Encryption and Security
By: Jessica • Research Paper • 2,508 Words • January 29, 2010 • 832 Views
Join now to read essay Encryption and Security
Encryption and Security
NTC410
By: John Anderson
Security is a constant issue in the information technology industry today. It has always been an issue, but in light of events such as 9/11 and corporate scandals such as Enron, people have begun to take it much more seriously. There are several different types of security out there, but there are new threats to that security every day.
File security refers to permissions that can be set on a user or group basis for individual files and folders. The general permissions that can be set on a file or folder level within Windows are read, write, list folder contents, read and execute, modify, and full control. These rights can be much more granular if you use the advanced settings to set them. By configuring file permissions you can limit the access that users have to those files or folders. File and folder permissions can also be set through the share permissions on a network. The permissions that can be set on a share are read, change, and full control. This is not as granular as local file security, but you can combine the two together to make security even tighter.
The following is an example of how file security can be used. Assume that you get a call from Patrick, your Accounting department manager. Patrick has been working on several spreadsheets that are stored on a server in your domain, and is concerned that employees who should not access these files may be able to open and edit the files. The files are in a folder named D:Clients on the server, and the folder is shared as Clients. The share permissions on the Clients share for Domain Users members are set to Full Control. Patrick wants to allow the members of the Accountants group to edit the files and add new files, and the members of the Sales group to be able to read the files but not edit them. Patrick should be the only person who can make any changes to the permissions, and no one else should have any access to the files. By configuring the correct share level security on this folder, Patrick can give the Accountants group and the Sales group the necessary access to these files and not have to worry about someone having too much access again.
A firewall is a barrier to keep destructive forces away from your property. In fact, that's why it’s called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. A firewall can be software or it can be a hardware device. Generally speaking, they provide security measures on the perimeter of the network, or at every place where the internet comes in. Information coming in and leaving the network passes through the firewall where it can be “scanned” and determined if it is safe or not.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
• Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then, incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
An example of how a firewall might work is if someone on the inside of the network tries to download something using the FTP protocol, but the access control lists on the firewall deny traffic on ports 20 and 21, the user will not be able to perform the download. Another example is if someone on the outside of the network tries to connect to a network through a VPN but the firewall has blocked port 1723, the VPN connection cannot be made. Firewalls also have the ability to control where different types of traffic are sent on the network. For example, if I host a web server on my internal network using IP address 192.168.1.10, and I want to allow people to access it from the outside I can configure my firewall to forward all traffic coming in on port 80 (HTTP) to the internal IP address of my server. I can also configure my firewall to perform network address translation (NAT) which will allow me to use private IP addressing on my internal network and still give me the ability to access the internet using the public IP address configured on the external side of the firewall.