Wednesday, May 12, 2010
Demilitarized zone (DMZ)
A Demilitarized zone (DMZ) is an area where you can place a public server for access bypeople you might not trust otherwise. By isolating a server in a DMZ, you can hide or
remove access to other areas of your network. You can still access the server using your network,but others aren't able to access further network resources. This can be accomplished using firewalls to isolate your network.
When establishing a DMZ, you assume that the person accessing the resource isn't necessarily someone you would trust with other information. Figure 1.13 shows a server placed in a DMZ. Notice that the rest of the network isn't visible to external users. This lowers the threat of intrusion in the internal network.The easiest way to create a DMZ is to use a firewall that can transmit in three directions:Tip:Anytime you want to separate public information from private information,a DMZ is an accceptable option.
to the internal network, to the external world (Internet), and to the public information you’re
sharing (the DMZ). From there, you can decide what traffic goes where; for example, HTTP
traffic would be sent to the DMZ, and e-mail would go to the internal network.
Security Zones:Exteranet
An extranet is illustrated in the figure above. Note that this network provides a connection
between the two organizations. The connection may be through the Internet; if so, these
networks would use a tunneling protocol to accomplish a secure connection.
Security Zones:Interanet
Intranets are private networks implemented and maintained by an individual company or
organization. You can think of an intranet as an Internet that doesn't leave your company;
it's internal to the company, and access is limited to systems within the intranet. Intranets use the same technologies used by the Internet. They can be connected to the Internet but can't be accessed by users who aren't authorized to be part of them; the anonymous user of the Internet is instead an authorized user of the intranet. Access to the intranet is granted to trusted users inside the corporate network or to users in remote locations.
Security Zones:The Internet
Security Zones
Over time, networks can become complex beasts. What may have started as a handful of computers sharing resources can quickly grow to something resembling an electrician's nightmare. The networks may even appear to have lives of their own. It's common for a network to have connections among departments, companies, countries, and public access using private communication paths and through the Internet.
Not everyone in a network needs access to all the assets in the network. The term security zone describes design methods that isolate systems from other systems or networks.
You can isolate networks from each other using hardware and software. A router is a good example of a hardware solution: You can configure some machines on the network to be in a certain address range and others to be in a different address range. This separation makes the two networks invisible to each other unless a router connects them. Some of the newer data switches also allow you to partition networks into smaller networks or private zones.
When discussing security zones in a network, it's helpful to think of them as rooms.
You may have some rooms in your house or office that anyone can enter. For other rooms,access is limited to specific individuals for specific purposes. Establishing security zones is a similar process in a network: Security zones allow you to isolate systems from unauthorized users. Here are the four most common security zones you'll encounter:
- Internet
- Intranet
- Extranet
- Demilitarized zone (DMZ)
The next few posts identify the topologies used to create security zones to provide
Security. The Internet has become a boon to individuals and to businesses, but it creates a challenge for security. By implementing intranets, extranets, and DMZs, you can create a reasonably secure environment for your organization.
Accountability:A real story…
Accountability, like common sense, applies to every aspect of information technology.
Several years ago, a company that relied on data that could never be re-created wrote shell scripts to do backups early in the morning when the hosts were less busy. Operators at those machines were told to insert a tape in the drive around midnight and check back at 3:00 a.m. to make certain that a piece of paper had been printed on the printer, signaling the end of the job. If the paper was there, they were to remove the tapes and put them in storage; if the paper was not there, they were to call for support.
The inevitable hard drive crash occurred on one of the hosts one morning, and an IT
"specialist" was dispatched to swap it out. The technician changed the hard drive and
then asked for the most recent backup tape. To his dismay, the data on the tape was two years old. The machine crash occurred before the backup operation ran, he reasoned, but the odds of rotating two years' worth of tapes was pretty amazing. Undaunted, he asked for the tape from the day before, and found that the data on it was also two years old.
Beginning to sweat, he found the late shift operator for that host and asked her if she was making backups. She assured him that she was and that she was rotating the tapes and putting them away as soon as the paper printed out. Questioning her further on how the data could be so old, she said she could verify her story because she also kept the pieces of paper that appeared on the printer each day. She brought out the stack and handed them to him. They all reported the same thing—tape in drive is write protected.
Where did the accountability lie in this true story? The operator was faithfully following
the procedures given to her. She thought the fact that the tape was protected represented a good thing. It turned out that all the hosts had been printing the same message, and none of them had been backed up for a long while.
The problem lay not with the operator, but with the training she was given. Had she been shown what correct and incorrect backup completion reports looked like, the data would never have been lost.
