SlideShare a Scribd company logo

Chapter 13Secure Network DesignCopyright © 2014 by McGraw-Hi

Download as DOCX, PDF
E
EstelaJeffery653

Chapter 13 Secure Network Design Copyright © 2014 by McGraw-Hill Education. Introduction In this chapter, we review some high-level security concepts that should be kept in mind during network design. This chapter introduces the basic concepts of network architecture and the best practices for security that should be considered when designing a network. Copyright © 2014 by McGraw-Hill Education. Electronic Security Perimeter (ESP) The boundary between an organization’s network and the Internet or a peered network is known as an electronic security perimeter (ESP). The network perimeter lies wholly within the ESP and is often confined to a particular physical location or set of locations, while the ESP has other elements such as corporate smartphones and smartphones, tablets, and other mobile devices. These devices may be outside of the network(s) physically, but they are still within the ESP. Within this perimeter you will find all owned computing assets and potential storage locations for organization data, sometimes including third-party systems. Copyright © 2014 by McGraw-Hill Education. Acceptable Risk Management’s risk tolerance is expressed through the policies, procedures, and guidelines issued to the staff. A complete set of policies outlining management’s preferences and its tolerance of information security risks enables employees to make appropriate infrastructure decisions when designing and securing new systems and networks. Thus, the design and configuration of the infrastructure becomes the enforcement of those documents. Copyright © 2014 by McGraw-Hill Education. Designing Security into a Network Separating assets of differing trust and security requirements should be an integral goal during the design phase of any new project. Aggregating assets that have similar security requirements in dedicated zones allows an organization to use small numbers of network security devices, such as firewalls and intrusion-detection systems, to secure and monitor multiple application systems. Copyright © 2014 by McGraw-Hill Education. Network Design Models The three-tier Cisco Hierarchical Internetworking model is derived from the Public Switched Telephone Network (PSTN) model, which is in use for much of the world’s telephone infrastructure. Copyright © 2014 by McGraw-Hill Education. The Three-Tier Cisco Hierarchical Internetworking Model Copyright © 2014 by McGraw-Hill Education. Newer Models Although the Cisco three-tier model is perhaps the most commonly known and referenced model for designing LAN environments, it has its limitations and is rapidly being supplanted by newer models aimed at addressing the specific needs of highly virtualized data centers, different industry verticals, and cloud computing and multitenancy environments. Many modern data center architectures and “cloud” designs favor a clustered switching, class fabric, or collapsed two-tier approach that offers higher perform ...

Education
1 of 19
Chapter 13 Secure Network Design Copyright © 2014 by McGraw-Hill Education. Introduction In this chapter, we review some high-level security concepts that should be kept in mind during network design. This chapter introduces the basic concepts of network architecture and the best practices for security that should be considered when designing a network. Copyright © 2014 by McGraw-Hill Education. Electronic Security Perimeter (ESP) The boundary between an organization’s network and the Internet or a peered network is known as an electronic security perimeter (ESP). The network perimeter lies wholly within the ESP and is often confined to a particular physical location or set of locations, while the ESP has other elements such as corporate smartphones and smartphones, tablets, and other mobile devices. These devices may be outside of the network(s) physically, but they
are still within the ESP. Within this perimeter you will find all owned computing assets and potential storage locations for organization data, sometimes including third-party systems. Copyright © 2014 by McGraw-Hill Education. Acceptable Risk Management’s risk tolerance is expressed through the policies, procedures, and guidelines issued to the staff. A complete set of policies outlining management’s preferences and its tolerance of information security risks enables employees to make appropriate infrastructure decisions when designing and securing new systems and networks. Thus, the design and configuration of the infrastructure becomes the enforcement of those documents. Copyright © 2014 by McGraw-Hill Education. Designing Security into a Network Separating assets of differing trust and security requirements should be an integral goal during the design phase of any new project. Aggregating assets that have similar security requirements in dedicated zones allows an organization to use small numbers of network security devices, such as firewalls and intrusion- detection systems, to secure and monitor multiple application systems. Copyright © 2014 by McGraw-Hill Education.
Network Design Models The three-tier Cisco Hierarchical Internetworking model is derived from the Public Switched Telephone Network (PSTN) model, which is in use for much of the world’s telephone infrastructure. Copyright © 2014 by McGraw-Hill Education. The Three-Tier Cisco Hierarchical Internetworking Model Copyright © 2014 by McGraw-Hill Education. Newer Models Although the Cisco three-tier model is perhaps the most commonly known and referenced model for designing LAN environments, it has its limitations and is rapidly being supplanted by newer models aimed at addressing the specific needs of highly virtualized data centers, different industry verticals, and cloud computing and multitenancy environments. Many modern data center architectures and “cloud” designs favor a clustered switching, class fabric, or collapsed two-tier approach that offers higher performance and lower cost but also brings special security considerations into play. A few of the more well-known and published models are Cisco’s FlexPod model (data center in a box), Arista’s two-tier
CloudVision model, Brocade’s Brocade One model, and Juniper’s Stratus model. Copyright © 2014 by McGraw-Hill Education. Two-Tier vs. Three-Tier Models Core: The core of the two-tier network is a highly available, horizontally scalable element used for transit and moving data between different areas or zones in the network, much like the core in the three-tier model. Distribution: The distribution layer in some collapsed networks either is eliminated completely or is combined with the access layer as part of the fabric. Access: The access layer is collapsed into the distribution layer, so although physically separate devices may provide the aggregation and access function, both can be part of the same layer two domain employing trill or 802.1aq for bridging. These combined layers offer active/active connectivity across multiple switches via clustering for high availability and performance. This “fabric” introduces a new dimension for security, as server-to-server, server-to-storage, and virtual host communication can now be fused together in ways not previously possible. Copyright © 2014 by McGraw-Hill Education. Security Components Security components (firewalls, filtering devices, etc.) “plug in” to the fabric in a fashion that maintains the integrity of data communications between intended hosts but does not
compromise the performance of the data center platform. Techniques such as VM fencing, virtual appliance firewalls, hypervisor protection, and segregation of security zones by service type are common approaches to ensuring adequate controls are in place to enforce the security plan. Copyright © 2014 by McGraw-Hill Education. Availability Avoid single points of failure within the architecture. This can require redundant and/or failover capabilities at the hardware, network, and application functions. Copyright © 2014 by McGraw-Hill Education. A Full High-Availability Network Design A true high-availability design will incorporate redundant hardware components at the switch, network, firewall, and application levels. Copyright © 2014 by McGraw-Hill Education. Layered Network Security Flaws, such as a buffer overflows, can allow an attacker to turn a vulnerable server into a conduit through the firewall. Once through the firewall, the attacker can mount attacks
against infrastructure behind the protection of the firewall. If the server is on the internal network, the entire network could be attacked without the protection provided by the firewall. If the server is on a separate firewalled segment instead of the internal network, only the hosts on the same subnet could be directly attacked. Each connection to another network, whether to the Internet or to any external third party (business partner, data provider, and so on), creates an entry point in the perimeter that must be secured. Copyright © 2014 by McGraw-Hill Education. Wireless Impact on the Perimeter Organizations that deploy wireless solutions must recognize and mitigate risks associated with an unauthorized individual gaining connectivity to the corporate LAN via wireless signal leakage outside of the corporate-controlled premises. Copyright © 2014 by McGraw-Hill Education. Wireless Deployment Through a VPN Server Copyright © 2014 by McGraw-Hill Education. Remote Access Considerations
When VPN peers consist of remote users accessing the corporate network over the Internet, the overall security of the corporate network becomes dependent on the security of that employee’s remote PC. Should a hacker gain access to an unprotected PC, the VPN may be used to tunnel traffic past the corporate firewalls and the protection they provide. To protect the corporate network when VPNs are used for remote user access, security administrators should ensure that adequate protection is implemented over the endpoints. Copyright © 2014 by McGraw-Hill Education. Internal Security Practices Internal controls, such as firewalls and early detection systems (IDS, IPS, and SIEM), should be located at strategic points within the internal network to provide additional security for particularly sensitive resources such as research networks, repositories containing intellectual property, and human resource and payroll databases. Copyright © 2014 by McGraw-Hill Education. Internal Firewalls Copyright © 2014 by McGraw-Hill Education.
