Storage Management

Introduction To Storage
Storage or memory often refers to computer data storage.
 Storage is an electronic holding place for instructions and data which the
computer’s microprocessor can access quickly in a computer.
 It also refers to a computer component, computer device and recording media that
retain digital data used for processing the data.
 Storage provides one of the major functions of the modern computer, that of
information retention.

There are two major types of storage, known as primary storage and secondary storage.
 In modern usage, primary storage(memory) is a form of semiconductor storage,
also known as Random Access Memory (RAM).
 Similarly, secondary storage(storage) which holds data on other media like hard
disk and tapes drives. It is a form of magnetic storage, also known as Read Only
Memory(ROM).
 Primary storage is volatile, meaning that, when the power is turned off, the data
in primary memory is lost forever.
 Hence, to store the data for longer duration, a computer requires a non-volatile
storage medium. Secondary storage also refers to mass storage which is slower
than primary memory but of a more permanent nature.

The basic unit of memory is bits. All digital computers work only on two states which is ON (1)
and OFF (0). These two values are represented by two different voltages within the circuit. For
example, 0 volt represents an OFF state and +5 volt represents an ON state.
One such value (either 0 or 1) is called binary digit or bit and each bit can be considered a
symbol for a piece of information.
 A digital computer represents data using the binary form.
 Text, numbers, pictures, audio and nearly any other form of information can be stored in
the form of bits, or binary digits, each of which has a value of 1 or 0.
 Computers generally deal with a group of eight bits which is referred as a byte.
 A byte has 256 different bit patterns and represents 256 different symbols.

The various units used to measure computer memory, are a follows.

Bit It is an abbreviation for binary digit and is the basic unit of memory. It is the smallest unit of
information on a machine and a single bit can hold one of two values(0 or 1).
Byte A unit of eight bits is known as a byte. Hence a byte is able to contain any binary number
between 00000000 and 11111111.

Kilobyte In the decimal system, kilo stands for 1000. But in a binary system, kilo stands refers
to 210. Therefore, a kilobyte is equal to 1024 bytes. It is usually represented as KB.

Megabyte It comprises 1024 kilobytes, or 1,048,576 bytes. Megabyte is the standard unit of
measurement for RAM and is abbreviated as MB.

Gigabyte A gigabyte consists of 1024 megabytes(1,073,741,824 bytes). Gigabyte is the standard

unit of measurement for a hard disk and is abbreviated as GB.
Terabyte Terabyte refers to 1024 gigabytes of memory. Often abbreviated as TB, terabyte
memory is usually associated with super computers only.

The earlier stage of digital computers is based on it is based on the stored program concept and
defines a computing model having a processing unit and a memory unit.
 Processing unit is used to carry out execution of instructions while memory unit is used
to store the data and its operating instructions .
 The instruction consists of a sequence of operation that is to be performed on the data.
 This is termed ‘multipurpose computers’.
 They do not have to reconfigure their hardware for each new program.
In a modern digital computer, central processing unit(CPU or simply, a processor) is a major
functional unit because it takes the data as input. It performs operations on it and produces the
appropriate results.

Storage hierarchy
This traditional division of storage to primary, secondary, tertiary and off-line storage is also
guided by the cost per bit.

Primary Storage It is also known as main storage or memory in which data is stored for quick
access by the computer’s processor.
 Primary storage is the only one directly accessible to the CPU. The CPU continuously
reads instructions stored in the primary storage and executes them as and when required.
 Any data actively operated on is also stored in the primary storage in uniform manner.
 The term main storage has originated in the days of the mainframe computer to
distinguish the more immediately accessible data storage from storage that required
input/output operations.
 Primary or main storage is termed as random access memory(RAM) or just memory.
 The other storage devices such as DVD, hard disk, CD ad diskette are collectively called
as secondary storage known as registers and cache memory.
  Registers(fastest components) are located inside the processor.
 Each register is capable of storing a word of data( often 32 or 64 bits) .
 CPU instructs the arithmetic and large unit to perform operations on this data(or with the
help of it).
 Register is one of the fast components in computer data storage.

The cache is an intermediate stage between ultra-fast registers and slower main memory.
 It is introduced to increase the performance of the computer.
 It stores the duplicate copy of the most actively used information in the main memory
which is faster but is of much lesser capacity.
Primary storage is sometime used to mean storage for data that is in active use in contrast to
storage used for backup purposes.
 To boot a computer, the program has to be stored somewhere, so whenever the computer
is on, it executes program to start.
 As RAM are volatile( cleared at start up),in nature we cannot make use of this memory.
 Hence, non-volatile primary storage containing a small start-up program (BIOS) is used
to bootstrap the computer.
 A non-volatile technology used for this purpose is called ROM which is referred as read-
only memory.
Secondary Storage
 It, sometimes called auxiliary storage, is all data storage that is not currently in a
computer’s primary storage to memory.
 Secondary storage is not directly accessible by the CPU.
 The data from the secondary storage is transferred to main memory through input/output
channels.
 Secondary storage is non-volatile memory. It does not loose the data when the device is
powered down.
 It is less expensive than primary storage and is usually formatted according to a file
system format which explains the additional necessary to organise data into files and
directories.
 It also provides additional information about the owner of a certain file, the access time,
the access permissions and other information.
Secondary storage typically consists of storage on the hard disk and on any removable media, if
present, such as a CD or DVD.
 Hard disks provide larger and faster secondary storage capabilities than diskettes.
 The time taken to access a given byte of information stored on a hard disk is typically a
few seconds or milliseconds.
 But the time taken to access a given byte of information stored in random access
memory(primary memory) is measured in microsecond or nanoseconds.
 This shows the significant access-time difference between solid-state memories from
rotating magnetic storage devices.
 Hard disks are typically about a million times slower than primary memory.
 The optical storage devices such as DVD and CD drives have billion times slower than
primary memory.
Some other examples of secondary storage technologies are : paper tape, floppy disk, flash
memory(e.g., USB sticks or keys), standalone RAM disks, magnetic tape, Zip drives and punch
cards.

Off-line Storage
 Data can be stored on media separated from the server.
 It is also known as removable storage and is stored on a medium or a device that
is not under the control of a processing unit.
 The medium is recorded, usually in a secondary storage device and then
physically removed or disconnected.
 This storage medium must be inserted into a storage drive by a person before it
can be accessed by the computer system.
 It is considered to be a type of off-line storage.
The most common forms of offline storage are tape media and optical media.Another option is
virtual optical media.
 Virtual optical media is to save to a virtual image which is stored on your disk units.
Since the detached medium can easily be physically transported, off-line storage is used
to transfer the data.
 Additionally, in case of a disaster, for example fire, it may destroy the original data.
However, a medium which is located remotely can be probably unaffected, enabling
disaster recovery. Hence the use of off-line storage may increases the data security.
 The reason for this may be physically inaccessibility of medium from a personal
computer. Also it ensure data confidentiality or integrity cannot be affected by computer-
based attack techniques.

Tertiary Storage
 It, also known as tertiary memory, consists of anywhere from one to several storage
drives.
 It involves a robotic mechanism which can mount(insert) and dismount the removable
storage according to the demand of the system.
 This data has been copied to secondary storage before it use .
 When a computer needs to fetch information from the tertiary storage, it consults a
catalogue database to determine which tape or disc contains the information.
 Next, the computer instructs a robotic arm to fetch the medium and place it in a drive.
 When the computer has finished reading the information, the robotic arm returns the
medium to its place in the library.
 A computer can access tertiary storage without being told to do so, which is not the case
of off-line storage.
 Tertiary storages are slower access times, larger capacity, and lower cost than main
storage or secondary storage.
 Typical examples include tape libraries and optical jukeboxes.

Introduction to Storage Management

The goal of storage management is to define, maintain and track data and data resources in an
organisational environment.
 The important activity of storage management is to take care of the operation and
maintenance aspects of storage media.
 Also, it takes care the data stored on such media.
 It is more than just performing data backups and restoration processes in the case of a
data-related incident.
 t also covers other important activities such as selecting and maintaining storage media,
archiving and tracking the important data of the organisation.
Storage management
 It deals with both onsite and offsite data
storage for the purpose of data restoration and
historical archiving.
 It also maintains the physical security of
archives and backups.
 Storage management helps in increasing
business continuity and reducing the risks of
data loss.
 It reduces the managing cost, complexity and
helping to meet the strict compliance
requirements.

Storage management faces a variety of ongoing

challenges.
 Backup, recovery and constant changes that threaten application availability are some of
the challenging tasks of storage management.
 In addition to this, maintaining interconnected networks around the clock and ensuring
efficient storage management.
Storage management consists of two main processes-(i) data backup, Restore, and recovery
operations, and (ii) storage resource management.
 First process involves planning and implementing a backup strategy while the second
process deals with storage event monitoring and media management.

The Need of Storage Management

The objective of storage management is to protect the information system. In any organisations,
the task of information systems is to process data into information that helps the organisation to
achieve its goals. This information has been stored in the database and it becomes available in
the form of files. Information has become an increasingly important asset in any organisation and
it is therefore necessary to protect the information system. Storage management can mitigate
risks to an organisation arising out of non-availability of data.

BACKUP AND STORAGE

Storage , backup and service management cover all aspects of information storage and data
restoration such as storage management, storage allocation, system back-ups and restoration,
information management, database management and administration.
By information management, we mean the management of information with respect to the type
of information, the type of media and the location of information storage.
Operational process of storage management involves the following major areas:
 data backup,
 restore,
 recovery operations and
 storage resource management.

Each one of these areas contains various activities and associated tasks.

A backup is the process of periodically saving data in some other device which is different from
its own hard disk. There are a number of ways to do this.
 One simple method is to move data from the hard disk to a secondary storage medium for
potential retrieval at a later stage.
 Periodicity of a backup may be between a few days to a couple of months.
 The secondary storage medium may be hard disk, CD-ROM, magnetic tape or optical
disk. There are some policies defined for backup based on the type of data.
 Specific policies should be informed to users regarding their responsibilities regarding
backup.

The key operations of storage management include data storing, backup, and restoring and
recovering data.
 The backup procedures ensure that data is stored properly and are available for recovery.
 It also supports restoration of the backup data according to business needs.
 It has to define the proper backup strategy to ensure that restore, recovery and backup
operations can be performed to fulfil the objectives of business requirements.
Storage resource management is focused on managing the data resources.
 Its important activity is to check whether disks are formatted properly and installed with
the appropriate file systems.
 It also checks for the removable storage media (for example, tapes, CDs and so on), the
way that they are used, recycled, organised and eventually retired, according to business
needs.

Data recovery
 It is the process of restoring data to the state as it was earlier.
 In general data recovery is performed when there is loss of data.
 For example, in case of some kind of disaster that has caused serious corruption or loss of data or both.
Disasters may happen due to various reasons such as natural( an earthquake) or man-made( like a
computer virus).
 A disaster can also be defined as an event that can stop the business process.
 For example, a hard disk crash on a production system can stop the operation of an e-commerce
system. Proper planning and execution can mitigate these circumstances.

Planning a Backup Strategy

Businesses organisations are not ready to compromise the data, even for a minute. Therefore, the
organisation should have a well-developed plan to follow-this is called a backup strategy.

It may be difficult to follow the backup strategy consistently.

 The reason behind this is that the backup strategy policies and technologies used may differ from
one business unit to other.
 Hence, it is always good to develop individual strategies for various business units or user groups,
depending on application usage.
 The process steps of backup strategies are iterative.
o Each step can be performed with variations whenever there is any change in customer’s
Service Level Agreement(SLA).
o There might be other reasons such as change in business needs, restore and data recovery
requirements, etc.

Definition of Backup Requirements

Based on this, requirements and specifications for each data can be defined in terms of the
following:
What Data You Need to Backup?
 It defines the important data items that need to be backed-up.

How Often to Backup?

 Frequency and timing of the back-up can be defined. Business organisations decide the
frequency of backup for each type of data needs.
 For example, we may want to backup users’ working files daily, system data weekly and
critical database transactions twice or thrice a day.

When to Schedule the Backups?

