School of Computer and Information Science. Secure and High Integrity System (INFT 3002). Workshop 3 Tutor: William Yeoh [email protected] Task: Your group is a small newly formed IT Security Consultancy and recently have been employed on your first case.
School of Computer and Information Science
Secure and High Integrity System (INFT 3002)
Tutor: William Yeoh
5. How can he protect his network? Currently it is a simple LAN, some databases, a mail server and a web server but he wants to add some E-Commerce functionality very soon. What will happen when his staff use wireless enabled PDA’s for the collection of patient data?
6. Why might hackers be attacking his network; why would they be interested in his company?
He wants to add some E-Commerce functionality, How?
Three Tier Architectures
Web Server Layer
- partitioning the internal network from the Internet.
- prevents outside users from getting direct access to sensitive data such as database and legacy information
- as traffic cop adjudicating and managing inbound and outbound traffic flow
- more hacker proof
-IDS evaluates a suspected intrusion and signals an alarm
- load balancing switches can distribute the load equally among the servers.
-the failure of any one machine does not cause a problem
-easy to add capacity in an incremental way
- how well it works with the operating system and other servers,
-its ability to handle server-side programming, security characteristics
- J2EE AS, J2EE platform that enables full leverage Java Servlets, JSPs, EJBs and JMS
- periodical update of virus definition to protect network and prevent Trojan infections
- very large processing capacity, used to serve distributed users and Web application servers in network
- the temporary databases from the operations
Nichols and Lekkas (2002) defined four types:
Looking more specifically at Wireless PDAs, the threats are:
Reasons (& who) for hacking: