- Discuss the benefits of using both a firewall and a proxy server.
Which do you think is better, transparent or nontransparent proxy servers?
Proxy server is an intermediate medium between the internet browser on a computer and the internet world out there. It is a very useful way to hide ones computer’s IP and hence be protected from attackers who might want to access the data on a computer through the IP assigned to it by the network it is a part of.
Firewall is a networks owner/administrator tool that can be set to function y different rules as desired by the system administrator. It is also a way of protecting against outside threats.
I would prefer a nontransparent proxy server. Off course a transparent proxy server does not need a client side configuration and all the configuration resides on the gateway but as a client you lose the control.
- Why do you think there is no “right” operating system for a bastion host?
- Why is it important to continue auditing the bastion host? What other regular maintenance should be performed?
The fact that the bastion host computers are fully exposed to attacks because it is on the public side and unprotected by a firewall, makes it difficult for any Operating System to make it safe. Therefore, it is assumed that there is not “right” operating system for the bastion host.
It is important to continue to audit bastion host because there are always new threats to online resources and to safeguard from these threats, continuous upgradation and monitoring is necessary. The best practices that can be applied in the case of a bastion host are to remove any unwanted services on the host, and monitor the user accounts that are suspicious. Error logs can be utilized to monitor the functioning of basting hosts and rectify errors on a timely basis. Latest security applications should be utilized by the operating systems hosted on bastion systems.
Question: Use an Internet browser to research symmetric encryption and asymmetric encryption. Peruse at least two Web sites for each term, and then answer the following questions:
- Which type of encryption can be computed more quickly?
Symmetric key can be computed quickly because it requires less processing power than asymmetric encryption.
- How are the two approaches the same? c. How are the two approaches different?
The two approaches are same in the sense that data is encrypted and decrypted using keys at both ends. The difference is that symmetric approach uses secret key while asymmetric approach uses public key.
- How are the two approaches used together to provide a better way to do encryption?
Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.
Question: Use an Internet browser to research digital signature and digital certificate. Peruse at least two Web sites for each term, and then answer the following questions:
- What are the typical components of a digital certificate?
Following are the components of a digital certificate:
A public key and the date it expires, name and email address, company’s name a serial number for the digital identification and certification authority.
- What international standard controls how digital certificates are used?
The international Telecommunications Union (ITU) X.509 standards control how digital certificates are used. Some of the standards are:
Version and serial number, algorithm for the certificate identification, name of the issuer and validity period etc.
- How are digital signatures related to digital certificates?
Both of them are security measures which are different in the manner they are implemented.