 Backups should be taken regularly, the schedule should be followed strictly and a
determination of the allowable timeframe for backups is required.
 For instance , one can take backup of user files at any time when users are not working
on them. But this is not the case with some databases(such as email systems and
management information systems). Where one can get only a few hours for backup.
How Long to Keep the Backup Data?
 Storing data for long times needs a lot of physical storage and it may be difficult to keep
the data for forever. Hence, depending upon the importance and the requirement, a proper
planning should be done for duration of retaining backup of each type of data.
 There should be some evaluation procedure that analyses the time and the amount of data
that one has to take backup.For this purpose, some existing technologies and
infrastructure could be used. In the case of offline backups, all these factors can affect
users’ access to data.
 For this reason, the proper estimation for backup time requirements should be compared
to specific requirements.

Backup and Restore Policies

Prior to implementation of storage management, there is a need to define and agree various policies and
procedures. There is an important aspect of storage management called ‘storage resource management’.
The key aspect of storage resource management is managing of the resources.
 Its important activity is to check whether disks are formatted properly and installed with the
appropriate file systems, it also considers the management issues.
 It includes monitoring storage resources so that they meet availability, capacity and performance
requirements.
 In a network environment, monitoring and managing the storage resource are extremely
important tasks.
 Therefore, it is necessary that the tools and technologies used by technical staff should provide
facilities like tuning, monitoring and configuring, etc.

The other major tasks of storage resource management are the following:

 It should ensure that data is stored properly so that it is available for restore and recovery
operations when needed.
 It also enables to check, for instance, whether enough storage space is available and whether it is
ready and fast enough when a user needs to use it.

Archive and Retrieve

Archiving refers to maintaining all the various versions of a file in a manner that is they are accessible at
all times, so that it is possible to go back and retrieve the file in the state that it was on any particular date
and time.
 Archiving is a completely separate concept to that of backup. The difference between the backup
and the archiving is described below.
 Archiving makes it easier to deal with more complex operations and multiple files.
 In archiving , the individual file has to be selected to go into an archive which it is not the case
with a backup.
 An easy way to select files for archival is the manual method.
  Additionally, by its very nature, archive suggests an inherent value in the data to be secured.

Some areas to consider before archiving the project data are:

Multiple User Accounts

 The account(username) used to do the archiving is also important.
 On a UNIX system, only the user who archives a file is allowed to see it within the archive and he
is only allowed to retrieve it. It simplifies the system operation.

Archive File Deletion

 This allows deletion of files archived on the server. Clearly, enough care should be taken for this
task because, once a file is deleted from the server; the file cannot be retrieved later.

Local File Deletion

 This allows deletion of local files immediately on successful archival to the server. This is
recommended for the reason of memory space management.
 Deletion should stop until the day following the archival process for any particular file.
Moreover, it should be carried through commands of the local operating system.

Archive File Identification

Whenever there is backup at the client side, the location of a file has to be identified, i.e., its directory/
folder path. This is because of the fact that the archive client permits unlimited versions of the same file
to be kept.
 The path structure-local directory/ folder- may help in identifying the location but does not give
information about the changes in versions of the same file.
 One of the possible solutions to this problem is to add a README or INDEX file.
 Each directory folder shows dates, times and listing descriptions field may be used. More
descriptive entries would be helpful to group and distinguish archived files.

Symbolic File Links( Unix)

 When we use symbolic file links in an archive operation in the UNIX, the object pointed to by the
link is archived not the link data.
 This behaviour differs from that of backup where the link data is backed up.

Disaster Recovery
It refers to the process, policy and procedure related to recovery or continuation of technology
infrastructure critical to an organisation after a natural or human-induced disaster. Hence, it
requires extensive planning efforts in case of terrible events like fire, earthquake and destruction
of a facility and/or mission-critical systems.
 For this reason, the plan must enclose the recovery procedure not only for data but also
for all aspects of recovering IT infrastructure components may not be a good solution.
  This is the reason why data recovery, restore and backup procedures must be defined and
followed as a part of disaster recovery plan.
The main difference between traditional backups and archival storage is the duration of storage
retention.
 For example, traditional backups are short-term which archival storage is long-term. The
other difference is that the physical location of the data in traditional backups is onsite
but archival storage is offsite.
 Thus, the archival storage improves the recovery process at the time of disaster because
the IT organisation can get its data from an offsite location.
Some companies even build and maintain redundant IT sites with complete data duplication.
Sometimes, an organisation takes help from third parties to provide such services in order to
address their disaster recovery needs.

Classifications of Disasters
Disaster can be classified in two categories known as natural disasters and manmade disasters.

 Preventing a natural disaster completely is very difficult but precautions can possibly
minimise losses.
 It includes smog, flood, hurricane, fire and earthquake.
 Manmade disasters are due to human error-intentional or unintentional-which can cause
loss of communication and utility.
 These disasters include virus, walkouts, accidents, intrusion and burglary.

Disaster Recovery Planning

A Disaster Recovery Plan(DRP) is sometimes referred to as a Business Process Contingency
Plan(BPCP).
 It describes strategies of an organisation to fight against potential disasters. It is a subset
of Business Continuity Planning(BCP).
 It has to include planning for recommencement of data, hardware, applications,
communications and any other computer infrastructure.
 A BCP may also include planning for non-IT related aspects such as facilities, key
personnel and crisis communication and reputation protection.
 It should refer to the Disaster Recovery Plan (DRP) for IT-related infrastructure recovery
and continuity.

Typically, DRP deals with an analysis of business processes and continuity needs, it also focuses
on prevention of disasters.
Testing Disaster Recovery Plan
The Certified Information Systems Security Professional (CISSP) recognises five methods of
testing the DRP. They are:

Walk-through
Members of the key business units meet to trace through the steps of plan, to find all or some
omissions and inaccuracies.

Simulations
The simulation session should include mimicking the response to a true emergency as closely as
possible.
 It also includes meeting of some critical personnel to perform a ‘dry run’ of the
emergency.

Checklist
Members of the key departments check critically the tasks for which they are responsible and
estimate the accuracy of the checklist.
 This is typically the first step toward a comprehensive test.

Parallel Testing
 The backup processing occurs in parallel with production services which never stop.
 This is a familiar process for those who have installed complex computer systems that
run in parallel with the existing production system until the new system proves to be
stable.
 An example could be the installation of a new payroll system by a company. Until the
new system is ready for full cut-over, both the existing system and the new system are
operated in parallel.

Full Interruption
 Production systems are stopped to see the performance of the backup services.
 They either work or they fail, in the latter case, the lesson learned can be as painful as a
true disaster.

SPACE MANAGEMENT
Space management identifies and moves low-activity and inactive files to the hierarchy of
storage.
Storage manager for space management uses Hierarchical Storage Management (HSM)
techniques to migrate-automatically and transparently-unused or infrequently accessed data files
from a computer’s local online storage to the offline storage managed by a server.
Through this migration storage manager can help administrators and users from time-consuming
manual file-pruning tasks, stretch the usability of a given amount of online storage space for a
longer period and reduce the overall cost of retaining large numbers of (easily retrievable) data
files for long periods.

Use of Hierarchical Storage Management (HSM)

HSM automates space management to achieve lifecycle management. Some other uses of
Hierarchical Storage Management are listed below:
Supports Unlimited Online Data Storage
Storage manager can automatically send the data files that meet user definable, policy-based
migration criteria to a designated server for offline storage.
 After the file is migrated, a stub file replaces the original file on the client computer’s
online storage.
 The stub file retains the original file attribute information, indicating that the original file
still resides on that online storage.
 This facilitates the automatic recall of the file from offline storage when a user or
application tries to read or write the file. These space-managed files held on offline
storage are an integral part of the storage manager server’s functionality.
Centralised lifetime management of the data files held on offline storage is a primary task of the
storage manager.
 These files are retained and managed along with files that have been backed up or
archived from other client computers.
 Like other backup client computers, if a space management client computer suffers a disk
crash or accidental file deletion, storage manager can restore just the stub files or the
entire files, to the client computer.

Data Backup
 Data backup and file migrations coordinate in two ways with the help of the storage
manager. First, an option setting allows a migration to occur only if a data backup of that
file has already been performed.
 Second, if a file has been previously migrated, the storage manager server can clone the
migrated file and move it to the data backup storage pool as a backup copy.
This technique avoids the need to first recall and then to re-send files from the client to the
server.

Maintains Total File System Sizes

 Storage manager for space management triggers on maximum and minimum sizes of total file
systems.
 Space management works only with file systems specified by administrator.
 The administrator specifies the amount of local online storage that must be filled with
data before any migration occurs and the amount that should remain before they stop.
 When a file system crosses this maximum space-utilisation threshold, the storage
manager selects the files to migrate to the server, based on the include/ exclude list and
the priorities assigned to file size and its age.

Maintains the stub File Sizes

The administrator can also specify various stub file sizes. A larger size of stub file means the
existence of more data locally on the client’s storage.
 Generally, a portion of the complete data file remains in the stub file.
 Hence when some application wants to read the file, the stub file may be adequate and
there is no need to recall the entire file from offline storage.

Improves Scalability

Storage manager increases the scalability and processing performance over the previous version.

 These enhancements allow the system to handle large numbers of files and can separate
the candidate search from the optimised reconciliation process that synchronises the
hierarchical storage management client and the storage manager server.
 This can provide better scalability for large numbers of files in a Hierarchical Storage
Management managed file system.
 This is because of the fact that the candidate search can be performed continuously in the
background while the synchronisation process can be independently run or scheduled.

Pre-migration
It helps in increasing the network efficiency by allowing the administrator to schedule pre-
migration during the period when either the network or the client is less active.
 It moves a copy of the selected file to the offline storage of the server of the storage
manager, leaving the entire original file on the client’s online storage.
 The client software of space manager can then quickly and easily convert the original
client copy of the file into a stub file, freeing its space when needed with no further
requirement of data transfers.
 Storage manager supports the client/server data backup and is managed by the same
server policies and storage classes.

Benefits Storage manager can help to provide benefits such as:

  It releases administrators and users form manual file-pruning tasks which are time
consuming.
 It stretches the usability of a given amount of online storage space for longer periods.
 It helps to reduce the need to purchase increasing amount of online storage, as data
grows.
 It automatically integrates and coordinates with the storage manager for comprehensive
data protection
 It helps to reduce the overall cost of retaining large number of easily retrievable data files
for a longer period.

DATABASE AND APPLICATION PROTECTION

The Symantec of database and application protection has a clear goal in mind, i.e., Simplicity
and Availability.
 It is responsible for performing online backup of databases and applications. When it
comes to database and application recovery, the goal is defined well, in such a way that it
simplifies the complexity of database backup while increasing availability and flexibility.
 It is also responsible for high performance online backup and recovery of databases and
applications.
 It allows consistent data protection policies to be established across the enterprise.
 Backup and recovery operations may be performed either locally or remotely.
 Organisations can centrally manage all aspects of backup and recovery for database.

Database protection should provide the following facilities:

Flexible Data Protection

It includes backup and recovery of databases, database related files, file groups and
transaction logs.

Archiving

Integrated capability enables the archiving data in XML format for long term storage.

Faster Recovery

It should support faster recovery in damaged pages.

 Point-in-Time Recovery

It should recover the databases to the exact point in time.

Continuous Logical Log Backup

The database has to configure the automated logical log backup to prevent logical logs from
filling up and locking up the database server.

Parallel Backup and Restore

It enables the database administrator to run more than one tape device at a time while taking
backup or during restore procedure. Hence, it reduces the time while taking backup or during
restore procedure. Hence, it reduces the time required to complete the operation.

Centralised Backup Operations

Centralised management dramatically reduces the cost of backing up large environments.

Parallel Backupand Recovery

This permits the user to run more than one tape device at a time for backup or restore, so that
the time necessary to complete the operation is reduced.

Track Backup

History Detailed views of backup history simplify restore activity since backup of databases
and transactions logs are easier to track.

Application Protection
It includes the non-disruption mechanisms to protect exchange data along with the data in the
enterprise. Every new application which is brought to online adds another degree of difficulty for
data storage operation .
 It includes critical applications such as ERP, mail and application servers and database
that was be available all the time.
 It helps to provide the performance and flexibility required for effective backup and
recovery operations within the large exchange environments Direct attacks against web
applications through manipulation have become common place due to the relative ease.
 Rigorous security on the client side and an understanding of manipulation techniques are
essential to identify the potential failure points of web applications.
 Other application attacks include exploitation and privileges, buffer overflow attack and
client side manipulation.
There exist several sub-categories of applications on the top of web server’s operating system in
which vulnerabilities may be exploited, including the following:

 Web and Applications Server It includes vulnerabilities for CGI, Java, Perl, default
files and other resources called by applications and web servers IIS, Apache and
development environments.

 Website and applicationIt includes HTML and XML applications.

