1 / 60

SafeZone --Classic Encryption--

SafeZone --Classic Encryption--. Issued by_ MixofTix Developers Network Director Network & Security Overview. Information: URL: http://www.MixofTix.net E-Mail: info {AT} mixoftix {DOT} net Document # 7856-SECU-EHR-01. © MixofTix Developers Network July, 2006.

tailynn
Download Presentation

SafeZone --Classic Encryption--

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SafeZone --Classic Encryption-- Issued by_ MixofTix Developers Network Director Network & Security Overview Information: URL: http://www.MixofTix.net E-Mail: info {AT} mixoftix {DOT} net Document # 7856-SECU-EHR-01 © MixofTix Developers Network July, 2006

  2. Networking Solutions • Security Between Particles • Total Security Architecture • Anti-Virus • Compare Databases • Compare Develoment Paltforms • Analysis of QoS © MixofTix Developers Network July, 2006

  3. Networking Solutions © MixofTix Developers Network July, 2006

  4. Network Parts • A core zone link to the distributed servers • Connection between particles is internet • Connections in core is Ethernet © MixofTix Developers Network July, 2006

  5. Solutions for internet connection • Leased line • Point 2 Point • Satellite © MixofTix Developers Network July, 2006

  6. Network Protocol • TCP/IP © MixofTix Developers Network July, 2006

  7. Security Between Particles © MixofTix Developers Network July, 2006

  8. What is a firewall? • Different firewall technologies • Firewall functionalities • Firewall as a part of total security solution © MixofTix Developers Network July, 2006

  9. A device (usually hardware and software) that enables safe data communications between networks with different security policies (e.g. Intranet/Extranet, Intranet/Internet) Used to carry out network security policy and control communication between networks Internal network Untrusted users Trusted users DMZ What is a Firewall? Untrusted networks and servers Trusted networks Gateway Internet Network segment for public servers (e.g. HTTP, SMTP) © MixofTix Developers Network July, 2006

  10. Firewall Technologies • Packet filters • Routers • Application proxies • Raptor, Gauntlet • Stateful inspection • Netscreen, Cisco PIX • Multi-Layer inspection • StoneGate © MixofTix Developers Network July, 2006

  11. Layering Models vs. Real Life OSI Model TCP/IP Model Real Life © MixofTix Developers Network July, 2006

  12. Application Application Presentation Presentation Session Session Transport Transport Network Network Network Data Link Data Link Data Link Physical Physical Physical PACKET FILTER Packet Filter • Network layer functionality • Filters according to ACLs (Access Control Lists) • Source and Destination IP, Ports © MixofTix Developers Network July, 2006

  13. Packet Filter • Advantages • High performance • Application independence • Transparency • Disadvantages • Low security (no inspection above network layer) • Large rule bases slow down traffic – difficult to manage/configure © MixofTix Developers Network July, 2006

  14. Telnet HTTP FTP Application Application Application Presentation Presentation Presentation Session Session Session Transport Transport Transport Network Network Network Data Link Data Link Data Link Physical Physical Physical PROXY Application Proxies • Application layer functionality • every service needs its own proxy • No direct connections are allowed between networks • each new connection established by a proxy © MixofTix Developers Network July, 2006

  15. Application Proxies • Advantages • Very high security • Application layer screening • Disadvantages • Poor Performance • Limited application support • No connection failover © MixofTix Developers Network July, 2006

  16. Application Presentation Application Application Session Presentation Presentation Transport Session Session Network Transport Transport Network Network Data Link Data Link Data Link Physical Physical Physical INSPECTIONENGINE Dynamic state tables Stateful Inspection • Packet filter with enhanced features • Historical connection data (dynamic state tables) • Examines packets up to the application layer (vendor dependent) © MixofTix Developers Network July, 2006

  17. Stateful Inspection • Advantages • Transparency • Security • Performance • Scalability (add-on products) • Disadvantages • Limited application layer screening © MixofTix Developers Network July, 2006

