Dangers an simply. somewhat it put to thieves, modern some They more kind. are little than of gain commercial a promises that information sensitive acquiring itly illic- on mainly focus and training of rudimentary have hackers century 21st the The expertise. puter com- had excellent to have involved people The them. for game a was It collapse. to their force the networks into programs defective feeding on fixated were hackers Internet days, for als responsible them. In the early individu- the of characteristics the have too so have years the over changed dangers and threats as Just hackers of face changing The networked. deeply too we are dependency; this for from us escape any longer no is There tics. logis- global and aviation culture, agri- disrupt and influence greatly could and inaccuracy Any Internet. the networks computer cations, communi- satellite without impossible today be would forecasts er weath- precise For events. instance, and political and sporting at monitoring surveillance out carrying to and materials to hazardous crucial tracking also is networks these of reliability The borders. national the patrol and resources of check availability disasters, monitor have they to all, After particular. in governments for important mously These enor- are networks communication information. the of for exchange network global national depend inter- on a well-functioning heavily sectors economic Many like have grown enormously. It seems business can these tools. no even without longer function the and GSM phone, Internet, satellites, as such communication of means on dependencies Our Internet. the on and communications modern in mainly are threats big the today, whereas War Cold the during The world of threats and dangers changes so rapidly. Spies are the figuresthat keptthe worldin suspense ro m threats for d mothreats s py to d eiie N” Al f s ae to have us of All “No”. a definite is question above the to the answer So, channel. conceivable any covert come and can through and invisible are attacks the physically; work. You no longer net- see the attackers information global the in sion on take ger a and threat new dimen- the and Dan- information? of that exchange information secret sensitive and for protection effective son feel safe still completely without per a Can daily information. of their handling in governments even and companies individuals, occupy and affect that applications the of payrolls a few just are purchases online and returns, tax information. of E-banking, exchange our in security of issue the address to but choice no We have attack. an of tim vic- the be can anyone Internet, the and satellites over of communication prevalence increased the With us all affects that A danger dangerous attacks with the aid of ultra-modern software tools. software ultra-modern of aid the with out attacks carry now can dangerous individuals trained poorly Even network. entire an of takeover” “hostile regular the to today way has given as password the out a of began game figuring What decades. over the changed have of attacks The types Sophistication c ern ern communication Knowledge yb Intruder Attack High Low 1980 e r ha password guessing disabling audits 9519 1995 1990 1985 self-replicating code password cracking exploiting knownvulnerabilities back doors c burglaries k sweepers - packet spooﬁng e sessions hijacking well as diallers. What all of them them of all What diallers. as as well scareware spyware, attacks, service of denial horses, attacks, backdoor Trojan worms, computer viruses, computer of types various distinguishes Malware unnoticed. completely background the in runs software the or disguised are usually functions damaging these so programs, harmful any tolerate ly In a general, user does not knowing- functions. harmful and undesirable perform that programs harmful of issue. The refers to term malware all types essential an is Internet the over infection malware danger, this by affected be can everyone As ing. grow steadily is it on dependency our and intensifying is use Internet ramifications and definition – malware from Threats defence. and/or resistance of means quate ade- applying of ways about think sniffers r 1 network mgmt.diagnostics By Philipp Birrer, Marketing Manager Marketing Birrer, Philipp By denial ofservice scanning techniques GUI “stealth“/advanced automated probes/scans cross-site scripting www attacks command &control attack tools(DDoS) distributed Attackers 2000 sophisticated Tools -

3 focus 4 CRYPTOMAGAZINE 1/2009 be taken seriously. A number of of number should A seriously. threats taken of be kinds These numbers. increasing in Internet the using are companies because alent prev- more and more attacks becoming are Hotel and stories Western These Best Group. the of database a from people million over of eight details, card credit all ing copied all the data, customer includ- hackers unknown 2008, August In servers. mail the attacked including Internet, the from computers disconnect 1500 to had Washington in Pentagon the a 2007, in attack cyber Following servers. responding oninformation cor ing confidential collect- others at systematically aimed are and organisations tutions, insti- banks, against attacks These attack. a cyber it to launch exploit hackers the found, is flank weak a updates Once until for them. issued are (patches) again not correctible are and attacks undesired for in vulnerability pose packages may themselves software Defective infection. of to danger in vulnerable and attack system a make to suffices Internet the to access work net- single A the decades. two over previous as 2007 in disseminated and produced was malware much as that revealed A by study F-Secure sophisticated. be- increasingly are coming Internet the over Attacks it. forward and information off siphon to e.g. ways, unwanted in system the to intent influence their is common in have - 1 Sources: future. we be the able to in will nor today networks computer over communications do without cannot we situation: current the from clear is thing One danger. avert and data also steps sensitive to protect to be have taken technical of employees, sensitisation the processes, and and training, practices trative adminis- Besides century. 21st the of challenges the meet to fronts ous on vari- mandatory are precautions www.f-secure.com. Finland; Helsinki, Corporation, F-Secure CMU/SEI-2002-SR-009. CMU/SEI-2002-SR-009. Report Special Centre; Coordination CERT Lipson, F. Howard Issues; Policy Global and Challenges Technical Cyber-Attacks: Tracing and Tracking S the expense of another’s, but rather rather but another’s, of expense at the increased is security side’s one mean not does This situations. flict in con- comes to especially bear rity secu- Collective (collective). munity com- a or the individual an for against future hedges as act of both which means, financial and rial mate- by stably livelihood a guaranteeing means security Economic physical threat. from freedom direct and integrity means security Physical security. social or nomic and into physical eco- be subdivided can population the of group entire an or individual an of security The security of Various types react termeasures. coun- people and risks to how psychologically on but tions calcula- mathematical or sibilities pos- on not based is security ceived Per countermeasures. different of effectiveness the and risks ferent dif- of possibility the on based iable var- is a mathematical security Real extremely parlance. general in related closely are but equivalents, exact be not may two The ception. as as a well per- is a reality Security or objects). (and abstract systems objects real non-living to life, of forms other to individual, an to refer also can term The conditions. certain under or environment tain cer- a in period, certain a for exists a that risks is of free unreasonable state security way, another put Or occurring circumstances. defined under not damage potential of defined be seen as probability the It can concept. a is relative Security security of Definition Joachim Ringelnatz (1883 – 1934), German writer, cabaret artist, painter we “The only have security is is nothing that Not evensecure. security.” philo ec urity fro s ophi c -

al p is how this state is defined or what what or defined is state this how is sense this in security of aspect key A dangers. and disruption from free operation of state a to refers security objects, or structures technical In ICT in Security as possible. improbable as effects adverse unexpected or expected render prevent or to help they if successful sible. measures are Security deemed as close to as of perfect pos- security uncer- yet and again tainties achieve a final state minimise to mented Security rendered concepts must be and devised imple- improbable. are they sufficiently that completely, out simply ruled are effects does not adverse mean that Security security? absolute as athing such there Is correctly. tions situa- assess to needed are munity com- the and of individuals part the on experience and sense Common sides. both for of security the devised ensuring are actions joint that m a By Gabriela Hofmann, Corporate Editor, and Dr. Silvan Frik, Head of Marketing Services Marketing of Head Frik, Silvan Dr. and Editor, Corporate Hofmann, Gabriela By e r s p ec tiv gral parts of most security functions functions security most of parts gral inte- are techniques Cryptographic cryptology in security of Meaning as well filters. of network use the as servers and on networks attacks outside monitoring regulating is and for essential system equally auditing functioning A well- policies. password and authorisa tions management, system necessary to paid is attention cies, competen- and resources performance mandate, a with organisation ICT viable a In approaches. ferent dif- with addressed be can and security risks operations, everyday In or internal to occur. attack external an allow to required is that all is chain the in link weak single a but security, technical for especially required is mechanisms various of interplay The security. of instead used generally is ability reli- term the disruption, potential a during occurs danger no If tions. func- technical of use the for able accept- is (un)certainty of degree e -

5 focus 4 CRYPTOMAGAZINE 1/2009 be taken seriously. A number of of number should A seriously. threats taken of be kinds These numbers. increasing in Internet the using are companies because alent prev- more and more attacks becoming are Hotel and stories Western These Best Group. the of database a from people million over of eight details, card credit all ing copied all the data, customer includ- hackers unknown 2008, August In servers. mail the attacked including Internet, the from computers disconnect 1500 to had Washington in Pentagon the a 2007, in attack cyber Following servers. responding oninformation cor ing confidential collect- others at systematically aimed are and organisations tutions, insti- banks, against attacks These attack. a cyber it to launch exploit hackers the found, is flank weak a updates Once until for them. issued are (patches) again not correctible are and attacks undesired for in vulnerability pose packages may themselves software Defective infection. of to danger in vulnerable and attack system a make to suffices Internet the to access work net- single A the decades. two over previous as 2007 in disseminated and produced was malware much as that revealed A by study F-Secure sophisticated. be- increasingly are coming Internet the over Attacks it. forward and information off siphon to e.g. ways, unwanted in system the to intent influence their is common in have - 1 Sources: future. we be the able to in will nor today networks computer over communications do without cannot we situation: current the from clear is thing One danger. avert and data also steps sensitive to protect to be have taken technical of employees, sensitisation the processes, and and training, practices trative adminis- Besides century. 21st the of challenges the meet to fronts ous on vari- mandatory are precautions www.f-secure.com. Finland; Helsinki, Corporation, F-Secure CMU/SEI-2002-SR-009. CMU/SEI-2002-SR-009. Report Special Centre; Coordination CERT Lipson, F. Howard Issues; Policy Global and Challenges Technical Cyber-Attacks: Tracing and Tracking S the expense of another’s, but rather rather but another’s, of expense at the increased is security side’s one mean not does This situations. flict in con- comes to especially bear rity secu- Collective (collective). munity com- a or the individual an for against future hedges as act of both which means, financial and rial mate- by stably livelihood a guaranteeing means security Economic physical threat. from freedom direct and integrity means security Physical security. social or nomic and into physical eco- be subdivided can population the of group entire an or individual an of security The security of Various types react termeasures. coun- people and risks to how psychologically on but tions calcula- mathematical or sibilities pos- on not based is security ceived Per countermeasures. different of effectiveness the and risks ferent dif- of possibility the on based iable var- is a mathematical security Real extremely parlance. general in related closely are but equivalents, exact be not may two The ception. as as a well per- is a reality Security or objects). (and abstract systems objects real non-living to life, of forms other to individual, an to refer also can term The conditions. certain under or environment tain cer- a in period, certain a for exists a that risks is of free unreasonable state security way, another put Or occurring circumstances. defined under not damage potential of defined be seen as probability the It can concept. a is relative Security security of Definition Joachim Ringelnatz (1883 – 1934), German writer, cabaret artist, painter we “The only have security is is nothing that Not evensecure. security.” philo ec urity fro s ophi c -

