Assignment 2 Information Technology Security Architecture

April 2011

Table of Contents 1.0 Abstract ............................................................................................................................... 1 2.0 Introduction ......................................................................................................................... 1 3.0 Design of Security Architecture .......................................................................................... 2 3.1 Defense in Depth .............................................................................................................. 2 3.2 Perimeter Security ............................................................................................................ 3 3.3 Key Technology Components ........................................................................................... 4 3.3.1 Firewall ...................................................................................................................... 4 3.3.2 DMZ ......................................................................................................................... 10 3.3.1 Servers ..................................................................................................................... 11 3.3.1 IDS ............................................................................................................................ 15 3.3.4.1 Host-based IDS ................................................................................................. 15 3.3.4.2 Network-based IDS .......................................................................................... 16 4.0 Policies ............................................................................................................................... 17 4.1 SETA ................................................................................................................................ 17 4.1.1 Security Education ................................................................................................... 18 4.1.2 Security Training ...................................................................................................... 19 4.1.3 Security Awareness ................................................................................................. 19 5.0 Laws ................................................................................................................................... 20 5.1 Federal-level Authorities ................................................................................................ 20 5.2 State-level Investigative Services ................................................................................... 20 5.3 Local-level ....................................................................................................................... 20 6.0 Conclusion ......................................................................................................................... 21 APPENDIX A: ACRONYMS.......................................................................................................... ii APPENDIX B: REFERENCES........................................................................................................ iii

i|Page

Information Technology Security Architecture Law Jia Jge (107587)

1.0 Abstract
IT security architecture can be said to be a new concept to many computer users. Users are usually aware of computer security threats such as viruses, worms, spyware, and other malware. In addition, they might have heard of most of the antivirus programs and firewalls or even experienced most of them. On the other hand, many of them may use IDS. In facts, anti-virus programs, firewalls, and IDS are only the surface of the computer security. They all categorized as reactive measures which try to respond to active threats instead of as proactive measures which anticipate threats. Of course, these applications have their major role played in security field, but are not enough in themselves. Yet, architectural security remains a mystery to most computer users.

2.0 Introduction
Architectural computer security is a subject that fills dozens of books which shows how the security controls are placed and functioned. These security controls are purposely worked for maintaining the systems quality attributes such as confidentiality, integrity, availability, accountability and assurance.
[4]

Security qualities are often not essential in designing systems in order to meet their functional goals. Instead, these security qualities are needed for a given level of assurance that the system will perform to meet the functional requirements that have been defined.
[5]

There are 9 basic principles of security architecture:

[6]

1) Set a security policy for users system and know what is on it 2) Actions should be verifiable 3) Always give the least privilege practical 4) Practice defense in depth
1|Page

Information Technology Security Architecture Law Jia Jge (107587)

5) Auditing the system: keep and review system logs 6) Build to contain intrusions 7) A system is only as strong as its weakest link 8) Locking the barn door after the horse is gone is ineffective 9) Practice full disclosure

3.0 Design of Security Architecture

3.1 Defense in Depth A system is more likely to remain secure as if it is set up to take full advantage of security features like permissions, authentication, and whitelists and blacklists. Defense in depth is an IA strategy in which its implementation of security is in multiple layers. It addresses security vulnerabilities for the duration of systems life cycle. It requires that the company establish sufficient security controls on order to defend the system against certain attacks.
[1][2][5]

This defense in depth is a layering strategy, conceived by the NSA as comprehensive approach to IT security. It is originally a military tactic.
[2]

As professions named it as layered approach, there will be more than one layers constitutes this defense in depth. The layers are as follows: a) Physical security like deadbolt locks b) Perimeter security like firewalls and VPN c) Data security d) Server hardening like authentication and auditing e) Host-based firewall f) Virus protection like antivirus software g) Intrusion prevention such as IDS h) Patch management like security update management These layers of security control can be organized into policy, training and education, and technology.

2|Page

Information Technology Security Architecture Law Jia Jge (107587)

Figure 3.1 Defense in Depth Diagram [3]

3.2 Perimeter Security Perimeter security, or we named it as network perimeter security, defines a set of physical security and programmatic security policies which protect system against any remote malicious activities. In other words, perimeter security is a logical boundary of computer system edge between outer limit organizations security and the start of outside world which surrounds all materials that are controlled and protected by the computer system. Within the perimeter, security domains, also known as areas of trust, can be established in which users can freely communicate. Its drawback is that the perimeter security is unable to protect systems against internal attacks or on-site physical attacks. As to overcome this issue, organizations may implement the physical security perimeter together with the electronic security perimeter.
[1]