  18. Multi-Layer Inspection • “A proxy-like stateful inspection” • Connection tracking (dynamic state tables) • Examines data up to the application layer with protocol agents • Every packet must either accepted directly by the rule base, be a part of a previously accepted connection, or be a part of the related connection © MixofTix Developers Network July, 2006

  19. Multi-Layer Inspection © MixofTix Developers Network July, 2006

  20. Firewall Functions • Access Control • Authorized connections are allowed • Unauthorized access to network resources are blocked • Part of Corporate Network Security Policy • Network Address Translation (NAT) • Enables administrators to use private IP addresses • Hides hosts and network architecture behind public IP addresses • Monitoring and logging • Network traffic load • Logging • for troubleshooting, for evidence, to track traffic volumes • Authentication • Authenticates users • Third party authentication software © MixofTix Developers Network July, 2006

  21. Hardware-based proprietary hardware proprietary software expensive to buy; no other uses for hardware usually fast – built on ASICs also smaller low cost, low performance HW-solutions depending on the solution no scalability limited support for different services Software-based standard hardware lower investment cost re-usability option standard operating system or dedicated hardened OS licensing enables scalability compatibility with other security solutions scalability can be achieved by external load balancing hardware or software more flexible to build support for different services Another Difference in Firewall Technologies © MixofTix Developers Network July, 2006

  22. Total Security Architecture © MixofTix Developers Network July, 2006

  23. R & D Human Resources Network-based Intrusion Detection Authentication Server CA Server Content Scanning Host-based Intrusion Detection Network Servers Back-End/Internal Network Back-End Application & Database Servers Web Information DMZ Web Transaction Internet © MixofTix Developers Network July, 2006

  24. R & D Authentication Server HA - CA Server CA Server HA Authentication Server Internet Traditional VPN Connection Connection Providers Scalable HA/LB Network Servers Network Servers Back-End/Internal Network Human Resources Scalable HA - Back-End Application & Database Servers Back-End Application & Database Servers Scalable HA/LB Intrusion Detection Intrusion Detection Scalable HA/LB Web Information Web Information DMZ Web Transaction Scalable HA/LB Web Transaction Scalable HA/LB Content Scanning Content Scanning © MixofTix Developers Network July, 2006

  25. R & D Authentication Server HA - CA Server CA Server HA Authentication Server Internet Multi-Link VPN Single Points of Failure Connection Providers Scalable HA/LB Network Servers Network Servers Back-End/Internal Network Human Resources Scalable HA - Back-End Application & Database Servers Back-End Application & Database Servers Scalable HA/LB Intrusion Detection Intrusion Detection Scalable HA/LB Web Information Web Information DMZ Web Transaction Scalable HA/LB Web Transaction Scalable HA/LB Content Scanning Content Scanning VPN Connections © MixofTix Developers Network July, 2006

  26. R & D Authentication Server HA - CA Server CA Server HA Authentication Server Internet Remote Client with Firewall Connection Providers Network Servers Scalable HA/LB Network Servers Back-End/Internal Network Human Resources Scalable HA - Back-End Application & Database Servers Back-End Application & Database Servers Scalable HA/LB Intrusion Detection Intrusion Detection Scalable HA/LB Web Information Web Information DMZ Web Transaction Scalable HA/LB Web Transaction Scalable HA/LB Content Scanning Content Scanning VPN Connections © MixofTix Developers Network July, 2006

  27. Functions of a VPN • VPNs facilitate the connection of LANs and clients (e.g. notebooks) via the Internet which is very low-priced and available worldwide. • By means of VPNs the corporate access via the Internet can be effected confidentially, independent of the selected media. © MixofTix Developers Network July, 2006

