Researches at Michigan State University have proposed a peripheral computer

Researches at michigan state university have proposed

This preview shows page 55 - 57 out of 59 pages.

Researches at Michigan State University have proposed a peripheral computer device for measuring hand geometry to give access to certain web pages. 3. Face recognition is another widely researched biometric. Face recognition allows identifying people not only in person, but also by a photograph. 4. Voice prints, or voice recognition, can be used to identify a person. It is especially useful in a phone conversation. A reliable identification system would make it possible for banks to identify their customers on the phone and allow more transactions to be performed by phone. However, if applied incorrectly, voice print is vulnerable to playing a recording of someone's voice during the identification process. To avoid this, one can ask the user to read a specific (randomly chosen) phrase which is not known in advance. 5. Iris scan seems to have unique properties which make it perfect to be used as a biometric. Systems based on iris scan are already used in major European airports for identification of travelers. The Web site of John Daugman is one of the top researches of iris recognition, and has a lot of information on iris recognition and s Firewalls Firewall is a software which enforces an access control policy between an internal network in an organization and the rest of the Internet. It may also be used for access control between two parts of the same internal network. A firewall blocks some Internet traffic and permits some other traffic. Some firewalls are more restrictive than others. It's important to understand that a firewall implements a policy, so it's only as good as the policy it implements. If the policy is inconsistent or not well thought of, then a firewall may not be a good protection. The main thing firewalls protect against is unauthorized login. In addition they may block some or all of the outside traffic, while permitting all or most of the traffic from the inside to the outside. The traffic that usually is permitted is e-mail (both to and from the network) and HTTP access from the inside to the outside of the firewall. Protocols that may or may not permitted are FTP, SSL, database connections, and so on. In addition to access control, firewalls keep statistics of the Internet packages and requests, and may be configured to issue a warning if some suspicious activity is going on.
Image of page 55
56 | P a g e 56 There are two basic types of firewalls: network layer and application layer firewalls. Recently the distinction between the two is becoming somewhat blurry. Network layer firewall decides which IP packages go through based on the source, the destination, and the port of the package. The firewall doesn't look inside the package. The firewall is located on a "bastion host", which is a specially designated machine that routes all the traffic to and from the organization's network. Demilitarized Zone (DMZ) is an area which is neither a part of the organization's network nor a part of the Internet. Usually it is the area between the Internet access router (the "entry" point of the network) and the bastion host. Many organizations put a web server in DMZ because the server requires HTTP Internet connections to be able to answer HTTP requests. The
Image of page 56
Image of page 57

You've reached the end of your free preview.

Want to read all 59 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture