Design And Implementation Of Multi Tier Firewalls

Design And Implementation Of Multi Tier Firewalls The Concept of my IS is to protect and secure our private Servers from the public Network and also from the other internal private network. Proposing virtual interfaces on the firewall and these interfaces are assigned in different ZONES termed as DMZs. Creating greater number of VLANs within a Zone will secure the Servers from compromising due to the other compromised server. By distributing in multiple subnets we can have more secure architecture i.e. like the outer most subnets are proposed as DMZs. Middle subnets should be served as transaction subnets where the system needs to support complex web applications placed in the DMZs, now the third or back-end subnet would be the private network that is trusted network. Keywords: ACL, VLANs, WAN, LAN, DMZ, CTL, ATM, SMS INTRODUCTION It is really important to understand the security needs of any financial organization. Firewall plays a very important role in network security. Firewalls are deployed to defend the network. They are usually placed on first and second line of defense. By deploying a firewall in a network we can restrict the traffic that is entering in the network and also traversing through different zones. But all these things depend upon the proper design and the placement of firewall in a network. In Three-tier deployment architecture is the deployment of multiple subnet between the private network and the internet separated by firewall. Each subsequent has more specific filtering rules to restrict the traffic only from the trusted sources. Generally in old trends firewalls were deployed in two Tier firewall architecture in which the private network is secure from the public network by defining the two separate interfaces but here I am proposing Firewall architecture in a Multiple Tier architecture manner. Now a days Applications are created in form of modules that generally resides on different machines or servers and are structured or you can say housed in different groups so as to secure and maintain segregations. Like if security is breached on one module it wont harm the other one. In other words if a Server is compromised other may possible be safe. The outer most subnets are proposed as DMZs. Middle subnets should be served as transaction subnets where the system needs to support complex web applications placed in the DMZs, now the third or back-end subnet would be the private network that is trusted network. This architecture is most secure but however it is also the most complex to design and implement. Like the Database Server that contains clients account details is more sensitive and require more protection and security than the Web servers that is used for the Front-end. The Concept of my Independent Study is to protect and secure our private traffic from the public Network. This can be done by creating different subnets and restrict them according to the needs. For creating different subnets we require different interfaces physically or virtually on the firewall device. If you use physical interfaces for the devices it limits to the number of ports available on the devices. As general we usually dont have that much physical interface available on the device as we require so I would propose to create virtual interfaces on the firewall. Now these interfaces are assigned in different ZONES termed as DMZs. This limitation can be overcome by creating different Virtual interfaces on that device and assigned them in appropriate zones. So that as more number of VLANs are created more security can be achieved by assigning different Servers in different VLANs. Defining Firewall The purpose of firewall is to monitor, examine and control the network traffic to protect the Network devices and system that are critical for any financial organization. Firewall first lookup the policies for the traffic passing through it and drops the packets that dont meet the policy statements. Firewall provides filtering of unwanted/ non legitimate traffic from the outside world as well as from the inside network also. Firewalls are designed to block illegal unauthorized access and it only allows the traffic that is permitted in the policy defined. Transmission of each packet is checked first, firewall contains some rules/ policies in it and each rule has some action against it either permit or deny. Firewalls are available in both hardware and software form. The basic purpose of firewall is to protect our private network from internet and unauthorized access and to protect our private network. Two-Tier Three-Tier Or multiple tier The idea of providing this tier base architecture is to secure multi-tier application environment. There is no specific definition of two-tier or three-tier firewall. They came from different ideas like the term tier refers to the number of interfaces available on the firewall. A two-tier firewall contains two interfaces each assigned to a different zone like: Inside/ Private network/ Trusted Outside/ Un-trusted network A three-tier firewall generally having three zones like: Inside/ Private network/ Trusted Outside/ Untrusted network A DMZ (Demilitarized zone) Use the DMZ zone to host the servers that needs to be accessed from the outside world. It plays a vital role for any organization in which a lot of business services depends on the internet. Like e-commerce based services and also a lot of Banks are giving Internet banking facilities to their customer these days and by implementing such kind of architecture and adopting such recommendations in our network we can improve the availability and security. Email servers, web servers and DNS servers are some of the servers that needs to be accessed publically from the outside network so they needs some extra