5 focus 6 CRYPTOMAGAZINE 1/2009 puter can conduct 10 conduct can puter one com- that Assuming variations. to 1,200,000,000,000,000,000,000,000 corresponds which variations, h bss o atetcto pro- confi the help ensure to and cesses authentication for basis the provide They today. systems ICT in or longer. 80 bits means 1.2x10 means bits 80 longer. or bits secu- 80 key a with guaranteed is rity literature, scientific to cording Ac- computers. of use conceivable greatest the with even text the original of knowledge without or with time useful a in cracked be cannot means by electronic generated keys encryption today, stand matters As data. non-text of processing the allows and possible states of This number bits. the increases individual with they work characters, special and bers work. computers way of num- Instead letters, with dealing the to ed adapt- been have processes graphic keys. Modern crypto- cryptographic random of generation the for for e.g. numbers, source high-quality a is techniques these of use secure the for condition major A nications. commu- of integrity and dentiality ture come into play, this value is is value this play, into come ture architec- security the of elements further or increases length key the the key.As find to years 19,000 than more need would computers linked inter- 1,000 second, one in billion) 9 tests (i.e. tests one 24 key key - Sicherheit mit XML [Security with XML], 2006 XML], with [Security XML mit Sicherheit Suhrbier, Lutz Berlin, of University Free www.oldenbourg.de encyclopaedia, online Informatics], Business of [Encyclopaedia Wirtschaftsinformatik der Enzyklopädie 21, Essay-155 January 2008; Security, of Psychology The Schneier; Bruce www.virtualuniversity.ch Cryptology], of [Basics Kryptologie-Grundlagen www.id.ethz.ch/services/ 2001, Meile, Urs IT], in Security and Risk on Theses [10 Bereich IT im Sicherheit und Risiko zu 10 Thesen Sources: system. of encryption an security not the determines is that factor only the length Key management. key and algorithm of architecture to the attention to pay the necessary important also is it process, this In worthwhile. longer no are means attacks which range, the incalculable into exponentially increased

They are using some kind of code …” of code kind some using are They Sergeant. it, decipher “I cannot quit Co T functions and operations in the the in operations and functions encryption all of overview inter- pretable readily a convey to is ment manage- security of objective The approach? ment manage- security user-friendly optimum an characterises What concept. what a of value the largely determines is end, friendliness the in but user management, in cised exer- be to have commitment and care necessary the course, Of that. like be to have for not does Life users. headaches create may which system, security complex possibly involves of a it in the cryptography intervening useful, operationally and important enormously sidered con- Although split traditionally. image a has management Security network. the of area targeted the in possible as simultaneously as implemented be can and error of free taken are es) of or key chang- groups cryptographic formation/changing the management (e.g. security in actions administrative is necessary however, the that operations, daily in availability technology. for factor primary The encryption modern with level high same the at tected pro- be can applications different even that is reason major A ment. treat- special to subject once that were satellite or radio like cations appli- involving cases in even ICT, to integral as viewed are increasingly systems security Information matter didactically. simple to functions It procedures. is complex all easier than reduces it appears at that firstglance. That becomes obvious when management one the approaches security systematic with answer: The hand? in But how is a supposed manager to security keep of the firmly complex administration networks dynamic place. first the in usable elements. static be longer no can network environment ICT today’s in dynamic the systems makesencryption Consequently, what is network the in security information simply, Put he worl m d of a pl e e e S a ecurity ecurity x at fir s y at M anager dures that avoid errors, logically logically errors, avoid that dures proce- automated primarily This entails quality. of level to this reduced achieve be to has Complexity incidences. possible all dling actions) of (i.e. means han- effective right the providing while network mines security and trust in these these procedures. in trust deter- and what security mines ultimately is plicity and Sim- user interface. understandable logical a and links traceable Figure 1 Figure Security Management Model Management Security sec s Procedures Emergency t glan Authentiﬁcation ond Automated Exchange User Security Management-Modell Key User Management Hardware Centralised ce – Crypto Crypto Monitoring Security & Network when equipment is purchased, purchased, is Even equipment system. when a operate and ure config- to issue time comes it before long an is tasks, management operational security of series a As manner. concise and efficient an in taught is concept the if advantageous also is It and lastingly. understandably conveyed be can it if used only is potential able avail- that shows Experience factor. human often-cited the mind in keeps also AG Crypto from concept The Management Encrypted Channels Topology Dynamic Multi-Location Management By Dr. Rudolf Meier, Publicist Meier, Rudolf Dr. By Redundant

7 focus 6 CRYPTOMAGAZINE 1/2009 puter can conduct 10 conduct can puter one com- that Assuming variations. to 1,200,000,000,000,000,000,000,000 corresponds which variations, or longer. 80 bits means 1.2x10 means bits 80 longer. or bits secu- 80 key a with guaranteed is rity literature, scientific to cording Ac- computers. of use conceivable greatest the with even text the original of knowledge without or with time useful a in cracked be cannot means by electronic generated keys encryption today, stand matters As data. non-text of processing the allows and possible states of This number bits. the increases individual with they work characters, special and bers work. computers way of num- Instead letters, with dealing the to ed adapt- been have processes graphic keys. Modern crypto- cryptographic random of generation the for for e.g. numbers, source high-quality a is techniques these of use secure the for condition major A nications. commu- of integrity and dentiality pro- confi the help ensure to and cesses authentication for basis the provide They today. systems ICT in ture come into play, this value is is value this play, into come ture architec- security the of elements further or increases length key the the key.As find to years 19,000 than more need would computers linked inter- 1,000 second, one in billion) 9 tests (i.e. tests one 24 key key - Sicherheit mit XML [Security with XML], 2006 XML], with [Security XML mit Sicherheit Suhrbier, Lutz Berlin, of University Free www.oldenbourg.de encyclopaedia, online Informatics], Business of [Encyclopaedia Wirtschaftsinformatik der Enzyklopädie 21, Essay-155 January 2008; Security, of Psychology The Schneier; Bruce www.virtualuniversity.ch Cryptology], of [Basics Kryptologie-Grundlagen www.id.ethz.ch/services/ 2001, Meile, Urs IT], in Security and Risk on Theses [10 Bereich IT im Sicherheit und Risiko zu 10 Thesen Sources: system. of encryption an security not the determines is that factor only the length Key management. key and algorithm of architecture to the attention to pay the necessary important also is it process, this In worthwhile. longer no are means attacks which range, the incalculable into exponentially increased

They are using some kind of code …” of code kind some using are They Sergeant. it, decipher “I cannot quit Co T functions and operations in the the in operations and functions encryption all of overview inter- pretable readily a convey to is ment manage- security of objective The approach? ment manage- security user-friendly optimum an characterises What concept. what a of value the largely determines is end, friendliness the in but user management, in cised exer- be to have commitment and care necessary the course, Of that. like be to have for not does Life users. headaches create may which system, security complex possibly involves of a it in the cryptography intervening useful, operationally and important enormously sidered con- Although split traditionally. image a has management Security network. the of area targeted the in possible as simultaneously as implemented be can and error of free taken are es) of or key chang- groups cryptographic formation/changing the management (e.g. security in actions administrative is necessary however, the that operations, daily in availability technology. for factor primary The encryption modern with level high same the at tected pro- be can applications different even that is reason major A ment. treat- special to subject once that were satellite or radio like cations appli- involving cases in even ICT, to integral as viewed are increasingly systems security Information matter didactically. simple to functions It procedures. is complex all easier than reduces it appears at that firstglance. That becomes obvious when management one the approaches security systematic with answer: The hand? in But how is a supposed manager to security keep of the firmly complex administration networks dynamic place. first the in usable elements. static be longer no can network environment ICT today’s in dynamic the systems makesencryption Consequently, what is network the in security information simply, Put he worl m d of a pl e e e S a ecurity ecurity x at fir s y at M anager mines security and trust in these these procedures. in trust deter- and what security mines ultimately is plicity and Sim- user interface. understandable logical a and links traceable logically errors, avoid that dures proce- automated primarily This entails quality. of level to this reduced achieve be to has Complexity incidences. possible all dling actions) of (i.e. means han- effective right the providing while network Figure 1 Figure Security Management Model Management Security sec s Procedures Emergency t glan Authentiﬁcation ond Automated Exchange User Security Management-Modell Key User Management Hardware Centralised ce – Crypto Crypto Monitoring Security & Network and concise manner. concise and efficient an in taught is concept the if advantageous also is It and lastingly. understandably conveyed be can it if used only is potential able avail- that shows Experience factor. human often-cited the mind in keeps also AG Crypto from concept The when equipment is purchased, purchased, is Even equipment system. when a operate and ure config- to issue time comes it before long an is tasks, management operational security of series a As Management Encrypted Channels Topology Dynamic Multi-Location Management By Dr. Rudolf Meier, Publicist Meier, Rudolf Dr. By Redundant