 Flexible Restore It works on granular recovery of databases and mailboxes, including
individual message restores.
 Database Application vulnerabilities for database include bugs, mis-configurations and
default/ blank passwords. Considering all the above mentioned applications and taking
vulnerabilities into account, the application protection provides the following facilities:

 Alternate Restoration Techniques It must support an alternative system or an alternate

directory for backups and restoration.

 Online Backup It provides non-disruptive protection of exchange database and mailbox

components including incremental mailbox backup.

 Centralised Backup Operations Centralised management dramatically reduces the cost

of backup for large environments.

 Robust Data Integrity Data protection includes all portal content including web store
data, the application folder and any content sources that refer the local file system.

BARE MACHINE RECOVERY (BMR)

Bare Machine Recovery is “ the ability to recover the operating system of a machine to the
identical state that it was in at a given point in time”.
 It returns the system of a machine to the identical state that it was in at a given point in
time”.
 It returns the system to the state of the last backup.
 It also covers customising, streamlining and recovering all the changes in the operating
system. Hence it eliminates the need for a skilled professional to manually reinstall
hardware, network configurations and patches.
BMR has become a high profile issue, being a key element of business continuity planning. The
method by which servers can be recovered simply cannot be ignored.
 It has to document the steps that can be taken if it is necessary to recover a server or a
number or servers in the event of a disaster in a data centre.
  Rebuilding a single server from scratch may be an option but to simultaneously rebuild
such a large number of servers from scratch may not be a good idea, Either way, we
should look for Bare Machine Recovery to automate this process.

Automated Recovery
It schedules regular back up of the operating system, so that a recovery brings back the latest
information which include operating system, service packs, patches and hardware drives.
Support is also offered for dissimilar hardware recovery with the windows product.
 If a disk or RAID system fails or an irrecoverable corruption of the operating system
occurs, booting can be done from the installation CD of the CBMR.
 The previously-saved configuration data can be supplied on either floppy disk, memory
stick, network share or the part of the system backup. This data is used to repartition and
reformat the machine’s hard disk, RAID system or SAN volumes.
 A post-recovery command then allows the recovery of the data files from the storage
manager backup to proceed automatically Bare Machine Recovery simplifies the backup
process and minimises the storage and network usage.
 The restoration process only takes a few minutes of human intervention per client.
 Recovery of systems can thus be performed with confidence and minimal time and effort.

Other Benefits with BMR

If the storage manager is not available or the bandwidth is too small to do large restores, then
Bare Machine Recovery can still take backup to a local network share such as Network Attached
Storage-either Common Internet File System(CIFS) or Network File System.
 This network share can then be used to do a simple, fast and reliable restore locally from
the centralised backup environment.
Following factors need to be considered while building the BMR software.

 Speed of Recovery The ability to recover in minutes rather then in hours or days can be
vital.

 Complexity Difficulty in software installation and its administration should be taken

into account. Complexity of recovery process is also an important factor and it is desired
that it should be fully automated.

 Storage Requirements This may also be a consideration If the BMR software requires
large amount of additional storage for its backup. This is particularly the case of one uses
image back which requires the copy of the whole of the boot partition.
DATA RETENTION
It defines the policies of persistent data and records management for meeting legal and business
data archival requirements.
 Most countries are planning for compulsory Data Retention on the grounds that it helps in
fighting against terrorism, organised crime and the maintenance of national security.
 Data Retention policies weigh legal and privacy concerns against economics. It has to
determine the archival rules, retention time, data formats and encryption.
 Data Retention is often used to describe the forced archiving of customer’s e-mails and
web browsing history by ISP’s for future investigation by government organisation,
based on the need.

It retains important business communication and data such as the following:

 Capture and Archive It helps to capture and to archive important e-mails, system event
logs and databases. With rule-based solutions, it automatically categorises and captures
just the data that are needed and stores the same to meet regulatory and internal retention
policies. Moreover, it compresses archived data, thereby reducing the storage space
required to retain large number of emails or event logs.

 Search and Discovery It enables to quickly discover and retrieve evidences related to a
lawsuit or internal investigation. With its extensive reporting and ad hoc search
capabilities, the system can quickly identify and retrieve relevant documents in their
original form.

 Archive Security It provides access controls to ensure that archived data remains
unaltered and is accessible by authorised personnel only. Moreover, it make a complete
audit trail of all searches and administrative events.

Security Management

Introduction
Security management prevents unauthorized access to information.
 It is a significant activity that controls the provision of information Security management
is concerned with the importance to know about the type of access control and user rights
to be provided.
  Access control is essential in order to securely access the information system and it is
necessary to know the components of the company that need to be protected.
 Security management has to even take care risk management concepts also.

Security can be defined as preventing unauthorized access, use or modification of the

information system.
 It also means protection of information and system. A treat to the information system.
 It also means protection of information and system.
 A threat is a type of action that is of harm and vulnerability refers to the level of
exposure.
 The counter measure is the action taken to prevent the threat, Risk in terms of security
can generally be characterized by the following equation:
Risk = Threat × Vulnerability
Countermeasure
The countermeasure includes technical solutions, user training and awareness.
 It also explains clearly the defined rules.
 Safety means avoiding unknown risks as well as vulnerability to the known risks.

Goals of Security
Security generally tries to ensure that, in an organization the usage or material and
software is only for their intended purposes. It generally is comprised of following five major
goals. Figure shows an overview of these goals.

Integrity : It ensures that the information cannot be modified in unexpected ways.

Confidentiality : If ensures that the system protects the information form unauthorised users.
Availability : It ensures the continuity in providing the information and accessibility at any
agreed time.

Non-repudiation : It ensures that all the operations and activities cannot be denied.

Authentication : It ensures that only authorized individuals have access to the resources.

Following discussion provides detailed insight about the above-mentioned five security goals.

Integrity :
Data integration helps us to determine whether data has been changed during transmission
(accidently or intentionally).
 It ensures that the data cannot be modified without authorization.
 When an employee accidently or intentionally deletes data or any important files, it
violates the rules.

If any process in an automated system is not correctly written and tested, during bulk updates on
a larger scale, it may happen that the incorrect alteration of data may compromise the integrity of
the data. Security professionals are engaged in the task of finding ways to-prevent the errors of
integrity.

Confidentiality :
It protect the information from unauthorized users. In case of credit card transaction through
internet there is a need to provide the credit card number.
A violation of confidentially has occurred if any unauthorized party attempts to obtain the card
number in any way. There could be a number of ways in which confidentially can be violated.
If someone looks at your computer screen displaying confidential data, it violates the
confidential information, then sending out this information by him through a media such as
telephone, is a violation of confidentiality.
Confidentiality is an important factor to be considered for maintaining the privacy of the people
whose personal information is kept in the system.

Availability :
The information system must be available at any time in order to serve its purpose.
 This means, it guarantees the proper operation of the information system.
 The security system is used to protect the computing systems such as storage, processing
system and communication system, from various attacks.
 The system should provide high-availability, meaning that the services should always be
available and that service disruption due to hardware failure, any up gradation in the
system and power failure should be prevented. It is prevents the denial-of-service attacks.

Non-repudiation :
The gives guarantee that the operations any activities involved in the transaction processing
cannot be denied.
  This means that none of the parties involved in the transaction processing can deny an
operation performed by him, at a later date.
 One cannot deny having received any transaction nor can the other deny making any
transaction, in the entire transaction processing.
 To establish non-repudiation, electronic commerce system uses digital signature and
encryption technology during transaction processing.

Authentication and Authorization :

Authentication is an act verify a claim of identify, to ensure that only an authorized individual
has the access to the system resources.
There are three ways to use the information for authentication
 something you are,
 something you have and
 something you know.
Examples of 'something you are' consists of a person's fingerprint and palm print (also
referred to as biometrics characteristics).
Examples of 'something you have' include an identify card or a magnetic swipe card.
Examples of 'something you know' include items such as password and Personal
Identification Number(PIN).
o After the success of person identification and authentication through program or
computer, the user's access control needs to be determined.
o Access control means up to what extent the user is permitted to access and what
action are allowed to be performed (create, delete, modify, or view). This process
is called authorization.

COMPUTER SECURITY
 It refers to protection of a computer and the information stored in it, from the
unauthorized users.
 It also includes the policies, procedures, hardware and software tools that are necessary
to protect the computers and the information processed, stored and transmitted by the
systems.
 It refers to the measurement of confidentiality, integrity and availability of the
information, by a computer.
These aspects are responsible for effective computer security.

Security Threats
Computer systems are vulnerable to many kinds of threats that can cause various types of
damages which may result in significant data loss.
 This can range from errors that can cause integrity violation of the database to a natural
calamity which can completely destroy entire computer centers.
 Some threats affect the confidentiality or integrity of the data, while the others affect the
availability of the system itself.
A threat can occur from many ways-it can arise from intentional modification of sensitive
information or an accidental error or an act of natural disaster (flood, storm, fire).some of the
commonly occuring threats are discussed below in the figure

Security Threats

Malicious Code and Software

Malicious code is a software program that generates threats to the computers and data stored on
it.
 This code can be in the form of worms, logic bombs, viruses, Trojan horses and other
types of software.
 Virus is a small segment code which replicates by attaching copies of itself to the exiting
executables files.
 When a user executes the new host program, a new copy of the virus is executed.
 Worm is a self-replicating program which is self-contained and does not require a host
program. In order to propagate to other host systems, worms commonly utilise network
services.
 Trojan horse is a program that performs a desired talk but also includes unexpected tasks.
Most organizations and institutes use antivirus software and other protective measures, to limit
the risk of virus infection.

Hacker and Cracker

A hacker is person who breaks into computers without authorisation.
 Hackers are actively involved in computer security and are non-professionals or
programmers without formal training.
 The threat generated from a hacker should be considered in terms of the past and
potential future damage.
Another class of people, called a cracker, also poses security threat.
 Cracker is an individual who attempts to access computer systems without authorisation.
 Cracking refers to modification of software to remove protection methods including
serial number, copy protection, trial/demo version, hardware key, date checks, etc.
Malicious Program
Any computer program or code that is designed to do harm, can be termed a malicious program.
It does this by destroying, consuming valuable resources, exposing, creating or installing
vulnerabilities in a computer system. These malicious programs are often called virus, worms,
Trojan horse, logic bomb, spyware and so on.

Virus
It is a computer program that can copy itself and infect a computer withput the permission or
knowledge of the owner. It executes when an infected program is executed. On MS-DOS system,
these files usually have the extensions .EXE, .COM or .BAT.
 Virus attaches into the program from an external software source and easily hides in
healthy software.
 They become destructive as soon as they enter a system or they wait until activated by a
trigger.
 Virus has the ability to infect different parts of the computer system.
There are different types of viruses and some of them are mentioned here.
 Boot sector virus infects the Master Boot Record(MBR), boot sector on hard disks,
floppy disks as well as other bootable media, such as CD’s and DVD’s, on a computer
system. This type of virus first moves or overwrites the original boot code with the
infected one and then moves the original boot sector information to another sector on the
disk. It then marks that sector as a bad spot on the disk. Once the infected boot code
successfully boots, this type of virus stays in the memory. It infects floppies and other
media, when they are written to by any infected computer. This type of virus is very
difficult to detect since the boot sector is the first program that is loaded when a computer
starts. In effect, the virus takes full control of the infected computer. Another type of
computer virus is
 File infecting virus which infects executable files on a system. This type of virus usually
resides inside the memory and infects most of the executable files on a system. The virus
replicates by attaching a copy of itself to an uninfected executable program. It then
modifies the host program and subsequently, when the program is executed, it executes
 simultaneously. This type of virus targets a large range of operating systems such as
UNIX, DOS, Macintosh and Windows.
 Polymorphic virus is a virus that changes its signature whenever it infects a new file.
Unlike other virus, it consists of a static virus program that gets copied from file to file as
it propagates. Such virus is difficult to detect because each copy, whenever it generates,
appears different from the other one. It uses encryption algorithm to multiply new copies
of the program. For an encrypted virus to execute, it must decrypt the encrypted portion
of itself.

Worms
A computer worm is a self replicating computer program designed to destroy data. Worm
programs often use network connections to spread from one computer system to another system.
 Worms attack systems that are linked through communication lines.
 Viruses almost always corrupt or devour files on a targeted computer while worms
always cause at least some harm to the network like consuming bandwidth.
To reproduce themselves, worms make use of the network medium, depending on the type of
network and systems. These are:

 Remote log in capability, whereby a worm can log into a remote system as a user and
then use commands to copy itself from one system to another.
 Network mail facility, in which a worm can mail a copy of itself to other systems.
 Remote execution capability, in which a worm can execute a copy of itself on another
system.