security and protection. Now lets see the other usage of tier based architecture. Here tier does not mean the interfaces a firewall have but the layers of firewall you provide. In such kind of deployment a firewall is needed at each tier. Like one firewall for outside public network, one for the DMZ and one for you private network. Multi tier applications over view Now a days applications are designed in multiple logical tiers, software engineers has segregated the major functional areas into logical groupings that can be design, implemented and run independently of each other. Like if we take an example of a web-based application following tiers may possibly present there. Presentation Middleware Data 4.1 Presentation This tier directly interacts with the users that are coming from the internet. This tier is closest to internet. Such kind of publically accessed services are generally implemented using web, DNS and email servers. The purpose of these servers is to present the application in front of user. This tier handles the interaction between users coming from public network and back-end components. 4.2 Middleware In this tier such components are placed that performs business logic of the application in response to the queries requested by the servers hosted in presentation layer on behalf of internet users. 4.3 Data In Data Tier core servers such as database servers, directory servers that contain confidential database are placed. This tier contains most confidential data of bank like account information of users and customer record. The workflow of a web-based multi-tier application can be like this. Users from the internet generate a request to web server via web browser. The request is then processed by web server and being sent to middleware tire. Then the middleware component interacts with the database servers for the requested query. After processing the query the request is being responded to the web server then the web server relays the result to the internet user directly. By using this methodology there is no such direct communication between the public user and the core database servers. Explaing firewall deployment using single subnet After segregating the segments into groups it help us to analyze the risk and exposure of the devices over public network that how we restrict the direct interaction of critical servers from the internet users. The acceptable amount of risk on each of the server vary from case to case so there are reasons behind to create different kind of zones and VLANs and put these servers in the relevant zones and VLANs and which security level is needed by each server. An example of Internet banking application that works on different servers. Different types of servers are playing different roles in the overall workflow of this application. The server that is playing the role of FRONT-end server doesnt require such strict level of security policy as compare to the server on which customer account information exist(Core Database server). But in single subnet methodology all the servers are place behind the firewall and same security level is provided to each server either web server or banks database server. They all will be equally protected from the threats both from internet users and from the locally compromised server. Explaing single firewall deployment with multiple SUBNETS Deploying firewall in such manner that using physical and virtual interfaces of the firewall to create different subnets. Segregate the network into particular logical tiers create different subnet and inside each subnet each tier will provide more strict level of security than using single subnet. In this type of deployment the outer most tiers (presentation tier) only interacts with middle one (middleware Tier) and middleware tier only interacts with inner most tier (data tier) only. Proposing Solution to a Financial Organization In the proposed design the internet facing routers are serving as perimeter routers and acting as first line of defense. Routers are working in High availability mode. After that two firewalls performing second line of defense to the Servers, these firewall contains all the Zones and VLANs on it. Rules will be created here. Application flow control will be handling at this level. Both of the Firewalls are working in a high availability mode providing backup to each other. In case of physical interface or logical interface failure or the whole device failure network will be run smoothly. These Firewalls are then connected to Layer two switches using gigabit interfaces. Servers will be terminating on the same switches or if needed on other switches. Layer two trunks will be created between the switches as well in order to cater the case of device or interface failure. Spanning tree would be configured on the switches in order to avoid loop between the switches and provide contingency. The basic theme is to create different zones according to the relevant security levels. Following zones should be created on the firewall. Internet Access Zone Public Access Zone Trusted Sever Zone Business Access Zone 7.1 Internet Access Zone The router on which internet link is terminating should be assigned in this zone. Strict rulebase /policies would be implemented. 7.2 Public Access Zone The VLANs that need to be accessed from the internet by any mean would be assigned in this Zone. Different VLANs are created in this zone. Like Internet Banking Front end server, and Email servers. 