Page 229 - DCAP403_Operating System
P. 229
Operating System
Notes You can also restrict traffic that travels through the firewall so that only certain types of
information, such as e-mail, can get through. This is a good rule for businesses that have an
experienced network administrator that understands what the needs are and knows exactly what
traffic to allow through.
For most of us, it is probably better to work with the defaults provided by the fi rewall developer
unless there is a specific reason to change it. One of the best things about a firewall from a security
standpoint is that it stops anyone on the outside from logging onto a computer in your private
network.
While this is a big deal for businesses, most home networks will probably not be threatened in
this manner. Still, putting a firewall in place provides some peace of mind.
11.11 Summary
A firewall is a software program or device that monitors, and sometimes controls, all
transmissions between an organization’s internal network and the Internet.
However large the network, a firewall is typically deployed on the network’s edge to
prevent inappropriate access to data behind the fi rewall.
The firewall ensures that all communication in both directions conforms to an organization’s
security policy.
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack)
is an attempt to make a computer resource unavailable to its intended users.
Perpetrators of DoS attacks typically target sites or services hosted on high-profi le web
servers such as banks, credit card payment gateways, and even DNS root servers.
It is very difficult to control such attacks. DoS (Denial-of-Service) attacks are probably the
nastiest, and most difficult to address.
11.12 Keywords
Computer security: It is more like providing means to protect a single PC against outside
intrusion.
Decryption: It is the reverse process of converting encoded data to its original un-encoded form,
plaintext.
Encryption: It is a process of coding information which could either be a file or mail message in
into cipher text a form unreadable without a decoding key in order to prevent anyone except the
intended recipient from reading that data.
Hash function: It is one-way encryption that uses no key.
Intrusion detection system: It gathers and analyzes information from various areas within a
computer or a network to identify possible security breaches, which include both intrusions and
misuse.
Network intrusion detection system: It is an independent platform which identifies intrusions by
examining network traffic and monitors multiple hosts.
Securing network infrastructure: It is like securing possible entry points of attacks on a country
by deploying appropriate defense.
222 LOVELY PROFESSIONAL UNIVERSITY
