Internet Security & IP Security (IPSec)


English: Encapsulating one IP packet in anothe...
English: Encapsulating one IP packet in another IP packet (Photo credit: Wikipedia)
Internet Security is the securing web server and client (browser) from the possible attacks over the Wide Area Networks or Internet. Internet security is a type of Computer Security or the network Security. It includes mainly specific security protocols like IPSec (Internet Security Protocol), SSL (Secure Socket Layer) or TSL (Transport Layer Security). Internet Security also describes about PGP (Pretty Good Privacy) which is designed to create authenticated and confidential e-mails. It also discuss about Firewalls and Antivirus Programs.


# IP Security (IPSec)


IP Security (IPSec) is collection of protocols designed by Internet Engineering Task Force (IETF) to provide security for a packet at the network level. It helps to create authenticated and confidential packets for the IP layer. IPSec operates in one of the following two modes.


i) Transport Mode


In this mode, IPSec protects what is delivered from the transport layer to the network layer. i.e. the transport mode protects the network layer payload, the payload to be encapsulated in the network layer. This mode does not protect the IP header, i.e. it protects only the packet from the transport layer. In this mode, the IPSec header and trailer are added to the information coming from the transport layer. The IP header is added later. This mode is normally used when we need host-to-host protection of data. The sending host uses IPSec to authenticate and / or encrypt the payload delivered from the transport layer. The receiving host uses IPSec to check the authentication and / or decrypt the IP Packet and deliver it to the transport layer.


ii) Tunnel Mode

 

Internet Security & IP Security



Tunneling or encapsulation is a common technique in packet-switched networks. It consists of wrapping a packet in a new one. That is, a new header is attached to the original packet. The entire original packet becomes the payload of the new one, as shown in Figure. In this mode, IPSec protects the entire IP Packet. It takes an IP packet including the header, applies IPSec security methods to the entire Packet, and then adds a new IP header. The new IP header has different information than the original IP Header.

In general, tunneling is used to carry traffic of one protocol over a network that does not support that protocol directly. For example, NetBIOS or IPX can be encapsulated in IP to carry it over a TCP/IP WAN link. In the case of IPSec, IP is tunneled through IP for a slightly different purpose: To provide total protection, including the header of the encapsulated Packet. Tunneling requires intermediate processing of the original packet while en-route. The destination specified in the outer header, usually and IPSec firewall of router, receives the tunneled packet, extracts the original packet, and sends it to the ultimate destination. The processing cost is compensated by the extra security. A notable advantage of IP tunneling is the possibility to exchange packets with private IP addresses between two intranets over the public Internet, which requires globally unique addresses.


The IPsec framework has three main components, Authentication Header(AH), Encapsulating Security Payload (ESP) and Internet Key Exchange (IKE).


Authentication Header (AH)


AH is used to provide integrity and authentication of IP datagrams. Replay protection is also possible. Although its usage is optional, the replay protection service must be implemented by any IPsec compliant system. The services are connectionless, they work on a per-packet basis. AH is used in two modes, transport mode and tunnel mode.


Encapsulating Security Payload (ESP)

 

English: IP packet with IPsec ESP
English: IP packet with IPsec ESP  (Photo credit: Wikipedia)
ESP is used to provide integrity check, authentication and encryption to IP datagrams. Optional replay protection is also possible. These services are connectionless, in that they operate on a per-packet basis. Encryption can be selected independently of other services. It is highly recommended that, if encryption is enabled, integrity check and authentication be turned on. Like AH, ESP can be used in two ways: Transport mode and tunnel mode.


Internet Key Exchange Protocol (IKE)


The internet Key Exchange (IKE) framework, previously referred to as ISAKMP/Oakley, supports automated negotiation of security Associations, and automated generation and refresh of cryptographic keys. The ability to perform these functions with little or no manual configuration of machines is a critical element to any enterprise-scale IPsec deployment. Internet security association and key management protocol (ISAKMP) is a framework that defines the management of security associations (negotiable, modify, delete) and keys, and it also defines the payloads for exchanging key generation and authentication data. Internet Key exchange (IKE) is a protocol that uses parts of ISAKMP and the Oakley and SKEME key exchange protocols to provide management of keys and security associations for the IPsec AH and ESP protocols and ISAKMP itself.