  28. Tunnelling Network A Network B © MixofTix Developers Network July, 2006

  29. Layer2 VPNs • Work on the OSI-layer 2 • Security layer (data-link layer) • Entire IP packets are „packed “ in the tunnel protocol • Tunnel the point-to-point protocol (PPP) • Use the functions of the PPP infrastructure • DHCP • User-oriented authentication • Compression • A layer-2 tunnel is a “virtual cable” • Can be set up across any IP structure • Supports multiple protocols © MixofTix Developers Network July, 2006

  30. StoneGate VPN • VPN gateway with StoneGate technology • DES, 3DES, AES (256), Blowfish, CAST • Managed through centralized management system • Includes firewall • IPSec compatible • Comes with SG VPN client (includes personal firewall) • Supported user authentication methods: • RADIUS, TACACS+ or LDAP(S) back-end protocols • Client certificates • Smart Cards (PKCS#11, PKCS#15, Microsoft CAPI) • USB tokens © MixofTix Developers Network July, 2006

  31. What is a CA • A Certification authority is responsible for providing and assigning the keys for encryption, decryption and authentication. • A CA can issue certificates to a computer, a user account or a service. © MixofTix Developers Network July, 2006

  32. Certificate Hierarchies Trust Trust Root CA Trust Subordinate CA Subordinate CA Subordinate CA © MixofTix Developers Network July, 2006

  33. Using Public Keys and Private Keys • A private key which is kept confidential • A public key which is freely given out to all potential correspondents © MixofTix Developers Network July, 2006

  34. Anti-Virus © MixofTix Developers Network July, 2006

  35. Anti Virus Features • Centralized Management • Automatic Daily Updates • Minimum Reaction time © MixofTix Developers Network July, 2006

  36. © MixofTix Developers Network July, 2006

  37. F-Secure • Easy-to-use solution for keeping customers rapidly and automatically protected against fast-spreading Internet-borne viruses and other malicious code • F-Secure Anti-Virus protects both site-based and mobile workers, ensuring system availability and data integrity every minute of every day, everywhere in the world. © MixofTix Developers Network July, 2006

  38. Comapre Databases © MixofTix Developers Network July, 2006

  39. Technical Comparison of:Oracle vs. SQL Server vs. MySQL © MixofTix Developers Network July, 2006

  40. PLATFORM AVAILABILITYOracle9i Oracle9i Database is available on a large selection of hardware and operating systems, scaling from low-end uni-processor servers to large symmetrical multiprocessor machines to multi-node clusters. Oracle9i Database supports all major Unix platforms, including Linux, Microsoft operating systems, and a variety of other systems, including OS/390 mainframes. With Oracle9i, users are able to upgrade hardware and operating systems without changing or rewriting their applications. © MixofTix Developers Network July, 2006

  41. PLATFORM AVAILABILITYSQL Server 2000 SQL Server 2000 only runs on Microsoft’s operating systems. Customers wishing to upgrade hardware are limited to platforms running these systems and must face the cost of converting their systems completely if they ever outgrow the capacity of their platform. © MixofTix Developers Network July, 2006

  42. PLATFORM AVAILABILITYMySQL MySQLDatabase is available on Linux & Microsoft operating systems, Solaris, Mac OS X . With MySQL, users are able to upgrade hardware and operating systems without changing or rewriting their applications. © MixofTix Developers Network July, 2006

  43. CONCURRENCY MODEL © MixofTix Developers Network July, 2006

  44. Comparison Chart © MixofTix Developers Network July, 2006

  45. SQL Server and MySQL limitations © MixofTix Developers Network July, 2006

  46. SQL Server and MySQL limitations © MixofTix Developers Network July, 2006

  47. Compare Development Platforms © MixofTix Developers Network July, 2006

  48. Comparison Charts © MixofTix Developers Network July, 2006

  49. Comparison Charts © MixofTix Developers Network July, 2006

  50. The same application was rebuilt by both Microsoft and Sun for an independent competition sponsored by a Company.   Below is a comparison of the results: © MixofTix Developers Network July, 2006

More Related