7 focus 8 CRYPTOMAGAZINE 1/2009 sub-areas (in-depth information is is information (in-depth various sub-areas the providing of overview merely initial an are we tions, func- core the of description brief this With AG. Crypto from agement man- of security potential the entire sufficient to cover article not a in magazine space is there course, Of functions core of description Brief management. security in ing train- practical for courses fresher re- and training customer-specific conducts also Academy Crypto The ing security management potential: management security ing for depict- concept a three-tier uses AG Crypto levels, at different quired is re- information As requirements. policy for security user’s potential the meeting is the it with that designed given be should proof

white papers, etc.). papers, white notes, application sheets, functions (data all of use vidualised indi- the enabling details nical tech- of documentation In-depth documents). electronic ed and print- various (in it imple- with mented be can that procedures and processes settings, the hend compre- help to segment each in functions core the of description easy-to-understand and brief A (see Figure 1). (see Figure graphical a functions core model to show the overview, an As No specific operational problems problems operational all. specific at No problems security no with online done be can procedure this encryption, payload for as tography cryp- basic strong same the you use If units. encryption individual the to distribution key secure processes require encryption Symmetric Encrypted management channels 2). Figure (see concepts both for tool support convenient a is Centre process Management ne i Security fl The of or used. ne is i l on he t determine her scenario whet work the of size) network or applications (e.g. conditions ambient the and centre policy security user’s The this concurrently. from be can administered units All system. backup with Centre Management Security out the system, authority central carried a over therefore is istration admin- enough, Logically network. the of complexity or size the of less regard procedures, management the in in be must involved network the integrated units encryption All management Centralised proce- management dures. the of any in never form is unencrypted in etc.) accessible data, access keys, data approach, security (algorithms, a this generator).In random-number (with basis the cryptographic on same exchanged always is data encrypted SMC, the as module rity secu- same the has unit encryption (SMC). Centre As each Management Security the in out pro carried to cedures encryption payload for processes cryptographic security from module, hardware separate a in run are processes cryptographic All hardware Crypto policy. security the individual for support maximum ensure to users individual for highly uses specific assigned be can functions all processes, cryptographic all for groundwork mathematical and ical element lays the that technolog- tral cen- the hardware, Crypto the for Except AG). Crypto from available - - logs on past processes. Depending Depending processes. past on logs for or from audits the unit maintenance value possible of request can information He problems. any to correctly and immediately can respond he so units, encryption the settings of network and parameters security to respect with states work net- of all overview a ager complete man- security the gives Monitoring monitoring network and Security cation. appli- the on depending one mobile a be even may function This ations. of oper- no interruption with notice short at them priorities new given of be can parts or networks entire crises, In time. any at changed be also can policy security The point. central a from tracked and ments require- ambient the to adapted ly anddynamical- be flexibly can ogy) topol- (i.e. the logical or hierarchies groups to units of assignment The topology Dynamic from time. at any site any retrieved be can units all of the status With current the database, shared utilisation. capacity of opera- a tion distribution allows also better round-the-clock Intensive immediately. replaced be can site lost A is time. same the Redundancy at increased other. each of ly independent or nearby hierarchies from areas front-office administer to example, for advantageous, cally tacti- be It could easily. more and ly independent- administered be can then which sub-networks, flexible into divided be can networks larger management, multi-location With management multi-location Redundant likewise is that 2). to Figure refer (also encrypted data with ers Data Carri- SDC Security comprises mode,the In channel offline tration. adminis- to individualised way completely each the opens unit for encryption channel management per key individual One necessary. are procedures no and special arise - problems can be greatly mitigated mitigated greatly These be user. can problems the to risk serious a pose can device encryption compro- mised already or threatened A procedures Emergency what action. took who of verification subsequent allowing logged, automatically procedures are All shifts. time larger its with mode offline installa in key even in tion, differences time reconciles any automatically process multi-key The presence. network of for use load/ the timing optimum enables op- Programmability erations. interrupting without plished is simple and and automated is accom- change key This each anyway). time generated are keys session keys (new unit keys/master unit the of replacement periodic a requires quasi-standard practice best The exchange key Automated customers. its for solution encryption an ates example, if a network oper- provider for bemayadvantageous, flexibility This jointly. or separately per- formed be can units) encryption the regards (as management network and management security of roles the force, in policy security the on SMC to all units, complete with keys of the same strength as for payload encryption. The encryption output of the the of output encryption The encryption. the payload for from impaired. not as is units network strength the same by the up of keys set with are channels complete units, all management to SMC encrypted separate distribution, data security online In 2 Figure Branch Ofﬁce Headquarters Voice Voice Tr ansport Network ansport Data Data IP VPNEncryption Encryption IP VPN Management Centre Security Video Video - individual security policy. It is is implement It to preferable policy. therefore security the support individual to has management security associated the specific so scenario, own always user’s a in are operated systems Encryption entity an as Security transport. for or storage interim for example for period, longer or shorter a for each be can unit shut down securely function, block the With audits. for evaluated and logs with be recorded can procedures Identity-based parties. unauthorised excludes ably reli- feature This mode. online or offline in SMC, the via set vidually indi- and unit each at roles or sons be can on based per- Authentication authentication User procedure. to recovery a central thanks quickly resumed be can operations Secure command. online an with network unit of a certain the from cryptography instantly a exclude to or ply) sup- power a without (even button data of press cryptographic a at simple the immediately all delete to for the allow cedures, example, user pro- as Emergency possible. as simple are that procedures having by Ofﬁce Small Branch Encryption IP VPN Encrypted ManagementChannel Encrypted Video Voice Data realisation and trust in security. security. in trust and realisation for efficiency project increases tially substan inclusion This benefits. its a on on focus with in a early project, management security of aspect the include can supplier experienced An entity. project environment a as ICT individually an in security

9 focus 8 CRYPTOMAGAZINE 1/2009 sub-areas (in-depth information is is information (in-depth various sub-areas the providing of overview merely initial an are we tions, func- core the of description brief this With AG. Crypto from agement man- of security potential the entire sufficient to cover article not a in magazine space is there course, Of functions core of description Brief management. security in ing train- practical for courses fresher re- and training customer-specific conducts also Academy Crypto The ing security management potential: management security ing for depict- concept a three-tier uses AG Crypto levels, at different quired is re- information As requirements. policy for security user’s potential the meeting is the it with that designed given be should proof

(see Figure 1). (see Figure graphical a functions core model to show the overview, an As white papers, etc.). papers, white notes, application sheets, functions (data all of use vidualised indi- the enabling details nical tech- of documentation In-depth documents). electronic ed and print- various (in it imple- with mented be can that procedures and processes settings, the hend compre- help to segment each in functions core the of description easy-to-understand and brief A No specific operational problems problems operational all. specific at No problems security no with online done be can procedure this encryption, payload for as tography cryp- basic strong same the you use If units. encryption individual the to distribution key secure processes require encryption Symmetric Encrypted management channels 2). Figure (see concepts both for tool support convenient a is Centre process Management ne i Security fl The of or used. ne is i l on he t determine her scenario whet work the of size) network or applications (e.g. conditions ambient the and centre policy security user’s The this concurrently. from be can administered units All system. backup with Centre Management Security out the system, authority central carried a over therefore is istration admin- enough, Logically network. the of complexity or size the of less regard procedures, management the in in be must involved network the integrated units encryption All management Centralised proce- management dures. the of any in never form is unencrypted in etc.) accessible data, access keys, data approach, security (algorithms, a this generator).In random-number (with basis the cryptographic on same exchanged always is data encrypted SMC, the as module rity secu- same the has unit encryption (SMC). Centre As each Management Security the in out pro carried to cedures encryption payload for processes cryptographic security from module, hardware separate a in run are processes cryptographic All hardware Crypto policy. security the individual for support maximum ensure to users individual for highly uses specific assigned be can functions all processes, cryptographic all for groundwork mathematical and ical element lays the that technolog- tral cen- the hardware, Crypto the for Except AG). Crypto from available - - logs on past processes. Depending Depending processes. past on logs for or from audits the unit maintenance value possible of request can information He problems. any to correctly and immediately can respond he so units, encryption the settings of network and parameters security to respect with states work net- of all overview a ager complete man- security the gives Monitoring monitoring network and Security cation. appli- the on depending one mobile a be even may function This ations. of oper- no interruption with notice short at them priorities new given of be can parts or networks entire crises, In time. any at changed be also can policy security The point. central a from tracked and ments require- ambient the to adapted ly anddynamical- be flexibly can ogy) topol- (i.e. the logical or hierarchies groups to units of assignment The topology Dynamic from time. at any site any retrieved be can units all of the status With current the database, shared utilisation. capacity of opera- a tion distribution allows also better round-the-clock Intensive immediately. replaced be can site lost A is time. same the Redundancy at increased other. each of ly independent or nearby hierarchies from areas front-office administer to example, for advantageous, cally tacti- be It could easily. more and ly independent- administered be can then which sub-networks, flexible into divided be can networks larger management, multi-location With management multi-location Redundant likewise is that 2). to Figure refer (also encrypted data with ers Data Carri- SDC Security comprises mode,the In channel offline tration. adminis- to individualised way completely each the opens unit for encryption channel management per key individual One necessary. are procedures no and special arise - problems can be greatly mitigated mitigated greatly These be user. can problems the to risk serious a pose can device encryption compro- mised already or threatened A procedures Emergency what action. took who of verification subsequent allowing logged, automatically procedures are All shifts. time larger its with mode offline installa in key even in tion, differences time reconciles any automatically process multi-key The presence. network of for use load/ the timing optimum enables op- Programmability erations. interrupting without plished is simple and and automated is accom- change key This each anyway). time generated are keys session keys (new unit keys/master unit the of replacement periodic a requires quasi-standard practice best The exchange key Automated customers. its for solution encryption an ates example, if a network oper- provider for bemayadvantageous, flexibility This jointly. or separately per- formed be can units) encryption the regards (as management network and management security of roles the force, in policy security the on SMC to all units, complete with keys of the same strength as for payload encryption. The encryption output of the the of output encryption The encryption. the payload for from impaired. not as is units network strength the same by the up of keys set with are channels complete units, all management to SMC encrypted separate distribution, data security online In 2 Figure Branch Ofﬁce Headquarters Voice Voice Tr ansport Network ansport Data Data IP VPNEncryption Encryption IP VPN Management Centre Security Video Video - individual security policy. It is is implement It to preferable policy. therefore security the support individual to has management security associated the specific so scenario, own always user’s a in are operated systems Encryption entity an as Security transport. for or storage interim for example for period, longer or shorter a for each be can unit shut down securely function, block the With audits. for evaluated and logs with be recorded can procedures Identity-based parties. unauthorised excludes ably reli- feature This mode. online or offline in SMC, the via set vidually indi- and unit each at roles or sons be can on based per- Authentication authentication User procedure. to recovery a central thanks quickly resumed be can operations Secure command. online an with network unit of a certain the from cryptography instantly a exclude to or ply) sup- power a without (even button data of press cryptographic a at simple the immediately all delete to for the allow cedures, example, user pro- as Emergency possible. as simple are that procedures having by Ofﬁce Small Branch Encryption IP VPN Encrypted ManagementChannel Encrypted Video Voice Data realisation and trust in security. security. in trust and realisation for efficiency project increases tially substan inclusion This benefits. its a on on focus with in a early project, management security of aspect the include can supplier experienced An entity. project environment a as ICT individually an in security