7.3 Trusted Sever Zone Core Business Application and other critical financial Applications VLANs are assigned in this zone. These servers are critical servers and very strict policies would be implemented for these servers. Only legitimate traffic would be permitted between the zones and within the zones between the VLANs. Following are some example of VLANs that would be created in this zone. Core Business Application VLAN, Internet banking DB VLAN, ATM PHEONIX VLAN, CTL VLAN 7.4 Business Access Zone These are the extranets or you can say external connectivity between the Bank and the other corporate entities. Like NADRA, UFONE This zone is used to host the servers for the following VLANs like i.e. NADRA, SWIFT VLAN, UFONE VLAN, SMS VLAN, 1-Link VLAN, Central Banking servers. Explaining Traffic Flow between different zones / within the zones between the VLANs Internet banking application is design to work in multi tier architecture. Clients coming from the internet will first hit the front-end servers which are publically available, thats why these servers are placed in Public Access Zone. Then restricted policies are implemented between Public Access Zone and Transition Server Zone. Only these servers can send request for communication to Transition Server zones VLANs. Then only these servers will communicate with the Trusted Zones VLANs. Only these transition application servers will communicate with Banks Core Database Servers. This model is beneficial for the bank so as to secure Banks critical servers. There is no direct communication between outside network like internet users and core business servers. conclusion For any financial organization Security is an indispensable concern. Core Business servers needs to protected not just from the Outside public world but also from the Inside entities. For this a proper Network design should be implemented in which the placement and role of the firewall is very important. The Solution proposed in this independent study is how the applications that are working in multiple tiers can be secured properly and by segregating each type of application in separate zone you can restrict the non legitimate traffic from the other zone and also within the zone by creating different types of VLANs, this restrict the intra zone unwanted traffic. By using this methodology traffic flow can be control much more tightly without the need of creating as number of zones as equal to number of VLANs. This tightly controlled traffic flow will restrict the interaction between each tier. In short this methodology will restrict inter-zone traffic and inter-zone traffic as well. Any traffic like intra-zone or inter-zone should be first lookup in the access control policy if it exists then communication will occur else the packets would be just dropped. The Caveat of using this methodology can be bottleneck occurrence due to traffic load between the zones and within the zones, every traffic should be passed first through firewall but to overcome this issue deploy the firewall and switch in a manner using gigabit interface trunks between them and also calculate the inter-zone and intra-zone traffic by traffic analyzers and if needed built bundles between Firewall and Switches. And moving in such manner will help us to protect our network and not to compromise on security. Lastly I would say that this Independent Study provides recommendations and secure model and cost effective solution for Multi-Tier environments.

Tv And Violence :: essays research papers

Violence on Television We hear a great deal about violence on television these days. Nearly everywhere you turn there is something being written about it, or a program dealing with the issue of it, or a news story about a child somewhere who was influenced by it to do something harmful. The subject permeates our collective consciousness. Maybe this is due to the ever-increasing number of gangs in our urban centers. Maybe it's due to the ever-increasing crime rate that we hear about almost nightly on the news. Whatever the reasons behind its being such a concern, the fact remains that violence on television is a very real problem that is quite definitely a contributing factor to increasing violence among children and, yes, even among adults. Cartoon violence has been around as long as cartoons have - and that's a long time. The first animated Disney cartoons featured a rabbit named Oswald back in 1928 and the cartoon industry grew from there. So for seventy years now we've been treated to the antics of various characters, either through the opening Looney Tunes at the movies or the five hours of Saturday morning cartoons that were a ritual with us all growing up. There was Tweety Bird always getting the best of Sylvester the Cat, Bugs Bunny always outsmarting Elmer Fudd and Daffy Duck, Foghorn Leghorn constantly getting bruised by the awkward antics of his little chicks, Yosemite Sam getting his head blown off at least once a week and of course, the memorable Wyle E. Coyote who never, in all his forty-odd years of pursuing the Roadrunner ever bought anything from the Acme Co. that ever worked right (Siano, 20). They were truly funny and, in some respects, cathartic for us and it is this writer's opinion that cartoon violence is quite probably the least of our worries as far as what is corrupting the minds of our children today. We grew up on it and there is not one single documented case of a violent criminal who ever claimed that he ended up the way he did because he ingested a steady diet of Roadrunner episodes. Let's get serious. Most of these violent criminal types weren't home with the family watching Saturday morning cartoons when they grew up. They were out tying cats' tails together and throwing them over somebody's clothesline so they could watch them kill each other. Or they were torturing the neighbor's new puppy while Mom was at work, Dad was non-existent, and all 3 or 4 or 5 kids were left to raise themselves. Or they were busy learning violence first-hand from their alcoholic father whose chief mission in life seemed to be

Progressive era Essay