# Secure Socket Layer (SSL)




You Might also view the following Related Posts 

For more Posts: Click Here

Solved MCQ of System Analysis and Design Set-3


 Q.1 A ……………… system in no more than idea.
A) Conceptual
B) Logical
C) Physical
D) None

Q.2 Design Phase consists of …………………….
1.       Identity the functions to be performed
2.       Design the input/output and file design
3.       Defining basic parameters for system design
A) 1 & 2
B) 2 & 3
C) 1 & 3
D) 1, 2 & 3


Q.3 A context diagram
A) Describes the context of a system
B) is a DFD which gives an overview of the system
C) is a detailed description of a system
D) is not used in drawing a detailed DFD

Q. 4 HIPO stand for
A) Hierarchy input process output
B) Hierarchy input plus output
C) Hierarchy plus input process output
D) Hierarchy input output Process

Q.5 Statement of scope and objectives, opportunities and performance criteria ………….
A) Problem definition
B) System analysis
C) System Design
D) Documentation

Q.6 Information can be categorized into …………….
1.       Environmental information
2.       Competitive information
3.       Government information
4.       Internal information
A) 1, 2 & 3
B) 1, 2 & 4
C) 2, 3 & 4
D) 1, 3 & 4

Q.7 System Development process is also called as ……………..
A) System Development Life Cycle
B) System Life Cycle
C) Both A and B
D) System Process Cycle

Q.8 The output of problem definition stage is ……………..
A) Master Development Plan
B) Terms of reference
C) Feasibility report
D) Final product

Q.9 Advantages of system flowcharts ………………….
A) Effective communication
B) Effective analysis
C) Queasier group or relationships
D) All A, B, C

Q.10 Based on the identification of objectives, input, output and file content, the vital document is called …
A) System Definition
B) System Document
C) System Requirement Document
D) System Subject

Q.11 A context diagram is used
A) as the first step in developing a detailed DFD of a system
B) in systems analysis of very complex systems
C) as an aid to system design
D) as an aid to programmer

Q.12 Which of the following is/are the sources for project requests?
A) Request from Department managers
B) Request from senior executives
C) Request from system Analyst
D) All of the above

Q.13 DDS stands for …………………
A) Data Data Systems
B) Data Digital System
C) Data Dictionary Systems
D) Digital Data Service

Q.14 ………….. Phase is a time consuming phase and yet a very crucial phase
A) Feasibility Study
B) Requirement Phase
C) Analysis Phase
D) Testing Phase

Q.15 A DFD is normally leveled as
A) It is a good idea in design
B) It is recommended by many experts
C) it is easy to do it
D) It is easier to read and understand a number of smaller DFDs than one large DFD

Q.16 ………………. is responsible for all aspects of data processing, operation research, organization and method, system analysis and design investments.
A) Management Services Director
B) Data Processing Manager
C) Computer Manager
D) Both B and C

Q.17 ……………… is a tabular method for describing the logic of the decisions to be taken.
A) Decision tables
B) Decision tree
C) Decision Method
D) Decision Data

Q.18 In ……………… system the interaction between various subsystems cannot be defined with certainty
A) Open System
B) Closed System
C) Deterministic System
D) Probabilistic System

Q. 19 State True or False.
1.       Term of reference is the final output of Feasibility Study
2.       Design specification report is the final output of System Analysis
A) 1-true, 2-true
B) 1-false, 2-true
C) 1-true, 2-false
D) 1-false, 2-false

Q.20 The key considerations involved in the feasibility analysis is include
i) Economical      ii) Technical         iii) Behavioral     iv) Personal
A) i, ii, iv              
B) i, ii, iii
C) ii, iii, iv
D) All of the above