Intranets The main purpose of an intranet is to provide internal users with access to applications and information. To achieve a higher level of security, intranet systems are aggregated into one or more dedicated subnets and are firewalled. Copyright © 2014 by McGraw-Hill Education. Extranets Extranets are application networks that are controlled by an organization and made available to trusted external parties, such as suppliers, vendors, partners, and customers. Copyright © 2014 by McGraw-Hill Education. Extranet Design Copyright © 2014 by McGraw-Hill Education. DMZ Networks and Screened Subnets Deploy public Internet access to systems on a dedicated subnet, commonly referred to as a demilitarized zone (DMZ) or screened subnet, separate from internal systems.
A successful attack against these systems still leaves a firewall between the successful attacker and more sensitive internal resources. The term DMZ was originally a military term used to describe a buffer area between a trusted zone and an untrusted zone, in which no military hardware was permitted. Copyright © 2014 by McGraw-Hill Education. Sample DMZ Configuration Copyright © 2014 by McGraw-Hill Education. Terminology Although the terms DMZ and screened subnet have been used interchangeably, there is a small difference between the two terms: A DMZ is technically the small subnet between your Internet router and the external interface of your firewall. A screened subnet is really an isolated network available only through a firewall interface and is not directly connected to the internal network. Copyright © 2014 by McGraw-Hill Education. Multiple DMZs
Multiple DMZs limit the breadth of a single security breach. Application systems can consist of three separate tiers, referred to as the presentation, application, and database tiers. The presentation layer consists of a web server that interacts with end users, accepting input, sending that input to the application layer for processing, and returning the output back to the end user. The application layer contains the logic necessary for processing those queries and extracting data from the database. The data that is stored in a database housed on a separate database server on its own DMZ. Other services that aren’t directly supporting the application but provide other functions can be further segregated into a fourth DMZ subnet. Copyright © 2014 by McGraw-Hill Education. Example of a Multitier Application Infrastructure Copyright © 2014 by McGraw-Hill Education. Outbound Filtering Failure to restrict outbound access creates a number of significant risks to the corporation and its infrastructure, such as users accessing services that do not comply with corporate security policies or that do not have legitimate business purposes. Additionally, failure to filter traffic leaving the corporate network may allow an attacker to use the network to launch
attacks on other networks. Copyright © 2014 by McGraw-Hill Education. Web Access Considerations Proxy servers can be configured to block connections to URLs that are considered likely to be malicious or unnecessary for normal operation, such as those containing certain scripts or other executable files. Proxy services are hardened processes that can run internally on a firewall or be provided separately by a dedicated server. Web filtering today can be handled via a variety of specialized products and appliances, including some cloud-based offerings. Copyright © 2014 by McGraw-Hill Education. Summary The ultimate goal of network security is to enable authorized communications while mitigating information risk to acceptable levels. Design elements such as segregating and isolating high risk or other sensitive assets as well as defining and maintaining a strong network perimeter go a long way toward achieving those goals. As networks become ever more interconnected, a thorough and strongly typed network architecture/design will be required to achieve and maintain a well-secured network. Copyright © 2014 by McGraw-Hill Education.
A n I n t r o d u c t I o n t o Derivatives and Risk Management 10th EDition don M. chance & robert Brooks SE/Chance, An Introduction to Derivatives and Risk Management 10th Edition ISBN-13: 978-1-305-10496-9 ©2016 Designer: LD Printer: West Group Binding: Casebound Trim: 8" x 10" CMYK To register or access your online learning solution or purchase materials for your course, visit www.cengagebrain.com. 10th EDition chance Brooks A n In t r
o d u c t Io n t o D e rivative s an d R isk M an ag e m e n t Derivatives and
Risk Management 10th EDition don M. chance & robert Brooks A n I n t r o d u c t I o n t o 04969_cvr_ptg01_hires.indd 1 23/10/14 4:34 PM Australia • Brazil • Mexico • Singapore • United Kingdom • United States An Introduction to Derivatives and Risk Management Louisiana State University University of Alabama An Introduction to Derivatives and Risk Management, 10th Edition Don M. Chance and Robert Brooks Vice President, General Manager, Science, Math & Quantitative Business: Balraj Kalsi Product Director: Joe Sabatino Product Manager: Clara Goosman Content Developer: Kendra Brown
Senior Product Assistant: Adele Scholtz Marketing Director: Natalie King Marketing Manager: Heather Mooney Senior Marketing Coordinator: Eileen Corcoran Art and Cover Direction, Production Management, and Composition: Lumina Datamatics, Inc. Associate Media Developer: Mark Hopkinson Intellectual Property Analyst: Christina Ciaramella Project Manager: Anne Sheroff Manufacturing Planner: Kevin Kluck Cover Image: © isak55/Shutterstock © 2016, 2013 Cengage Learning WCN: 01-100-101 ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not
limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher. For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, submit all requests online at www.cengage.com/permissions Further permissions questions can be emailed to [email protected] Library of Congress Control Number: 2014953625 ISBN: 978-1-305-10496-9 Cengage Learning 20 Channel Center Street Boston, MA 02210 USA Unless otherwise noted, all items © Cengage Learning. Cengage Learning is a leading provider of customized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at: www.cengage.com/global
Cengage Learning products are represented in Canada by Nelson Education, Ltd. To learn more about Cengage Learning Solution s, visit www.cengage.com Purchase any of our products at your local college store or at our preferred online store www.cengagebrain.com Printed in the United States of America Print Number: 01 Print Year: 2014 Brief Contents Preface xv CHAPTER 1 Introduction 1
CHAPTER 2 Structure of Derivatives Markets 26 PART I Options 69 CHAPTER 3 Principles of Option Pricing 70 CHAPTER 4 Option Pricing Models: The Binomial Model 109 CHAPTER 5 Option Pricing Models: The Black Scholes Merton Model 143 CHAPTER 6 Basic Option Strategies 202 CHAPTER 7 Advanced Option Strategies 239 PART II Forwards, Futures, and Swaps 273 CHAPTER 8 Principles of Pricing Forwards, Futures, and Options on Futures 274 CHAPTER 9 Futures Arbitrage Strategies 316 CHAPTER 10 Forward and Futures Hedging, Spread, and Target Strategies 343
CHAPTER 11 Swaps 395 PART III Advanced Topics 437 CHAPTER 12 Interest Rate Forwards and Options 438 CHAPTER 13 Advanced Derivatives and Strategies 475 CHAPTER 14 Financial Risk Management Techniques and Applications 516 CHAPTER 15 Managing Risk in an Organization 559 Appendix A