The Progressive Era was a period of social and political reformation that flourished under the leadership of President Woodrow Wilson. When the United States entered World War 1 on April 6, 1917, the whole nation was united under a moral cause. However, the war quickly busied Americans creating no time for Progressive movements and the events following the war put an end to the Era all together. During the beginning of the war, Wilson’s foreign policy was to remain on a neutral tide. With his reelection, he even won against Charles Hughes under his slogan, â€Å"He kept us out of war†, that persuaded Americans that choosing Hughes would lead them into direct contact with the war. Americans united under this foreign policy trying to stay out of European affairs under the philosophy of isolationism. When Germany’s unauthorized submarines caused for the sinking of the RMS Lusitania and their efforts chose to continue unrestricted submarine warfare the United States was infuriated. This is one factor that kept the United States busy with working to remain excluded from war. However, President Wilson addressed to Congress and declared he wanted â€Å"to make the world safe for democracy†, leading America into World War 1, under this moral cause. (Doc 2) Now that the United States was in the war, Americans started to become less concerned with social reforms and busier working, supporting, and fighting the war together. Women, for one, took over the jobs of all the men who went out to war, and worked to supply the belligerents, keeping women very busy. The United States Food Administration, under Herbert Hoover, promoted rationing of food through â€Å"Meatless Mondays† and â€Å"Wheatless Wednesdays†. This helped to conserve food and save for those fighting overseas. (Doc 6) Trench warfare was how most of World War 1 was fought and living in these trenches was rather a tough condition. This ensured that supporting and working hard together in America for our men was required to aid their health and capability of being able to fight effectively. (Doc 3) The war ended with a high number of casualties for America. Many of these casualties resulted from the influenza epidemic that attacked the world’s population and battle fights, such as those that occurred highly within the use of trenches. (Doc 3) This high death effected lives of Americans and their families, keeping them from being motivated to continue the Progressive movement. The Treaty of Versailles created at the Paris Peace Conference in 1919, put an end to World War 1, but did so with a lot of problems. President Wilson, as devised in his 14 Point Peace Plan called for a creation of a League of Nations, an international peace organization. This organization caused for a split in American views. The United States, as a majority, voted not to join, as it took away the power of Congress to declare war and would ruin America’s self-determination. (Doc 9) This split in decision effected formally agreeing and creating more social reforms. The Progressive Era ended with World War 1, as many Americans were too busy with a plethora of events to help the United States fight the war. When the United States entered the war, they were morally united under a new crusade. However, they had to put their further ideas of reformations on hold as the war demanded serious attention to be fought effectively. The further Americans became deeply involved into the war, the further attention was dragged away from the progressive movement. Even after the war was over, Americans were still busy caught up in dealing with the aftermath and the approach of another worldwide outbreak.

The Theory Of The Classical School - 1694 Words

The classical school is one of the economic thoughts; the key assumption of this school is that the market system is the most efficient system in the sense that the unencumbered market mechanism ensures the optimal allocation and utilisation of scarce resources. They also believed that â€Å"Supply creates its own demand.† (The early debate on policy atavism) In other words, in the process of producing output, businesses would also create enough income to ensure that all of the output will be sold. Another assumption is that the market system automatically restores economic equilibrium from any temporary shock, meaning government intervention is unnecessary. The second school of thought is the Keynesian school; the key assumptions of this†¦show more content†¦This has in turn causes the wage rate to fall and employment to increase; as a result from q1 to q2. â€Å"Any unemployment in the economy would be purely voluntary unemployment†.(classical theories of eco nomics) As the classical economist accepted Say’s law, they assumed there was nothing to stop the economy from rising to full employment. Providing job seekers were prepared to work for a wage that was no more than their productivity, businesses who are profit seeking would want to hire everyone who wants a job, ensuring that this level of output also reflects the full potential output of the economy and â€Å"thus guarantees the full employment† (lecture 4) because â€Å"supply creates its own demand† It is evident that classical economist had â€Å"complete faith in markets†.