Microexpert provide comprehensive training courses for people new to the field or those wanting to obtain more in depth experience of Smart Cards and their applications.
Smart Card Foundation Course
Microexpert are running Smart Card foundation training courses for people new to the Smart Card industry and those who want to achieve a rapid knowledge of the commercial and technical issues surrounding the use of Smart Cards. The session will cover the role of Smart Cards in major application areas, such as the financial, government, telecoms and entertainment markets, and provides an overview of Smart Card applications. The training courses will be given over four sessions in a single day. The courses will also cover aspects of security and PKI technologies as they relate to Smart Card applications. No previous technical knowledge is necessary.
For the Smart Card Foundation Course Brochure (Download File pdf):
http://consult.microexpert.com/foundationtraining.pdf
ITSO Foundation Training Course
ITSO foundation training courses are designed to provide an overview of the use of Smart Cards within transport and will in particular refer to the ITSO specifications. The training course will be given over four sessions in a single day. Our ITSO foundation training course aims to show the advances in technology, which will make inter-operability of UK Smart Card schemes possible. The training course will cover the general background to contactless Smart Cards, the security requirements surrounding the use of Smart Cards in transport applications, the architecture necessary to achieve an interoperable transport scheme and give an overview of current Smart Card transport schemes throughout the world.
For the ITSO Foundation Course Brochure (Download File pdf):
http://consult.microexpert.com/ITSOtraining.pdf
Custom Training Courses
A tailored course in any of the following fields are also available
- Physical/Logical Access Control Systems
- Biometrics/ ID Cards
- Cryptography
- Public Key Infrastructure
- JavaCard
- MiFare
Technical Downloads
Smart Card Tutorial(Download File .pdf)
This tutorial is designed to help people new to the industry to acquire a good technical background to the controlling technology.
http://www.smartcard.co.uk/tutorials/sct-itsc.pdf
Ant JCOP JavaCard Build Set-Up, For compiling, loading and deleting JavaCard Applets
The solution contains all the files you need to build and load a JavaCard applet onto IBM JCOP Cards or emulators. You must first have the IBM JCOP tools installed (see
http://www.blogger.com/www.zurich.ibm.com/JavaCard
Unzip the archive and read README.TXT for full instructions.
Download v1.1 updated files now:
zip (http://consult.microexpert.com/jcop-ant-v1.1.zip)
or
tar (http://consult.microexpert.com/jcop-ant-v1.1.tar.gz)
Protective Monitoring
We all know about anti-virus and anti-malware software, who would dare operate their PC on the internet without such protection? Commercial and government organisations are also well briefed in keeping their software up to date by installing the latest patches and most home users have the auto-update software installed on their PCs.
The truth is that this cannot protect you from the real dangers of the internet. No matter how well designed the software on your computer, there will always be holes that can be exploited by a range of attackers from the insider, a disgruntled employee at work or even your spouse at home, to the highly qualified team of hackers employed by organised crime or Foreign Intelligence Services (FIS).
The University of Toronto has reported (March 2009) that a Chinese spying operation has obtained sensitive informaprove that the Chinese government was behind the attacks (dubbed ‘GhostNet’) but they did note that the topics of interest included activities by the Tibetan independence activists. Denied of course by the Chinese government tion from more than a thousand computers in over 100 countries. The University specialists were unable to but these forms of attacks are now becoming well known and cyber warfare is becoming a bigger feature in information security.
The damage done to an organisation through even unintentional data loss can be severe enough to break the organisation. In 2005 CardSystems Solutions lost 40 million debit and credit card account details which resulted in the company going bankrupt in 2007. A recent survey by Ipsos MORI discovered that over 50% of account holders in the UK (about 23 million) would move bank if their bank lost their personal account details. The affect on the offending bank is incalculable.
It is not technically possible to have a perfectly secure system, there will always be flaws in the software or the combination of the software and hardware platform that makes up your computer system. By Everett’s Principle we know that there are many attacks on computer systems that cannot be stopped, but they can always be detected. This is the primary objective of Protective Monitoring, to analyse the interactions with our computer system to detect when some unexplained or prohibited behaviour is taking place and to alert the authorised controllers accordingly.
The UK government is well versed in the requirements for Protective Monitoring, which is documented in CESG Infosec Memo 22. The application of such techniques is mandatory in many sensitive government information management systems.
Some organisations employ Intrusion Detection Systems (IDS) to detect attacks upon their system, but Protective Monitoring takes this further by looking for attacks by insiders who may use the information systems quite normally to steal confidential data, which is subsequently made available to external parties. Other employees may use the computing facilities made available by the company in order to undertake tasks that would be in breach of the company’s security policy, sex and violence in emails or web sites for example. Others may spend a disproportionate amount of their day interfacing with social web sites such as FaceBook or Twitter.
It is easy to forget that it is the user of computer systems that needs to be protected. Most people and particularly young children would be inexperienced or unaware of the dangers of the internet jungle. Phishing where users are mislead into giving away sensitive information to hacker sites purporting to be their financial institution is, for example, a major concern. Today these same organisations are moving to the internet as the main method of communicating with their customers and that can only cause greater confusion and vulnerability for their customers.
Children are a particular vulnerability when it comes to the internet and it’s not only the downloading of inappropriate material, there have been numerous reports of young persons uploading material of a sexual nature sometimes in which they are intimately involved. Then there is the grooming of young persons by paedophiles, a threat that is regrettably on the increase. Another area of concern is bullying which can be quite prevalent with young people including girls. We tend to think of it as a physical attack but some of the worst cases of bullying are actually caused by psychological damage and here the girls dominate, ‘if you talk to her again you won’t be my friend any more’
Protective Monitoring is usually undertaken by inserting one or more network monitoring device into your computer system. In the case of the home, it can be just one device that seamlessly connects between your broadband modem and your home network, be it one PC or even a home wireless network. This Protective Monitoring device analyses the traffic on your network to detect the forms of unacceptable behaviour we have discussed. In the event of such detection, the appliance can arrange for the authorised controller to be alerted by email or SMS text message and it can even be configured to block the unacceptable activity.
Although in principle you could implement Protective Monitoring by adding software modules to your computer, they would however present a significant performance penalty to your machine and would themselves be subject to attack by internal and external threats.
0 comments:
New comments are not allowed.