Answers:
1.       A) Conceptual
2.       D) 1, 2 & 3
3.       B) is a DFD which .... of the system
4.       A) Hierarchy input process output
5.       A) Problem definition
6.       B) 1, 2 & 4
7.       A) System Development Life Cycle
8.       B) Terms of reference
9.       D) All A, B, C
10.   B) System Document
11.   A) as the first step ... DFD of a system
12.   D) All of the above
13.   C) Data Dictionary Systems
14.   C) Analysis Phase
15.   D) It is easier to ..... one large DFD
16.   A) Management Services Director
17.   A) Decision tables
18.   D) Probabilistic System
19.   D) 1-false, 2-false
20.   B) i, ii, iii

Solved MCQ of System Analysis and Design Set-2


Q.1 ………… is a sort of blueprint of the system Development Effort.
A) MDP
B) DMP
C) MPD
D) DPM

Q. 2 Data store in a DFD represents.
A) a sequential file
B) a disk store
C) a repository of data
D) a random access memory


Q.3 …………… system consists of programs, data files and documentation
A) Conceptual
B) Logical
C) Physical
D) None of the above

Q.4 …………… is a good example of deterministic system.
A) Life cycle
B) Computer Program
C) Software Program
D) None of the above

Q.5 The main ingredient of the report documenting the ……………… is the cost benefit analysis.
A) System Analysis
B) Feasibility Study
C) System Analyst
D) System Design

Q.6  A data flow can
A) Only a data store
B) Only leave a data store
C) Enter or leave a data Store
D) Either enter or leave a data store but not both

Q.7  Changing the relationship with and services provided to customers in such a way that they will not think of changing suppliers is called ………….
A) Lock in customers
B) Lock out customers
C) Lock in competitors
D) Lock out competitors

Q.8  …………… can be defined as data that has been processed into a form that is meaningful to the recipient and is of real or perceived value in current or prospective decisions.
A) Information
B) Data collection
C) Internal data
D) Sample data

Q.9  Increased volume of sales is an example of ………….…. Benefit. Reduction of bad debts is an example of ………..
A) Tangible, Intangible
B) Tangible, Tangible
C) Intangible, Tangible
D) Intangible, Intangible

Q.10  A data cannot flow between a store and
i) a store              ii) a process        iii) an external entity

A) i and iii
B) i and ii
C) ii and iii
D) ii

Answers:
1.       A) MDP
2.       C) a repository of data
3.       C) Physical
4.       B) Computer Program
5.       B) Feasibility Study

6.       C) Enter or leave a data Store
7.       A) Lock in customers
8.       A) Information
9.       D) Intangible, Intangible
10.   A) i and iii

Solved MCQ of System Analysis and Design Set-1

Q. 1 …………………………. is an important factor of management information system.
A) System
B) Data
C) Process
D) All

Q.2  Which are the following is / are the level(s) of documentation?
A) Documentation for management
B) Documentation for user
C) Documentation for data processing department
D) All of the above


Q.3 ………………………….. level supply information to strategic tier for the use of top management.
A) Operational
B) Environmental
C) Competitive
D) Tactical

Q.4  In a DFD external entities are represented by a
A) Rectangle
B) Ellipse
C) Diamond shaped box
D) Circle
Q.5  …………… can be defined as data that has been processed into a form that is meaningful to the recipient and is of real or perceive value in current or prospective decisions.
A) System
B) Information
C) Technology
D) Service
Q.6 Use the new system as the same time as the old system to compare the results. This is known as ……
A) Procedure Writing
B) Simultaneous processing
C) Parallel Operation
D) File Conversion

Q.7 Decision making model was proposed by ………………….
A) Harry Goode
B) Herbert A Simon
C) Recon Michal
D) None of this

Q.8 A data flow can
A) Only emanate from an external entity
B) Only terminate in an external entity
C) May emanate and terminate in an external entity
D) May either emanate or terminate in an external entity but not both

Q. 9 …………… can be defined as most recent and perhaps the most comprehensive technique for solving computer problems.
A) System Analysis
B) System Data
C) System Procedure
D) System Record

Q.10 SDLC stands for
A) System Development Life Cycle
B) Structure Design Life Cycle
C) System Design Life Cycle
D) Structure development Life Cycle



Answers:
1.       A) System
2.       D) All of the above
3.       D) Tactical
4.       A) Rectangle
5.       B) Information

6.       C) Parallel Operation
7.       B) Herbert A Simon
8.       C) May emanate and ………entity
9.       A) System Analysis
10.   A) System Development Life Cycle

Relational Database Management System (RDBMS)

      A relational database management system (RDBMS) is a database management system (DBMS) that is based on relational model. It is the information that is stored database is related to import and export information each other. It acts as an interface between the user and the data. It ensures that the data is kept in a compact and consistent format, and allow the user to ask a wide range of questions about the data. A DBMS can be described by the view of the data it presents to the user.