9 focus 10 CRYPTOMAGAZINE 1/2009 I ce sec ing it correctly and, if necessary, implementing the relevant measures. relevant the implementing necessary, if and, it correctly ing interpret- andwebservers, firewalls servers, database ICT systems, the in the from huge of amount data for security of importance information tional opera- the out filtering of consists now ICT for responsible those for lenge The chal- data. real log-on, each PC and crash each to each unauthorised attempt access e.g. for created is message log A evaluated. and gathered be to need which daily information log of pieces of hundreds generates pany a in com- device Each ever more demanding. of ICT is becoming operation smooth structures, and server complex network In of view the increasingly resources. staff of minimum a and budgets shrinking with time, less and less in managed need to be tasks These on chal- protection. data regulations constant a lenge statutory from to subject also are infrastructures company’s A tracked. need to be attacks also violations external security but off internal phishing, and ward hackers from to necessary it is net- only Not diverse challenges. increasingly worked with faced are companies ICT, of realm the In efficiently with an intelligent log log system. management intelligent an with efficiently The more beprocessed can ofdata flood systems. ICT of security and reliability the also and availability the to improvements sustained ing mak- help in and infrastructure the of status the about information tant impor- supply They fields. security and operational the in both systems ICT of operation smooth the in role play a components, crucial software and ICT individual the of data log the words other in messages, The constantly in ICT? information the of flood with increasing cope to order in do companies can What I S nterview with with nterview ecurity ecurity n c ntrali urity r I nformation an nformation e a s R oger ing availability and se w C aspar, aspar, d log d ith int E vent vent ported by the selected log manage- log selected the by ported sup- are possible as as systems many that important is It place. can take evaluation meaningful a that so systems, relevant the from ment assess- risk the with linked displayed and be to needs centrally ered gath- data The system. appropriate an using ana- there evaluated and lysed gathered, be will messages These database. a to central mation infor- log their send to need tems, sys- anti-virus and IDS as firewalls, such security, for crucial are which systems and systems, proxy and er serv- routers, as such a in company, systems or at All important the least man- to you? mean agement log intelligent does What I nfo M G anagement uar m d e AG anag llig e nt eme also benefits in relation to security. security. to relation in benefits are also there addition, In or minimised. prevented be can failures tem time, sys- so and short good are times reaction in recognised be can faults that fact the of consists field operational the in system agement The benefitof log aman- centralised viewpoint? an operational from company a for serve system ment a manage- log does purpose What system. management log sup- a by and ported gateways in integrated be as should such components security and components servers, network minimum, a As systems. critical company’s a to given tion atten- particular with system, ment By Gabriela Hofmann, Corporate Editor Corporate Hofmann, Gabriela By nt tion for the evaluation of a log log a management system? of evaluation the for preparation the is important How costs. high to lead a quickly and contract of breach present could breakdowns and com pany. problems external and system Network an with arrangement service in other words a contractual if important agreements, level more service are there even is This point. to future some lead at might breakdowns which system the in bottlenecks perfor- resource or mance reports system agement man- log A late. too noticed being systems critical from information important in results This systems. important from messages critical the to allocated not often then are Resources another. one sys- with tems different from messages the correlate to possible not is it tion, Inaddi- data. of flood enormous the in messages critical monitor to ICT for responsible for those harder it is centrally, gathered not is data log If log management system? centralised a have not does a if company happen might What agement. of evaluation man- level of at the company events for models report offer solutions many ed. In addition, support- be can requirements ance compli- common most company’s A - cialist areas are the development of of development the are areas cialist spe- provider.His service Internet Swiss largest the Fixnet, Bluewin/Swisscom for officer security IT an as years eight for worked He field. technology mation infor- the in experience international of 15 over on years back look can he ing, Engineer- in Studies Advanced Software of Master and science computer in ate company appsphere GmbH. As a gradu- own his for and AG InfoGuard at tant Consul- Security is Senior Caspar Roger interviewee the About Second, a log management system system management log a Second, required. processing manual is still there entries, the evaluating for ed provid- is support Although events. the evaluate to resources nisational orga- and personnel for is need a still there system, central a despite First, areas. two in limits are There of system? kind of this as the do What you limits perceive These are: These the businesses. exceed smaller for even far costs, will benefits are the points six theis result defined, a where system following the If found. be can solution best the that so tion theevalua- before needs clarified be must company’s The important. immensely is preparation Correct

Are the necessary resources, resources, available? processes and skills necessary the Are reports? for used or only time done real in be e.g. this should and evaluated, How is the log data to be analysed be stored? data How long should included? systems relevant all are and integrated be to need sources event Which to have be fulfilled? which ments require- compliance there Are realm? or the security realm operational the to more sys- relate this Does tem? management log the with to achieve do you want aim What Thank you very much for your your comments. for much very you Thank circumstances. certain in task this may be for applications suited better the to specific solutions cases these In networks. and systems for priate log A appro- is more system management integrated. be to are CRM, SAP, e.g. specific applications, and very systems if limits its reaches audits in web applications. solutions, and the of implementation security security of integration and tems security sys- management event and information of design architectures, tion applica- of definition concepts, security

11 interview 10 CRYPTOMAGAZINE 1/2009 I ce sec ing it correctly and, if necessary, implementing the relevant measures. relevant the implementing necessary, if and, it correctly ing interpret- andwebservers, firewalls servers, database ICT systems, the in the from huge of amount data for security of importance information tional opera- the out filtering of consists now ICT for responsible those for lenge The chal- data. real log-on, each PC and crash each to each unauthorised attempt access e.g. for created is message log A evaluated. and gathered be to need which daily information log of pieces of hundreds generates pany a in com- device Each ever more demanding. of ICT is becoming operation smooth structures, and server complex network In of view the increasingly resources. staff of minimum a and budgets shrinking with time, less and less in managed need to be tasks These on chal- protection. data regulations constant a lenge statutory from to subject also are infrastructures company’s A tracked. need to be attacks also violations external security but off internal phishing, and ward hackers from to necessary it is net- only Not diverse challenges. increasingly worked with faced are companies ICT, of realm the In efficiently with an intelligent log log system. management intelligent an with efficiently The more beprocessed can ofdata flood systems. ICT of security and reliability the also and availability the to improvements sustained ing mak- help in and infrastructure the of status the about information tant impor- supply They fields. security and operational the in both systems ICT of operation smooth the in role play a components, crucial software and ICT individual the of data log the words other in messages, The constantly in ICT? information the of flood with increasing cope to order in do companies can What I S nterview with with nterview ecurity ecurity n c ntrali urity r I nformation an nformation e a s R oger ing availability and se w C aspar, aspar, d log d ith int E vent vent ported by the selected log manage- log selected the by ported sup- are possible as as systems many that important is It place. can take evaluation meaningful a that so systems, relevant the from ment assess- risk the with linked displayed and be to needs centrally ered gath- data The system. appropriate an using ana- there evaluated and lysed gathered, be will messages These database. a to central mation infor- log their send to need tems, sys- anti-virus and IDS as firewalls, such security, for crucial are which systems and systems, proxy and er serv- routers, as such a in company, systems or at All important the least man- to you? mean agement log intelligent does What I nfo M G anagement uar m d e AG anag llig e nt eme also benefits in relation to security. security. to relation in benefits are also there addition, In or minimised. prevented be can failures tem time, sys- so and short good are times reaction in recognised be can faults that fact the of consists field operational the in system agement The benefitof log aman- centralised viewpoint? an operational from company a for serve system ment a manage- log does purpose What system. management log sup- a by and ported gateways in integrated be as should such components security and components servers, network minimum, a As systems. critical company’s a to given tion atten- particular with system, ment By Gabriela Hofmann, Corporate Editor Corporate Hofmann, Gabriela By nt tion for the evaluation of a log log a management system? of evaluation the for preparation the is important How costs. high to lead a quickly and contract of breach present could breakdowns and com pany. problems external and system Network an with arrangement service in other words a contractual if important agreements, level more service are there even is This point. to future some lead at might breakdowns which system the in bottlenecks perfor- resource or mance reports system agement man- log A late. too noticed being systems critical from information important in results This systems. important from messages critical the to allocated not often then are Resources another. one sys- with tems different from messages the correlate to possible not is it tion, Inaddi- data. of flood enormous the in messages critical monitor to ICT for responsible for those harder it is centrally, gathered not is data log If log management system? centralised a have not does a if company happen might What agement. of evaluation man- level of at the company events for models report offer solutions many ed. In addition, support- be can requirements ance compli- common most company’s A - cialist areas are the development of of development the are areas cialist spe- provider.His service Internet Swiss largest the Fixnet, Bluewin/Swisscom for officer security IT an as years eight for worked He field. technology mation infor- the in experience international of 15 over on years back look can he ing, Engineer- in Studies Advanced Software of Master and science computer in ate company appsphere GmbH. As a gradu- own his for and AG InfoGuard at tant Consul- Security is Senior Caspar Roger interviewee the About Second, a log management system system management log a Second, required. processing manual is still there entries, the evaluating for ed provid- is support Although events. the evaluate to resources nisational orga- and personnel for is need a still there system, central a despite First, areas. two in limits are There of system? kind of this as the do What you limits perceive These are: These the businesses. exceed smaller for even far costs, will benefits are the points six theis result defined, a where system following the If found. be can solution best the that so tion theevalua- before needs clarified be must company’s The important. immensely is preparation Correct

