ITNE455-1204A-01 U3GP3

Only available on StudyMode
  • Download(s): 22
  • Published: November 18, 2013
Read full document
Text Preview
Abstract
Security is embraced by the executive management staff at MJD Electronics. An important task for the Chief Security and Compliance Officer for MJD Electronics is to outline a plan that makes considerations for many of the important aspects of valid security architecture. This discussion presents more detailed information on many topics that should be included in a solid security architecture including border routers, demilitarized zones, proxy firewalls, access control lists and filters, fail-safe equipment, and more. Architecture Considerations for Perimeter Security

State-Based Filtering –
Most firewalls today utilize state-based filtering. This filtering is a mechanism in modern firewall technology that maintains a list of current, active connection states that traverse the firewall (AIU Online, 2012). When an application inside the firewall requests a connection to another application running outside the firewall, a connection state is created. The addresses of the two communicating applications are saved in a table, so that the firewall can allow all traffic between them through until the initial connection is terminated.

Without state-based connection monitoring and filtering, web pages would not display information as users would expect. This is because firewalls filter traffic using a combination of IP and port number. Web servers usually use port 80, but web based applications. Just as internet browsers, choose a random port number to listen on when a request is initiated. Without state-based filtering when the listening port number changes, the connection would be terminated and requested information would not be received. State-based or stateful filtering most significant advantage is that this technology allows the connection to stay open and active until the connection is terminated by the applications that requested the connection (Hinnerschietz, n.d.).

Another name for state-based firewalls is circuit level gateways. Rather than filtering on just individual packets, they monitor information outgoing to allow incoming information. As outgoing requests are made, these requests are logged to a table and checked against all incoming requests. Inbound traffic that is responding to an outgoing request is allowed through, if the initial connection request was logged to the table. The traffic is then allowed through the firewall to the destination user and application.

The disadvantage of using stateful filters in firewall technology is the potential of one more point of failure. One point of failure is in the table that holds the connection information. If the table grows too large and the firewall memory is not sufficient, an overflow error will occur. It is important to ensure enough memory for the firewall depending on the amount of traffic expected in terms of concurrent connections through the firewall (Wool, n.d.). Another issue that can arise is regarding the time out of connections. The connections are set to timeout if the traffic flow is idle for too long. This creates another potential issue or disadvantage, manual configuration in time-out settings. If the connection sits idle (as the user is most likely multi-tasking and paying attention to something else on the computer), the connection may be terminated, arguably 'prematurely', if the time-out is set too low (Wool, n.d.). Border Routers –

A border router is fairly self-describing. It is a router that sits on the border, or edge of the internal network. Border routers are necessary when there is a desire to communicate and pass communication to another autonomous system (AS). Another way of describing a border router is describing the function they perform. Border routers join, or connect an AS with another AS (Little, 1989). All routers communicating within an internal network or autonomous system are referred to as internal routers. Routers that join each of these networks or autonomous systems together can be considered a...
tracking img