Friday, 10 March 2017

Cloud Computing

Its an extension and evaluation for virtualization concept,  Cloud Computing is a popular term referring where data  storage and process are performed in an unknown place,accessing cloud network can be done through Internet, Its alternative for having our traditional IT infrastructure in our local lan environment to an unknown place, thus reducing the cost of our data center infrastructure and its maintenance.

As it have some flaws also, as the datas are stored in unknown environment security is the main concern, we should have a strong SLA(service level agreement) for down time and data security.secondly we should have a strong internet bandwidth consumption also.

Some of the service of cloud computing are :

  • Platform-as-a-Service : it's a concept of providing a computing platform and solution for software in the virtual cloud environment

  • Software-as-a-Service : it’s a concept of providing a software as service google drive, Microsoft office 365 all fall on this categories, microsoft already replaced its exchange server concept with 365 as the corporate email service will be done through 365(as software as a service).

  • Infrastructure-as-a-service: it’s a concept of providing or outsourcing full infrastructure to the cloud environment. Famous amazon AWS, Microsoft azure, google compute engine are all the famous service providers of Infrastructure-as-a-service and most of the corporate are moving to IaaS service environment

Thursday, 9 March 2017

BYOD(Bring Your Own Devices)

Bring Your Own Devices is a new service, which is an increasing trend hitting in Business, the concept is employee can bring their own devices to the Business entity. As the emergence of smartphone system has made the corporate to accept user can use their own devices in business Environment.

Smartphone is the best example for BYOD devices, other than BYOD, BYOC (Bring your Own Computer), BYOL (Bring your own Laptop) are some of the similar services are also emergence with BYOD.

Security risk for BYOD is very high, as users are allowing to accesses corporate network result in security attack and breaches. High restricting security policy will minimize the risk in corporate network.

·         A well training to the users about the value of the data to provide for the BYOD users, such Business Impact if their devices is not full secured.

·         Policy should be made for data ownership even though their devices having personal data, having ownership like remote wiping to factory default setting of the stolen devices which is under BYOD policy.

·         Patch management, for those BYOD devices updating of Patch file should be done only by the management approach only, like the administrator have check the positive and negative site of the batch and recommend for new update.

·           If the devices are under violation or illegal activates, it should be clearly mentioned to the users about legal investigation of the devices.

·          Antivirus management also maintained through the policy, BYOD devices users should install recommended antivirus software in order to have a secure environment.

·         There should be clear concern about camera and video, as some company will not allow the users to take pictures and videos of their environment this should be clearly mentioned.

·         Finally, the users should accept the policy required by the office, else should not allow the BYOD devices to the offices.

Wednesday, 8 March 2017

Firewall - Part 2

Firewall had undergone lot of changes with added services, today let us see the generation of firewalls and its futures.

First generation firewall:

First generation firewall is a packet filter firewall, it will check network addresses and ports of the packet to decide, weather the packet should be blocked or allowed.
Packets are on the layer 3, which means most of the networks are done between physical and network layers, it will inspect the traffic flow and check weather to block or allow the traffic. For example, if the rule in the firewall for blocking telnet it will filter the port number 23 to block the traffic.

Second generation firewall:
It’s a state full firewall, second generation firewall perform the work of same first generation firewall, but operate on transport layer. It will keep the packet until enough information is made to judge about it state, this process is known as state full inspection.

Third generation or Next- generation firewall:

The main success of the firewall is application layer filtering, means it can understand certain application and its protocols such FTP, DNS, HTTP.
It’s also called as next generation firewall after 2012 itself.

Based on its services and its evaluation, firewall is divided into four types
·         Static Packet filtering firewall
·         Application level gateway firewall or Proxy firewall
·         Circuit level gateway firewall
·         Stateful inspection firewall

Wednesday, 1 March 2017

Firewall Part -1

Dear Friends ,in our previous threat we looked about securing of data i.e privilege classification, securing of data in stored environment, securing of data while in communication.

Today let us look about function and evaluation of firewall . Firewall in network terms connecting private secure network with secure public network to outside world through a secured environment. Secondly it has great impact on controlling IPV4 public IP addresses.before we are going into deep about firewall technology. Let us have a basic understanding of IP addresses and ports  

IP address : its an a internet  protocol address assigned for all networking devices, devices will communicate with their assigned  ip address. It's a 32-bit address . As per IANA ( Internet Assigned Numbers Authority) has segregated public and private IP addresses.

Public IP address: Public ip addresses are globally assigned unique IP addresses used for networking devices to communicate with global network.

Private IP address: Private IP address are assigned internally to an organisation, but when its need to communicate globally its needs public IP address.  Below are ranges of IP address and its classes instructed by IANA to use as private  IP ranges.

RFC1918 name
IP address range
number of addresses
24-bit block –
20-bit block –
16-bit block –

Due to the lack availability of unique public IPV4 addresses leads to the development of IPV6, due to the lack availability of public ranges leads to formation of NAT/ PAT concepts .

What is nat , as all we know all the devices need an unique public ip address to communicate with outside globally, how about private IP ranges here the NAT concept is raised Network address Translation means Translating private IP into public IP address. This translation part will be done firewall and what about a group of private IP addresses ? this can be done by translating using single public IP with port address  , it's known as port address translation PAT.

Now lets come back to our firewall discussion, as we discussed previously firewall will act as inter-mediator with private internal network with communicating with external global network with IANA assigned public IP addresses .

Thus your internal network ranges will never know to the outsider, it's a type of securing our internal networks.

Default rule for firewall is internal users can able to access outside network without any restricted, whereas the restricted outside users only can able to access our Internal network, with the certain rules for allowing and denying, commonly it's referred as ACL it will be deny by default .

Due to advanced in technology, firewall also underwent serious of changes with the added functionality. Let us discuss about generation growth of firewall technology on next threat.