Basically, this perimeter security is enforced in few areas like physical access control, cab signing, device management and Microsoft Active Sync .
[1][7][8]

Perimeter security includes components such as border routers, firewalls, IDSs, IPSs, VPN devices, software architecture, and DMZs and screened subnets.
[9]

Figure below shows a design if perimeter with web servers, firewall gateway, mail gateway and HTTP proxy server. We can notice that there is no direct traffic connection between internal network and the Internet and vice versa.
[10]

3|Page

Information Technology Security Architecture Law Jia Jge (107587)

Figure 3.2 Network Perimeter Security [11] and Rules of Thumb for Perimeter Networks [10]
3.3 Key Technology Components

3.3.1 Firewall
Firewall is a device that makes simple decision whether accept or deny against information moving between untrusted network like the Internet and trusted network which known as inside world. It is usually a specially configured separate computer system sometimes might be a software running on router or server, or a separate network containing a number of supporting devices which controls the flow of information among the defined area based in a set if predefined rules. It can be either a single device or a firewall subnet, which consists of multiple firewalls creating a buffer between outer and inner networks.
[1][12][13]

Firewalls can be classified in processing mode, development era or structure.

4|Page

Information Technology Security Architecture Law Jia Jge (107587)

packet filtering firewalls application gateways Processing mode circuite gateways MAC layer firewalls hybrid firewalls 1st - staticpacket filtering firewalls (year 1988) 2nd - application level firewalls / proxy servers Firewalls Development era 3ed - stateful inspection firewalls (year 1989-1990) 4th- dynamic packet filtering firewalls 5th - kernel proxy residential- or commercial-grade devices hardware-based devices Structure software-based devices appliance-based devices

Figure 3.4 Category of Firewalls [12][14]

Firewalls Packet Filtering Firewalls
[12][13][16]

Details Also known as simply filtering firewall Installed on TCP/IP based network Functions at IP level (network layer) Checks the header information of data packet which transport into a network Scan network data packets and look for compliance with or violation of rules of firewalls database Contains restriction combinations o IP source + destination address o Direction (inbound/outbound)
5|Page

Information Technology Security Architecture Law Jia Jge (107587)

o TCP/UDP source + destination port requests 3 subsets o Static Filtering Firewall o Dynamic Filtering Firewall o Stateful Filtering Firewall Benefits o Cheap and fast o Easy to maintain o Widely available in many routers o User knowledge or cooperation is not essential Drawbacks o Come protocols do not suit well with this firewall o Some policies are not readily enforced

Figure 3.5 Packet Filtering Firewall [15]

Application Gateways
[12][13][17][18]

Also known as application-level firewall, application firewall, or proxy server Divided into 2 primary categories: o Network-based application firewalls o Host-based application firewalls

Frequently installed on dedicated computer, but commonly used in conjunction with filtering router Functions at application layer

6|Page

Information Technology Security Architecture Law Jia Jge (107587)

Proxy server evaluates users requests base on its filtering rules Example: firewalls which block response to requests for web pages and services Drawbacks: o Designed for certain protocol only o Slower than Packet Filtering Firewalls o More expensive than Packet Filtering Firewalls o Difficult to be configured or maintain o Restricted to single supplication (since this type of firewall blocks at application layer)

Figure 3.6 Proxy Server [19]

Circuit Gateways[12][20] Often included in the class of application gateways, actually it is different as the application gateways Functions at transport layer Monitors TCP handshaking between data packets Prevent immediate connections between networks Tunnels are created to internet with particular processes on each side of firewall, and then allow authorized traffic only These tunnels are created to support the prevention of direct communications Example : TELNET and NNTP Benefits: o Inexpensive

7|Page

Information Technology Security Architecture Law Jia Jge (107587)

o Able to hide information about the private network which it is protecting Drawback: o Do not filter single or individual packets

Figure 3.7 Application Gateway [21]

MAC Layer Firewall
[12]

Functions at MAC layer (data link layer) Not well-known or widely referenced Filter flows based on specific host computers identity Link MAC addresses of host computers to ACL entries ACL entries identify types of packets which can be sent Posses combination of elements of other categories of firewalls Might consist of 2 separated but connected firewall devices First commercial firewall, DEC SEAL, was a hybrid firewall o Proxies on bastion host + packet filtering on gateway machine

Hybrid Firewalls
[12][22]

Benefit: o Enables addition of new services without replacing the existing firewalls in whole

Kernel Proxy

[12]

Kernel of Windows NT Specialized form which operates under Windows NT Executive Evaluates data packets at multiple layers of protocol stack Check security in kernels as data is transported along the protocol stack Implemented by Cisco in the security kernel of Centri Firewall