Trojan Horse
The term ‘Trojan Horse’ is from ancient Greek mythology. In the war between Greeks and Troy,
the Greek and Troy, the Greek army blocked the city of Troy but were unable to penetrate inside
the city. Therefore, they decided to cheat their enemies by building a large wooden horse with
soldiers hidden secretly inside it and by presenting it as a gift the citizen of Troy. At night, the
warriors came out from the horse and overran the city.
Trojan describes a class of computer threats. Trojan appears to perform a desirable function but,
in fact, performs undisclosed, malicious functions. These programs enter into a computer
through an e-mail or free programs that are downloaded from the internet. Once they safely pass
into the computer, they may lie inactive for months before they are activated or complete control
of the computer of the computer is given to a hacker.
 It allows unauthorised access to the host machine, giving them the ability to save their
files on the user’s computer or even to watch the user’s screen and to control the
computer.
 It can also includes software which is downloaded free.
Based on the way Trojan horses violate systems and make damages, they can be classified into
seven major groups:

 Remote access Trojans

 Data sending Trojans
 Destructive Trojans
  Proxy Trojans
 FTP Trojans
 Security software disabler Trojans
 Denail-of-Service(DoS) attack Trojans

Logic Bomb This is one of the oldest types of programs and it embeds its code into legitimate
programs. Like a bomb it explodes all the data when certain conditions are met. This could be
either destroying or deletion of certain files on a particular day and at a particular time, and so
on. The time bomb is the logic bomb that reacts based on time and date.

Antivirus
It is a software utility which mainly prevents and removes computer viruses, including worms
and Trojan horses. It scans the hard disk for viruses and tries to remove them, if found, Such a
program may also detect and remove spyware, adware and other forms of malware. There exist
many varieties of strategies.

‘Signatures’ refer to searching for known malicious patterns in executable code. However,
signatures can only be updated as new viruses are created; user can be infected during the time
taken to create and distribute a signature.
Generic signature is the one that searches for known malicious code and uses wild cards to
identify variants of a single virus.
 An Antivirus may also take after a program in a sandbox, monitoring for malicious
behaviour. Success depends on striking a balance between false accept rate and false
rejection rate. False accept rate can be as destructive as false rejection rate.
 One faulty virus signature, generated mistakenly, may remove essential operating system
files, leaving a number of personal computers unable to boot.
Most antivirus software includes an auto-update feature that enables the program to download
profiles of new viruses, so that it can check for the new viruses as soon as they are discovered.
The most popular antivirus software available are Norton antivirus and McAfee antivirus
programs.

Antivirus software has many drawbacks.

 If it is of the type that scans continuously, antivirus software may cause a significant
delay in performance, or it may ask users to choose am option with a decision which the
users may not understand.
 Antivirus software generally works at the highly trusted kernel level of the operating
system, creating a possibility of attacks.
Unlike complete antivirus scanners, it is usually not intended to detect and remove an extensive
list of viruses; rather it is designed to remove specific viruses, usually more effectively then
normal antivirus software.
Examples of this type of software include McAfee stringer and the Microsoft windows
malicious software removal tool which runs automatically by windows update .
Security Techniques from Hackers and Crackers
There are some techniques which are used to secure data while transmitting over the internet, to
save it from hackers and crackers. Following discussion provides some of these techniques in
detail. Overview of these techniques is given in figure

Cryptography
When the data is transmitted over the network, it passes a number of intermediate servers before
it reaches the destination. This data is stored on servers for months and at any stage, it is
vulnerable to interception. Therefore, the best way is the use of cryptography technique.
In simple terms, cryptography is the process of altering the original messages to hide their
meaning from opponents who might intercept them.
Cryptography can be referred to as encryption which is the process for converting plain text into
cipher text. The reverse is decryption that converts cipher text to plain text. Cryptography relies
upon two basic components: An algorithm and a key.

Algorithms are complex mathematical structures and keys are strings of bits. In order to
communicate over the internet, two parties must use the same algorithm and key.
Communications through the internet, for example e-Commerce or e-mail may not be secure, if
there is no encryption. Hackers may be able to read messages or even modify the messages, if
cryptography technique is not used.
There are several categories of cryptographic algorithms, all based on the number of keys that
are used for encryption and decryption algorithm. Some of the algorithms are discussed here:
 Secret Key Cryptography(SKC)
 Public Key Cryptography(PKC)
 Hash Functions(HF)
 Digital Signature.

Secret Key Cryptography : A single key is used in SKC for both encryption and decryption of
data. In this form of cryptography the key must be known to both the sender and the receiver. If
the key is compromised, the security offered by secret key cryptography is violated. SKC
assumes that the two communicating parties rely upon each other and are not to disclose the key
and to protect is against modification. SKC is categorized as stream ciphers and block ciphers.
Stream ciphers operates on a single bit at a time with different key. On the other hand ; a block
cipher encrypts the data block wise. It encrypts one block at a time, using the same key. In
general, a block cipher always generates the same cipher text when using the same key with the
same plain text, whereas in a stream cipher, the same plain text encrypts to different cipher text
using the different keys.

Figure shows the sender uses the to encrypts the plain text and sends the cipher text to the
receiver. In order to decrypt the message, the receiver, also applies the same key. As this scheme
uses a single key for both encryption and decryption, secret key cryptography is also called
symmetric cryptography. A significant disadvantages of symmetric cryptography is the key
management necessary to use them securely. If the two parties are in different locations, they
have to rely on a third party to provide the secret key. If anyone intercepts the in transit, he can
later read, modify and forge all messages encrypted, using the key.

Public Key cryptography : This concepts has been introduced to solve the problem found in
secret key cryptography. Each person in this technique gets two keys known as the public and
the private key. Each person's public key is publicly known and the private key is kept secret
information is eliminated. All communication takes place only with the public key and no
communication uses the private key. It is therefore not necessary to trust some communication
channels. Anyone can send confidential information by using the public key but the decryption
can be done only with the private key which is the sole asset of the intended recipient. Public key
cryptography can also be used for the authentication ( digital signature) of data. The sender uses
the receiver’s public key to encrypt the message and, when the receiver receives the encrypted
message, he uses his private key to decrypt the message. Figure shows the process
Hash Function It is also called message digests and it is a one-way encryption algorithm that
does not use any key to encrypt or decrypt the message. This technique generates a fixed length
hash value based upon the plain text. The hash function makes it impossible to recover the
contents of the plain text. It uses a digital fingerprint of a file’s contents, in order to ensure that
the file has not been changed by an intruder or any type of virus. It is also used by many
operating systems to encrypt a password and preserve the integrity of a file. This process is show
in Figure.

Digital Signature A digital signature is a type asymmetric cryptography. It enables the receiver
to believe that the one who has sent the message is the claimed person. In many respects, it is
equivalent to traditional handwritten signature. But a digital signature is more difficult to forge
than a handwritten signature since a digital signature is created and verified by cryptography, a
branch of applied mathematics. It transforms the messages into cipher text and back to plain text.
Digital signature uses the public key cryptography technique. It uses two different keys in an
algorithm but these are mathematically related to each other. One is for digital signature creation
and another key for verifying a digital signature. The owner of the digital signature cannot
successfully claim that he has not signed a message. Hence, the digital signature may be used
for non-repudiation.

The private key in asymmetric cryptosystem for digital signature is known only to the owner. It
is used for creating a digital signature. The public key which is known to public is used for
verifying the digital signature, the public key is distributed to all of them. Although the two keys
are mathematically related, the asymmetric cryptosystem has been designed in such a way that it
is computationally infeasible to derive the private key from the knowledge of the public key.
Hence, it is impossible to discover the owner’s private key and to use it to forge digital
signatures. Digital signature uses hash function both for creating and verifying a digital
signature. The use of digital signature involves two processes, one performed by the signer(i.e.,
digital signature creation) and the other by the receiver, to verify the signature(i.e, digital
signature verification). Figure 1 and 2 shows the major process.

Digital signature creation. It uses a hash function to both the given message and a private key to
create a digital signature.
Digital signature verification : A signature verifying algorithm authenticates a message with the
help of the public key and the digital signature.

CAPTCHA
It is a computer program that can tell whether its user ia a human or a computer. It is acronym
for “ Completely Automated Public Turing test to tell Computers and Humans Apart”. In
modern computers, a robot or an automated program generates undesired information in the web
pages and websites Automated programs are written to generate the spam(unwanted messages
spread to all over net).
In order to prevent abuse generated from robot or any other programs, CAPTCHAs are used. It
uses the simple concept that the computer programs are not intelligent. It cannot read distorted
images or text as well as human can. Hence, a robot or any automated program cannot navigate
websites protected by CAPTCHAs . Most of us have probably seen the CAPTCHAs at the time
of filling web registration forms. It displays colourful images with distorted text at the bottom of
web pages.

A CAPTCHA (or Captcha) is a type of test in computing to make sure that response is not
generated by a computer. A CAPTCHA is a program that generates images that human can
understand but a program cannot. It uses these images as the test images and grades them to
verify whether the user is a human or a computer. For example, a human can read distorted text
a shown in Figure but current computer programs cannot.
A common type of CAPTCHA requires that the user types the letters or digits from a distorted
image that appear ON THE SCREEN. This process involves one server which asks the user to
complete a simple test which is able to take a decision. Any user entering a correct solution is
assumed to be human. This looks like a reverse Turing test in contrast to the standard Turing test.
Standard Turing test is typically administered by a human and targeted to a machine whereas the
reverse Turing test is administered by a machine and targeted to a human. The following are the
various applications of CAPTCHA:

Website Registration Protecting website registration is one of the most important applications
of CAPTACHA. Most of the server machines which offer free email services suffered from
specific type of attacks. One of the most important attacks is the automatic sign up. These are the
automated computer programs which would sign up for thousands of emails every minute. One
of the solutions is the use of the CAPTACHA to make sure that only humans are the users and
not computer programs.

Preventing Spam Comment spam is an automated program that submits bogus comments for
the purpose of raising the search engine ranks of some website. The solution to avoid this type of
problem is to make use of CAPTACHA. If we can avoid the user sign up methodology for
entering comments, it may help in avoiding bogus comments. It also makes sure that only
humans are the users.

E-mail Worms and Spam CAPTACHA can be used to prevent email worms and spam.
CAPTCHA is used because it accepts the emails only if it knows that humans are the
components. Otherwise, it simply ignores those emails.

Dictionary Attacks In password system, use of CAPTCHA prevents dictionary attacks. If the
CAPTCHA is not successful after a certain number, then a computer is prevented from being
able to sign up, by assuming that the user is not a human but some automated program
attempting to login.

Search Engine Robots It can enter into a web page and perform abusive actions. We do not
want to allow them to access the web pages. For this purpose, there is an HTML tag which
prevents search engine robots cannot read a web page But the CAPTCHA is more powerful than
an HTML tag to guarantee that robots will not enter a website.

Online Polls
In order to prevent single user from voting more than once, IP addresses of voters were recorded
Hence, the result of any online poll cannot be trusted unless it is sure that the entries are made by
the human. In this case, CAPTCHA’s use is more recommended to avoid abuse.

INTERNET SECURITY
Internet security is a branch of computer security that deals specifically with Internet-based
threats. These include hacking, where unauthorized users gain access to computer systems, email
accounts or websites; viruses and other malicious software (malware), which can damage data or
make systems vulnerable to other threats; and identity theft, where hackers steal personal details
such as credit card numbers and bank account information. You can protect yourself from these
threats with strong Internet security.

The Open System Interconnection(OSI) Reference Model

The Open Systems Interconnection model (OSI model) is a conceptual model that
characterizes and standardizes the communication functions of a telecommunication or
computing system without regard to their underlying internal structure and technology. Its goal is
the interoperability of diverse communication systems with standard protocols. The model
partitions a communication system into abstraction layers. The original version of the model
defined seven layers.
A layer serves the layer above it and is served by the layer below it. For example, a layer that
provides error-free communications across a network provides the path needed by applications
above it, while it calls the next lower layer to send and receive packets that comprise the contents
of that path. Two instances at the same layer are visualized as connected by
a horizontal connection in that layer.

