EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Section 10.1 Identify how Web sites are structured Explain the role of URLs Describe the function of HTTP Section 10.2 Explain how the Web has affected.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Database Administration and Security Transparencies 1.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 19 Security.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
INTRODUCTION TO WEB DATABASE PROGRAMMING
Human-Computer Interface Course 5. ISPs and Internet connection.
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
Chapter 4: Core Web Technologies
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
Networking Basics Lesson 1 Introduction to Networks.
World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.
Networks QUME 185 Introduction to Computer Applications.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
2Object-Oriented Analysis and Design with the Unified Process Objectives  Describe the differences and similarities between relational and object-oriented.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.
Kemal Baykal Rasim Ismayilov
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Privacy and Security Topics From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Known Information Software.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Information Systems Design and Development Security Precautions Computing Science.
Server Administration, Server Management and Networking Alokes Chattopadhyay.
CompTIA Security+ Study Guide (SY0-401)
CONNECTING TO THE INTERNET
CHAPTER 3 Architectures for Distributed Systems
CompTIA Security+ Study Guide (SY0-401)
An Introduction to Computer Networking
Goals Introduce the Windows Server 2003 family of operating systems
Introduction to Network Security
ONLINE SECURE DATA SERVICE
Presentation transcript:

EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric

EIDE Design Considerations 2 Introduction Focus on physical design, not on application development. Planned Topics 1. Hardware Configuration 2. Location and Function Of Application Modules 3. Data Connectivity 4. Cryptography Basics

EIDE Design Considerations 3 Glossary & Acronyms LAN – Local Area Network –Collection of computers within one domain, secured from outside connections. WAN – Wide Area Network – Collection of computer domains, with security between domains. DMZ - Demilitarized Zone –A small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Firewall –A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, HTTP - HyperText Transfer Protocol, –the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions server applications and their client applications should take in response to various commands.

EIDE Design Considerations 4 Glossary & Acronyms UTF - Universal Transformation Format –a method of converting Unicode characters, which are 16 bits each, into 7- or 8- bit characters. UTF-7 converts Unicode into ASCII for transmission over 7-bit mail systems, and UTF-8 converts Unicode to 8-bit bytes. DBMS – Database Management System –A collection of programs that enables you to store, modify, and extract information from a database COM – Component Object Model –A software architecture developed by Microsoft to build component- based applications. COM objects are discrete components, each with a unique identity, which expose interfaces that allow applications and other components to access their features.

EIDE Design Considerations 5 Hardware Configuration Simple System Secure System Secure Redundant System

EIDE Design Considerations 6 Simple System Single LAN Server Web Listener receives incoming requests and gives it to the receiver Data store caches meter and schedule data to be sent or received EIDE Receiver parses the received XML document and writes to the Data Store EIDE Sender reads from the Data Store, builds the XML document, and sends to the external entity The EIDE applications are where the logic is placed, related to managing request to send or receive data

EIDE Design Considerations 7 Simple System ADVANTAGES Simple to configure Lower Hardware Costs No special requirements on external entities DISADVANTAGES Direct access from internet allowed to LAN server No redundancy, down time can be expected for upgrades and failures

EIDE Design Considerations 8 Secure System DMZ Server – Limited firewall protection, IP address is masked LAN Server – High firewall protection. Generally configured to allow no direct internet connections inside EIDE Proxy provides received application xml validation, document canonicalization and signing. EIDE Receiver inspects signature to validate message originator

EIDE Design Considerations 9 Secure System ADVANTAGES No direct access to LAN servers from internet. No special requirements on external entities DISADVANTAGES Additional Administration No redundancy, down time can be expected for upgrades and failures

EIDE Design Considerations 10 Secure Redundant System Content switches provides load balancing and failover to the dual servers Virtual IP address provides single address to content switches Cross connectivity allows maintenance of servers while other node in service Data store is now required to be shared within its own database cluster.

EIDE Design Considerations 11 Data Store Cluster Two or more servers can be clustered together in an active-passive system. The DBMS is defined into an application group for failover. Storage Controller contains the disk array and are manufactured with fault tolerant features. For fault tolerance in the disk arrays, recently they raid level 0+1 or 10

EIDE Design Considerations 12 Secure Redundant System ADVANTAGES Majority of maintenance can occur while system is in operation Fault Tolerance DISADVANTAGES Complexity in Administration Additional Hardware Costs

EIDE Design Considerations 13 Data Connectivity HTTP protocol works best when crossing a firewall. To assist with security, may want to use a non-standard port for crossing the DMZ to LAN firewall. Primary development of content switches were to manage load balancing of server farms for the web, http Do not have any database connectivity cross the firewall.

EIDE Design Considerations 14 Data Connectivity Messaging : If using Microsoft platform use Microsoft Message Queue (MSMQ) for cross server communications, or Java Message Service for other platforms Raises events within application. Messages remain in queue until read or message life expires. Allowing processing to be single threaded, avoiding collisions from multiple requests Messages have priority, read from queue in highest priority first. Messages with same priority are read first in first out. Messaging can be made fault tolerant. Allowing messages to be delivered even if there was a temporary outage. MSMQ Triggers automatically associate incoming messages in a queue with functionality in a COM component or standalone.exe

EIDE Design Considerations 15 Data Connectivity Messaging Usage: If EIDE Receiver is a service, it would have a no blocking listener on a queue that EIDE proxy would write to, and send a message to the applications that they have data now available. If EIDE Sender is a service, the application that request a transfer externally would write the data to the data store and send a message to EIDE Sender to perform a transfer. If willing to forgo the persistent cache provided by the data store, the messages could contain the data. Many object oriented languages have the ability to serialize an object. This serialize object would be the payload of a message.

EIDE Design Considerations 16 Cryptography Basics Encryption/Decryption Symmetric vs Asymmetric XML Canonicalization Signing

EIDE Design Considerations 17 Cryptography Basics Encryption/Decryption P: Plain Text C: Cypher Text K: Key F: Encryption Algorithm (DES, RSA) Encryption F(P,K) = C Decryption F(C, K) = P

EIDE Design Considerations 18 Cryptography Basics Symmetric vs Asymmetric SYMMETRIC Same key uses for encryption and decryption. Key must be known by both parties Relative inexpensive in resource utilization ASYMMETRIC Encryption by private key Decryption by public key Sender is owner of keys Expensive in resource utilization

EIDE Design Considerations 19 Cryptography Basics XML Canonicalization Two XML messages can be formatted differently but contain the same information. Canonicalization reformats them identically. Whitespace normalized becomes Attributed values delimited by double quotes UTF encoding

EIDE Design Considerations 20 Cryptographic Basics Signing (Digital Signature) Process validates that data has not been tampered and the data is from the sender. Sender Plain Text canonicalized and hashed to fix length string Hash encrypted using private key producing the signature Send plain text and signature Receiver Plain Text canonicalized and hashed to fix length string Request Public key from sender Decrypts signature and compares hash values

EIDE Design Considerations 21 Discussion One of many designs Not specific to a technology or operating system Web Services NT Services or Unix Daemons Triggers

EIDE Design Considerations 22 QUESTIONS?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.