Upload
meredith-gaines
View
212
Download
0
Embed Size (px)
Citation preview
Class 6 AgendaClass 6 Agenda
Midterm ReviewMidterm Review– QuestionsQuestions– Toyota CaseToyota Case
Computer Security BasicsComputer Security Basics– Identification & AuthenticationIdentification & Authentication– SSL encryption and Internet securitySSL encryption and Internet security– Network SecurityNetwork Security
Text Chapter : Strategy & TechnologyText Chapter : Strategy & Technology
Computer Security BasicsComputer Security Basics
Access ControlAccess Control– IdentificationIdentification– AuthenticationAuthentication– Permissions/AccessPermissions/Access
IssuesIssues Role-based accessRole-based access ““Row-level” accessRow-level” access
MechanismsMechanisms DirectoriesDirectories Groups, attributesGroups, attributes LogsLogs
EncryptionEncryption
““Encrypt” vs “encode”Encrypt” vs “encode” Asymmetric keysAsymmetric keys Public / private keysPublic / private keys Digital CertificatesDigital Certificates SSL / HTTPSSSL / HTTPS Secured TransactionsSecured Transactions
PKI ProcessPKI Process
PKI Service
PKIClient
Send Public key
Return encoded symmetric key
Send login req using sym key
Conduct work
Time’s up! Send new sym key info
Network Security BasicsNetwork Security Basics
Single sign-onSingle sign-on– Trusted machine modelTrusted machine model– TokensTokens
FirewallsFirewalls– Routers as firewallsRouters as firewalls– True firewallsTrue firewalls
““Castles and Roads”Castles and Roads” Virtual Private NetworkVirtual Private Network DMZ DMZ
– 2-router model2-router model
Single Sign-onSingle Sign-on
SecurityServer
ApplicationServer
User/Client
12 3
4
5 1: Login to SS
2: Get token
3: login to AS
(pass token)
4: AS chk’s token
5: SS ok’s token
Router / Firewall Router / Firewall
FirewallRouter
AcceptList
/Exclude
list
From: 12.3.4.68
To: 136.167.2.34
Type: Telnet
From: 136.167.2.34To: 12.3.4.68Type: Telnet
Routed Network DesignRouted Network Design
Router136.167.2
I-net router136.167
Client LAN Client LAN
Router136.167.10
Campus Backbone
DMZ ModelDMZ Model
Internet router
(to/from DMZ only)
Internal Services External Services
DMZ
Intranet router
(to/fromDMZ only)
VPN / Remote AccessVPN / Remote Access
GoalsGoals– PrivacyPrivacy– IP address domainsIP address domains
VPN MechanismVPN Mechanism– Proxy serverProxy server– ““Tunneling”Tunneling”
VPN ProblemsVPN Problems– Encryption performanceEncryption performance
VPNVPN
RouterEnabling local traffic
Server
Campus Backbone
Server
Local IP session
Encrypted remote session
Server
VPN Server
Internet
Text: Strategy & Technology Text: Strategy & Technology
““IT doesn’t matter!” Comments?IT doesn’t matter!” Comments? What makes sustainable What makes sustainable
advantage?advantage? What technical aspects (ref class 1) What technical aspects (ref class 1)
effect sustainable advantage? effect sustainable advantage? How important is the “portal” How important is the “portal”
factor?factor?
WednesdayWednesday
Computer Center TourComputer Center Tour– Meet at 197 Foster St @ 6:30Meet at 197 Foster St @ 6:30
Tech Brief: Collaboration BasicsTech Brief: Collaboration Basics
Text Chapter: Peer ProductionText Chapter: Peer Production
Project Planning time Project Planning time – (Outline due to me by COB Friday)(Outline due to me by COB Friday)