Sunday, September 20, 2009

Security Technology: Week 8

1. Which architecture for deploying a firewall is most commonly used in businesses today? Why?

The most commonly used and dominant architecture is the screened subnet firewall. This type of firewall creates a DMZ (Demilitarized Zone). A demilitarized zone (DMZ) isolates hosts which are accessible from outside the network (e.g. a web server or FTP server) from internal servers. The external hosts are placed in a separate network zone, on a separate adapter, connected to the firewall. This creates the DMZ. This is easily achieved with a firewall with three or more interfaces.

Each sub network is also configured with its own security zone (e.g. the Finance network, the Sales network, etc.) by connecting it to a separate firewall adapter. All traffic between zones, and all traffic from the Internet to all zones, is checked by the firewall. In this way, each zone is isolated, and the systems in each zone only trust other systems within the same zone. Therefore, if a hacker succeeds in breeching an accessible host, the other hosts within the network are still safe. DMZs are often used for special servers, such as web servers, which must be accessible from two separate networks. Usually an organization has one Internet connection, one local network and one DMZ with servers that must be both internally and externally accessible.

The screened subnet is an entire network segment that performs two functions:

· It protects the DMZ systems and information from outside threats by providing a network of intermediate security.
· It protects the internal networks by limiting how external connections can gain access to internal systems.

DMZs can also create extranets, segments of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.

2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
In terms of security, dial up connections are deemed to be more vulnerable to attacks than compared to VPNs (Virtual Private Networks). Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking intercept and thus packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy. This is the first and foremost reason for the dominance of this technology. Other reasons for popularity include:

- Cost savings

One way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines. With VPNs, an organization needs only a relatively short dedicated connection to the service provider. This connection could be a local leased line (much less expensive than a long-distance one), or it could be a local broadband connection such as DSL service.

VPNs enable travelling employees to access the corporate network over the internet. By using remote sites’ existing Internet connections where available, and by dialling into a local ISP for individual access, expensive long distance charges can be avoided.

VPNs allow employees working at customer sites, business partners, hotels and other untrusted locations to access a corporate network safely over dedicated private connections.

VPNs allow an organization to provide customer support to clients using the internet while minimizing risks to the client’s computer networks.

3. Will biometrics involve encryption? How are biometric technologies dependent on the use of cryptography?

Biometrics is the science and technology of measuring and analysing biological data. In information technology, biometrics refers to technologies that measure and analyse human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes.

Encryption is a mathematical process that helps to disguise the information contained in messages that is either transmitted or stored in a database, and there are three main factors that determine the security of any crypto system; the complexity of the mathematical process or algorithm, the length of the encryption key used to disguise the message, and safe storage of the key, known as key management.

Yes, Biometrics will involve encryption. Biometric Encryption is the process of using a characteristic of the body as a method to code or scramble/descramble data. Physical characteristics such as fingerprints, retinas and irises, palm prints, facial structure, and voice recognition are just some of the many methods of biometric encryption being researched today. Since these characteristics are unique to each individual, biometrics are seen as the answer to combat theft and fraud, particularly when dealing with commerce over the internet. The reason that this new technology is believed to be superior to the use of passwords or personal identification numbers (PINs) is that a biometric trait cannot be lost, stolen, or recreated, at least not easily. As one industry expert put it, "Unless criminals are going to start cutting off peoples fingers to gain access to their accounts, biometric encryption is an excellent method for controlling access to those who should have it."

Cryptography is defined as the conversion of data into a secret code for transmission over a public network. Today, most cryptography is digital, and the original text ("plaintext") is turned into a coded equivalent called "Ciphertext" via an encryption algorithm. The Ciphertext is decrypted at the receiving end and turned back into plaintext.

Biometric data are noisy; being made of attributes of the human body; it makes the individual bits in the template unreliable; only an approximate match can be expected to a stored template. On the other hand, cryptography demands correctness in keys; it requires that keys be exactly right, or protocols will fail. It would be better to have a more general, protocol-level approach, combining cryptography and biometrics to achieve reliability and protection that biometrics alone will not provide.

No comments:

Post a Comment