Technology & Design Issues Surrounding Information Security - Week 8

Weekly reflection
In your blog, answer the following questions. You may need to conduct some research to answer these questions adequately.


1.Which architecture for deploying a firewall is most commonly used in businesses today? Why?


Although literally hundreds of variations exist, there are four common architectural
implementations of firewalls, they are; Packet filtering routers, Screened host firewalls, Dual-homed host firewalls and Screened subnet firewalls


The most commonly used in business today is Screened Subnet Firewalls. Wikipedia states that "in network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall. It can be used to separate components of the firewall onto separate systems, thereby achieving greater throughput and flexibility, although at some cost to simplicity. As each component system of the screened subnet firewall needs to implement only a specific task, each system is less complex to configure". It is the most coomonly used because it is an entire network segment that performs two functions:
· It protects the DMZ systems and information from outside threats by providing a
network of intermediate security and It protects the internal networks by limiting how external connections can gain access to internal systems.
DMZs can also create extranets, segments of the DMZ where additional authentication
and authorization controls are put into place to provide services that are not available
to the general public.



2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
The reasons include:
Cost benefits: IP VPNs will always be less costly to run than Frame Relay for sites in different cities. There's no need to pay for data between offices or teleworkers at per MB rates.
Simplified management: you'll receive one point of contact for your VPN, rather than having to deal with a phone carrier for the transport and a separate ISP or division for IP data.
Improved security: there is no longer a need to run confidential data across the Internet. An AlwaysONLINE VPN is built on a separate network, removing the need to punch holes in firewalls or make exceptions to IT security policies.
Separate your Internet access from your inter-office connections: we provide the option of connecting your VPN to the Internet. This access can be placed in front of a firewall reducing the points of interconnect between your network and the Internet.
(http://www.alwaysonline.net.au/vpn/advantage.html)



3.Will biometrics involve encryption? How are biometric technologies dependent on the use of cryptography?

Yes biometrics will involve incription. Biometrics is the term given to the process of using body measurements, such as fingerprints, palm prints, iris pattern and facial recognition. Biometric technologies are dependant on the use of cryptography because most of the technologies that scan human characteristics convert these images to some form of minutiae, which are unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created.