Recommended

Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfaquazac
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cohesive Networks
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfBoney Maundu Slim
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-ITIdan Hershkovich
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 

Recommended

Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfaquazac
 
Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...Protecting the movable Endeavor with Network-Based validation and Virtual Com...
Protecting the movable Endeavor with Network-Based validation and Virtual Com...IOSR Journals
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cohesive Networks
 
Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...Cloud technology to ensure the protection of fundamental methods and use of i...
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfBoney Maundu Slim
 
10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-IT10-ways-the-dissolving-perimeter-kills-IT
10-ways-the-dissolving-perimeter-kills-ITIdan Hershkovich
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Security Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekSecurity Issues in Cloud Computing by rahul abhishek
Security Issues in Cloud Computing by rahul abhishekEr. rahul abhishek
 
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeSysfore Technologies
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityJason Proctor
 
Security aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSecurity aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSHREYASSRINATH94
 
Cloud Solutions Collateral
Cloud Solutions CollateralCloud Solutions Collateral
Cloud Solutions CollateralSteve Clem
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingEr. Saba karim
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the CloudEpoch Universal, Inc.
 
Cloud Security_Module2.ppt
Cloud Security_Module2.pptCloud Security_Module2.ppt
Cloud Security_Module2.pptArunKumbi1
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...ams1ams11
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIJIR JOURNALS IJIRUSA
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security vSYYULIANISKOMMT
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudIRJET Journal
 
A220113
A220113A220113
A220113irjes
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik FergusonCloudExpoEurope
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computingvijay_m_chaudhary
 
Individual ProjectMedical TechnologyWed, 9617Num.docx
Individual ProjectMedical TechnologyWed, 9617Num.docxIndividual ProjectMedical TechnologyWed, 9617Num.docx
Individual ProjectMedical TechnologyWed, 9617Num.docxEstelaJeffery653
 
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docx
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docxIndividual ProjectThe Post-Watergate EraWed, 3817Numeric.docx
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docxEstelaJeffery653
 

More Related Content

Similar to Chapter 13Secure Network DesignCopyright © 2014 by McGraw-Hi

Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...white paper
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeSysfore Technologies
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityJason Proctor
 
Security aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSecurity aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSHREYASSRINATH94
 
Cloud Solutions Collateral
Cloud Solutions CollateralCloud Solutions Collateral
Cloud Solutions CollateralSteve Clem
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingEr. Saba karim
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
Cloud Security_Module2.ppt
Cloud Security_Module2.pptCloud Security_Module2.ppt
Cloud Security_Module2.pptArunKumbi1
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...ams1ams11
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...IAEME Publication
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIJIR JOURNALS IJIRUSA
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security vSYYULIANISKOMMT
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxcherry686017
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudIRJET Journal
 
A220113
A220113A220113
A220113irjes
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 

Similar to Chapter 13Secure Network DesignCopyright © 2014 by McGraw-Hi (20)

Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
Safety in the Cloud(s): 'Vaporizing' the Web Application Firewall to Secure C...
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | SysforeTop reasons why Endpoint Security should move to Cloud | Sysfore
Top reasons why Endpoint Security should move to Cloud | Sysfore
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud Security
 
Security aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computingSecurity aspects-of-mobile-cloud-computing
Security aspects-of-mobile-cloud-computing
 
Cloud Solutions Collateral
Cloud Solutions CollateralCloud Solutions Collateral
Cloud Solutions Collateral
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
Cloud Security_Module2.ppt
Cloud Security_Module2.pptCloud Security_Module2.ppt
Cloud Security_Module2.ppt
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
 
Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...Investigative analysis of security issues and challenges in cloud computing a...
Investigative analysis of security issues and challenges in cloud computing a...
 
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computingIjirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
Ijirsm poornima-km-a-survey-on-security-circumstances-for-mobile-cloud-computing
 
Network Security v1.0 Network Security v
Network Security v1.0 Network Security vNetwork Security v1.0 Network Security v
Network Security v1.0 Network Security v
 
The Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docxThe Management of Security in Cloud Computing Ramgovind.docx
The Management of Security in Cloud Computing Ramgovind.docx
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
 
A220113
A220113A220113
A220113
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 

More from EstelaJeffery653

Individual ProjectMedical TechnologyWed, 9617Num.docx
Individual ProjectMedical TechnologyWed, 9617Num.docxIndividual ProjectMedical TechnologyWed, 9617Num.docx
Individual ProjectMedical TechnologyWed, 9617Num.docxEstelaJeffery653
 
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docx
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docxIndividual ProjectThe Post-Watergate EraWed, 3817Numeric.docx
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docxEstelaJeffery653
 
Individual ProjectArticulating the Integrated PlanWed, 31.docx
Individual ProjectArticulating the Integrated PlanWed, 31.docxIndividual ProjectArticulating the Integrated PlanWed, 31.docx
Individual ProjectArticulating the Integrated PlanWed, 31.docxEstelaJeffery653
 
Individual Multilingualism Guidelines1)Where did the a.docx
Individual Multilingualism Guidelines1)Where did the a.docxIndividual Multilingualism Guidelines1)Where did the a.docx
Individual Multilingualism Guidelines1)Where did the a.docxEstelaJeffery653
 
Individual Implementation Strategiesno new messagesObjectives.docx
Individual Implementation Strategiesno new messagesObjectives.docxIndividual Implementation Strategiesno new messagesObjectives.docx
Individual Implementation Strategiesno new messagesObjectives.docxEstelaJeffery653
 
Individual Refine and Finalize WebsiteDueJul 02View m.docx
Individual Refine and Finalize WebsiteDueJul 02View m.docxIndividual Refine and Finalize WebsiteDueJul 02View m.docx
Individual Refine and Finalize WebsiteDueJul 02View m.docxEstelaJeffery653
 
Individual Cultural Communication Written Assignment  (Worth 20 of .docx
Individual Cultural Communication Written Assignment  (Worth 20 of .docxIndividual Cultural Communication Written Assignment  (Worth 20 of .docx
Individual Cultural Communication Written Assignment  (Worth 20 of .docxEstelaJeffery653
 
