CST 311 Week 8 Journal Entry

-

Operational Security and Overall Class Reflection

This week, we learned about operational security. Two types of operational security methods were discussed: firewalls and intrusion detection systems. Firewalls help filter out packets passing from the Internet to an internal network. They are designed to prevent denial of service attacks and illegal modifications of internal data and only allow authorized access to a network. This can help keep the untrusted packets out of an internal network and let the trusted packets in. 

There are three types of firewalls. First, there is a firewall with stateless packet filtering. This firewall decides which packet to forward or drop based on information such as IP address, TCP/UDP port numbers, ICMP message types, and TCP SYN and ACK bits. The firewall can be set so that packets with given information can be evaluated based on rules, such as ACK =0, and can be blocked from entering the internal network. 

Second, there is a firewall with stateful packet filtering. In this firewall, the status of every TCP connection is tracked, and packets are dropped or forwarded based on certain information. It monitors information, such as the ACK, SYN, or FIN bit, and checks the TCP connection. Based on the information and TCP connection, packets are forwarded to the internal network or dropped as they could be a potential threat to the internal network. It also timeouts inactive connections at the firewall so that packets are no longer admitted. The restrictions of what is allowed or denied into an internal network are kept in an Access Control List (ACL). The ACL keeps a pair of actions and conditions for each incoming packet and determines which are allowed and which are denied. Both stateless and stateful packets filter the ACL. 

Lastly, we have application gateways. Application gateways are also known as proxy firewalls and filter packets on application data, such as fields such as IP, TCP, and UDP, which are data specific to the application layer. An example where application gateways are applied is with telnets. When applied to telnet, this application gateway requires all telnet users to telnet through it, is for authorized users only, and has a router that filters telnet connections not from the original gateway. This prevents unauthorized users from entering the internal network.

The second type of operational security is intrusion detection systems. These systems operate on TCP and IP headers to filter packets. They check the content of each packet against information such as a check string or known viruses. If multiple packets are being sent, ports and network mapping are checked, as is the potential for a denial-of-service attack. This system can be implemented at different locations, such as the connection between the firewall and an external server or between a firewall and an internal network. 

Overall, this was a great way to end the class. I enjoyed the deep dive into computer networks and the mathematics behind them. I have an interest in cybersecurity, so it was interesting to learn about computer networks' function at each layer and what can be done to increase security within those networks.
 

Comments

Post a Comment

Popular posts from this blog

CST 300 - Week 8

-
 Part 1: Review of other team's final video projects Final Video Project Review # 1: Otter This World The video project from Otter This World is about Genomics. They describe how genomics is important and what advances we have made in this area. The topic is well-covered, and the presentation is clear. They cover each section described at the beginning of the video and provide various videos that go along with those sections. The quality of the research and video project is well done. They provide definitions and statistics with references. The video has a lot of visuals and could have used some slides with text at the beginning of each section. The information is being provided via audio, and there should be some text to supplement it. Also, the General Public video cuts off at the end with no conclusion. The video is engaging and interesting. They made a nice choice of visuals for each section. Team work is evident as each person had a section they covered. Overall, the video is ...
Read more

CST 300 - Week 5

-
Image
Part 1: Support and Comments on Teammates' Goals Victoria's Comment Guillermo's Comment Part 2: Possible Capstone Ideas Some ideas for capstone that I have are in the area of education with a focus on classroom management and video game design.  My first idea is to create a seating chart generator app for teachers to use in their classrooms. As a teacher, creating a seating chart can be a challenge. Whether you have a challenging class or are just looking to mix seats up, this app will help create the perfect seating chart. The app will give the teacher a variety of options to create a seating chart: individual, partner, or grouping (3 or more). The teacher can create a seating chart or groupings based on current grade in class, on an assignment, IEP requirements, or behavioral issues.  My second idea is to create a school environment application or website. With technology in the classroom becoming more and more popular, students are having to manage their own apps, homewo...
Read more

CST 300 - Week 6

-
  Part 1: Capstone Ideas Discussion In our team meeting, we discussed our possible capstone ideas and gave feedback on the ones that stood out to use.  Luis presented a 2D platform game, a music app for tuning instruments, and a database management program. His idea for the 2D platform game is to gain experience with game development. The music app would help with tuning an instrument, and his database management would help him gain experience with building a database.   Guillermo presented a pantry storage app, a music translator app, and a weather app. His idea for the pantry storage app would allow the user to create a list of items that they need to buy at a store. It would allow the user to enter items manually if no barcode exists and allow you to share the list with other people in the household. The weather app would focus on air quality.  Victoria presented an all-in-one educational app, a food information app, a fitness app, and a bookworm social media...
Read more