8|Page

Information Technology Security Architecture Law Jia Jge (107587)

CommercialGrade Firewall
[12][23]

SVEN enforces security policy which is configured into Kernel Proxy Commercial-grade firewall Considered mandatory on networks that connect to Internet Consists of commercial grade firewall appliances and systems

Commercial-Grade Firewall Appliances Stand alone, self contained system Consists of commercial-grade firewall appliances and systems Possess features of general-purpose computer + firmware-based instructions Firmware-based instruction: Increase appliances reliability and performance Minimize likelihood of being compromised Benefit: Periodically upgraded Sets of firewall rule are stored in non-volatile memory Rules can be changed by technical staff conveniently Drawback: Must be modified using a direct physical connection Can be modified after using extensive authorization and authentication protocols Commercial-Grade Firewall Systems Commercial-grade firewall Install on computer or purchase hardware that has been configured Consist of application software and run on a general-purpose computer Use common network connection to flow data from a network to another SOHO Firewall Appliances
[12]

Also known as broadband gateways or DSL/cable modem routers Residential-grade firewall Install directly on users computer system

9|Page

Information Technology Security Architecture Law Jia Jge (107587)

Serve as a stateful firewall Recently, this appliance can work as packet filtering firewall o Combine features of WAPs and small stackable LAN switches in a singe device

This combination device provides stronger protection to SOHO users Might include others function like: o Port Filtering o Simple IDS o Restrict access to certain MAC addresses

Table 3.1 Types of Firewalls 3.3.2 DMZ

DMZ is defined as a no-man-land between internal and external networks. Another word, it is frequently referred as a buffer against external attacks. Objective of the existence of DMZ is to enhanced security by adding layer of security to organizations LAN.
[1][24]

There are some ways in designing a network with DMZ. Two of the most basic method are with a single firewall and with dual firewalls.
[24]

Figure 3.8 Singe Firewall [24]

Figure 3.9 Dual Firewalls [24]

10 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

DMZ configuration typically gives security from external attacks. Unfortunately, it has no bearing on internal attacks like sniffing communications or spoofing. Services that are offered by DMZ to users on external network include web servers, mail servers, proxy servers, reverse proxy servers, FRP servers, VoIP servers, and DNS servers.

3.3.3 Servers
In computing:
[19]

A computer program which executes as a service in serving the requests of other programs o the same computer A physical computer that runs one or more services in serving the needs other programs on the same network A system like database server, file server, mail server or print server

In computer network: Types of Servers Web Servers

[24][25]

[39]

A program which functions as a socket listener A host that execute one or more programs Details Can be a hardware or software which helps in delivering packets Able to communicate with database servers o Either direct communication or communicate through application firewall Require access to the database server whenever web servers communicate with internal database Features: o Virtual hosting to serve Websites o Large file support that able to serve files whose size is greater than 2GB o Bandwidth throttling to limit speed

11 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

o Server-side scripting to generate dynamic Web pages

Figure 3.10 Web Server [26]

Proxy Servers
[1][24][30]

Also known as cache servers Proxy server is a secure gateway which is use to enable Internet connectivity for IP and IPX based networks Plays role as a gateway for internal users Operations of proxy server are transparent to client computers Services offered: o Packet filtering router o Web proxy o Winsock proxy o Socks proxy o Reverse web proxy

Features: o Tracks Internet usage of user o Limits accessible Websites o Offers proxy array o Provides NAT between private and public network o Caches websites that are requested in frequent o Provides dynamic packet filtering o Provides secure gateway to the Internet and operates as the control point between private and public networks

12 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

Figure 3.11 Proxy Servers [31]

Reverse Proxy Servers
[24][30]

This server is an extra layer of security It is provided by using an applications-level firewall Offers same services as Proxy Servers, but in the other way round Enables internally hosted Web servers to be accessible from public networks such as the Internet Provides indirect access to the internal resources from external network like the Internet

Figure 3.12 Reverse Proxy Server [37]

Mail Servers
[24][27][28]

Mail server is a computer which operates as an electronic post office for e-mail This term is also refer to a computer that is performing the MTA function Functions to pass incoming mail to the secured mail servers

13 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

Also functions to handle outgoing mail

Figure 3.13 Mail Server Authentication [32]

FTP Servers
[34][35][36]

A software which is running on a computer and executing the FTP Can be connected using FTP client and browsers Allows web users to upload or download files to server Blocks access by setting passwords HTTP hosting software is needed in developing FTP server Possesses low hardware requirements, except a large hard drive as the server hosts large numbers of data Fast processing power is not essential

Figure 3.14 Network with Router and FTP Server [38]

DNS Servers [33] This server stores DNS record like address records, name server records, and mail exchanger records It also responds to queries against its database with an answer

14 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

Functions: o Resolution of humanly memorable domain names and hostnames into the respective numeric IP addresses

Figure 3.15 DNS Servers [40] Table 3.2 Types of Servers 3.3.4 IDS
IDS is a software application which monitors system activities for policy violation or malicious activities. It is implemented to detect unauthorized activity within inner network. There are two main types of IDS: Host-based IDS and Networked-based IDS. Both of these IDSs require database of their previous activities.
[1][41]

3.3.4.1 Host-based IDS

This host-based IDS is usually installed on the machine in order to monitor the status of files stored in those particular computers. It is able to create a database as well as maintain a list of common attack signatures. It analyzes system calls, application logs, file-system modifications and other host activities, and detects and identifies attacks. Usually, internals of a computing system will be monitored and analyzed rather the network packets.
[1][41][44]

These are some application-based IDSs are categorized under this category host-based IDS. Example of host-based IDS is OSSEC.
[41]

15 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

Figure 3.16 Host-based IDS [42] 3.3.4.2 Network-based IDS

Network-based IDS is an independent platform. It is used to observe patterns of network traffics. It is then trying to detect some malicious activities like DoS attacks and port scans based on previous baselines. By connecting to a network hub, network switch configured for port mirroring, or network tap, network-based IDS is able to gain access to network traffic.
[1][41]

Sensors are always located at DMZ of network borders in order to capture network traffics and analyze the content of the traffic packets for malicious activities. This type of IDS will create a database of normal activities based on a list of common attacks signatures. The newly developed database is used to compare with future activities.
[1][41]

Network-based IDS works with other systems too. This type of IDS can update firewalls blacklist using the IP addresses of computers used by intruders or attackers.
[45]

Example of network-based IDS is Snort. [41]

16 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

Figure 3.17 Network-based IDS [43]

4.0 Policies
4.1 SETA Among the list of threats to information assets, employee errors are defined as one of the top threats. SETA is a control measure created to reduce the incidences of accidental security breaches in which these breaches are caused by employees of the organizations. SETA stand for Security Education, Training and Awareness. This approach is designed to supplement the general education and training programs which are held to educate staff of certain organization on information security. As a good practice, SETA should be included as one of the program during implementation phase in SDLC. Purposes of the creation of SETA include: a) Enhancing security by improving awareness of the importance in protecting system resources b) Enhancing security by developing skills and knowledge among computer users c) Enhancing security by building in-depth knowledge Try to analyze about the name of SETA, it is actually consists of 3 components: security education, security training, and security awareness.
[1]

17 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

Education Attribute Level Objective Teaching Method Why Insight Understanding Theoretical instruction Discussion seminar Background reading Hands-on practice Test Measure Essay (interpret learning) How

Training

Awareness What Information Exposure Media Videos Newsletter

Knowledge Skill Practical instruction Lecture Case study workshop Posters

Problem solving (apply learning)

True or false Multiple choice (identify learning)

Impact Timeframe

Long-term

Intermediate

Short-term

Table 4.1 Comparative Framework of SETA (from NIST SP800-12) [1] 4.1.1 Security Education
Courses are available in local institutes of higher learning or continuing education. Even formal coursework in information security are available in few hundreds of universities. Instead in doing researches on information security, there are resources available like the NSA-identified Centers of Excellence in Information Assurance Education (http://www.nsa.gov/ia/academic_outreach/nat_cae/index.shtml). Other than that, there are also other resources which provide security education information such as Kennesaw States Center for Information Security Education (http://infosee.kennesaw.edu/).
[1]

18 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

4.1.2 Security Training

This training might provide staffs of the organizations with detailed information and hands-on instruction. All these information help the staffs to prepare themselves in performing their daily tasks securely. It can be either customizing inhouse training or outsourcing the training program. Instead of formal training, industry training conferences and programs can be conducted through professional agencies like SANS (http://www.sans.org/), ISC2 (https://www.isc2.org/), (http://www.gocsi/org/). These programs may be perfect for the continuing education requirements of information security professionals meanwhile the programs are kind of too technical for the average staffs.
[1]