Individual ProjectThe Basic Marketing PlanWed, 3117N.docx
Individual ProjectThe Basic Marketing PlanWed, 3117N.docxIndividual ProjectThe Basic Marketing PlanWed, 3117N.docx
Individual ProjectThe Basic Marketing PlanWed, 3117N.docxEstelaJeffery653
 
Individual ProjectFinancial Procedures in a Health Care Organiza.docx
Individual ProjectFinancial Procedures in a Health Care Organiza.docxIndividual ProjectFinancial Procedures in a Health Care Organiza.docx
Individual ProjectFinancial Procedures in a Health Care Organiza.docxEstelaJeffery653
 
Individual Expanded Website PlanView more »Expand view.docx
Individual Expanded Website PlanView more »Expand view.docxIndividual Expanded Website PlanView more »Expand view.docx
Individual Expanded Website PlanView more »Expand view.docxEstelaJeffery653
 
Individual Expanded Website PlanDueJul 02View more .docx
Individual Expanded Website PlanDueJul 02View more .docxIndividual Expanded Website PlanDueJul 02View more .docx
Individual Expanded Website PlanDueJul 02View more .docxEstelaJeffery653
 
Individual Communicating to Management Concerning Information Syste.docx
Individual Communicating to Management Concerning Information Syste.docxIndividual Communicating to Management Concerning Information Syste.docx
Individual Communicating to Management Concerning Information Syste.docxEstelaJeffery653
 
Individual Case Analysis-MatavIn max 4 single-spaced total pag.docx
Individual Case Analysis-MatavIn max 4 single-spaced total pag.docxIndividual Case Analysis-MatavIn max 4 single-spaced total pag.docx
Individual Case Analysis-MatavIn max 4 single-spaced total pag.docxEstelaJeffery653
 
Individual Assignment Report Format• Report should contain not m.docx
Individual Assignment Report Format• Report should contain not m.docxIndividual Assignment Report Format• Report should contain not m.docx
Individual Assignment Report Format• Report should contain not m.docxEstelaJeffery653
 
Include LOCO api that allows user to key in an address and get the d.docx
Include LOCO api that allows user to key in an address and get the d.docxInclude LOCO api that allows user to key in an address and get the d.docx
Include LOCO api that allows user to key in an address and get the d.docxEstelaJeffery653
 
Include the title, the name of the composer (if known) and of the .docx
Include the title, the name of the composer (if known) and of the .docxInclude the title, the name of the composer (if known) and of the .docx
Include the title, the name of the composer (if known) and of the .docxEstelaJeffery653
 
include as many events as possible to support your explanation of th.docx
include as many events as possible to support your explanation of th.docxinclude as many events as possible to support your explanation of th.docx
include as many events as possible to support your explanation of th.docxEstelaJeffery653
 
Incorporate the suggestions that were provided by your fellow projec.docx
Incorporate the suggestions that were provided by your fellow projec.docxIncorporate the suggestions that were provided by your fellow projec.docx
Incorporate the suggestions that were provided by your fellow projec.docxEstelaJeffery653
 
inal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docx
inal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docxinal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docx
inal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docxEstelaJeffery653
 
include 1page proposal- short introduction to research paper and yo.docx
include 1page proposal- short introduction to research paper and yo.docxinclude 1page proposal- short introduction to research paper and yo.docx
include 1page proposal- short introduction to research paper and yo.docxEstelaJeffery653
 

More from EstelaJeffery653 (20)

Individual ProjectMedical TechnologyWed, 9617Num.docx
Individual ProjectMedical TechnologyWed, 9617Num.docxIndividual ProjectMedical TechnologyWed, 9617Num.docx
Individual ProjectMedical TechnologyWed, 9617Num.docx
 
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docx
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docxIndividual ProjectThe Post-Watergate EraWed, 3817Numeric.docx
Individual ProjectThe Post-Watergate EraWed, 3817Numeric.docx
 
Individual ProjectArticulating the Integrated PlanWed, 31.docx
Individual ProjectArticulating the Integrated PlanWed, 31.docxIndividual ProjectArticulating the Integrated PlanWed, 31.docx
Individual ProjectArticulating the Integrated PlanWed, 31.docx
 
Individual Multilingualism Guidelines1)Where did the a.docx
Individual Multilingualism Guidelines1)Where did the a.docxIndividual Multilingualism Guidelines1)Where did the a.docx
Individual Multilingualism Guidelines1)Where did the a.docx
 
Individual Implementation Strategiesno new messagesObjectives.docx
Individual Implementation Strategiesno new messagesObjectives.docxIndividual Implementation Strategiesno new messagesObjectives.docx
Individual Implementation Strategiesno new messagesObjectives.docx
 
Individual Refine and Finalize WebsiteDueJul 02View m.docx
Individual Refine and Finalize WebsiteDueJul 02View m.docxIndividual Refine and Finalize WebsiteDueJul 02View m.docx
Individual Refine and Finalize WebsiteDueJul 02View m.docx
 
Individual Cultural Communication Written Assignment  (Worth 20 of .docx
Individual Cultural Communication Written Assignment  (Worth 20 of .docxIndividual Cultural Communication Written Assignment  (Worth 20 of .docx
Individual Cultural Communication Written Assignment  (Worth 20 of .docx
 