11 interview 12 CRYPTOMAGAZINE 1/2009 mec long keys (also known as key key as known (also keys long achieve to therefore was aim The regularities. any display not must and long be to needs key a tistics), sta- frequency especially on, early were even this doing (there for methods refined ciphertext the from derived be easily could unchanged remains which key short a Because encryption). cal as number the same key (symmetri- the use both way this in encrypted message a of receiver and sender The key. particular a to according letters other by replaced i.e. tively, consecu- exchanged are letter sequence the in letters individual the cipher: as the Caesar is what known on based is encryption Mechanical the era. of that of encryption mechanical principle basic the at look a taking quick worthwhile therefore is It AG. Crypto at C-36 the of components structural the from arose models additional numerous fifties, the During forces. armed US the to M 209) (type licence under and war the before countries numerous to sold had he which C-36 his of ment develop- further a was It ignation). des- as the type of year construction the chose always he accordance tradition, with (in successfully sold which very C-52 the was zerland Swit- in produced device first The devices. cipher of a designer as tion occupa- his resumed and Sweden from Switzerland to came Hagelin Boris 1950s, of the beginning the At over decades. his idea – encryption in the particular ingenious “C drum” calculating – ensuring AG Crypto pioneer status developed further Hagelin Boris how investigates history company in milestones the on series our in cle ately calculated “wrong” – meaning that they swapped letters in a definedirregular pattern. The first arti- cipher devices in Sweden. These like functioned in mechanical calculators principle, only that they deliber- Boris Long his before AGfounded Hagelin Crypto in in Switzerland 1952 he had built already mechanical En M ilestones in ilestones the history of the company part 1: the 1950s c ryption u hani c al “ Products – Crypto AG's family tree AG's family –Crypto Products Pr 1990 1980 1970 1960 1950 s c odukt ing al (P 1951–1952 1955–1956 1954–1955 T-55 MkIII TMX-53 rotot TC-52 1954 1968 T-52 T-55 ype) c 1970–1972 H-4605 H-460 1973 ulator e- CR HC-570 Fam. YP B( 1975 1956 TO C) Stammbaum Crypto Stammbaum Crypto -52 MA TIC 1951–1952 C(X)-52 C-36 1956–1957 1955–1956 CD-57 CD-55 CRYPTROL T-450 1967 s CR 1972–1975 1954–1956 1959–1960 MCC-314 ( ” YPT WUMA) RT/C4 RTE-5 OPLEX CR 1971–1973 CSE-280 YPT OVOX By Dr. Rudolf Meier, Publicist Meier, Rudolf Dr. By 1975–1976 CV -396 Electromechanics Electronics Mechanics CR CRM-008 YP 1975 TO CO M AG 1980 1990 1970 1960 1950 5 4 3 2 1 diagram Block increased. is to time quality from the time, ciphering changed is this or randomly but alphabetically arranged not is wheels the on type of sequence the If for deciphering. useful very obvi- ously is which strip, printing a on obtained is result the wheel, daisy wheel” is made as type a the “output If value. encrypted the displays and accor- in the keydance with correct sequence steps of number priate twists wheel by appro- the type second the “automatically” now nism mecha- encryption or calculation wheel type (input). letter, For the each cleartext first the on set is text internal The clear- axle. hollow the and axle the on secured another, one to next directly sit wheels type two The of for output and text. input wheels or type wheels alphabet two has kind this of device a box, black at Looked as a principles. important most at look the only so we shall ed, Boris complicat- by extremely were Hagelin used mechanisms The calculator. mechanical a of means by periods) Calculation drum Calculation transfer position with Key wheels wheel type ciphertext for mechanism Adjusting axle hollow on wheel type Ciphertext wheel type Cleartext 12 6

7 2

8 3

9 4

6 7

4 9

2 6

3 5

2 8

1 1

1 7

3 9

2 5

5 6

7 2

9 3

4 4

3 9

4 8

6 9

5 1

2 3

7 7 built-in strip printer. a strip built-in had already mechanical C-36 The single process). a in (all axle concentric the on wheel output to the them transfers and directly ers rid- and rods axial the of means by impulses switch step variable into wheels key the of the impulses control transforms it because device about is this what is latter ingenious The behind. (5) drum” calculation control “C the the (8)and elements gear lever), via rotation by drum calculation the operate which pins movable adjustable possess wheels key (the periods key the of start the for (4) word key the setting for ters let- with wheels key device: cipher the of elements important most the show C-36 the of photographs The schematic representation schematic only wheels) (gear mechanism Transfer 8 7 6

9 6

1 2

6 9

7 5 3 8 C-52 4 Crank handle for encryption process encryption for handle Crank wheels pins bykey calculation of Control rotation) (wheel output Result

6 8

4 4

3 9

7 7

2 6

1 1

8 3

9 5

6 2

6 7

5 2

3 1

7 3

6 6

1 4

5 9

6 5 3 8 8 was also of great importance in in importance practice. great of also was text, output and one input the for each printers, strip “parallel” two of inclusion The device. pocket a er no longer, was definitely the BC-52 Howev of increased. was encryption speed the and operate to nient conve- more much therefore and was this on placed be could C-52 The (BC-52). system drive electrical opment of a for base an keys the and by the was devel- made in particular forwards step big A models. new of expansion functional continual the key six (e.g. as for wheels) a r and served platform C-36 the compa n i s with ison mprovement i l l sma ous AG land by numer- Crypto displayed Switzer- in manufactured C-52 The so on.* and again turned dle han- the wheel, type the on set are letters next the Then wheel. output onthe appear letters encrypted first the and once turned is handle the set are on wheel, the type encrypted be to letters first the Then letters. of five sequence a is, particular that – wheels key five the on set be must ple. The position) basic key (starting sim- very is device the of Operation C-36 C-36 - - 13 serieS 12 CRYPTOMAGAZINE 1/2009 mec long keys (also known as key key as known (also keys long achieve to therefore was aim The regularities. any display not must and long be to needs key a tistics), sta- frequency especially on, early were even this doing (there for methods refined ciphertext the from derived be easily could unchanged remains which key short a Because encryption). cal as number the same key (symmetri- the use both way this in encrypted message a of receiver and sender The key. particular a to according letters other by replaced i.e. tively, consecu- exchanged are letter sequence the in letters individual the cipher: as the Caesar is what known on based is encryption Mechanical the era. of that of encryption mechanical principle basic the at look a taking quick worthwhile therefore is It AG. Crypto at C-36 the of components structural the from arose models additional numerous fifties, the During forces. armed US the to M 209) (type licence under and war the before countries numerous to sold had he which C-36 his of ment develop- further a was It ignation). des- as the type of year construction the chose always he accordance tradition, with (in successfully sold which very C-52 the was zerland Swit- in produced device first The devices. cipher of a designer as tion occupa- his resumed and Sweden from Switzerland to came Hagelin Boris 1950s, of the beginning the At over decades. his idea – encryption in the particular ingenious “C drum” calculating – ensuring AG Crypto pioneer status developed further Hagelin Boris how investigates history company in milestones the on series our in cle ately calculated “wrong” – meaning that they swapped letters in a definedirregular pattern. The first arti- cipher devices in Sweden. These like functioned in mechanical calculators principle, only that they deliber- Boris Long his before AGfounded Hagelin Crypto in in Switzerland 1952 he had built already mechanical En M ilestones in ilestones the history of the company part 1: the 1950s c ryption u hani c al “ Products – Crypto AG's family tree AG's family –Crypto Products Pr 1990 1980 1970 1960 1950 s c odukt ing al (P 1951–1952 1955–1956 1954–1955 T-55 MkIII TMX-53 rotot TC-52 1954 1968 T-52 T-55 ype) c 1970–1972 H-4605 H-460 1973 ulator e- CR HC-570 Fam. YP B( 1956 1975 TO C) Stammbaum Crypto Stammbaum Crypto -52 MA TIC 1951–1952 C(X)-52 C-36 1956–1957 1955–1956 CD-57 CD-55 CRYPTROL T-450 1967 s CR 1972–1975 1959–1960 1954–1956 MCC-314 ( ” YPT WUMA) RT/C4 RTE-5 OPLEX CR 1971–1973 CSE-280 YPT OVOX By Dr. Rudolf Meier, Publicist Meier, Rudolf Dr. By 1975–1976 CV -396 Electromechanics Electronics Mechanics CR CRM-008 YP 1975 TO CO M AG 1990 1980 1970 1960 1950 5 4 3 2 1 diagram Block increased. is to time quality from the time, ciphering changed is this or randomly but alphabetically arranged not is wheels the on type of sequence the If for deciphering. useful very obvi- ously is which strip, printing a on obtained is result the wheel, daisy wheel” is made as type a the “output If value. encrypted the displays and accor- in the keydance with correct sequence steps of number priate twists wheel by appro- the type second the “automatically” now nism mecha- encryption or calculation wheel type (input). letter, For the each cleartext first the on set is text internal The clear- axle. hollow the and axle the on secured another, one to next directly sit wheels type two The of for output and text. input wheels or type wheels alphabet two has kind this of device a box, black at Looked as a principles. important most at look the only so we shall ed, Boris complicat- by extremely were Hagelin used mechanisms The calculator. mechanical a of means by periods) Calculation drum Calculation transfer position with Key wheels wheel type ciphertext for mechanism Adjusting axle hollow on wheel type Ciphertext wheel type Cleartext 12 6

7 2

8 3

9 4

6 7

4 9

2 6

3 5

2 8

1 1

1 7

3 9

2 5

5 6

7 2

9 3

4 4

3 9

4 8

6 9

5 1

2 3

9 6

1 2

6 9

7 5 3 8 C-52 4 Crank handle for encryption process encryption for handle Crank wheels pins bykey calculation of Control rotation) (wheel output Result