ISSA

(https://www.issa.org/),

and

CSI

4.1.3 Security Awareness

This issue is the least-implement but most beneficial approach among the three programs provided through SETA. Security awareness is designed to secure the information. It is cheap and uncomplicated. Security awareness can be spread in types of forms such as video, newsletters, flyers, bulletin boards, security posters, and trinkets (promotion item). Basically, promoting tasks play an important role in this program. An individual who is willing to put effort and spend time in promoting the program is essential in order to succeed in these security awareness programs. Among all those promoting tactics, newsletter could be the most costeffective one. It can either in hardcopies or softcopies like e-mails. These newsletters could be intranet-based too. The main goal of this security awareness program is to keep the idea of information security in users minds. Without concepts in peoples minds, it is hard to stimulate them to concern about information security. As if this awareness program undergoes in a passive manner, staffs of an organizations might totally neglect the
19 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

existence of the issue of information security. Consequently, risk of employee accidents and failures would likely to be increased.
[1]

5.0 Laws
Selection level of law enforcement is all depends on the part of type of crime suspected. These levels can be classified as federal-level, state-level, and local-level. 5.1 Federal-level Authorities Federal agencies: Federal
[1]

Bureau

of

Investigation:

Computer

crimes

which

are

categorized as felonies. FBI Computer Intrusion Squad: Investigate cyber-based attacks like intrusion and DoS. U.S. Secret Service: Crimes involving U.S. currency, counterfeiting, credit cards, and identity theft. U.S. Treasury Department: Possess a Bank Fraud Investigation Unit. Securities and Exchange Commission: Possess Investigation and Fraud Control Unit. 5.2 State-level Investigate Services Lots of states have their own FBI which arrests individuals, distributes warrant, and enforces laws that regulate properties owned by the state agency. In addition, these FBI will assist local law enforcement officials in enforcing state laws. For example, FBI in Georgia is known as Georgia Bureau of Investigation (GBI). 5.3 Local-level It is possible for each country and city has its own law enforcement agency. These agencies enforce local and state laws. Usually, local law enforcement agencies are responsible in investigating and processing crime scenes instead of building a computer crimes task force. Local law enforcement agencies would only handle
[1]

20 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

some common criminal activities. For example, physical theft or trespassing, damage to property, and apprehension and processing of suspects of cyber crimes.
[1]

6.0 Conclusion
In reality, there are still a lot of people who do not aware the importance of IT security as well as the impacts bring by the consequent of IT security violation. It is so common that most of the computer users realize the existence of viruses and worms and able to function the antivirus software which are installed in their computers. In facts, this knowledge does not essential for computer users in protecting their systems data as well as their personal or private information. In order to protect our computer system, we should really learn more on the security architecture. By understanding this architecture, we can know more about computer defends and how they really work to protect our computer systems. To conclude, SETA should be applied to every computer users to reduce the risks of being attack by cyber attackers. Even thought SETA unable to guarantee computer users can be totally free from cyber risks, at least the computer users can reduce their risk in facing attacks.

21 | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

APPENDIX A: ACRONYMS
1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) 13) 14) 15) 16) 17) 18) 19) 20) 21) 22) 23) 24) 25) 26) 27) 28) 29) 30) 31) 32) 33) 34) 35) 36) 37) IT: Information Technology IDS: Intrusion Detection System IA: Information Assurance NSA: National Security Agency VPN: Virtual Private Networks IPS: Intrusion Prevention Systems DMZ: Demilitarized Zones HTTP: Hypertext Transfer Protocol MAC: Media Access Control TCP/IP: Transmission Control Protocol/Internet Protocol IP: Internet Protocol TCP: Transmission Control Protocol UDP: User Datagram Protocol NNTP: Network News Transfer Protocol ACL: Access Control List SVEN: Security Verification Engine SOHO: Small Office/Home Office DSL: Digital Subscriber Line WAP: Wireless Access Point LAN: Local Area Network FTP: File Transfer Protocol VoIP: Voice over Internet Protocol (Voice over IP) DNS: Domain Name System GB: Gigabytes E-mail: Electronic Mail MTA: Mail Transfer Agent IPX: Internetwork Packet Exchange NAT: Network Address Exchange DoS: Denial of Service SDLC: Software Development Life Cycle NSA: National Security Agency SANS: System Administration, Networking and Security Institute ISC2: International Information Systems Security Certification Consortium ISSA: International Social Security Awareness CSI: Computer Security Institute FBI: Federal Bureau of Investigation U.S.: United States