(classical theories of economics) In the short run any rise in aggregate demand will lead to an increase in output (q1 to q2) but it will also lead to prices increasing. This is will happen as firms suffer from diminishing returns and are required to increase the prices of their products to cover the high level of costs. The increase in aggregate demand may come about for many reasons such as increases in the money supply, the lowering of the taxation levels and finally the increasing of government expenditure. On the other hand in the long run, the situation will differ as the economy will move towards full employment by its self, and so anyShow MoreRelatedClassical School Theory568 Words   |  2 PagesThis paper is on the Classical School theory that emerged in the eighteenth century; two writes of this period were Cesare Beccaria and Jeremy Bentham. Among the major ideas that descend from this theory are the concepts of humans as free-willed, rational beings, utilitarianism (the greatest good for the greatest number), civil rights and due process of law, rules of evidence and testimony, determinate sentencing, and deterrence. The writes during this period examined not only human nature butRead MoreTheories of management under the classical school1365 Words   |  6 Pages Classical school of management This school flourished from the late 1800s through the 1920s and is associated with the Industrial Revolution. This is the time when society moved from agrarian to industrial. Management, though the word was not then used in the sense that we use now, was all about increasing production and improving productivity among workers. Among the first to study what would one day come to be known as management was philosopher Mary Parker Follett. After graduating fromRead MoreRoutine Activities Theory : The Classical School Of Criminological Theory1354 Words   |  6 PagesRoutine activities theory or RAT was originally proposed by the classical school of criminological theory. Classical school theorists believe that humans are rational individuals who make decisions based on their own free will. In short, humans oftentimes make decisions after taking into consideration the risk versus reward associated with the behavior. Essentially, routine activities theory draws from Amos Hawley’s (1950) theory of human ecology. This theory explores the terrestrial aspects of humanRead MoreCriminal Justice System: Classical School Theory1481 Words   |  6 PagesIn this paper I will discuss a major theory that has helped shape our criminal justice system today and how it came about. There are multiple major theories that made the criminal justice system what it is today, but I will only be discussing one theory and the theory that I will be covering in this paper is the classical school theory. I chose this theory because I believe that people have a choice to decide what they do. That also plays a part in the criminal activities that they participateRead MoreBiological and Classical School1265 Words   |  6 PagesIntroduction The Classical School of criminology emerged during the eighteenth century after the European Enlightenment period. It was during this time that law enforcement and laws were disparate and unjust and punishment was brutal. Members of the Classical School would demand justice that based on equality and human punishment that was appropriate for the offense. According to Williams and McShane 2009, the Classical School was uninterested in studying the criminal per se; it gained its associationRead MoreThe Classical School And The Neoclassic1702 Words   |  7 PagesToday s Economy as it relates to Classical and Neoclassical Thought Economic thoughts and theories are constantly evolving. One reason being is the growth and evolution of humans and systems. This constant change often brings about greater economics challenges. Thus, we can strongly contend to the fact that the state of today’s economic isn’t as found in the 18th or 19th and so on. Moreover, economic theorists presented with these robust economic challenges often time build up on each other. ThatRead MoreThe Classical School Of Criminology935 Words   |  4 Pagesmajor principles of the Classical School of Criminology? The major principles in the Classical School of Criminology are that humans are rational and that our behavior comes from free will, and our human behavior is derived from pain and pleasure. To deter criminal’s punishment is necessary, which may set an example for others. As well as crime prevention should be implemented with quick regulated punishment for violations of the law. What were some forerunners of classical thought in criminologyRead MoreThe Classical School And The Positivist School881 Words   |  4 Pagestwo schools of criminology, which respectively are the classical school and the positivist school. I will begin by comparing and contrasting the historical background of both schools using the founders of each school. I will then continue the paper by comparing their assumptions, their findings and their key policy implications. I will do this by explaining each school’s purpose and goal. I will then argue and explain how the classical school is respectively stronger than the positivist school forRead MoreNew Classical Macroeconomics And Macroeconomics Essay1555 Words   |  7 PagesIntroduction New classical Macroeconomics is an important school of macroeconomics development since 1970s. New Classical Macroeconomics is originally evolved from the school of Rational Expectations and monetarism. New classical Macroeconomics is also referred to the Macroeconomics of the rational expectations, or equilibrium method for Macroeconomics. New classical Macroeconomics abides by traditions of the classical economics and believes in the effectiveness of market forces. New classical MacroeconomicsRead MoreThe Classical School Of Thought889 Words   |  4 Pageswill. The idea of rational choice led to the development of the Classical school of thought, which sought to deter and prevent crime by making the fear of punishment worse than the gratification attained from crime. However, while free will and rational choice sought to explain criminality, other theorists began to consider that some individuals are biologically predisposed to criminal behavior. The development of the Classical School of thought in Criminology was a direct result of the Enlightenment