DATABASE SYSTEMS AND THE WEB - Database Design and Development: An Essential Guide for IT Professionals

Database Reference

In-Depth Information

• Download confidential and sensitive data.

• Disrupt output devices.

• Lock up resources and render them unavailable to authorized users.

• Shut down the system totally.

Information Exchange Challenges Security protection must ensure that

sending and receiving information over the Internet conform to the following

safeguards:

• Information specifically transmitted from one person to another is not avail-

able to anyone else.

• Information is not modified in transmission.

• The receiver of information is sure that it actually came from the sender as

identified.

• The sender is sure that the receiver is authentic.

• The sender is unable to deny that he or she sent the information.

Firewalls, Wrappers, and Proxies

This is a set of defense mechanisms to protect data that are vulnerable over the

Internet. Let us briefly survey these.

Firewall A firewall may be implemented with software, hardware, or both. It is

meant to prevent unauthorized access to a private network. Most commonly, a fire-

wall is used for protecting an organization's intranet from the Internet by keeping

unauthorized users outside. All messages from outside the intranet are intercepted

and checked.

Figure 19-12 illustrates the placement of firewall in conjunction with an intranet.

Note how users are grouped within and outside the firewall.

Let us discuss how firewalls provide protection.

An IP Packet This is the basic unit for moving information across a TCP/IP

network. All information exchange consists of a set of IP packets. The address

components in each packet that ensure proper delivery are destination IP address,

protocol, destination port number, source IP address, and source port number.

A Network Session A session may be thought of as comprising a set of IP packets

sent between the initiation and completion of a request. Therefore, a set of IP

packets with the same address information represents a session. A given network

application may extend to several sessions to perform its service.

Standard Firewall Services

Three major services are usually provided:

Access control. Using information filtered about an IP packet or a network session

and matching it against the security policy of the organization, the firewall decides

to let the packet pass or deny passage.

Search WWH ::

Custom Search

Home