ii | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

APPENDIX B: REFERENCES
[1] Michael E. Whitman and Herbett J. Mattord, Planning for Security, Principles of Information Security, Second Edition, 2005 Course Technology, Boston, MA, pp. 199-234 [2] Defense in Depth (Computing), http://en.wikipedia.org/wiki/Defense_in_depth_(computing) (Retrieved 8th April 2012) [3] Defense in Depth Diagram, http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/ipcc_enterprise/srnd/7x/c7 scurty.html (Retrieved 8th April 2012) [4] IT Security Architecture, http://www.opensecurityarchitecture.org/cms/definitions/it-security-architecture (Retrieved 8th April 2012) [5] Security Architecture, 2011, http://en.wikipedia.org/wiki/Security_architecture (Retrieved 8th April 2012) [6] Bruce Byfield, Nine Principles of Security Architecture, 2005, http://www.linux.com/archieve/feed/49803 (Retrieved 8th April 2012) [7] MSDN Microsoft, Perimeter Security, 2010, http://msdn.microsoft.com/en-us/library/bb416253.aspx (Retrieved 8th April 2012) [8] McGraw-Hill Companies, Inc, Security Perimeter, McGraw-Hill Dictionary of Scientific and Technical Terms, McGraw-Hill Science & Technology Dictionary, http://www.answers.com/security-perimeter (Retrieved 8th April 2012) [9] informIT, Perimeter Security Fundamentals, 2005, http://www.informit.com/articles/article.aspx?p=376256 (Retrieved 8th April 2012) [10] Stefan Norberg, Windows NT/2000 Security, Securing Windows NT/2000 for Servers for Internet http://oreilly.com/catalog/securwinserv/chapter/ch01.html (Retrieved 8th April 2012) [11] Figure of Network Perimeter Security, http://oreilly.com/catalog/securwinserv/chapter/ch01.html (Retrieved 8th April 2012) [12] Michael E. Whitman and Herbett J. Mattrod, Security Technology: Firewalls and VPNs, Principles of Information Security, Second Edition, 2005 Course Technology, Boston, MA, pp. 241-277 [13] Packet Filtering Firewall, http://www.bglug.ca/articles/packet_filtering_firewall.pdf [10] Stefan Norberg, Windows NT/2000 Security, Securing Windows NT/2000 for Servers for Internet http://oreilly.com/catalog/securwinserv/chapter/ch01.html (Retrieved 9th April 2012) [14] Firewall (computing), 2011, http://en.wikipedia.org/wiki/Firewall_(computing) (Retrieved 9th April 2012) [15] Figure of Packet Filtering Firewall, http://www.diablotin.com/librairie/networking/firewall/figs/fire0601.gif (Retrieved 9th April 2012) [16] Packet Filtering, Building Internet Firewalls, http://www.diablotin.com/libairie/networking/firewall/ch06_01.htm (Retrieved 9th April 2012) [17] Proxy Server, 2011, http://en.wikipedia.org/wiki/Proxy_server (Retrieved 9th April 2012) [18] Application Firewall, 2011, http://en.wikiepdia.org/wiki/Application_layer_firewall (Retrieved 9th April 2012) [19] Figure of Proxy Server, http://www.google.com.my/imgres?start=21&num=10&hl=en&safe=off&gbv=2&biw=1366&bih=610&tbm=isc h&tbnid=XVJZ3Ks66KlGHM:&imgrefurl=http://basichackingskills.wordpress.com/category/proxy-server2/&docid=7O6dRAzGORJFfM&imgurl=http://basichackingskills.files.wordpress.com/2012/02/secure-