 Key terms used in RDBMS
Query: A query is a small command or program given to a database system instructing it how to manipulate some data from a database.

Example: SELECT * FROM tbl_std;

Relation: A relational database consists of a set of two-dimensional tables termed relations. All the data in the database is contained entirely within such tables. Each relation in the database has a unique name so that it can be identified.

Example: An example of relation is shown here. It relates the names of the students and the marks obtained by them.

Students name
Mathematics
Science
Jems
88
67
Nikki
68
69
Ram
82
87


Domain: A column of data from such a relation is called a domain. Thus a domain represents a "vertical slice “of a relation. Each domain in a relation has a unique name. A domain is constrained to hold one particular type of data.
Example: Using example of the above relation, the domain Mathematics is shown here.

Mathematics
88
68
82

Attribute: An attribute refers to a property of a particular domain, for instance its name. Another attribute is the type of data stored within that domain.

Example: In the above example of domain, the name of domain “Mathematics” and the data type i.e. “integer” is the attribute of that domain.

Tuple: A single row from a relation is termed a tuple. A tuple represents a "horizontal slice" of a relation.

Example: An example of single tuple from the above relation is shown below.

Students name
Mathematics
Science
Jems
88
67


Field: A single atomic item of data is termed a field. A field is represented by the intersection of a specific tuple with a specific domain.

Example: An example of single field from the above relation is shown below.

Jems

Schema: Schema defines the structure of a relation which consists of a fixed set of attribute domain pair.

Instance: An instance of a relation is a time varying set of tuples where each tuple consists of attribute value pairs.

Candidate Key: A candidate key is a set of attribute that form a super key but no proper subset of which is a super key.

Primary Key: A primary key is a candidate key chosen by database designer to identify tuples in a relation.


Data model and Relational Database Model


A data model

               The data model is used to represent real facts of the application. An application may contain many facts however one has to focus only on important facts ignoring the others. For example in case of student details application, student name, roll no, address have to be described however student may also contain other facts like fathers name etc. which may not be relevant.  Some of the salient features that model must may have are listed.
  • Data model mainly describes the data, which gets stored and processed in a given situation.
  • A data model may describe data and various levels and description may be at logical / physical levels or from the point of user.
  • A data model proposes a set of concepts for description of the nature of data and inter-relationships between them along with the syntax.
  • A model should have as minimum concepts, which are close to real world so that user can understand the model and verify.
  • The model should provide primitives by which meaning of data can be captured. The meaning contains type of value data items take their inter-relation to higher level entities and the correctness requirement for them.

Relational Database Model

             Insertion anomalies and redundant data are problems associated with an early database model known as a hierarchical table (parent-child table). Network database (owner-member table) models were problematic as well. These two models led to the development of the relational database model.

The relational model for database management is a database model based on first –order predicate logic (mathematical theories applied by Dr. E. F. Codd). A database model organized in terms of relational model is a relational database model (RDM).

In a RDM, data are stored in a relation or table (those terms may be used interchangeably.) Each table contains rows or records, (also called tuples), and columns which represent attributes or fields. Each record or row is represented by a unique field known as the Primary key. The categories of relationships in a RDM are one-to-one, one-to-many, and many-to-many. A many-to-many relationship must be broken down into numerous one-to-many relationships. If a pair of tables share a relationship, data can be retrieved based on matching values of a shared field between the tables. Data is retrieved by specifying fields and tables using a standard query language known as Structured Query Language (SQL). Most DBMSs (Database Managements Systems) use SQL to build, modify, maintain and manipulate databases. Thorough knowledge of SQL isn’t always necessary since most DMBSs use a graphical interface to generate SQL statements and retrieve data. It is good, however, to have basic knowledge of SQL.