Feature of OSI Model :

1. Big picture of network is understandable through this OSI model.

2. We see how hardware and software work together.
3. We can understand new technologies as they are developed.
4. Troubleshooting is easier by separate networks.
5. Can be used to compare basic functional relationships on different networks.

The OSI Model is Not Tangible

There is really nothing to the OSI model. In fact, it's not even tangible. The OSI model doesn't
perform any functions in the networking process. It is a conceptual framework so we can better
understand complex interactions that are happening.
The OSI Model Layers
The OSI model takes the task of internetworking and divides that up into what is referred to as
a vertical stack that consists of the following 7 layers.
Physical (Layer 1)
OSI Model, Layer 1 conveys the bit stream - electrical impulse, light or radio signal — through
the network at the electrical and mechanical level. It provides the hardware means of sending and
receiving data on a carrier, including defining cables, cards and physical aspects. Fast
Ethernet, RS232, and ATM are protocols with physical layer components.
Data Link (Layer 2)
At OSI Model, Layer 2, data packets are encoded and decoded into bits. It furnishes transmission
protocolknowledge and management and handles errors in the physical layer, flow control and
frame synchronization. The data link layer is divided into two sub layers: The Media Access
Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls
how a computer on the network gains access to the data and permission to transmit it. The LLC
layer controls frame synchronization, flow control and error checking.

Network (Layer 3)
Layer 3 provides switching and routing technologies, creating logical paths, known as virtual
circuits, for transmitting data from node to node. Routing and forwarding are functions of this
layer, as well as addressing,internetworking, error handling, congestion control and packet
sequencing.
Transport (Layer 4)
OSI Model, Layer 4, provides transparent transfer of data between end systems, or hosts, and is
responsible for end-to-end error recovery and flow control. It ensures complete data transfer.
Session (Layer 5)
This layer establishes, manages and terminates connections between applications. The session
layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the
applications at each end. It deals with session and connection coordination.
Presentation (Layer 6)
This layer provides independence from differences in data representation (e.g., encryption) by
translating from application to network format, and vice versa. The presentation layer works to
transform data into the form that the application layer can accept. This layer formats and
encrypts data to be sent across a network, providing freedom from compatibility problems. It is
sometimes called the syntax layer.
Application (Layer 7)
OSI Model, Layer 7, supports application and end-user processes. Communication partners are
identified, quality of service is identified, user authentication and privacy are considered, and any
constraints on datasyntax are identified. Everything at this layer is application-specific. This
layer provides application services forfile transfers, e-mail, and
other network software services. Telnet and FTP are applications that exist entirely in the
application level. Tiered application architectures are part of this layer.

Security for the OSI Model

ISO has in fact identified following security services to protect networks from attacks:
Security service is a service which ensures adequate security of the systems or of data transfers
provides security services into 6 categories:
 Authentication
 Access control
 Logging and Monitoring
 Data confidentiality
 Data integrity
 Nonrepudiation
 Availability service

Authentication The authentication service is concerning with assuring that a communication is authentic:
• The recipient of the message should be sure that the message came from the source that it claims to be
• All communicating parties should be sure that the connection is not interfered with by unauthorized
party. Example: consider a person, using online banking service. Both the user and the bank should be
assured in identities of each other

Access control This service controls

• who can have access to a resource;
• under what conditions access can occur;
• what those accessing are allowing to do.
 Example: in online banking a user may be allowed to see his balance, but not allowed to make any
transactions for some of his accounts

Logging and Monitoring

These services enable the security specialist to observe system activity during and after the fact, by using
monitoring and logging tools. This includes operating system logs, server records, application log errors,
warning and network switch and router traffic between network segments.

Data confidentialityThe protection of data from unauthorized disclosure (from passive attacks).
• Connection confidentiality
• Connectionless confidentiality
• Selective field confidentiality
• Traffic-Flow Confidentiality

Data Integrity
• The assurance that data received are exactly as sent by an authorized entity, i.e. contain
• no modification
• no insertion
• no deletion
• no replay
• Protection from active attacks
• It may be
• integrity with recovery, or
• Integrity without recovery (detection only)

Nonrepudiation
• Protection against denial by one of the entities involved in a communication of having participated in
the communication.
• Nonrepudiation can be related to
• Origin: proof that the message was sent by the specified party
• Destination: proof that the message was received by the specified party Example: Imagine a user of
online banking who has made a transaction, but later denied that. How the bank can protect itself in a
such situation?

Availability service
• Protects a system to ensure its availability
• Particularly, it addresses denial-of-service attacks
• Depends on other security services: access control, authentication, etc

TCP/IP Reference Model

Introducing the TCP/IP Protocol Suite
“TCP/IP” is the acronym that is commonly used for the set of network protocols that compose
the Internet Protocol suite. Many texts use the term “Internet” to describe both the protocol
suite and the global wide area network. In this book, “TCP/IP” refers specifically to the Internet
protocol suite. “Internet” refers to the wide area network and the bodies that govern the Internet.

To interconnect your TCP/IP network with other networks, you must obtain a unique IP address
for your network. At the time of this writing, you obtain this address from an Internet service
provider (ISP).

If hosts on your network are to participate in the Internet Domain Name System (DNS), you
must obtain and register a unique domain name. The InterNIC coordinates the registration of
domain names through a group of worldwide registries. For more information on DNS, refer
to System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

Protocol Layers and the Open Systems Interconnection Model

Most network protocol suites are structured as a series of layers, sometimes collectively referred
to as a protocol stack. Each layer is designed for a specific purpose. Each layer exists on both
the sending and receiving systems. A specific layer on one system sends or receives exactly the
same object that another system's peer process sends or receives. These activities occur
independently from activities in layers above or below the layer under consideration. In essence,
each layer on a system acts independently of other layers on the same system. Each layer acts in
parallel with the same layer on other systems.

TCP/IP Protocol Architecture Model

The OSI model describes idealized network communications with a family of protocols. TCP/IP
does not directly correspond to this model. TCP/IP either combines several OSI layers into a
single layer, or does not use certain layers at all. The following table shows the layers of the
Oracle Solaris implementation of TCP/IP. The table lists the layers from the topmost layer
(application) to the bottommost layer (physical network).
Network Interface Layer
The Network Interface layer (also called the Network Access layer) is responsible for placing
TCP/IP packets on the network medium and receiving TCP/IP packets off the network medium.
TCP/IP was designed to be independent of the network access method, frame format, and
medium. In this way, TCP/IP can be used to connect differing network types. These include
LAN technologies such as Ethernet and Token Ring and WAN technologies such as X.25 and
Frame Relay. Independence from any specific network technology gives TCP/IP the ability to be
adapted to new technologies such as Asynchronous Transfer Mode (ATM).
The Network Interface layer encompasses the Data Link and Physical layers of the OSI model.
Note that the Internet layer does not take advantage of sequencing and acknowledgment services
that might be present in the Data-Link layer. An unreliable Network Interface layer is assumed,
and reliable communications through session establishment and the sequencing and
acknowledgment of packets is the responsibility of the Transport layer.

Data-Link Layer
The data-link layer identifies the network protocol type of the packet, in this instance TCP/IP.
The data-link layer also provides error control and “framing.” Examples of data-link layer
protocols are Ethernet IEEE 802.2 framing and Point-to-Point Protocol (PPP) framing.

Internet Layer
The Internet layer, also known as the network layer or IP layer, accepts and delivers packets for
the network. This layer includes the powerful Internet Protocol (IP), the Address Resolution
Protocol (ARP), and the Internet Control Message Protocol (ICMP).

IP Protocol
The IP protocol and its associated routing protocols are possibly the most significant of the entire
TCP/IP suite. IP is responsible for the following:
 IP addressing – The IP addressing conventions are part of the IP protocol. Designing an
IPv4 Addressing Scheme introduces IPv4 addressing and IPv6 Addressing
Overview introduces IPv6 addressing.

 Host-to-host communications – IP determines the path a packet must take, based on the
receiving system's IP address.

 Packet formatting – IP assembles packets into units that are known as datagrams.
Datagrams are fully described in Internet Layer: Where Packets Are Prepared for Delivery.

 Fragmentation – If a packet is too large for transmission over the network media, IP on the
sending system breaks the packet into smaller fragments. IP on the receiving system then
reconstructs the fragments into the original packet.

Oracle Solaris supports both IPv4 and IPv6 addressing formats, which are described in this book.
To avoid confusion when addressing the Internet Protocol, one of the following conventions is
used:

 When the term “IP” is used in a description, the description applies to both IPv4 and IPv6.

 When the term “IPv4” is used in a description, the description applies only to IPv4.

 When the term “IPv6” is used in a description, the description applies only to IPv6.

ARP Protocol
The Address Resolution Protocol (ARP) conceptually exists between the data-link and Internet
layers. ARP assists IP in directing datagrams to the appropriate receiving system by mapping
Ethernet addresses (48 bits long) to known IP addresses (32 bits long).

ICMP Protocol
The Internet Control Message Protocol (ICMP) detects and reports network error conditions.
ICMP reports on the following:

 Dropped packets – Packets that arrive too fast to be processed

 Connectivity failure – A destination system cannot be reached

 Redirection – Redirecting a sending system to use another router

Chapter 8, Administering a TCP/IP Network (Tasks) contains more information on Oracle

Solaris commands that use ICMP for error detection.

Transport Layer
The TCP/IP transport layer ensures that packets arrive in sequence and without error, by
swapping acknowledgments of data reception, and retransmitting lost packets. This type of
communication is known as end-to-end. Transport layer protocols at this level are Transmission
Control Protocol (TCP), User Datagram Protocol (UDP), and Stream Control Transmission
Protocol (SCTP). TCP and SCTP provide reliable, end-to-end service. UDP provides unreliable
datagram service.

TCP Protocol
TCP enables applications to communicate with each other as though they were connected by a
physical circuit. TCP sends data in a form that appears to be transmitted in a character-by-
character fashion, rather than as discrete packets. This transmission consists of the following:

 Starting point, which opens the connection

 Entire transmission in byte order

 Ending point, which closes the connection.

TCP attaches a header onto the transmitted data. This header contains many parameters that help
processes on the sending system connect to peer processes on the receiving system.

TCP confirms that a packet has reached its destination by establishing an end-to-end connection
between sending and receiving hosts. TCP is therefore considered a “reliable, connection-
oriented” protocol.

SCTP Protocol
SCTP is a reliable, connection-oriented transport layer protocol that provides the same services
to applications that are available from TCP. Moreover, SCTP can support connections between
systems that have more than one address, or multihomed. The SCTP connection between
sending and receiving system is called an association. Data in the association is organized in
chunks. Because SCTP supports multihoming, certain applications, particularly applications used
by the telecommunications industry, need to run over SCTP, rather than TCP.

UDP Protocol
UDP provides datagram delivery service. UDP does not verify connections between receiving
and sending hosts. Because UDP eliminates the processes of establishing and verifying
connections, applications that send small amounts of data use UDP.

Application Layer
The application layer defines standard Internet services and network applications that anyone
can use. These services work with the transport layer to send and receive data. Many application
layer protocols exist. The following list shows examples of application layer protocols:

 Standard TCP/IP services such as the ftp, tftp, and telnet commands

 UNIX “r” commands, such as rlogin and rsh

 Name services, such as NIS and the domain name system (DNS)
 Directory services (LDAP)

 File services, such as the NFS service

 Simple Network Management Protocol (SNMP), which enables network management

 Router Discovery Server protocol (RDISC) and Routing Information Protocol (RIP) routing
protocols

Standard TCP/IP Services

 FTP and Anonymous FTP – The File Transfer Protocol (FTP) transfers files to and from a
remote network. The protocol includes the ftp command and the in.ftpd daemon. FTP
enables a user to specify the name of the remote host and file transfer command options on
the local host's command line. The in.ftpd daemon on the remote host then handles the
requests from the local host. Unlike rcp, ftp works even when the remote computer does
not run a UNIX based operating system. A user must log in to the remote system to make
anftp connection, unless the remote system has been configured to allow anonymous FTP.

You can obtain an enormous amount of material from anonymous FTP servers that are
connected to the Internet. Universities and other institutions set up these servers to offer
software, research papers, and other information to the public domain. When you log in to
this type of server, you use the login name anonymous, hence the term “anonymous FTP
server.”

Using anonymous FTP and setting up anonymous FTP servers is outside the scope of this
manual. However, many books, such as The Whole Internet User's Guide & Catalog,
discuss anonymous FTP in detail. Instructions for using FTP are in System Administration
Guide: Network Services. The ftp(1) man page describes all ftp command options that are
invoked through the command interpreter. The ftpd(1M) man page describes the services
that are provided by the in.ftpd daemon.