iii | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

proxy.gif&w=454&h=283&ei=EGCCT4vDFMHqrQe1_bmHBg&zoom=1&iact=hc&vpx=215&vpy=322&dur=4311 &hovh=177&hovw=284&tx=188&ty=142&sig=111700810823031729528&page=2&tbnh=106&tbnw=170&nds p=25&ved=1t:429,r:19,s:21,i:46 (Retrieved 9th April 2012) [20] Circuit-Level Gateway, 2011, http://en.wikiepdia.org/wiki/Circuit-Level_Gateway (Retrieved 9th April 2012) [21] Figure of Application Gateway, http://www.google.com.my/imgres?start=18&num=10&hl=en&safe=off&gbv=2&biw=1366&bih=653&tbm=isc h&tbnid=AExhzE6Yz1vhQM:&imgrefurl=http://dany-distro.blogspot.com/2010/06/firewall-is-way-ormechanismthat.html&docid=URD6L_TJojf8wM&imgurl=http://4.bp.blogspot.com/_etRL2ymowE4/TBGtpqYCehI/AAAAAA AAAA8/7ZihOxeKd5Y/s1600/untitled.JPG&w=592&h=330&ei=aWWCT7qJGM7wrQfUxtn5BQ&zoom=1&iact=hc &vpx=544&vpy=375&dur=8044&hovh=167&hovw=301&tx=179&ty=150&sig=111700810823031729528&page =2&tbnh=117&tbnw=209&ndsp=24&ved=1t:429,r:2,s:18,i:9 (Retrieved 9th April 2012) [22] Fredrick M. Avolio, Firewalls and Internet Security, The Internet Protocol Journal, Vol. 2, No.2, 1999, http://www.cisco.com/web/about/ac123/ac147/ac200/about_cisco_ipi_archive_article09186a00800c85ae.ht ml (Retrieved 9th April 2012) [23] Ed Tittel, Security Spotlight: Commercial-Grade Firewalls, Certification Magazine, 2003, http://www.certmag.com/read.php?in=234 (Retrieved 9th April 2012) [24] DMZ (Computing), 2011, http://en.wikipedia.org/wiki/DMZ_(computing) (Retrieved 9th April 2012) [25] Web Server, 2011, http://en.wikipedia.org/wiki/Web_server (Retrieved 9th April 2012) [26] Figure of Web Server, http://www.google.com.my/imgres?um=1&hl=en&safe=off&sa=N&biw=1366&bih=610&tbm=isch&tbnid=vkFo9_u82DtbM:&imgrefurl=http://www.visualbuilder.com/jsp/tutorial/introduction-tojsp/&docid=THM5kScgidbaFM&imgurl=http://www.visualbuilder.com/UserFiles/articles30661/jsp_tut_JSP_ins ide.gif&w=590&h=463&ei=O2CT82PNIK0rAeykKzSBQ&zoom=1&iact=hc&vpx=883&vpy=206&dur=736&hovh=199&hovw=253&tx=124&ty=1 14&sig=111700810823031729528&page=2&tbnh=130&tbnw=166&start=21&ndsp=25&ved=1t:429,r:4,s:21,i:1 90 (Retrieved 9th April 2012) [27] R. Kayne and O. Wallace, What is A Mail Server, 2011, http://www.wisegeek.com/what-is-a-mailserver.htm (Retrieved 9th April 2012) [28] Message Transfer Agent, 2011, http://en.wikipedia.org/wiki/Message_transfer_agent (Retrieved 9th April 2012) [30] Understanding Proxy Server, http://www.tech-faq.com/understanding-proxy-server.html (Retrieved 9th April 2012) [31] Figure of Proxy Server, http://www.google.com.my/imgres?start=21&num=10&um=1&hl=en&safe=off&biw=1366&bih=610&addh=3 6&tbm=isch&tbnid=zLP0DKFnuGcgvM:&imgrefurl=http://skproxy.com/how-works-proxyserver.php&docid=j6aau1Ix6HquVM&imgurl=http://skproxy.com/images/about-proxyserver.jpg&w=341&h=309&ei=m3CCT6OENsasrAfalu3LBQ&zoom=1&iact=hc&vpx=123&vpy=207&dur=342&h ovh=136&hovw=151&tx=130&ty=116&sig=111700810823031729528&page=2&tbnh=132&tbnw=146&ndsp=2 4&ved=1t:429,r:0,s:21,i:5 (Retrieved 9th April 2012) [32] Figure of Mail Server, http://www.google.com.my/imgres?num=10&um=1&hl=en&safe=off&biw=1366&bih=610&tbm=isch&tbnid=f xIMIsu9BXq89M:&imgrefurl=http://www.technicalinfo.net/papers/Phishing2.html&docid=ALnaZ5a6CMZFoM &imgurl=http://www.technicalinfo.net/papers/images/WP.MailServerValidation.SecureSMTP.png&w=815&h= 531&ei=qHKCT7_-

iv | P a g e

Information Technology Security Architecture Law Jia Jge (107587)