Individual ProjectThe Basic Marketing PlanWed, 3117N.docx
Individual ProjectThe Basic Marketing PlanWed, 3117N.docxIndividual ProjectThe Basic Marketing PlanWed, 3117N.docx
Individual ProjectThe Basic Marketing PlanWed, 3117N.docx
 
Individual ProjectFinancial Procedures in a Health Care Organiza.docx
Individual ProjectFinancial Procedures in a Health Care Organiza.docxIndividual ProjectFinancial Procedures in a Health Care Organiza.docx
Individual ProjectFinancial Procedures in a Health Care Organiza.docx
 
Individual Expanded Website PlanView more »Expand view.docx
Individual Expanded Website PlanView more »Expand view.docxIndividual Expanded Website PlanView more »Expand view.docx
Individual Expanded Website PlanView more »Expand view.docx
 
Individual Expanded Website PlanDueJul 02View more .docx
Individual Expanded Website PlanDueJul 02View more .docxIndividual Expanded Website PlanDueJul 02View more .docx
Individual Expanded Website PlanDueJul 02View more .docx
 
Individual Communicating to Management Concerning Information Syste.docx
Individual Communicating to Management Concerning Information Syste.docxIndividual Communicating to Management Concerning Information Syste.docx
Individual Communicating to Management Concerning Information Syste.docx
 
Individual Case Analysis-MatavIn max 4 single-spaced total pag.docx
Individual Case Analysis-MatavIn max 4 single-spaced total pag.docxIndividual Case Analysis-MatavIn max 4 single-spaced total pag.docx
Individual Case Analysis-MatavIn max 4 single-spaced total pag.docx
 
Individual Assignment Report Format• Report should contain not m.docx
Individual Assignment Report Format• Report should contain not m.docxIndividual Assignment Report Format• Report should contain not m.docx
Individual Assignment Report Format• Report should contain not m.docx
 
Include LOCO api that allows user to key in an address and get the d.docx
Include LOCO api that allows user to key in an address and get the d.docxInclude LOCO api that allows user to key in an address and get the d.docx
Include LOCO api that allows user to key in an address and get the d.docx
 
Include the title, the name of the composer (if known) and of the .docx
Include the title, the name of the composer (if known) and of the .docxInclude the title, the name of the composer (if known) and of the .docx
Include the title, the name of the composer (if known) and of the .docx
 
include as many events as possible to support your explanation of th.docx
include as many events as possible to support your explanation of th.docxinclude as many events as possible to support your explanation of th.docx
include as many events as possible to support your explanation of th.docx
 
Incorporate the suggestions that were provided by your fellow projec.docx
Incorporate the suggestions that were provided by your fellow projec.docxIncorporate the suggestions that were provided by your fellow projec.docx
Incorporate the suggestions that were provided by your fellow projec.docx
 
inal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docx
inal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docxinal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docx
inal ProjectDUE Jun 25, 2017 1155 PMGrade DetailsGradeNA.docx
 
include 1page proposal- short introduction to research paper and yo.docx
include 1page proposal- short introduction to research paper and yo.docxinclude 1page proposal- short introduction to research paper and yo.docx
include 1page proposal- short introduction to research paper and yo.docx
 

Recently uploaded

MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Chapter 13Secure Network DesignCopyright © 2014 by McGraw-Hi

