ITNE455-1204A-01 U3GP3
Abstract
Security is embraced by the executive management staff at MJD Electronics. An important task for the Chief Security and Compliance Officer for MJD Electronics is to outline a plan that makes considerations for many of the important aspects of valid security architecture. This discussion presents more detailed information on many topics that should be included in a solid security architecture including border routers, demilitarized zones, proxy firewalls, access control lists and filters, fail-safe equipment, and more.
Architecture Considerations for Perimeter Security
State-Based Filtering – Most firewalls today utilize state-based filtering. This filtering is a mechanism in modern firewall technology that maintains a list of current, active connection states that traverse the firewall (AIU Online, 2012). When an application inside the firewall requests a connection to another application running outside the firewall, a connection state is created. The addresses of the two communicating applications are saved in a table, so that the firewall can allow all traffic between them through until the initial connection is terminated. Without state-based connection monitoring and filtering, web pages would not display information as users would expect. This is because firewalls filter traffic using a combination of IP and port number. Web servers usually use port 80, but web based applications. Just as internet browsers, choose a random port number to listen on when a request is initiated. Without state-based filtering when the listening port number changes, the connection would be terminated and requested information would not be received. State-based or stateful filtering most significant advantage is that this technology allows the connection to stay open and active until the connection is terminated by the applications that requested the connection (Hinnerschietz, n.d.). Another name for state-based firewalls is circuit level gateways. Rather than
Security is embraced by the executive management staff at MJD Electronics. An important task for the Chief Security and Compliance Officer for MJD Electronics is to outline a plan that makes considerations for many of the important aspects of valid security architecture. This discussion presents more detailed information on many topics that should be included in a solid security architecture including border routers, demilitarized zones, proxy firewalls, access control lists and filters, fail-safe equipment, and more.
Architecture Considerations for Perimeter Security
State-Based Filtering – Most firewalls today utilize state-based filtering. This filtering is a mechanism in modern firewall technology that maintains a list of current, active connection states that traverse the firewall (AIU Online, 2012). When an application inside the firewall requests a connection to another application running outside the firewall, a connection state is created. The addresses of the two communicating applications are saved in a table, so that the firewall can allow all traffic between them through until the initial connection is terminated. Without state-based connection monitoring and filtering, web pages would not display information as users would expect. This is because firewalls filter traffic using a combination of IP and port number. Web servers usually use port 80, but web based applications. Just as internet browsers, choose a random port number to listen on when a request is initiated. Without state-based filtering when the listening port number changes, the connection would be terminated and requested information would not be received. State-based or stateful filtering most significant advantage is that this technology allows the connection to stay open and active until the connection is terminated by the applications that requested the connection (Hinnerschietz, n.d.). Another name for state-based firewalls is circuit level gateways. Rather than
References: Adams, Karen, (2012). Types of Intrusion Prevention Systems. Retrieved September 6, 2012 from http://www.ehow.com/info_8039841_types-intrusion-prevention-systems.html AIU Online Beasley, J. (2009). Networking (2nd ed.). Boston: Pearson Education, Inc. The Benefits of Router-Integrated Session Border Control (2012) Retrieved from http://www.juniper.net/us/en/local/pdf/whitepapers/2000311-en.pdf Bradley, Tony, (2012) Bradley, Tony, (2012). Introduction to Intrusion Detections Systems (IDS). Retrieved September 5, 2012 from http://netsecurity.about.com/cs/hackertools/a/aa030504.htm Carter, Earl, (February 15, 2002) Little, M. (1989, October). Goals and Functional Requirements for Inter-Autonomous System Routing: RFC 1126. Retrieved from http://tools.ietf.org/html/rfc1126 Mansfield, K