6 8

4 4

3 9

7 7

2 6

1 1

8 3

9 5

6 2

6 7

5 2

3 1

7 3

6 6

1 4

5 9

6 5 3 8 8 was also of great importance in in importance practice. great of also was text, output and one input the for each printers, strip “parallel” two of inclusion The device. pocket a er no longer, was definitely the BC-52 Howev of increased. was encryption speed the and operate to nient conve- more much therefore and was this on placed be could C-52 The (BC-52). system drive electrical opment of a for base an keys the and by the was devel- made in particular forwards step big A models. new of expansion functional continual the key six (e.g. as for wheels) a r and served platform C-36 the compa n i s with ison mprovement i l l sma ous AG land by numer- Crypto displayed Switzer- in manufactured C-52 The so on.* and again turned dle han- the wheel, type the on set are letters next the Then wheel. output onthe appear letters encrypted first the and once turned is handle the set are on wheel, the type encrypted be to letters first the Then letters. of five sequence a is, particular that – wheels key five the on set be must ple. The position) basic key (starting sim- very is device the of Operation C-36 C-36 - - 13 serieS 14 CRYPTOMAGAZINE 1/2009 sage uses its own new key sequence new key own sequence its uses sage cept can be used in each which mes- con- Pad One-Time secure very the input, the for used is tape punch If system Pad One-Time The ous manufacturers. vari- from devices telex operate with along to able were types T The fore over be automatically. switched units there- could and synchronously ran encryption whose receiver and sender the connected directly but key symbols of the storage diate interme- without operated already T-55 the while manually receive to send from converted be to had still T-52 The wheels. key and drum C well-known the using Switzerland, Zug, in made were Types T-55 and systems. T-52 tape punch with cases) some (in and (relays) cir- cuits electrical using worked only This encrypted. occurred line the write down but the to cleartext transmission needed only writing son the telex and the so line that the per- cipher telex device to be between inserted for need the required This arose. the encryption 1950s the In encryption telex of new dimension The world. the over all fully The were sold success- CX types drum. various calculation enlarged correspondingly a and wheels key additional given were devices CX the on, Later lengths. period imal min- guaranteeing in he succeeded effort technical of deal great a with too However, soon. again beginning the from began in which words short, other too were which period lengths and produced randomly unintentionally sometimes nism mecha- C the that in here, way his in got principle amathematical first At irregularly. runs feed wheel key the which in series, type CX the in periods. devices the with key achieved was This the into ty/security variabili- more therefore and larity irregu- more even incorporating of Boris opportunity use, the for looked Hagelin tactical for been had intended devices C the Because the C drum directly, without any any without directly, drum C the drives tape punch the case this In requirements. security high with clients to interest great of was of This random numbers. consisting duced directly onto punch tape, tape, punch onto directly duced pro- numbers the stamped erators gen- These nowadays. familiar are number lottery which balls” “falling with machines the of principle the with accordance in generators random-number high-quality own its developed AG Crypto which for random, really be to had sequences random the However, wheels. key T-55 T-52 Because the C types had become become had types C the Because machine CD-57The pocket tape. cated) (dupli- same the use to having rally natu- receiver and sender the with ing a note of the ciphertext or or ciphertext the of note a ing mak- for free remained hand other the while thumb the single- using handed operated be could The CD-57 technology. rotor the of sion ver- aby miniature making fulfilled be to able was request This service. diplomatic emerged the in version clients amongst pocket “real” a for desire the large, increasingly CD-57 * way. decisive a in 1960s the in tography cryp- of development the influence would which trend a seen, trend clearly be now could emerging electronics towards the However, market success. great met with which stroke master another was this miniaturisation electronics, to due of beginning the before Shortly developed. already machines CX the with the compatible not was and However, printer no had device text. deciphered For those interested in mathematics, the C-36 key key C-36 the mathematics, in interested those For once more increased the key periods enormously. periods key the increased more once which use, into came 47) to (25 divisions higher with 12 to up wheels key devices, later In possibilities. wheel, giving a further theoretical variability of 10 of variability theoretical afurther giving wheel, key each for randomly set be could lever control the of means by drum calculation the operate which pins axial the that was this to Added times! those for variability of degree –aunique position initial the to return wheels the until 3,900,225 operations 17, 19, of 21, period akey to rise 23, gives 25. This factors: common any possess not do which tions) posi- (operating divisions different exhibit wheels

15 serieS 14 CRYPTOMAGAZINE 1/2009 sage uses its own new key sequence new key own sequence its uses sage cept can be used in each which mes- con- Pad One-Time secure very the input, the for used is tape punch If system Pad One-Time The ous manufacturers. vari- from devices telex operate with along to able were types T The fore over be automatically. switched units there- could and synchronously ran encryption whose receiver and sender the connected directly but key symbols of the storage diate interme- without operated already T-55 the while manually receive to send from converted be to had still T-52 The wheels. key and drum C well-known the using Switzerland, Zug, in made were Types T-55 and systems. T-52 tape punch with cases) some (in and (relays) cir- cuits electrical using worked only This encrypted. occurred line the write down but the to cleartext transmission needed only writing son the telex and the so line that the per- cipher telex device to be between inserted for need the required This arose. the encryption 1950s the In encryption telex of new dimension The world. the over all fully The were sold success- CX types drum. various calculation enlarged correspondingly a and wheels key additional given were devices CX the on, Later lengths. period imal min- guaranteeing in he succeeded effort technical of deal great a with too However, soon. again beginning the from began in which words short, other too were which period lengths and produced randomly unintentionally sometimes nism mecha- C the that in here, way his in got principle amathematical first At irregularly. runs feed wheel key the which in series, type CX the in periods. devices the with key achieved was This the into ty/security variabili- more therefore and larity irregu- more even incorporating of Boris opportunity use, the for looked Hagelin tactical for been had intended devices C the Because duced directly onto punch tape, tape, punch onto directly duced pro- numbers the stamped erators gen- These nowadays. familiar are number lottery which balls” “falling with machines the of principle the with accordance in generators random-number high-quality own its developed AG Crypto which for random, really be to had sequences random the However, wheels. key any without directly, drum C the drives tape punch the case this In requirements. security high with clients to interest great of was of This random numbers. consisting T-55 T-52 ing a note of the ciphertext or or ciphertext the of note a ing mak- for free remained hand other the while thumb the single- using handed operated be could The CD-57 technology. rotor the of sion ver- aby miniature making fulfilled be to able was request This service. diplomatic emerged the in version clients amongst pocket “real” a for desire the large, increasingly become had types C the Because machine CD-57The pocket tape. cated) (dupli- same the use to having rally natu- receiver and sender the with CD-57 * way. decisive a in 1960s the in tography cryp- of development the influence would which trend a seen, trend clearly be now could emerging electronics towards the However, market success. great met with which stroke master another was this miniaturisation electronics, to due of beginning the before Shortly developed. already machines CX the with the compatible not was and However, printer no had device text. deciphered For those interested in mathematics, the C-36 key key C-36 the mathematics, in interested those For once more increased the key periods enormously. periods key the increased more once which use, into came 47) to (25 divisions higher with 12 to up wheels key devices, later In possibilities. wheel, giving a further theoretical variability of 10 of variability theoretical afurther giving wheel, key each for randomly set be could lever control the of means by drum calculation the operate which pins axial the that was this to Added times! those for variability of degree –aunique position initial the to return wheels the until 3,900,225 operations 17, 19, of 21, period akey to rise 23, gives 25. This factors: common any possess not do which tions) posi- (operating divisions different exhibit wheels

15 serieS 16 CRYPTOMAGAZINE 1/2009 partn for decades. This has led to the the to led has This decades. for scenarios and environments client in solutions the most varied security implementing been has AG Crypto requirements. client fering and them adapted to for dif- security required procedures and tasks with methodologies these “state-of-the-art” extended have we projects, high-security in experience of and years many our Using expertise cli- AG’s ents. Crypto of requirements are enough focused on the security high standards but are and not necessary important These or PMBOX similar). (PRINCE2, world throughout the applicable standards to according out carried normally is systems ICT of that implementation mentioned been already has it series this in articles previous In our with clients. in cooperation projects implementing when priority top AG gives in security Crypto this process. must system be of paid deal a attention great full is functionality obvious. of Implementation the security aspect and the therefore security management with and schedule on budget, defined a within implemented be to systems security for requirement The I S eries eries on Crypto AG Services C T sec C rypto rypto e urity r r S (PRINCE2, PMBOKorsimilar) Standard ICTProjects ervices ervices ( s for i III ) applications for military and civil authorities: civil and for military for systems applications security prehensive com- of integration and mentation imple- the covers competency Our to had be developed. still which one or system nications commu- existing an into integrated were solutions in the which security use into came increasingly systems security 1980s the Since structure. not need to in be an integrated infra- that thesedid meaning were offline, systems encryption with begin To field. this in experience and of knowledge amount of a large development further and collection

VHF ranges VHF and HF in systems radio secure cations appli- radio directional and fibre line, for systems network secure e quir m ICT Operations Standard pl eme es c ntation o m h sqec svrl ie (see 2). times Figure repeat several to sequence possible the is it projects complex more For has the practice. in best as itself sequence proved and emerged following The implementation Project 1). (Figure neglected be not should time implementation and cost functionality, of priorities However, the other implementation. for partners choosing when priority should be given the highest Security de- on each pending application. importance in differ criteria The “technology/people/processes” project. imple- of a mentation infrastructure larger successful the for criteria key frequently also are workflows security-related their and sonnel per- maintenance and operating of all under one roof. But the qualification management easy and ability, oper- good and security functional channels, communication of range wide a to connection the security, for is of to systems combine kinds these challenge technological The keyThe criteria desired. if come to years for maintained be can systems The source. one from are all tion done and commissioning installa- preparation, design, The By Christof Eberle, Head of Customer Projects Projects Customer of Head Eberle, Christof By

applications Internet and for satellite line, radio, systems messaging secure p e t e nt (PRINCE2, PMBOKorsimilar) order to verify that all agreements agreements all that verify to order in out carried is review security phase a engineering At the of phase. end the this during developed also are concepts operational detail. The in defined project the started and be can solution the of ing engineer- the as this After solution described. the accept and ment imple- to agreement his gives ent cli- The client. the with out carried review design project the and oped devel- are solution the for cedure pro- design and acceptance detailed the phase engineering the During and project the about the acceptance to tests. solution nical about the tech- is informed The client Engineering the developed. and planned project with its timetable milestones is project the meeting kick-off a At munication. com- and aims project the out to sort important is it this After on. ed from personnel both sides are decid- additional all and leader project the theofproject phase first the During communica organisation. project ional the and tion bi-direct the s, aim with the project is familiar The client planning / Start 1 Figure Figure 2 Figure Start ofProjectStart

tr lnigEngineering Planning Start SOC Element Start/Planning Technology People/Processes IT Large Nets

Network Network complexity aspect) cycle (life change ents rapidundergoing and compon- infrastructures existing Networked, of the period operation personnel expertise throughout Maintaining operating maintenance and System operation Central management Engineering - in-house and Test Commissioning n cmisoe. “ie Accep- “Site A commissioned. and installed is supplied material The solution. of the operation the ing of guarantee- be capable will he and requirements security his fulfil to as way a such in installed was system the that guarantee the has client The commissioning and Installation be shipped. can rial mate- the acceptance this AG. After Test” at Acceptance Crypto “Factory a out carries personally client The functionality. and security for the requirements his fulfils whether solution tested has client The shipping and acceptance Factory out. to be carried system the on training client initial and produced be to documentation system the of version first the enables system test This tested. sively comprehen- and AG, commissioned Crypto by assembled partly cured, pro- is solution for the material The prehensively tested. com- and developed been has system the that the guarantee has client The in-house & test Commissioning with. complied been have security to related instructions and Commissioning embassy embassy personnel Training changing of periodically MoFA Applications

nance due nance to time differences dispatch, and installation mainte- the world result for in challenges throughout distributed Embassies Highest security classification Highest security in-house and Test End ofProject Factory Factory Acceptance Test and Shipping Acceptance Shipping Test and Factory Factory on-site Commissioning Installation and For joint forces: Solutions Military