Saturday, May 1, 2010
بیش از 110 دستور در Run
Add Hardware Wizard==>hdwwiz.cpl
Add/Remove Programs==>appwiz.cpl
Administrative Tools==>control admintools
Automatic Updates==>wuaucpl.cpl
Bluetooth Transfer Wizard==>fsquirt
Calculator==>calc
Certificate Manager==>certmgr.msc
Character Map==>charmap
Check Disk Utility==>chkdsk
Clipboard Viewer==>clipbrd
Command Prompt==>cmd
Component Services==>dcomcnfg
Computer Management==>compmgmt.msc
Date and Time Properties==>timedate.cpl
DDE Shares==>ddeshare
Device Manager==>devmgmt.msc
Direct X Control Panel - If Installed==>directx.cpl
Direct X Troubleshooter==>dxdiag
Disk Cleanup Utility==>cleanmgr
Disk Defragment==>dfrg.msc
Disk Management==>diskmgmt.msc
Disk Partition Manager==>diskpart
Display Properties==>control desktop
Display Properties==>desk.cpl
Display Properties w/Appearance Tab Preselected==>control color
Dr. Watson System Troubleshooting Utility==>drwtsn32
Driver Verifier Utility==>verifier
Event Viewer==>eventvwr.msc
File Signature Verification Tool==>sigverif
Findfast==>findfast.cpl
Folders Properties==>control folders
Fonts==>control fonts
Fonts Folder==>fonts
Free Cell Card Game==>freecell
Game Controllers==>joy.cpl
Group Policy Editor - XP Pro==>gpedit.msc
Hearts Card Game==>mshearts
Iexpress Wizard==>iexpress
Indexing Service==>ciadv.msc
Internet Properties==>inetcpl.cpl
IP Configuration - Display Connection Configuration==>ipconfig /all
IP Configuration - Display DNS Cache Contents==>ipconfig /displaydns
IP Configuration - Delete DNS Cache Contents==>ipconfig /flushdns
IP Configuration - Release All Connections==>ipconfig /release
IP Configuration - Renew All Connections==>ipconfig /renew
IP Configuration - Refreshes DHCP & Re-Registers DNS==>ipconfig /registerdns
IP Configuration - Display DHCP Class ID==>ipconfig /showclassid
Java Control Panel - If Installed==>jpicpl32.cpl
Java Control Panel - If Installed==>javaws
Keyboard Properties==>control keyboard
Local Security Settings==>secpol.msc
Local Users and Groups==>lusrmgr.msc
Logs You Out Of Windows==>logoff
Microsoft Chat==>winchat
Minesweeper Game==>winmine
Mouse Properties==>control mouse
Mouse Properties==>main.cpl
Network Connections==>control netconnections
Network Connections==>ncpa.cpl
Network Setup Wizard==>netsetup.cpl
Notepad==>notepad
Nview Desktop Manager - If Installed==>nvtuicpl.cpl
Object Packager==>packager
ODBC Data Source Administrator==>odbccp32.cpl
On Screen Keyboard==>osk
Opens AC3 Filter - If Installed==>ac3filter.cpl
Password Properties==>password.cpl
Performance Monitor==>perfmon.msc
Performance Monitor==>perfmon
Phone and Modem Options==>telephon.cpl
Power Configuration==>powercfg.cpl
Printers and Faxes==>control printers
Printers Folder==>printers
Private Character Editor==>eudcedit
Quicktime - If Installed==>QuickTime.cpl
Regional Settings==>intl.cpl
Registry Editor==>regedit
Registry Editor==>regedit32
Remote Desktop==>mstsc
Removable Storage==>ntmsmgr.msc
Removable Storage Operator Requests==>ntmsoprq.msc
Resultant Set of Policy - XP Pro==>rsop.msc
Scanners and Cameras==>sticpl.cpl
Scheduled Tasks==>control schedtasks
Security Center==>wscui.cpl
Services==>services.msc
Shared Folders==>fsmgmt.msc
Shuts Down Windows==>shutdown
Sounds and Audio==>mmsys.cpl
Spider Solitare Card Game==>spider
SQL Client Configuration==>cliconfg
System Configuration Editor==>sysedit
System Configuration Utility==>msconfig
System File Checker Utility - Scan Immediately==>sfc /scannow
System File Checker Utility - Scan Once At Next Boot==>sfc /scanonce
System File Checker Utility - Scan On Every Boot==>sfc /scanboot
System File Checker Utility - Return to Default Setting==>sfc /revert
System File Checker Utility - Purge File Cache==>sfc /purgecache
System File Checker Utility - Set Cache Size to size x==>sfc /cachesize=x
System Properties==>sysdm.cpl
Task Manager==>taskmgr
Telnet Client==>telnet
User Account Management==>nusrmgr.cpl
Utility Manager==>utilman
Windows Firewall==>firewall.cpl
Windows Magnifier==>magnify
Windows Management Infrastructure==>wmimgmt.msc
Windows System Security Tool==>syskey
Windows Update Launches==>wupdmgr
Windows XP Tour Wizard==>tourstart
Wordpad==>write