OoXnrAf34azKBQ&zoom=1&iact=rc&dur=237&sig=111700810823031729528&sqi=2&page=1&tbnh=112&tbn w=172&start=0&ndsp=22&ved=1t:429,r:1,s:0,i:66&tx=92&ty=37 (Retrieved 9th April 2012) [33] Name Server, 2011, http://en.wikipedia.org/wiki/DNS_server (Retrieved 9th April 2012) [34] Lysis (eHow Contributor), FTP Server Definition, http://www.ehow.com/about_5369228_ftp-serverdefinition.html (Retrieved 9th April 2012) [35] FTP Server, http://www.webopedia.com/TERM/F/FTP_Server.html (Retrieved 9th April 2012) [36] FTP Server Definition, http://www.wordiq.co,/definition/FTP_server (Retrieved 9th April 2012) [37] Figure of Reverse Proxy Server, http://www.google.com.my/imgres?um=1&hl=en&safe=off&biw=1366&bih=610&tbm=isch&tbnid=cG_6nLxNt 9iAZM:&imgrefurl=http://docs.oracle.com/cd/E19146-01/8210793/ghquv/index.html&docid=CiW08EH1UXSvVM&imgurl=http://docs.oracle.com/cd/E19146-01/8210793/images/Reverse_Proxy_setup.gif&w=421&h=451&ei=u3GCT5K6A87KrAevjO3pBQ&zoom=1&iact=hc&vp x=447&vpy=30&dur=517&hovh=232&hovw=217&tx=92&ty=143&sig=111700810823031729528&page=1&tbn h=129&tbnw=120&start=0&ndsp=21&ved=1t:429,r:2,s:0,i:68 (Retrieved 9th April 2012) [38] Figure of FTP Server, http://www.google.com.my/imgres?um=1&hl=en&safe=off&biw=1366&bih=610&tbm=isch&tbnid=yt470X0O Keyk7M:&imgrefurl=http://technicallyeasy.net/2007/07/connecting-multiple-computersto/&docid=yTOZpXlZPzQX-M&imgurl=http://d2dl5b0eif28ct.cloudfront.net/wpcontent/uploads/2007/07/network-withrouter.gif&w=345&h=247&ei=pXOCT_CyC4nVrQeo0cH6BQ&zoom=1&iact=hc&vpx=458&vpy=317&dur=289& hovh=133&hovw=185&tx=110&ty=188&sig=111700810823031729528&page=2&tbnh=120&tbnw=168&start= 21&ndsp=28&ved=1t:429,r:16,s:21,i:148 (Retrieved 9th April 2012) [39] Server (Computing), 2011, http://en.wikipedia.org/wiki/Server_(computing) (Retrieved 9th April 2012) [40] Figure of DNS Server, http://www.google.com.my/imgres?um=1&hl=en&safe=off&biw=1366&bih=610&tbm=isch&tbnid=aOuZj205apk9M:&imgrefurl=http://securitytnt.com/dns-amplificationattack/&docid=0NbEwzccoveA_M&imgurl=http://securitytnt.com/wp-content/uploads/2007/02/dnsrecrussion-big.jpg&w=750&h=594&ei=a3WCTHONMbNrQf97eDNBQ&zoom=1&iact=hc&vpx=121&vpy=207&dur=384&hovh=162&hovw=204&tx=157&ty=7 8&sig=111700810823031729528&page=1&tbnh=117&tbnw=148&start=0&ndsp=24&ved=1t:429,r:0,s:0,i:67 (Retrieved 9th April 2012) [41] Intrusion Detection System, 2011, http://en.wikipedia.org/wiki/Intrusion_detection_system (Retrieved 9th April 2012) [42] Figure of Host-based IDS, http://www.google.com.my/imgres?hl=en&safe=off&sa=X&biw=1366&bih=653&tbm=isch&prmd=imvns&tbni d=L156Oi5VzUi3eM:&imgrefurl=http://cryptoagi.blogspot.com/2010/05/intrution-detectionsystem.html&docid=bxBwPwGx9JTrCM&imgurl=http://3.bp.blogspot.com/_MnPAZpz_WzY/S_s8SoTjjOI/AAAA AAAAAGI/lu22rlKTKuE/s1600/hbids.png&w=519&h=424&ei=FMWCT_3oA4y3rAfVofjwBQ&zoom=1&iact=hc&v px=182&vpy=203&dur=1534&hovh=203&hovw=248&tx=116&ty=116&sig=111700810823031729528&page=1 &tbnh=141&tbnw=172&start=0&ndsp=18&ved=1t:429,r:6,s:0,i:79 (Retrieved 9th April 2012) [43] Figure of Network-based IDS, http://www.google.com.my/imgres?hl=en&safe=off&biw=1366&bih=610&tbm=isch&tbnid=7xdlccvxeXY54M: &imgrefurl=http://akbar-pourshabanan.blogspot.com/2011/05/intrusion-detection-systemids.html&docid=NWautgvqSFLZaM&imgurl=http://3.bp.blogspot.com/5vXm4OkHncY/Tb69AhYjjUI/AAAAAAAAAAU/_yVfvYzM7L8/s320/ids.jpg&w=320&h=239&ei=0MeCT4GgB4Tkr AfLlt2GBg&zoom=1&iact=hc&vpx=308&vpy=260&dur=123&hovh=191&hovw=256&tx=95&ty=89&sig=111700 810823031729528&page=3&tbnh=128&tbnw=171&start=44&ndsp=25&ved=1t:429,r:1,s:44,i:167

v|Page

Information Technology Security Architecture Law Jia Jge (107587)

[44] Host-based Intrusion Detection System, 2011, http://en.wikipedia.org/wiki/Hostbased_intrusion_detection_system (Retrieved 9th April 2012) [45] Network Intrusion Detection System, 2011, http://en.wikipedia.org/wiki/Network_intrusion_detection_system (Retrieved 9th April 2012)

vi | P a g e