Security and Privacy

There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignore host security on servers. But the function of the token is more important than its form: The token is worthless if it doesn't do what's required. With unlimited processing capacity and unlimited time available, all cryptosystems could be broken. Security policy, security frameworks, vulnerability assessment, firewalls, intrusion detection, virtual-private networks, authentication and authorisation, encryption standards, and public-key infrastructure are some of the approaches taken by IT management to enhance the security over the internet.

The security policy must also be clearly and fully documented; and enforced. It's silly to build a 6-foot thick steel door when you live in a wooden house, but there are a lot of organisations out there buying expensive firewalls and neglecting the numerous other back-doors into their network. VPNs are implemented through encryption and authentication features within firewalls, routers, & appliances.

Vulnerability assessment

Hardware, firmware, or software flow that leaves AIS opens for potential exploitation. That data enables PCCW to determine what contents people like and where to put things to make them easy to find.

Authentication tokens come in many forms, including magnetic-strip cards, USB devices, and micro-chip cards with readers, and contact less cards that use radio to transmit data. For example, a site with top secret or classified data doesn't need a firewall at all: they shouldn't be hooking up to the Internet in the first place, or the systems with the really secret data should be isolated from the rest of the corporate network. One of these keys is used to encrypt a message that can only be decrypted by the other related key. Tunneling ``bad'' things over HTTP, SMTP, and other protocols is quite simple and trivially demonstrated. PCCW uses cookies to track where users go on the site.