 Telnet – The Telnet protocol enables terminals and terminal-oriented processes to

communicate on a network that runs TCP/IP. This protocol is implemented as
the telnet program on local systems and the in.telnetd daemon on remote machines.
Telnet provides a user interface through which two hosts can communicate on a character-
by-character or line-by-line basis. Telnet includes a set of commands that are fully
documented in the telnet(1) man page.

 TFTP – The Trivial File Transfer Protocol (tftp) provides functions that are similar to ftp,
but the protocol does not establish ftp's interactive connection. As a result, users cannot list
the contents of a directory or change directories. A user must know the full name of the file
to be copied. The tftp(1)man page describes the tftp command set.

UNIX “r” Commands

The UNIX “r” commands enable users to issue commands on their local machines that run on the
remote host. These commands include the following:
 rcp

 rlogin

 rsh

Instructions for using these commands are in the rcp(1), rlogin(1), and rsh(1) man pages.

Name Services
Oracle Solaris provides the following name services:

 DNS – The domain name system (DNS) is the name service provided by the Internet for
TCP/IP networks. DNS provides host names to the IP address service. DNS also serves as a
database for mail administration. For a complete description of this service, see System
Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). See also
theresolver(3RESOLV) man page.

 /etcfiles – The original host-based UNIX name system was developed for standalone
UNIX machines and then adapted for network use. Many old UNIX operating systems and
computers still use this system, but it is not well suited for large complex networks.

 NIS – Network Information Service (NIS) was developed independently of DNS and has a
slightly different focus. Whereas DNS focuses on making communication simpler by using
machine names instead of numerical IP addresses, NIS focuses on making network
administration more manageable by providing centralized control over a variety of network
information. NIS stores information about machine names and addresses, users, the network
itself, and network services. NIS name space information is stored in NIS maps. For more
information on NIS Architecture and NIS Administration, see System Administration Guide:
Naming and Directory Services (DNS, NIS, and LDAP).

Directory Service
Oracle Solaris supports LDAP (Lightweight Directory Access Protocol) in conjunction with the
Sun Open Net Environment (Sun ONE) Directory Server, as well as other LDAP directory
servers. The distinction between a name service and a directory service is in the differing extent
of functionality. A directory service provides the same functionality of a naming service, but
provides additional functionalities as well. See System Administration Guide: Naming and
Directory Services (DNS, NIS, and LDAP).

File Services
The NFS application layer protocol provides file services for Oracle Solaris. You can find
complete information about the NFS service in System Administration Guide: Network Services.

Network Administration
The Simple Network Management Protocol (SNMP) enables you to view the layout of your
network and the status of key machines. SNMP also enables you to obtain complex network
statistics from software that is based on a graphical user interface (GUI). Many companies offer
network management packages that implement SNMP.

Routing Protocols
The Routing Information Protocol (RIP) and the Router Discovery Server Protocol (RDISC) are
two available routing protocols for TCP/IP networks. For complete lists of available routing
protocols for Oracle Solaris 10, refer to Table 5-1 and Table 5-2.

Security for the TCP/IP Model

Routers

Routers and routing

Figure 4: two networks connected via a router

The above examples all presented a single network at the Internet Protocol level. Even when the
network is segmented, all nodes are still able to communicate with each other. To connect
networks, a router or gatewayis used.

Routers and gateways

A router is connected to two different networks and passes packets between them, as shown in
figure 4 to the right. In a typical home network, the router provides the connection between the
network and the Internet.
 A gateway is the same as a router, except in that it also translates between one network system
or protocol and another. The NAT protocol for example uses a NAT gateway to connect a
private network to the Internet.

Routing messages between networks

When a node on one network needs to send a message to a node on another network, this packet
will be picked up by the router and passed on to the other network. Many nodes are programmed
with a so-called 'default gateway', which is the address of the router that is to take care of all
packets not for other nodes on the same network.

Routers maintain a so-called routing table to keep track of routes: which connections (to
different networks) are to be used for which faraway networks. Some of these routes are
programmed in manually, but many are "learned" automatically by the router. Modern routers
inform each other about new routes and no longer working routes to make this as efficient as
possible.

Figure 5 below illustrates how routers (and behind them, entire networks) may be connected.
There are now multiple routes from the node at the left to the node at the right. Since routers
transmit IP packets, and IP packets are all independent of one another, each packet can travel
along a different route to its destination.

The TCP protocol that runs in the transport layer above does not notice this, although a user may
notice if suddently the connection seems faster or slower. That could be caused by packets now
following a different route that is faster or slower than the old one.

Figure 5: how two nodes on different networks can communicate with each
other
Security of routing
Routing data packets in this way is very efficient, but not very secure. Every router in between
the source and the destination can examine every packet that comes through. This enables for
example systems like Carnivore (in Dutch) to examine almost all Internet traffic.
Using encrypted Internet transmissions avoids this.

An additional risk is traffic analysis. A router can see where packets come from and where they
go to. Even if the content of the packets is encrypted, the source or destination address itself
 already reveals something about the communication. For example, a corporate IP address that
sends data to a newspaper website may indicate leaking of business secrets.

Onion routing with systems like Tor avoid even this risk, although they are much slower than
traditional routing systems.

Firewall

A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can
be implemented in both hardware and software, or a combination of both.

How are Firewalls Used?

Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks
connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through
the firewall, which examines each message and blocks those that do not meet the
specified security criteria.

Hardware and Software Firewalls

Firewalls can be either hardware or software but the ideal firewall configuration will consist of both. In
addition to limiting access to your computer and network, a firewall is also useful for allowing remote
access to a private network through secure authentication certificates and logins.
Hardware firewalls can be purchased as a stand-alone product but are also typically found in broadband
routers, and should be considered an important part of your system and network set-up. Most hardware
firewalls will have a minimum of four network ports to connect other computers, but for larger networks,
business networking firewall solutions are available.

Software firewalls are installed on your computer (like any software) and you can customize it; allowing
you some control over its function and protection features. A software firewall will protect your computer
from outside attempts to control or gain access your computer.

Techniques of firewall

Packet Filtering
All Internet traffic travels in the form of packets. A packet is a quantity of data of limited size,
kept small for easy handling. When larger amounts of continuous data must be sent, it is broken
up into numbered packets for transmission and reassembled at the receiving end. All your file
downloads, Web page retrievals, emails -- all these Internet communications always occur in
packets.
A packet is a series of digital numbers basically, which conveys these things:

 The data, acknowledgment, request or command from the originating system

 The source IP address and port
 The destination IP address and port
 Information about the protocol (set of rules) by which the packet is to be handled
 Error checking information
 Usually, some sort of information about the type and status of the data being sent
 Often, a few other things too - which don't matter for our purposes here.

In packet filtering, only the protocol and the address information of each packet is examined.
Its contents and context (its relation to other packets and to the intended application) are ignored.
The firewall pays no attention to applications on the host or local network and it "knows"
nothing about the sources of incoming data.

Filtering consists of examining incoming or outgoing packets and allowing or disallowing their
transmission or acceptance on the basis of a set of configurable rules, called policies.

Packet filtering policies may be based upon any of the following:

 Allowing or disallowing packets on the basis of the source IP address

 Allowing or disallowing packets on the basis of their destination port
 Allowing or disallowing packets according to protocol.

This is the original and most basic type of firewall.

Packet filtering alone is very effective as far as it goes but it is not foolproof security. It can
potentially block all traffic, which in a sense is absolute security. But for any useful networking
to occur, it must of course allow some packets to pass. Its weaknesses are:

 Address information in a packet can potentially be falsified or "spoofed" by the sender

 The data or requests contained in allowed packets may ultimately cause unwanted things
to happen, as where a hacker may exploit a known bug in a targeted Web server program
to make it do his bidding, or use an ill-gotten password to gain control or access.

An advantage of packet filtering is its relative simplicity and ease of implementation.

Circuit Relay or level Gateway

Also called a "Circuit Level Gateway," this is a firewall approach that validates connections
before allowing data to be exchanged.

What this means is that the firewall doesn't simply allow or disallow packets but also determines
whether the connection between both ends is valid according to configurable rules, then opens a
session and permits traffic only from the allowed source and possibly only for a limited period of
time. Whether a connection is valid may for examples be based upon:
  destination IP address and/or port
 source IP address and/or port
 time of day
 protocol
 user
 password

Every session of data exchange is validated and monitored and all traffic is disallowed unless a
session is open.

Circuit Level Filtering takes control a step further than a Packet Filter. Among the advantages of
a circuit relay is that it can make up for the shortcomings of the ultra-simple and exploitable
UDP protocol, wherein the source address is never validated as a function of the protocol. IP
spoofing can be rendered much more difficult.

A disadvantage is that Circuit Level Filtering operates at the Transport Layer and may require
substantial modification of the programming which normally provides transport functions (e.g.
Winsock).

Application Gateway
In this approach, the firewall goes still further in its regulation of traffic.

The Application Level Gateway acts as a proxy for applications, performing all data exchanges with the
remote system in their behalf. This can render a computer behind the firewall all but invisible to the
remote system.

It can allow or disallow traffic according to very specific rules, for instance permitting some commands to
a server but not others, limiting file access to certain types, varying rules according to authenticated users
and so forth. This type of firewall may also perform very detailed logging of traffic and monitoring of
events on the host system, and can often be instructed to sound alarms or notify an operator under defined
conditions.

Application-level gateways are generally regarded as the most secure type of firewall. They certainly
have the most sophisticated capabilities.

A disadvantage is that setup may be very complex, requiring detailed attention to the individual
applications that use the gateway.

An application gateway is normally implemented on a separate computer on the network whose primary
function is to provide proxy service.

As you can see, all firewalls regardless of type have one very important thing in common: they receive,
inspect and make decisions about all incoming data before it reaches other parts of the system or
network. That means they handle packets and they are strategically placed at the entry point to the
system or network the firewall is intended to protect. They usually regulate outgoing data as well. The
types and capabilities of firewalls are defined essentially by:

 Where they reside in the network hierarchy (stack);

 how they analyze and how they regulate the flow of data (packets);
 and additional security-related and utilitarian functions they may perform. Some of those
additional functions:
o data may be encrypted/decrypted by the firewall for secure communication with a distant
network
o Scripting may allow the operator to program-in any number of specialized capabilities
o The firewall may facilitate communications between otherwise incompatible networks.

Acting as a proxy server: A proxy server is a type of gateway that hides the true network address
of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for
pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The
firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to
pass (e.g.,HTTP files, or web pages). A proxy server has the potential drawback of slowing network
performance, since it has to actively analyze and manipulate traffic passing through it.

Physical Security
Physical security is the protection of personnel, hardware, programs, networks, and data
from physical circumstances and events that could cause serious losses or damage to an enterprise,
agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and
terrorism.

Physical Security Threats

The goal of identifying these threats is to provide assured, uninterrupted business and service, reduce the
risk of physical damage to a site from natural or man-made causes, and reduce the risk of both internal
and external theft. The major categories of physical security threats are:

Weather: hurricanes, floods, fire, snow, ice, heat, cold, humidity

Earth movement: earthquakes, mudslides

Structural failure: building collapse

Fire/chemical: explosions, toxic waste/gases, smoke, fire

Energy: loss of power, radiation, magnetic wave infrastructure

Biological: virus, bacteria, infestations of animals or insects.

Providing physical Security

The field of security engineering has identified five areas that address the afore-
mentioned types of physical security threats. These areas are:
Identity management
Identity management (IdM) is the task of controlling information about users on computers. Such
information includes information that authenticates the identity of a user, and information that describes
information and actions they are authorized to access and/or perform. It also includes the management of
descriptive information about the user and how and by whom that information can be accessed and
modified. Managed entities typically include users, hardware and network resources and even
applications.

Digital identity is an entity's online presence, encompassing personal identifying information (PII) and
ancillary information. See OECD[6] and NIST[7] guidelines on protecting PII.[8]It can be interpreted as the
codification of identity names and attributes of a physical instance in a way that facilitates processing.