  • 1. Chapter 13 Secure Network Design Copyright © 2014 by McGraw-Hill Education. Introduction In this chapter, we review some high-level security concepts that should be kept in mind during network design. This chapter introduces the basic concepts of network architecture and the best practices for security that should be considered when designing a network. Copyright © 2014 by McGraw-Hill Education. Electronic Security Perimeter (ESP) The boundary between an organization’s network and the Internet or a peered network is known as an electronic security perimeter (ESP). The network perimeter lies wholly within the ESP and is often confined to a particular physical location or set of locations, while the ESP has other elements such as corporate smartphones and smartphones, tablets, and other mobile devices. These devices may be outside of the network(s) physically, but they
  • 2. are still within the ESP. Within this perimeter you will find all owned computing assets and potential storage locations for organization data, sometimes including third-party systems. Copyright © 2014 by McGraw-Hill Education. Acceptable Risk Management’s risk tolerance is expressed through the policies, procedures, and guidelines issued to the staff. A complete set of policies outlining management’s preferences and its tolerance of information security risks enables employees to make appropriate infrastructure decisions when designing and securing new systems and networks. Thus, the design and configuration of the infrastructure becomes the enforcement of those documents. Copyright © 2014 by McGraw-Hill Education. Designing Security into a Network Separating assets of differing trust and security requirements should be an integral goal during the design phase of any new project. Aggregating assets that have similar security requirements in dedicated zones allows an organization to use small numbers of network security devices, such as firewalls and intrusion- detection systems, to secure and monitor multiple application systems. Copyright © 2014 by McGraw-Hill Education.
  • 3. Network Design Models The three-tier Cisco Hierarchical Internetworking model is derived from the Public Switched Telephone Network (PSTN) model, which is in use for much of the world’s telephone infrastructure. Copyright © 2014 by McGraw-Hill Education. The Three-Tier Cisco Hierarchical Internetworking Model Copyright © 2014 by McGraw-Hill Education. Newer Models Although the Cisco three-tier model is perhaps the most commonly known and referenced model for designing LAN environments, it has its limitations and is rapidly being supplanted by newer models aimed at addressing the specific needs of highly virtualized data centers, different industry verticals, and cloud computing and multitenancy environments. Many modern data center architectures and “cloud” designs favor a clustered switching, class fabric, or collapsed two-tier approach that offers higher performance and lower cost but also brings special security considerations into play. A few of the more well-known and published models are Cisco’s FlexPod model (data center in a box), Arista’s two-tier
  • 4. CloudVision model, Brocade’s Brocade One model, and Juniper’s Stratus model. Copyright © 2014 by McGraw-Hill Education. Two-Tier vs. Three-Tier Models Core: The core of the two-tier network is a highly available, horizontally scalable element used for transit and moving data between different areas or zones in the network, much like the core in the three-tier model. Distribution: The distribution layer in some collapsed networks either is eliminated completely or is combined with the access layer as part of the fabric. Access: The access layer is collapsed into the distribution layer, so although physically separate devices may provide the aggregation and access function, both can be part of the same layer two domain employing trill or 802.1aq for bridging. These combined layers offer active/active connectivity across multiple switches via clustering for high availability and performance. This “fabric” introduces a new dimension for security, as server-to-server, server-to-storage, and virtual host communication can now be fused together in ways not previously possible. Copyright © 2014 by McGraw-Hill Education. Security Components Security components (firewalls, filtering devices, etc.) “plug in” to the fabric in a fashion that maintains the integrity of data communications between intended hosts but does not
  • 5. compromise the performance of the data center platform. Techniques such as VM fencing, virtual appliance firewalls, hypervisor protection, and segregation of security zones by service type are common approaches to ensuring adequate controls are in place to enforce the security plan. Copyright © 2014 by McGraw-Hill Education. Availability Avoid single points of failure within the architecture. This can require redundant and/or failover capabilities at the hardware, network, and application functions. Copyright © 2014 by McGraw-Hill Education. A Full High-Availability Network Design A true high-availability design will incorporate redundant hardware components at the switch, network, firewall, and application levels. Copyright © 2014 by McGraw-Hill Education. Layered Network Security Flaws, such as a buffer overflows, can allow an attacker to turn a vulnerable server into a conduit through the firewall. Once through the firewall, the attacker can mount attacks
  • 6. against infrastructure behind the protection of the firewall. If the server is on the internal network, the entire network could be attacked without the protection provided by the firewall. If the server is on a separate firewalled segment instead of the internal network, only the hosts on the same subnet could be directly attacked. Each connection to another network, whether to the Internet or to any external third party (business partner, data provider, and so on), creates an entry point in the perimeter that must be secured. Copyright © 2014 by McGraw-Hill Education. Wireless Impact on the Perimeter Organizations that deploy wireless solutions must recognize and mitigate risks associated with an unauthorized individual gaining connectivity to the corporate LAN via wireless signal leakage outside of the corporate-controlled premises. Copyright © 2014 by McGraw-Hill Education. Wireless Deployment Through a VPN Server Copyright © 2014 by McGraw-Hill Education. Remote Access Considerations
  • 7. When VPN peers consist of remote users accessing the corporate network over the Internet, the overall security of the corporate network becomes dependent on the security of that employee’s remote PC. Should a hacker gain access to an unprotected PC, the VPN may be used to tunnel traffic past the corporate firewalls and the protection they provide. To protect the corporate network when VPNs are used for remote user access, security administrators should ensure that adequate protection is implemented over the endpoints. Copyright © 2014 by McGraw-Hill Education. Internal Security Practices Internal controls, such as firewalls and early detection systems (IDS, IPS, and SIEM), should be located at strategic points within the internal network to provide additional security for particularly sensitive resources such as research networks, repositories containing intellectual property, and human resource and payroll databases. Copyright © 2014 by McGraw-Hill Education. Internal Firewalls Copyright © 2014 by McGraw-Hill Education.
