Discuss the required changes in the network infrastructure

Assignment Help Basic Computer Science

Reference no: EM131310070

Suppose the Drib wished to allow employes to telecommute. In order to protect the network, they require all remote connections (other than those for the Web and mail servers) to use SSH.

a. Discuss the required changes in the network infrastructure. In particular, should the outer firewall provide an SSH proxy or a packet filter to incoming SSH connections? Why?

b. The destination of an SSH connection from the Internet might be the address of any host on the internal network. Such addresses, however, are not broadcast to the Internet and in fact may be addresses that routers on the Internet should not pass (such as 10.x.x.x). Devise a method or protocol that will continue to conceal the addresses of the hosts on the internal network but still allow SSH connections from the Internet to arrive at the proper destinations. What supporting infrastructure must the Drib add to its network?

c. The inner firewall will pass SSH connections, provided that one endpoint is the trusted administration server on the internal network. With the above-mentioned change, the destination of the incoming SSH connection may be any host on the internal network. For this question, assume that the addresses of the hosts on the internal network are kept within the internal network-in other words, that the method or protocol in part (b) is implemented. What are the security implications of allowing SSH connections to any internal host through the inner firewall? Should such connections be restricted (for example, by requiring users to register the hosts from which they will be connecting)?

d. An alternative to allowing the SSH connections through the firewall is to provide a specific host (the "SSH host") on the internal network that is also connected to the Internet. Telecommuters could use SSH to log into this system, and from it reach systems on the internal network. (The difference between this method and allowing connections through the firewall is that the user must log into the intermediate host, and from there move to the internal system. The firewall approach makes the intermediate system transparent.) Identify the minimum number of services that this system should run in order to fulfill its function. Why must these services be run? As part of your answer, identify any other systems (such as DNS servers, mail servers, and so on) that this SSH host would have to trust.

e. From the point of view of Saltzer and Schroeder's design principles [865] (see Chapter 13), is the solution suggested in part (d) better than, worse than, or the same as the solutions involving access through the firewall? Justify your answer.

Reference no: EM131310070

Questions Cloud

Best interests of our stockholders : As a board member and officer, Mr. Zuckerberg owes a fiduciary duty to our stockholders and must act in good faith in a manner he reasonably believes to be in the best interests of our stockholders. As a stockholder, even a controlling stockholder..

What will you do to keep an open mind : If you take your role seriously, what will you do to keep an open mind and try to consider different points of view? Explain. Provide a one-page document on above topic. (2 paragraphs)

Why is the file kept inaccessible to the web server : Consider the scheme used to allow customers to submit their credit card and order information. Section 26.3.3.2 states that the enciphered version of the data is stored in a spooling area that the Web server cannot access.

Research paper - the holy spirit in the book of acts : For this course, you are required to write a 5-8-page research paper addressing 1of the topics from the list below. Choose 1of the following topics for your research paper: Acts 1:8, The Holy Spirit in the Book of Acts and The "calling" of Saul of Ta..

Discuss the required changes in the network infrastructure : Discuss the required changes in the network infrastructure. In particular, should the outer firewall provide an SSH proxy or a packet filter to incoming SSH connections? Why?

Explain importance of critical path in project management : Explain the importance of the critical path in project management. Examine the advantages of using a Gantt chart over a PERT chart and vice versa. Determine when it is appropriate to use one over the other.

Display sentinel value so that user may ultimately be able : Loop through all of the above steps until the user types the sentinel value when prompted. Display the sentinel value so that the user may ultimately be able to demonstrate an understanding of the way in which to end the program.

What would be the firms expected dividend per share : Coca-Cola stock has an expected ROE of 14% per year, expected earnings per share of $4, and expected dividends of $2.50 per share. Its market capitalization rate is 15% per year. a) what are its expected growth rate, its price and its P/E ratio? b) I..

What is the list price of the bond on the settlement date : Calculate the price of the bond for a market interest rate of 3% per half year. Compare the capital gains for the interest rate decline to the losses incurred when the rate increases to 5%. A bond with a settlement date of April 30, 2013 and a maturi..

User Account

All Pages