Commissioning Installation and of all security targets. security all of implementation correct the verifies This system. installed entire the on out carried is review security a ly, Final- place. take the now can solution operating for advice and tem sys- the on Training produced. be can documentation) built (as book hand- operating the accepted, been have sites all After signed. this for certificate the and site each installation at out carried is Test” tance regulations and regulations processes Various, incompatible partially individual member countries individual member of interests Many the different already in already existence and systems tible infrastructures incompa- proprietary, often Differing company company standards proprietary Many non-uniform Highest security classification Highest security Product and longevity solution is made up of various specialists. and schedule agreed the with dance accor- in services required the duces pro- which team project a of charge in each are They organisations. the of each in contacts primary the are agreed costs. The two project leaders the to and time required the in ality agreed and security definedfunction- the fulfil must project The project. the for running the responsible smooth of are two These named. are supplier the for one and client the for leader project a project every of start the At implementation project successful for factor –asuccess leader project The on-site completion Project Completion Project 17 SERVICES 16 CRYPTOMAGAZINE 1/2009 partn for decades. This has led to the the to led has This decades. for scenarios and environments client in solutions the most varied security implementing been has AG Crypto requirements. client fering and them adapted to for dif- security required procedures and tasks with methodologies these “state-of-the-art” extended have we projects, high-security in experience of and years many our Using expertise cli- AG’s ents. Crypto of requirements are enough focused on the security high standards but are and not necessary important These or PMBOX similar). (PRINCE2, world throughout the applicable standards to according out carried normally is systems ICT of that implementation mentioned been already has it series this in articles previous In our with clients. in cooperation projects implementing when priority top AG gives in security Crypto this process. must system be of paid deal a attention great full is functionality obvious. of Implementation the security aspect and the therefore security management with and schedule on budget, defined a within implemented be to systems security for requirement The I S eries eries on Crypto AG Services C T sec C rypto rypto e urity r r S (PRINCE2, PMBOKorsimilar) Standard ICTProjects ervices ervices ( s for i III ) applications for military and civil authorities: civil and for military for systems applications security prehensive com- of integration and mentation imple- the covers competency Our to had be developed. still which one or system nications commu- existing an into integrated were solutions in the which security use into came increasingly systems security 1980s the Since structure. not need to in be an integrated infra- that thesedid meaning were offline, systems encryption with begin To field. this in experience and of knowledge amount of a large development further and collection

tr lnigEngineering Planning Start SOC Element Start/Planning Technology People/Processes IT Large Nets

Commissioning Installation and of all security targets. security all of implementation correct the verifies This system. installed entire the on out carried is review security a ly, Final- place. take the now can solution operating for advice and tem sys- the on Training produced. be can documentation) built (as book hand- operating the accepted, been have sites all After signed. this for certificate the and site each installation at out carried is Test” tance regulations and regulations processes Various, incompatible partially individual member countries individual member of interests Many the different already in already existence and systems tible infrastructures incompa- proprietary, often Differing company company standards proprietary Many non-uniform Highest security classification Highest security Product and longevity solution is made up of various specialists. and schedule agreed the with dance accor- in services required the duces pro- which team project a of charge in each are They organisations. the of each in contacts primary the are agreed costs. The two project leaders the to and time required the in ality agreed and security definedfunction- the fulfil must project The project. the for running the responsible smooth of are two These named. are supplier the for one and client the for leader project a project every of start the At implementation project successful for factor –asuccess leader project The on-site completion Project Completion Project 17 SERVICES 18 CRYPTOMAGAZINE 1/2009 commissioning should all take take The source. one-stop all a from place should commissioning and project, installation the supply, r planning, in gua to order continuity n I nes. antee i iscipl d standard project remaining the to given attention is phase next the during Only project. of a tion high-security implementa- the during priority est high- the granted be must Security security ICT for partners Competent of and maintenance. ensuring operation of guaranteeing solution, the commissioning of capable are employees The mented. imple- been has which solution rity the of operation the secu- guarantee to able is client the that ensure cle in The described arti- this processes continuity solution System AG. Crypto and client the out with project a is carried review Certificate” Acceptance “Final the signing After to client. the over handed is documentation final the project, the complete To been met. have – security for – especially requirements his all and system desired the received has client The completion Project - infrastructure project and for its its for sustainability. and project infrastructure larger a of implementation successful the for criteria key often are workflows must also be as given attention these security-related and their personnel maintenance and operating the of qualification The projects. of mentation high-security imple- also the in but experience practical knowledge theoretical the only not have out must project the carrying for selected partner C University of St. Gallen, Switzerland, http://www.idt.unisg.ch Switzerland, Gallen, St. of University Collm Alexandra and Dr.Schedler Prof. Kuno administration public in projects IT of success sustained the for weaknesses and mistakes from Learning RISKS OF INSTEAD OPPORTUNITIES Source: are projects IT in factors risk important most The project. the of start the at mistakes to due occurs failure project of risk greatest the that In study, a of representative underestimated. St.the University discovered Gallen often are practice into project a putting of phases initial the of importance The

orrect risk assessment at risk orrect assessment the start of the project Inadequate communication Badly defined responsibilities Unrealistic resource planning Superficial project planning No allocation or wrong personnel for project tasks Imprecise specification of the IT solution No defined project aims

no r one after another. If this seems seems this If another. variations the after all one try to years of of millions require key would it a kind, this breaking of task the for only used and together connected were today existence in all computers if example, For security? of in terms mean this does What zeros. with 38 number a is This variations. Q f 2 bt cn upy 10 supply can bits 128 of length a with key a even situation: Just about a the real comment quick but experts. not the by this, may be impressed Laymen simply ignored! are requirement time and capacity this the processing data when necessary valid because only is in statement sets petition com- unfair like something computers, high-performance with ken bro- be can algorithms encryption normal But all that claimed is it developments. when relevant all the following in interested always are and mathematicians tographers cryp- practice-oriented Naturally, method. able encryption unbreak- mathematical and/or cal physi- only the is cryptography tum by quan- that is circles primarily research these out given The message encryption. to approach new a to physics quantum of principles the applying with years several for have land and been Austria involved Switzer- USA, the in mainly groups Research basis. new a on processes technical many put day one might physics of field this that assumed is it because is This nowadays. money research of lot a attract can which field ascientific is physics Quantum still lie and far – practice apart theory solutions, and are unlikely very to security converge. practical to cryptography. relation in but field mathematical interesting an definitely physicsis Quantum modern this? of made be to is What about statements negative by accompanied also Mostly media. the in regularly appears cryptography quantum in projects of implementation the about news” “Good uantu e volution in m 38 key key c ryptography:

nologies, methods and solutions.” solutions.” and tech- methods nologies, proven sensitive current, using secure assets to Continue ers. comput- quantum available commer- cially by soon anytime useless rendered be will security phy-based cryptogra- current all that rumours advised: clearly also Inc. Gartner 2008, ary Febru- 29 from report expert an In textbooks. found in mathematical the all better for proof it the is to be unbelievable, same context if it is to fulfil the the fulfil to is it if context same the into put be cryptogra- to able be must phy quantum And ments. require- of these context the within perfectly function to able be must it is to be ably. beneficial If encryption reli- and simply administered be to implemented able be and be ICT the into seamlessly must solution encryption Each (ICT). technology communication and information of should be therefore as regarded part encryption Application-oriented it. or read alter can and network the in point any at data access unauthorised can person no that way a such in and networks complex in pants partici- many between flexibly data of quantities large exchange to able here meant is to be is What typically practice? in by this meant is what But was considered. itself” in “security only ever, how- now, until Up way. ventional” “con- a in be reliably very also guaranteed can security Information itself in value isolated an is not Security “Don’t be distracted by by distracted be “Don’t s ight 1 business or organisational process or organisational business of able being to protect requirement ly simplified – however there is there however – simplified ly great- naturally is description This no longer usable. is connection the – practice in tant attack is noticed and – what is impor- the that means This lost. is or ment some it by action, its changes entangle- route en “touched” is photon a a A B. from point If to a point second transmission data encrypted direct have to possible is it conclusion, In values. binary of mission trans- the for used be – processes complicated using – can fibre) glass via (mostly receiver sent to sender from photons entangled resulting The plane. theoretical the towards 45º or 90º as such defined, be can states entanglement particular filtering, By filter). (polarisation phy cryptogra- for use of be to order in a filtered be to need they (meaning circle) 360° directions all in late oscil- can photons As particle. of the polarisation as known is plane oscillation This particle. each for constant is which plane a through always but or chaotically, randomly not however – oscillate they space through moving when that is cles of parti- these A light. characteristic of is, particles that photons, sending on based is cryptography Quantum practice as same the is not Theory user. a potential offer could it which features the at look us Let efficiently. and simply es reliably, By Dr. Rudolf Meier, Publicist Meier, Rudolf Dr. By - 19 TECHNOLOGY 18 CRYPTOMAGAZINE 1/2009 commissioning should all take take The source. one-stop all a from place should commissioning and project, installation the supply, r planning, in gua to order continuity n I nes. antee i iscipl d standard project remaining the to given attention is phase next the during Only project. of a tion high-security implementa- the during priority est high- the granted be must Security security ICT for partners Competent of and maintenance. ensuring operation of guaranteeing solution, the commissioning of capable are employees The mented. imple- been has which solution rity the of operation the secu- guarantee to able is client the that ensure cle in The described arti- this processes continuity solution System AG. Crypto and client the out with project a is carried review Certificate” Acceptance “Final the signing After to client. the over handed is documentation final the project, the complete To been met. have – security for – especially requirements his all and system desired the received has client The completion Project - infrastructure project and for its its for sustainability. and project infrastructure larger a of implementation successful the for criteria key often are workflows must also be as given attention these security-related and their personnel maintenance and operating the of qualification The projects. of mentation high-security imple- also the in but experience practical knowledge theoretical the only not have out must project the carrying for selected partner C University of St. Gallen, Switzerland, http://www.idt.unisg.ch Switzerland, Gallen, St. of University Collm Alexandra and Dr.Schedler Prof. Kuno administration public in projects IT of success sustained the for weaknesses and mistakes from Learning RISKS OF INSTEAD OPPORTUNITIES Source: are projects IT in factors risk important most The project. the of start the at mistakes to due occurs failure project of risk greatest the that In study, a of representative underestimated. St.the University discovered Gallen often are practice into project a putting of phases initial the of importance The