  • 8. Intranets The main purpose of an intranet is to provide internal users with access to applications and information. To achieve a higher level of security, intranet systems are aggregated into one or more dedicated subnets and are firewalled. Copyright © 2014 by McGraw-Hill Education. Extranets Extranets are application networks that are controlled by an organization and made available to trusted external parties, such as suppliers, vendors, partners, and customers. Copyright © 2014 by McGraw-Hill Education. Extranet Design Copyright © 2014 by McGraw-Hill Education. DMZ Networks and Screened Subnets Deploy public Internet access to systems on a dedicated subnet, commonly referred to as a demilitarized zone (DMZ) or screened subnet, separate from internal systems.
  • 9. A successful attack against these systems still leaves a firewall between the successful attacker and more sensitive internal resources. The term DMZ was originally a military term used to describe a buffer area between a trusted zone and an untrusted zone, in which no military hardware was permitted. Copyright © 2014 by McGraw-Hill Education. Sample DMZ Configuration Copyright © 2014 by McGraw-Hill Education. Terminology Although the terms DMZ and screened subnet have been used interchangeably, there is a small difference between the two terms: A DMZ is technically the small subnet between your Internet router and the external interface of your firewall. A screened subnet is really an isolated network available only through a firewall interface and is not directly connected to the internal network. Copyright © 2014 by McGraw-Hill Education. Multiple DMZs
  • 10. Multiple DMZs limit the breadth of a single security breach. Application systems can consist of three separate tiers, referred to as the presentation, application, and database tiers. The presentation layer consists of a web server that interacts with end users, accepting input, sending that input to the application layer for processing, and returning the output back to the end user. The application layer contains the logic necessary for processing those queries and extracting data from the database. The data that is stored in a database housed on a separate database server on its own DMZ. Other services that aren’t directly supporting the application but provide other functions can be further segregated into a fourth DMZ subnet. Copyright © 2014 by McGraw-Hill Education. Example of a Multitier Application Infrastructure Copyright © 2014 by McGraw-Hill Education. Outbound Filtering Failure to restrict outbound access creates a number of significant risks to the corporation and its infrastructure, such as users accessing services that do not comply with corporate security policies or that do not have legitimate business purposes. Additionally, failure to filter traffic leaving the corporate network may allow an attacker to use the network to launch
  • 11. attacks on other networks. Copyright © 2014 by McGraw-Hill Education. Web Access Considerations Proxy servers can be configured to block connections to URLs that are considered likely to be malicious or unnecessary for normal operation, such as those containing certain scripts or other executable files. Proxy services are hardened processes that can run internally on a firewall or be provided separately by a dedicated server. Web filtering today can be handled via a variety of specialized products and appliances, including some cloud-based offerings. Copyright © 2014 by McGraw-Hill Education. Summary The ultimate goal of network security is to enable authorized communications while mitigating information risk to acceptable levels. Design elements such as segregating and isolating high risk or other sensitive assets as well as defining and maintaining a strong network perimeter go a long way toward achieving those goals. As networks become ever more interconnected, a thorough and strongly typed network architecture/design will be required to achieve and maintain a well-secured network. Copyright © 2014 by McGraw-Hill Education.
  • 12. A n I n t r o d u c t I o n t o Derivatives and Risk Management 10th EDition don M. chance & robert Brooks SE/Chance, An Introduction to Derivatives and Risk Management 10th Edition ISBN-13: 978-1-305-10496-9 ©2016 Designer: LD Printer: West Group Binding: Casebound Trim: 8" x 10" CMYK To register or access your online learning solution or purchase materials for your course, visit www.cengagebrain.com. 10th EDition chance Brooks A n In t r
  • 14. Risk Management 10th EDition don M. chance & robert Brooks A n I n t r o d u c t I o n t o 04969_cvr_ptg01_hires.indd 1 23/10/14 4:34 PM Australia • Brazil • Mexico • Singapore • United Kingdom • United States An Introduction to Derivatives and Risk Management Louisiana State University University of Alabama An Introduction to Derivatives and Risk Management, 10th Edition Don M. Chance and Robert Brooks Vice President, General Manager, Science, Math & Quantitative Business: Balraj Kalsi Product Director: Joe Sabatino Product Manager: Clara Goosman Content Developer: Kendra Brown
  • 15. Senior Product Assistant: Adele Scholtz Marketing Director: Natalie King Marketing Manager: Heather Mooney Senior Marketing Coordinator: Eileen Corcoran Art and Cover Direction, Production Management, and Composition: Lumina Datamatics, Inc. Associate Media Developer: Mark Hopkinson Intellectual Property Analyst: Christina Ciaramella Project Manager: Anne Sheroff Manufacturing Planner: Kevin Kluck Cover Image: © isak55/Shutterstock © 2016, 2013 Cengage Learning WCN: 01-100-101 ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not
  • 16. limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher. For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, submit all requests online at www.cengage.com/permissions Further permissions questions can be emailed to [email protected] Library of Congress Control Number: 2014953625 ISBN: 978-1-305-10496-9 Cengage Learning 20 Channel Center Street Boston, MA 02210 USA Unless otherwise noted, all items © Cengage Learning. Cengage Learning is a leading provider of customized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at: www.cengage.com/global
  • 17. Cengage Learning products are represented in Canada by Nelson Education, Ltd. To learn more about Cengage Learning Solution s, visit www.cengage.com Purchase any of our products at your local college store or at our preferred online store www.cengagebrain.com Printed in the United States of America Print Number: 01 Print Year: 2014 Brief Contents Preface xv CHAPTER 1 Introduction 1
  • 18. CHAPTER 2 Structure of Derivatives Markets 26 PART I Options 69 CHAPTER 3 Principles of Option Pricing 70 CHAPTER 4 Option Pricing Models: The Binomial Model 109 CHAPTER 5 Option Pricing Models: The Black Scholes Merton Model 143 CHAPTER 6 Basic Option Strategies 202 CHAPTER 7 Advanced Option Strategies 239 PART II Forwards, Futures, and Swaps 273 CHAPTER 8 Principles of Pricing Forwards, Futures, and Options on Futures 274 CHAPTER 9 Futures Arbitrage Strategies 316 CHAPTER 10 Forward and Futures Hedging, Spread, and Target Strategies 343
  • 19. CHAPTER 11 Swaps 395 PART III Advanced Topics 437 CHAPTER 12 Interest Rate Forwards and Options 438 CHAPTER 13 Advanced Derivatives and Strategies 475 CHAPTER 14 Financial Risk Management Techniques and Applications 516 CHAPTER 15 Managing Risk in an Organization 559 Appendix A