Identity management function[edit]

In the real-world context of engineering online systems, identity management can involve four basic
functions:

1. The pure identity function: Creation, management and deletion of identities without regard to
access or entitlements;
2. The user access (log-on) function: For example: a smart card and its associated data used by a
customer to log on to a service or services (a traditional view);
3. The service function: A system that delivers personalized, role-based, online, on-demand,
multimedia (content), presence-based services to users and their devices.
 4. Identity Federation: A system that relies on Federated identity to authenticate a user without
knowing his or her password.
Pure identity[edit]
A general model of identity can be constructed from a small set of axioms, for example that all identities
in a given namespace are unique, or that such identities bear a specific relationship to corresponding
entities in the real world. Such an axiomatic model expresses "pure identity" in the sense that the model is
not constrained by a specific application context.

In general, an entity (real or virtual) can have multiple identities and each identity can encompass
multiple attributes, some of which are unique within a given name space. The diagram below illustrates
the conceptual relationship between identities and entities, as well as between identities and their
attributes.

In most theoretical and all practical models of digital identity, a given identity object consists of a finite
set of properties (attribute values). These properties record information about the object, either for
purposes external to the model or to operate the model, for example in classification and retrieval. A
"pure identity" model is strictly not concerned with the external semantics of these properties.

The most common departure from "pure identity" in practice occurs with properties intended to assure
some aspect of identity, for example a digital signature or software tokenwhich the model may use
internally to verify some aspect of the identity in satisfaction of an external purpose. To the extent that the
model expresses such semantics internally, it is not a pure model.

Contrast this situation with properties that might be externally used for purposes of information
security such as managing access or entitlement, but which are simply stored, maintained and retrieved,
without special treatment by the model. The absence of external semantics within the model qualifies it as
a "pure identity" model.

Identity management, then, can be defined as a set of operations on a given identity model, or more
generally as a set of capabilities with reference to it.

In practice, identity management often expands to express how model contents is to

be provisioned and reconciled among multiple identity models.
User access[edit]
User access enables users to assume a specific digital identity across applications, which enables access
controls to be assigned and evaluated against this identity. The use of a single identity for a given user
across multiple systems eases tasks for administrators and users. It simplifies access monitoring and
verification and allows the organization to minimize excessive privileges granted to one user. User access
can be tracked from initiation to termination of user access.

When organizations deploy an identity management process or system, their motivation is normally not
primarily to manage a set of identities, but rather to grant appropriate access rights to those entities via
their identities. In other words, access management is normally the motivation for identity management
and the two sets of processes are consequently closely related.
Services[edit]
Organizations continue to add services for both internal users and by customers. Many such services
require identity management to properly provide these services. Increasingly, identity management has
been partitioned from application functions so that a single identity can serve many or even all of an
organization's activities.

For internal use identity management is evolving to control access to all digital assets, including devices,
network equipment, servers, portals, content, applications and/or products.

Services often require access to extensive information about a user, including address books, preferences,
entitlements and contact information. Since much of this information is subject to privacy and/or
confidentiality requirements, controlling access to it is vital.

ACCESS CONTROL SYSTEM

Access Control is any mechanism by which a system grants or revokes the right to access some data, or
perform some action. Normally, a user must first Login to a system, using some Authentication system.
Next, the Access Control mechanism controls what operations the user may or may not make by
comparing the User ID to an Access Control database.
Access Control systems include:
 File permissions, such as create, read, edit or delete on a file server.
 Program permissions, such as the right to execute a program on an application server.
 Data rights, such as the right to retrieve or update information in a database.

Mandatory Access Control

A system of access control that assigns security labels or classifications to system resources and allows access
only to entities (people, processes, devices) with distinct levels of authorization or clearance. These controls
are enforced by the operating system or security kernel. For example, the operating system will not convert a
top secret document to a lower classification without a formal, documented process of declassification.
Contrast with discretionary access control and role-based access control.

Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners
have to grant or deny access to resource objects in a file system. MAC criteria are defined by the system
administrator, strictly enforced by the operating system (OS) or security kernel, and are unable to be
altered by end users.

Subjects: the people who are granted a clearance to access an object within the information
system

Objects : the elements that are being protected from the use or access within the information
system

Labels: This is the mechanism that binds objects with the subjects. A subject’s clearance permits
access to an object based on the labelled security protection assigned to that object.

Discretionary Access Control

Unlike Mandatory Access Control (MAC) where access to system resources is controlled by the operating
system (under the control of a system administrator), Discretionary Access Control (DAC) allows each user to
control access to their own data. DAC is typically the default access control mechanism for most desktop
operating systems.

Instead of a security label in the case of MAC, each resource object on a DAC based system has an Access
Control List (ACL) associated with it. An ACL contains a list of users and groups to which the user has
permitted access together with the level of access for each user or group. For example, User A may provide
read-only access on one of her files to User B, read and write access on the same file to User C and full control
to any user belonging to Group 1.

It is important to note that under DAC a user can only set access permissions for resources which they already
own. A hypothetical User A cannot, therefore, change the access control for a file that is owned by User
B. User A can, however, set access permissions on a file that she owns. Under some operating systems it is also
possible for the system or network administrator to dictate which permissions users are allowed to set in the
ACLs of their resources.
Discretionary Access Control provides a much more flexible environment than Mandatory Access Control but
also increases the risk that data will be made accessible to users that should not necessarily be given access.

ACL - access control list

Access control list, a set of data that informs a computer'soperating system which permissions,
or access rights, that eachuser or group has to a specific system object, such as
a directory orfile. Each object has a unique security attribute that identifies which users have
access to it, and the ACL is a list of each object and user access privileges such
as read, write or execute.

Rule Based Access Control

Rule Based Access Control (RBAC) introduces acronym ambiguity by using the same four letter abbreviation
(RBAC) as Role Based Access Control.

Under Rules Based Access Control, access is allowed or denied to resource objects based on a set of rules
defined by a system administrator. As with Discretionary Access Control, access properties are stored in
Access Control Lists (ACL) associated with each resource object. When a particular account or group attempts
to access a resource, the operating system checks the rules contained in the ACL for that object.

Examples of Rules Based Access Control include situations such as permitting access for an account or group
to a network connection at certain hours of the day or days of the week.

As with MAC, access control cannot be changed by users. All access permissions are controlled solely by the
system administrator

Role Based Access Control

Role Based Access Control (RBAC), also known as Non discretionary Access Control, takes more of a real
world approach to structuring access control. Access under RBAC is based on a user's job function within the
organization to which the computer system belongs.

Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that
particular role. For example, an accountant in a company will be assigned to the Accountant role, gaining
access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be
assigned to thedeveloper role.

Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be
assigned a single role in an organization. Additionally, there is no way to provide individual users additional
permissions over and above those available for their role. The accountant described above gets the same
permissions as all other accountants, nothing more and nothing less.
User possessions
Some techniques developed for access control are solely based on user’s requirements based on
what the user possesses, generally known as tokens. Such tokens are divided into two categories-
memory tokens and smart tokens.

Memory tokens

It is meant for storing information. For data writing and reading, it requires a special reader and
writer to and from the tokens. A magnetic strip card is the most common type of memory token.
The surface of the magnetic strip card consists of thin stripes of magnetic material. One of the
applications of memory tokens is Automatic Teller Machine (ATM) for authentication TO THE
COMPUTER SYSTEMS. However, this method also has certain limitations. The major
drawbacks of the memory tokens are tokens are token loss, their manufacturing cost, user
dissatisfaction, administration and the loss of PINs itself. Much efforts have been made to
increase the security of memory token systems related to the protection of PINs.

Smart Tokens

They are more powerful than the memory tokens because authentication usually takes place on
the card. A smart card is an extension of the memory token, since it includes one or more
integrated circuits into the token itself. It varies depending on the type of usage. In general, type
provides stronger security than memory cards. It is another example of authentication based on
user possession category. It also requires the user to provide something that only the user
knows(PIN or password) for use. It can solve the problem of electronic monitoring. However,
like the memory token, it can solve the problem of electronic monitoring. However, like the
memory token, it also has the same problem of manufactruring cost, user dissatisfaction and
administration of the system. Moreover, smart tokens are costlier than memory tokens and are
more complex to handle.

Biometric Techniques
Traditionally, authentication is mainly performed using two kinds of techniques-
possession-based and knowledge-based. These techniques are briefly described below:

Possession based It is based on some token which the user possess. Some common examples of
possession-based tokens are keys, smart cards,etc. In this type of authentication, security is
compromised if the token is lost.
Knowledge based It is based on a token which user knows. Password and PIN are very common
examples of knowledge-based tokens. In this case, user has to remember the token to confirm his
or her identity. Even though it appears a better solution than the possession-based method, yet it
has some limitations. In order to protect the token, some encryption algorithms have been used.
Even if the best possible encrypting, algorithm is used, the whole concept is based on a key. If
the key is too short, it may be possible to crack it by number of attempts. But if the key is too
complicated, ikt is difficult to remember and the common user may have to keep it written
somewhere which is prone to loss or theft.

Biometric-based authentication system measures and analyses a person’s unique characteristics

(which may be physical or behavioural) and uses it for authentication. The particular
characteristic which is used for authentication is called biometric trait. Some of the common
physiological-based biometric traits include fingerprint, face, hand, iris or retina, while some
common behavioural-based biometric traits are speech, signature, gait, keystrokes, etc. The
main advantages of biometrics over a traditional access system are:

Biometric traits cannot be forgotten or misplaced and cannot be lost, whereas a traditional access
control system which uses passwords can be forgotten and tokens are easily lost or misplaced.

Biometric traits are relatively more difficult to forge whereas the password-based systems are
easier to crack.

The use of biometric traits in the authentication system requires only the person to be present at
the time. The users need not carry any token or remember the password or PINs.

Moreover, if any access control system uses both biometric as well as passwords or tokens, it
improves the security of existing systems without replacing them.

Two types of biometrics

Physiological Biometrics

Biometrics can be divided into two broad categories: physiological and behavioral. Behavioural
biometrics are based on (hopefully) unique ways people do things such as walking, talking, signing their
name, or typing on a keyboard (speed, rhythm, pressure on the keys, etc). By contrast, physiological
biometrics are based on a person's physical characteristics which are assumed to be relatively unchanging
such as fingerprintss, iris patterns, retina paterns, facial features, palm prints, or hand geometry. We all
use a form of physiological biometrics when we recognize our friends and aquaintances. You know what
they look like and sound like so you are usually able to recognize them when you see them or hear them.
Turning those characteristics into reproducable electronic data is quite an art however and no perfect
system has yet been developed that is absolutely foolproof - although some are pretty good.
face recognition is perhaps the most friendly and acceptable way to conduct human authentication. These
facts rely basically on its easy collectability mechanisms and its non-intrusiveness property, e.g, people
generally accept this biometric characteristic as a valid authentication method. The face recognition
process often involves three different steps: (1) detect whether there exists a face in an image, (2) locate
the face(s) if it is case, and (3) recognize the face(s). For each of the three mentioned steps, there are some
challenges to be considered. First, face images are captured under non-controlled conditions. Therefore,
these images may be characterized by the presence of different illumination conditions and backgrounds.
Furthermore, changes in the facial expressions and occlusions of some facial features may reduce the
overall recognition accuracy. Due to these aspects face recognition is a challenging research field.

Fingerprintsrecognitionare considered nowadays one of the most reliable biometric characteristic for
human recognition due to their individuality and persistence. A fingerprint consists basically on a pattern
of rigdes and valleys in the surface of the fingertips and its formation is related to the earlier fetal months.
Maybe its main disadvantage is related to their intrusiveness, since people need to cooperateexplicitely
when providing their fingerprints to the system. Furthermore, fingerprint-based authentication is
traditionally associated with criminal-authentication methods. State-of-the-art authentication methods
have demonstrated adequate accuracies for fingerprint recognition methods, however, for the sake of
human identification there are still some open tasks. First, the processing time of the current algorithms
should be reduced since the output of such systems should be done in real time. Second, the non-
controlled interaction between users and capture devices will produce missaligned and rotated images.

Iris recognitionIts visual texture information is formed during the fetal period and its formation is
extended up to the two first years of life. Iris-based authentication methods take into advantage the facts
that the iris information is unique across individuals, and its main characteristics do not change over time,
as is the case of fingerprints. Besides its main properties, the texture of the iris is believed to be very
difficult to be modified surgically. Although its benefits, its main properties are affected by its
intrusiveness, since it needs a high collaboration efforts of the individuals, being therefore uncomfortable
for the daily life.

