FAQ

Frequently Asked Questions

  • What is encryption?

    Encryption is a process to secure information from unwanted access or use. Encryption uses the art of cryptography, which comes from the Greek words meaning “secret writing,” to change information which can be read (plaintext) and make it so that it cannot be read (ciphertext). Decryption uses the same art of cryptography to change that ciphertext back to plaintext.

  • Why uses encryption?

    Encryption is one of the most popular and effective data security methods used by organizations.

    Encryption is the best way to protect data during transfer and secure stored personal and official data. It also reduces the risk of abuse within a company, as access is limited only to authorized people with the right key.

    Two main types of data encryption

    Asymmetric - public key
    Symmetric - private key


    But this system needs to distribute and manage a huge quantity of keys securely.

    However, its principal weakness has been  its reliance on a “Key” managed  by an administrator, making the administrator an easy target of hackers.  Furthermore, “protected” data can be readily stolen by the administrator and/or so-called “insiders” in  many cases because they have easy access to the “Key”. However, OSSEC prevents those suspicious activities because it’s “Key” doesn’t maintain by an administrator.

  • What is "Public key" & "Private Key"?

    The most well-known security system the Public Key and the Private Key was introduced in 1978 by RSA. Public keys and private keys are used in an asymmetric cryptosystem. In this system, a public key
    is a key that is known to anyone, it is not a secret. It may be used by anyone to encrypt data. However, the data can only be decrypted by the user or users with the private key, which is a secret.

  • Why OSSEC is more secured?

    In the OSSEC system, unlike other algorithm software, a "Key" for the algorithm does not exist inside the system. Therefore, the encrypted data can be decrypted only by the user initially registered in the server, PC (client), and authentication device (IC card in this case). Only when the user uses the IC card to authenticate its validation correctly, the key for encryption and decryption be generated for the first time. Therefore, any third party, including the administrator, is unable to decrypt data without authorization.

  • How strong OSSEC'S encryption algorithm is?

    In OSSEC security system, 256-bit key is used for encryption which cannot be broken practically.

  • What is difference between firewall & OSSEC security solution?

    Firewall is a the Gatekeeper of the network (or the Castle) and no security for the data/treasures in the system/castle. OSSEC protects “Each important data/treasures (regardless where the data/ treasures are stored, inside or outside of the system or in Castle.

OSSEC FAQ
jaJapanese