a LAN and a server to a WAN. a and server a LAN via relayed be fed and cannot nal sig- photon a – possible not wise like- is security end-to-end Real level. protocol ous continu- a on network same the in to participants several connect developed be can network branches with real routing, no that direct meaning for unusable cryptography quantum makes “non continuity” this In addition, some at node or other. attack an attempting someone from protected nently be perma- can domain public the in network no And point. this at data the can be unprotected accessed principle, in risk: a is cleartext there junction, each at so, and again” up “set be to has phy cryptogra- be quantum to up, are linked routes individual If cally. physi- limited is range The fibre. glass seamless a along (photons) particles light of exchange the by point to point out carried be only can cryptography Quantum receiver is not possible directly directly possible not is receiver or sender the of Authentication

tional cryptography. tional tradi- with done be only can this Again, confirmed. be can participants the of authenticity additional the an which with connection on “secure” based are these expected, As this. for used be to need processes additional – communication photon using rdtoa ln ecyto – encryption not be possible. would link traditional in practice best is as during – operation change key a addition, In encryption. AES other to every corresponds therefore level conventional rity secu- for operating The encryption! used then is link Ethernet This Ethernet). (e.g. link conventional a lishing estab- and link photon the off ing switch- then – key AES 256-bit a – e.g. polarisation quantum using key secret a exchanging means this terms practical key. In same this both sides process need to in use the because encryption cal symmetri- for keys of exchange for the secure primarily tography cryp- made about quantum using often are Suggestions achieved. be could that most signal the be would speech a – applications day present for value practical of hardly is bandwidth high. usable The very not is quantum cryptography of performance The inable in quantum cryptography. cryptography. quantum in inable unimag- be would kind this of ibility Flex processes. all in transparency complete possesses he agement), man- security whole the (i.e. ment manage- key and own his basis undertakes algorithm secret own mathematical up his sets user the If cryptography. with avoided reliably be can disadvantages These arrangements. security user’s the of part know bly inevita- will who party work third a with to obliged always therefore is user A policy. security own your supporting to relation in autonomy and (transparency) processes tion over encryp- the control prehensive com- essential the words other in missing, are architecture security of a aspects sensible the that critical means this however, user, the For be not user. to the visible would photons using tion be necessary for real tests. was tests. real for necessary be would of equipment amount physics large a And own. their on kind this of andequipment operate configure to position a in be would users any hardly very practice In matter. a complex is cryptography Quantum autonomy and control lacks user The process. this for basis a as serve devices individual the in encrypted graphic parameters which are stored dom numbers) and the crypto secret ran of means (by process complex a in connection each for generated new is key a connection short-term because secret primarily is existed. This key actually secure never of exchange problem the tion, of encryp case traditional the hardware-based in that, added be should It used to transmit a piece of information. of apiece transmit to used can be particle individual each character, to this double Due like (movement). here waves behave therefore ticles par- The light. of beam superimposed a diffracted to lar simi- of electrons beams of two the formed overlapping is the from pattern interference an slit, this through sing pas- particles After slit. double electron narrow a by through sent are which demonstrated be can This rial). a both has light (mate- character and a (energy) particle mechanics, wave character quantum of realm the In really happening with encryp with happening 3 What - - - - -

security, user interfaces and so on.”and interfaces user security, network security, computer where: else- are problems real The chains. security most in link strongest the is is, sometimes it as bad as tography, aptly: uation sit- the expert summarises Schneier Bruce cryptography famous The cure; it’s that cryptography is is cryptography secure.” that sufficiently already it’s inse- be cure; might cryptography tum quan- that not It’s future. no has it But as a product, quan- cryptography. tum in developments the lowing fol- I enjoyed and have research, rity opinion: opinion: this shares Schneier Bruce society. and economy the to progress real bring to able be will it where areas new completely in be to likely more is this if even – come definitely fore there- will physics quantum of day The bionics. or technology) (nano techniques production technology, sensor technology, be measurement could examples Obvious is justified. lives our of areas particular in role quantum one a play day will from research physics The results that discipline. hope interesting very a remains and is physics Quantum but... physics: interesting, Quantum “I’m always “I’m in always favor of secu- Mteaia cryp “Mathematical 2

2 - 3 2 1 Source:

receiver is not possible directly directly possible not is receiver or sender the of Authentication to a WAN. a and server a LAN via relayed be fed and cannot nal sig- photon a – possible not wise like- is security end-to-end Real level. protocol ous continu- a on network same the in to participants several connect developed be can network branches with real routing, no that direct meaning for unusable cryptography quantum makes “non continuity” this In addition, some at node or other. attack an attempting someone from protected nently be perma- can domain public the in network no And point. this at data the can be unprotected accessed principle, in risk: a is cleartext there junction, each at so, and again” up “set be to has phy cryptogra- be quantum to up, are linked routes individual If cally. physi- limited is range The fibre. glass seamless a along (photons) particles light of exchange the by point to point out carried be only can cryptography Quantum

2 - 3 2 1 Source:

www.kfunigraz.ac.at Austria, Graz, of University Picture: 15, www.schneier.com 2008: November Officer. Security Chief Schneier, Bruce Crypto-Gram, 2008 29 February Inc., Gartner Publication Adopters. Early for Even Too Early Cryptography: Quantum 21 TECHNOLOGY @ @ @ 22 CRYPTOMAGAZINE 1/2009 again lowing principles When fol- in the mind: keep password, risk. a choosing safety considerable a present – passwords weak words other in – short too or chosen badly are which Passwords password. a you to enter various require services online and computer your Both word pass- agood creating for Tips like? look password perfect a does what but theft, unauthorised against tion It protec- to is have possible reliable to a stranger? PIN dispenser cash your you give would Or concerned. person the of tection pro- a also is it kind; a this of protect system to serves only not word pass- A risk. high very a to exposed is system computer a on or cation appli- an in access can user a thing every- is known, Once the password criminals. and hackers by attacked frequently most are things the of some numbers PIN required. and are Passwords numbers and ters let- of combinations specific where areas many the in you arise Risks as like. much as extended list be the can – transactions for e-banking another cards, credit for code PIN a application, an our or for computer password a have We life. daily electronic our in security IT of part important an as passwords without being imagine cannot We passwords. use of secure the at looks series the in article fourth This life. everyday for tips useful giving passwords, to Internet the from areas, topic different the at looks Magazine Crypto equipment? IT and information depends on it the because conscious thinking people and with actions do of to the deal user.great a has So but what discipline is technical a a practical only and not is safe way security to deal Information with P

Find a sentence which consists of a consists which Find sentence . -) + * ” “ ? ! (e.g. symbols of special consist and numbers and letters, both length eight in least at be characters ld shou password A a ssw s ord t data th s – b but on no account write them down. down. them write account no on but word combinations your Remember word. pass- a different have should cation to each a appli- Basically party. third be might a known suspect password at the latest when intervals, you ular reg- at changed be must Passwords

information security is more more is ISi>a1F!. -> a firewall! than security information -> IwatGCf8hy!; required yesterday! hours the for club 8 golf I at the was length: has the password that so marks punctuation at least eight and numbers words, names, orinitials birthdays. nick- names, example for word, pass your in yourself about facts known generally any use not Do -> by Mshrsfllb9%. 9 percent fell shares my Dnldhs3Nphws!; -> 3nephews! has Donald acters: char- special and numbers with combination in vowels words without from passwords Create 78”). Also avoid words which which words dictionaries. in appear avoid Also 78”). (e.g. “123456- or “qwertyui” passwords “guest”, trivial Avoid e tt e ft e By Franco Cerminara, Head of Consulting and Education, InfoGuard AG* InfoGuard Education, and Consulting of Head Cerminara, Franco By r prot - * Your password is your personal personal your – ID do it on not pass to anyone! is password Your password. not are your you enter when you watched being that sure make Also InfoGuard AG, a company affiliated to Crypto AG Crypto to affiliated AG, acompany InfoGuard of technical security solutions. security technical of implementation and development the as well as ing awareness-rais- and training advice, include pertise ex- of fields Its security. information comprehensive in specialises Group, Crypto the of amember and ec tion

Security Awareness CAGMag_anz_switzerland_A4_en.indd 1 Crypto AG,P.O.Crypto Box 460,CH-6301Zug, Switzerland,Tel. www.crypto.ch +4141749 7722,Fax+4141741 2272,[email protected], To Remain Sovereign rely ontheexpertiseand capability ofCryptoAG.Customersfromover130 countries arealreadydoingjustthat. Information Security Solutions. Because we know that conﬁdential information is of the highest value. You too can For more than 55 years we have concentrated on the development, production and implementation of challenging Top ofInformationSecurity 21.2.2008 14:27:19 Uhr @ @ @ 22 CRYPTOMAGAZINE 1/2009 again lowing principles When fol- in the mind: keep password, risk. a choosing safety considerable a present – passwords weak words other in – short too or chosen badly are which Passwords password. a you to enter various require services online and computer your Both word pass- agood creating for Tips like? look password perfect a does what but theft, unauthorised against tion It protec- to is have possible reliable to a stranger? PIN dispenser cash your you give would Or concerned. person the of tection pro- a also is it kind; a this of protect system to serves only not word pass- A risk. high very a to exposed is system computer a on or cation appli- an in access can user a thing every- is known, Once the password criminals. and hackers by attacked frequently most are things the of some numbers PIN required. and are Passwords numbers and ters let- of combinations specific where areas many the in you arise Risks as like. much as extended list be the can – transactions for e-banking another cards, credit for code PIN a application, an our or for computer password a have We life. daily electronic our in security IT of part important an as passwords without being imagine cannot We passwords. use of secure the at looks series the in article fourth This life. everyday for tips useful giving passwords, to Internet the from areas, topic different the at looks Magazine Crypto equipment? IT and information depends on it the because conscious thinking people and with actions do of to the deal user.great a has So but what discipline is technical a a practical only and not is safe way security to deal Information with P

TRADE FAIRS For the customers of Crypto AG, Switzerland 1 2009

DSEi, 8 to 11 September 2009 London, Great Britain

A member of CRYPTO AG – To Remain Sovereign The Crypto Group The World of Cryptography