Vein Recognition Vein patterns are believed to be unique across individuals and invariant to time, even
in the case of identical twins. Due to these reasons, vein patterns could be used to authenticate
individuals. An image of the vascular patterns is obtained by using an infrared sensor that captures the
haemoglobin in the blood. Traditionally, the de-oxygenated haemoglobin appear as black patterns in the
captured image, whilst the hand or fingers have lighter patterns. One of the challenges in capturing the
hand vein structure is that the veins usually move and they flex as the blood is pumped through the human
body. Some of the actual capture devices appear not only to have solved this shortcoming, but also its size
has been reduced so as to make them portable, and therefore making this biometric characteristic feasible
in nowadays applications. The main disadvantages of this biometric characteristic are related to the cost
of the infrared sensors as well as the changes in the hand.

Ear Recognition The topology of the ear has been suggested as an alternative biometric technique. This
suggestion is based on the fact that the ear grows proportionally after the first four months of birth, and
therefore the ear's structure of an individual should remain the same over time. However, it has been
studied, that the gravity can cause some stretching of the ear in the vertical direction. Therefore, its
features are not expected to be very distinctive for authentication purposes. Although of this observation,
ear-based authentication can be used as a supplementary biometric technique. One could, for example,
combine face authentication with ear authentication tasks by taking into advantage that the same device
could be used to capture both biometric characteristics.

Electrocardiogram An electrocardiogram (ECG or EKG) is a test that checks with the electrical activity
of your heart. An ECG device translates the heart’s electrical activity into line tracings on paper. The
spikes and dips in the line tracings are called waves. In simple terms, an ECG or EKG, is used to monitor
your heart.

The electrocardiogram (ECG or EKG) is a diagnostic tool that is routinely used to assess the electrical
and muscular functions of the heart. While it is a relatively simple test to perform, the interpretation of the
ECG tracing requires significant amounts of training.

The heart is a two stage electrical pump and the heart's electrical activity can be measured by electrodes
placed on the skin. The electrocardiogram can measure the rate and rhythm of the heartbeat, as well as
provide indirect evidence of blood flow to the heart muscle.

A standardized system has been developed for the electrode placement for a routine ECG. Ten electrodes
are needed to produce 12 electrical views of the heart. An electrode lead, or patch, is placed on each arm
and leg and six are placed across the chest wall. The signals received from each electrode are recorded.
The printed view of these recordings is the electrocardiogram.

The following diagram illustrates how ECG machine is used to monitor the electrical activity of a
patient’s heart.

Behavioural biometrics are based on (hopefully) unique ways people do things such as walking, talking,
signing their name, or typing on a keyboard (speed, rhythm, pressure on the keys, etc).

Signature recognitionThe handwriting of a given individual can be thought as representing his/her own
characteristics. Signatures have been widely used in different areas ranging from government and legal
applications to commercial ones. Traditionally, signature authentication may be either static or dynamic.
Static signature authentication uses only the geometric features of the signatures, whereas the dynamic
authentication uses not only those features, but also some additional information such as velocity,
acceleration, pressue, and trajectory of the signatures. Furthermore, although it has proven reasonable
authentication accuracy, it is not high enough for large-scale applications. This observation relies
basically on the fact, that signatures present some variations due to the the physical and emotional state of
a person, and at the same time may vary over a period of time. However, such systems may be
incorporated transparently since individuals are used to provide their signatures in different environments
of their daily life.

Gait recognition Gait is an emergent behavioral characteristic used to authenticate people by the way
they walk. The attractiveness of this technique relies in its unobtrusive properties, since individuals are
authenticated at certain distances without any need of big co-operation efforts. Furthermore, it has
received attention from studies in medicine, psychology, and human body modeling. To create a gait
signature, some models are build based on temporal and spatial metrics of the human motion.
Although of its benefits, gait is not supposed to be very distinctive across individuals and therefore it is
not well suited for high-security scenarios. In addition, since this technique involves video-sequence
analysis, it may be computationally expensive.

Keystroke recognition Keystroke dynamics is related to the way people type characters on keyboards. Its
attention as a emerging biometric characteristic is supported by psychological studies which demonstrated
that human repetitive actions are predictable, and therefore an individual could be characterized by their
keystroke dynamics. This kind of systems aim to capture the interkey and hold times of the users
keyboard interaction in order to provide unique representations for each individual. The interkeytimes
isrefered to the latency periods between keystrokes, whereas the hold times represents the period of time
between the hit and release of a key hold. One of the main benefits of this technique is that it allows
"continuous authentication", since the individual can be analyzed over a large periods of time.

Multibiometrics

An authentication technology using different biometric technologies such as fingerprints, facial features,
and vein patterns in the identification and verification process. The use of Multi-Biometrics takes
advantages of the capabilities of each biometric technology while overcoming the limitations of a single
technology. Learn more in: Newborn Recognition Using Multimodal Biometric

A biometric system that uses more than one biometric identifier (like a combination of face, fingerprint,
iris, ear etc.) in making a decision about personal identification. Multimodal biometrics systems are
expected to be more reliable due to the presence of multiple traitsLearn more in: Biometric Identification
Techniques
Multimodal biometric systems are those that fuse more than one physiological and (or) behavioral
characteristic for enrollment, verification, or identification. Learn more in: Human Ear Recognition
System

Biometric applications
The primary applications of a biometric systems include governmental applications in the areas of
national security, e-governance, national level cards such as voter ID, PAN, National ID, driving license,
social security benefits, etc. Some of the major biometric applications are discussed here:

Authentication Systems Biometrics is integrated with large-scale systems used for various purposes
such as drivers licensing , surveillance, identity cards, health and benefits issuance. There many
applications where there is a requirement of unique identification, and biometric serves this go purpose
well. Transactional verification has also emerged in various public and private sector environments where
biometrics-based solutions are helpful.

Network Security As increasingly valuable information is made available to people via network, the
danger associated with unauthorised access to sensitive data is growing larger. Protecting this information
over network using a password is problematic since the password can be easily compromised. In this
kind pf application, biometric-based security might be a good option.

Combating Cybercrimes Though information technology’s positive impacts on individuals and

businesses are considerable, cybercrime continues to represent one of the greatest threats in the digital
world. It is emerging as an international problem and a major concern for anyone who manages or
accesses computer systems connected to the World Wide Web (WWW). Advances in biometric
technology hold promise for solving this problem by offering users greater protection. Use of biometrics
and smart cards has curbed the threat of cyber crime up to some extent.

Biometrics Enabled Smart Cards Biometrics offers a way for authentication while smart cards can be
used for storage, processing, and/or authentication. In certain kinds of applications, these two
technologies complete with each other. For example, an organisation may use smart cards based security
instead of biometrics for access control or vice versa. In the current scenario, these two technologies are
very often used in conjunction to strengthen each other’s capabilities.

E-Commerce and Internet Biometrics has been proposed as a viable solution for e-Commerce and
internet security. It ensures that only authorised persons can get access to sensitive data or are able to
execute transactions. In many cases, effective e-Commerce and internet solutions can be simplified by
replacing a password dialog with a biometric interface.

INTRUSION DETECTION
An intrusion detection system (IDS) is a device or software application that monitors network or system
activities for malicious activities or policy violations and produces electronic reports to a management
station.

Functions of intrusion detection

· Monitoring and analysis of user and system activity

· Analysing of system configurations and vulnerabilities
· Assessing the integrity of critical system and data files
· Statistical analysis of activity patterns based on the matching to known attacks
 · Abnormal activity analysis of patterns
· Tracking user policy violations.

An intrusion detection is composed of several parts

 Sensors to generate security alerts

 A console to control the sensor and to monitor events and triggers and
 A central Engine to use a system of rules to generate alerts from security events received and to
list out the records events logged by the sensors in a database.

The ID system follows a two-step process:

 Active Component This type of mechanism is set in place to re-enact known methods of attack
and to record system responses.
 Passive ComponentThis the of component includes activities such as inspection of the system’s
configuration files and password files, to detect inadvisable settings and passwords. It also
inspects the other system files to detect policy violation.

Types of intrusion detection systems are:

A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and
analyzes the internals of a computing system as well as (in some cases) the network packets on its
network interfaces (just like a network-based intrusion detection system (NIDS) would do).

A Protocol-based Intrusion Detection System (PIDS) is a type of intrusion detection system that is
usually installed on a web server to monitor and analyze the communication protocol being used by a
computing system. The PIDS enforces the correct usage of a protocol (e.g HTTP, TCP) in order to
prevent intrusions by malware and cyber attackers. It does this by monitoring the dynamic behaviour and
state of a protocol by sitting at the front end of a server. While the PIDS offers greater security than just
filtering by IP addresses or port numbers, it also requires more computing resources to run.

Hybrid Intrusion Detection system it is a combination of two or more approaches. The network
information has to combine with the host agent information to form a comprehensive view of network.

A network-based IDS (NIDS) monitors traffic at selected points on a network or interconnected set of
networks. The NIDS examines the traffic packet by packet in real time, or close to real time, to attempt to
detect intrusion patterns. The NIDS may examine network-, transport- and/or application-level protocol
activity. Note the contrast with a host-based IDS; a NIDS examines packet traffic directed toward
potentially vulnerable computer systems on a network. A host-based system examines user and software
activity on a host.

A typical NIDS facility includes a number of sensors to monitor packet traffic, one or more servers for
NIDS management functions, and one or more management consoles for the human interface. The
analysis of traffic patterns to detect intrusions may be done at the sensor, at the management server, or
some combination of the two.

Application Protocol based intrusion detection system

An APIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a syst
em or agent thatwould typically sit between a process, or group of servers, monitoring and analyzing the
application protocol between twoconnected devices.

A typical place for an APIDS would be between a web server and the database management
system, monitoring the SQLprotocol specific to the middleware/business
logic as it interacts with the database.

Categories of intrusion detection system

Anomaly vs Misuse Intrusion Detection Systems
In order to get a precise view on what Anomaly and Misuse detections are and how they actually
work we'll present briefly each of them.
Misuse detection is a system based on rules, either preconfigured by the system or setup
manually by the administrator. The rules are looking for signatures on network and system
operations trying to catch a well known attack that should be considered as Misuse. You can
think of Misuse detection as a specific deny rule firewall. Example: -
- Using one of the many SMTP/SSH exploits
- Detecting a port scan
- Parsing user commands looking for abuse
Anomaly detection on the other hand proceeds by comparing every phenomena to what a
"normal" situation would be. It seems obvious that such system needs a profile of the
network/system which may be a problem in the way that it takes time and resources to train an
anomaly detection sensor in order to build a profile that is reflecting a normal system / network
usage. Think of Anomaly detection as an alarm for strange system behavior. Example:
- Excessive bandwidth usage
- Excessive system calls from a process
- More than one entity using a service.

Host based vs Network based Intrusion Detection systems

Host Based Intrusion Detection Systems

 * A Host-based Intrusion Detection System consists of an agent on a host which sensors identify
intrusions by analyzing some of the following:

- System calls

- System and application logs,

- Suspicious file-system modifications (binaries, password files, capability/acl databases)

* Checks on permissions

* Checks on file integrity

* Rootkit detection (modified system binaries to hide the attacker) - Network attacks upon the
specific system:

* Known signature attacks

* Port scans

* Remote shellcode attacks (heuristic detection)

* Backdoor checking

Network Intrusion Detection Systems [NIDS]

Following the schema on Sensors/Console/Engine:

The most specific part on NIDS are "Sensors", which are deployed all over the network which is to be
protected. Sensors ------- Deployment points:

- The DMZ

- Firewall

- Parts of the Network directly connected to the Internet

- Servers which provide VPN services

- Any critical servers or sub-networks.

Sensor activity: - Server/service availability Checking out if all servers are running and if their services
are working correctly.

Passive System vs. Reactive System

In a passive system the IDS detects an intrusion and then alerts the user in some way. There is several
different ways an IDS can do this. Examples:

• It can in some way show the alert in the user's GUI, for example as a message in a console.
• It can log the event in detail

• It can in some external way notify the user; email, sms, pager etc

In a reactive system the IDS does something more concrete when an intrusion is detected. Examples:

• It can block the intrudersacces to the system, for example with reconfiguration of routers/firewall's ACL
lists

• Reset the TCP connection

• In host based IDS disable the user account of the intruder or just terminate the user's session

• Trace the origin of the intruder Some also define a third version which is called proactive IDS.

In a proactive IDS the system doesn't wait for the intrusion to happen and then reacts. It stops the
intrusion to happen altogether before it has succeded with doing it's evil work. Proactive IDS is also
sometimes used as another name for reactive IDS.