by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : November 2012
12 GCN NOVEMBER 2012 • GCN.COM [BrieFing] HOW IT WORKS Government websites have been frequent targets of distributed denial of service attacks, which attempt to overwhelm a Web server with so many requests that the site becomes unavail- able. Spotting such an attack can de- pend on what type of DDOS attack it is. The Keccak algorithm -- winner of the National Institute of Standards and Tech- nology's ve-year SHA-3 competition -- is set to become the sixth Secure Hash Algorithm recognized under Federal Information Processing Standards. Expected to be designated as SHA-3 within the next year, Keccak will pro- vide an additional cryptographic tool deemed secure enough that agencies can rely on it to authenticate and digi- tally sign documents. Hash algorithms are important cryp- tographic tools, but their operation is transparent to most people who use the applications that apply them. Nevertheless, it's important to know what they do. When the contents of a digital document are fed into the algorithm, it produces a hash --- or message digest --- of a xed length that should be unique to the contents of the document. That means no other message will produce the same digest. And because a hash algorithm is a one-way function, it should not be possible to use the hash to recre- ate the message. If a document is "hashed" and the re- sulting digest is made available, a second person using the same algorithm should be able to produce the same digest, which proves that the document has not been altered. Any change in the docu- ment would produce a completely differ- ent digest. The algorithms also can help create digital signatures, which then can be used, like ink-on-paper signatures, for non-repudiation. "The ve hash algorithms speci ed in this standard are called secure because, for a given algorithm, it is computation- ally infeasible 1) to nd a message that corresponds to a given message digest, or 2) to nd two different messages that produce the same message digest," says FIPS 180-3. "Any change to a message will, with a very high probability, result in a different message digest. This will result in a veri cation failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm." The computations are performed on xed-size blocks of message content, so before the function is executed the message is prepared for hashing by pad- ding it to produce the needed number of bits to produce only full blocks, and then parsing it into blocks. How government creates a new secure hash According to a recent survey of government security and IT man- agers, work e-mail is the most significant channel for data leak- age in an agency, but accepted best practices for securing e-mail can make it harder to stop those leaks. Desktop-to-desktop encryption can make it more di cult not only for bad guys to snoop e-mail tra c, it also can make it more di cult for agen- cies to keep an eye on what is being sent out of the enterprise. "There is a trade-o between the best practice of encryption and the lack of transparency in protecting against data loss," said Mike Dayton, senior VP for secu- rity solutions at Axway. That does not mean point-to- point encryption is bad, he said. "Yes, you should have it. It s still a best practice." But thought must be given to how it is used and provisions made for examining it as it leaves the network. The survey was conducted by MeriTalk and underwritten by Axway, a company that provides e-mail security systems (includ- ing one that allows agencies to decrypt outgoing e-mail at the gateway). MeriTalk conducted the survey online, obtaining respons- es from 203 government o cials, and claims a margin of error of plus or minus 6.84 percent at a 95 percent confidence level. --- Kevin McCaney In which of the following ways does unauthorized data leave your agency? Standard work e-mail Agency-issued mobile device USB ash drives Personal e-mail Personal mobile devices Web-based work e-mail Encryption cuts both ways Source: MenTalk [datapoint]