Changes

IT Infrastructure Security

142 bytes added, 19:57, 27 October 2016

m

Text replacement - "<table border="0" cellspacing="0">" to "<table border="0" cellspacing="0" width="100%">"

<hr>

<htmlet>securityplus</htmlet>

IT security is a multi-discipline subject requiring a number of different skills sets and knowledge areas. A key area of knowledge which is vital for any security specialist is a clear understanding of IT infrastructure and how it relates to the creation of a comprehensive security strategy.

== Proxy Service Firewalls ==

<~~google~~htmlet>~~ADSDAQBOX_FLOW~~adsdaqbox_flow</~~google~~htmlet>

A proxy service firewall is placed between the internet and an internal network of computers and acts as a go-between for the two environments. With a proxy service in place, internal client computers do not connect directly to outside resources. Instead they connect to the proxy server which in turn connects with the external resource on behalf of the client, thereby masking the internal IP address of the client. Any responses from the external resources are handled by the proxy service which passes them along to the client that originally requested the data.

== Virtual Private Networks (VPN) ==

A virtual private network is a mechanism by which secure remote access is provided between a client and server over a public network (typically the internet). A number of methods can be used to deploy VPN connections and these were covered in detail in the chapter entitled [[~~Understanding~~ Security+ - An Overview of Communications Security|An Overview of Communications Security]]. VPNs use the concept of encryption to prevent confidential information falling into the wrong hands. Encryption either involves encrypting the data contained in IP packets and sending them to the destination where the data is decrypted, or encrypting the entire packet, wrapping it in another packets and sending that to the destination ( a concept known as ''tunneling'') thereby concealing the identity of the sending and receiving parties.

== Intrusion Detection Systems (IDSs) ==

The SNMP agent runs on network devices and transmits data to the management station. SNMP version 1 was considered insecure but later versions (2 and 3) have introduction greater levels of authentication (version 2, for example uses MD5 for authentication).

<htmlet>securityplus</htmlet>

<htmlet>ezoicbottom</htmlet>

<hr>