IPS / IDS

 

SOA solutions are the next evolutionary step in software architectures. SOA is an IT architecture in which functions are defined as independent services with well-defined, invocable interfaces. SOA will enable cost-effective integration as well as bring flexibility to business processes. In line with SOA principles, several standards have been developed and are currently emerging in IT environments. In particular, Web Services technology provides means to publish services in a UDDI registry, describing their interfaces using theWeb Service Description Language (WSDL) and exchanging requests and messages over a network using SOAP protocol. The Business Process Execution Language (BPEL) allows composition of services into complex processes as well as their execution. Although Web services technologies around UDDI, SOAP andWSDL have added a new value to the current IT environments in regards to the integration of distributed software components using web standards, they cover mainly characteristics of syntactic interoperability. With respect to a large number of services that will exist in IT environments in the inter and intra enterprise integration settings based on SOA, the problems of service discovery or selection of the best services conforming users needs, as well as resolving heterogeneity in services capabilities and interfaces will again be a lengthy and costly process. For this reason, machine processable semantics should be used for describing services in order to allow total or partial automation of tasks such as discovery, selection, composition, mediation, invocation and monitoring of services.

While Web services and SOA are usually thought to be synonymous, they are not. It should be made clear that Web services are an important tool and one implementation method for SOA, but there are other patterns that may be more appropriate for any given use-case.



In general, SOA can be thought to consist of service providers and service consumers. The
providers define what the service looks like and how to invoke it through an implementation
independent service interface. The consumers use this interface to construct the necessary
data and invoke the service.



An optional construct is the introduction of a discovery mechanism that acts as an intermediary
to which providers publish the service interface and from which consumers discover it. This is
useful for enterprises with many services, but is not covered in this specification.

 

One of the keys to SOA is defining the correct level of granularity. This is a fairly subjective
thing, but generally speaking services exposed to other systems should provide operations that
correspond to business functions. This does not mean that all services are coarse grained.
Finely grained component services may be used by business services, but would not be
exposed to other systems.
 

SOA's communication capabilities may
be as basic as the ability to pass data along to another service, or as complex as
coordinating events between other services and the consumer of those services
through some underlying connection methodology, usually Web Services.

The term “service” refers to any self-contained function capable of operating
regardless of the state of other services that it may be connected to or
communicates with.

Although SOA is a hot IT term these days, the actual concept of providing SOA
functionality can be traced back as far as early DCOM and Object Request Brokers
(ORB) that followed CORBA specifications.

Code Mobility.

The ability to lookup and dynamically bind to a service means that services
can be located on different servers than the ones that the consumers are
hosted on. This provides the organization with the ability to build enterprise-
wide solutions hosted in diverse locations both within and outside of the
organization.

Better Usage of IT Talent.

Because the SOA environment uses multiple layers, the organization can
assign developers with specific skill sets to work within specific layers. This
provides a means to deploy the most qualified people to work in specific roles
without regard to the technical skills required to support development within
other layers.

Enhanced Security.

The existence of the SOA service layers result in the creation of additional
network interfaces capable of being accessed by multiple applications. In a
client-server environment, security is addressed solely at the application’s
entry point, and vulnerabilities often exist in areas such as databases due to
the difficulty in maintaining multiple security lists. By their very nature,
services have built-in security mechanisms that allow for multi-level security
at the service and the client levels.

Ease of Testing and Reduced Defects.

Because services have published interfaces, unit tests can be easily written to
validate performance before the services are exposed to the consumers. This
provides a way to identify and correct defects before the actual application
undergoes the QA testing process.

Support for Multiple Client Types.

The SOA allows diverse client types top access the services using their native
communication capabilities including HTML, XML, RMI, etc.

The advantage of reusing or sharing component services is
considerable. It would reduce the purchase and development of

redundant systems. Currently, each application development group
in the department must figure out the security and develop a log-in
system for their applications. Instead, they could use a well-tested
service.

If a business process changes, applications in an SOA can adapt
quickly by just changing the component services that are affected.

For instance, if the state chooses a different vendor for credit card
transactions, all that needs to be changed is the credit card service.

Moving toward a service-oriented architecture will allow MDH
to share expensive software components, reduce the redundant
development of many common components, and become more
flexible and adaptable to meet the expected changes in health related information technology.

A SOA provides the implementation patterns required to construct
applications from loosely coupled services. In order to build such applications, an

implementation environment should provide the following capabilities:

Application Development: Big changes will be needed in
methods, coordination, organization, and training of MDH application developers. A thorough analysis of MDH business processes is needed.

Operational Efficiency: Continue moving toward standards
in our operations and tools. Further automation of desktop administration and help desk should be accomplished.

Continuity of Operations Planning: Work toward standard
platforms. Supporting a redundant recovery site will be too expensive if we must replicate diverse servers and operating
systems.

SOA Policies and Processes: SOA will require new security and service use policies and procedures.

Architecture Review Board: We propose that an architecture review board be created to guide the development of policies, update the architecture, and review requests for exceptions.

 

more from Wikipedia http://en.wikipedia.org/wiki/Service-oriented_architecture
more from Youtube www.youtube.com/watch?v=sbd_1G8Kqjs

Short for Multiprotocol Label Switching, an IETF initiative that integrates Layer 2 information about network links (bandwidth, latency, utilization) into Layer 3 (IP) within a particular autonomous system--or ISP--in order to simplify and improve IP-packet exchange.

MPLS is a packet-forwarding technology which uses labels to make data forwarding decisions. MPLS provides a mechanism for forwarding packets for any network protocol. It was originally developed in the late 1990s to provide faster packet forwarding for IP routers (see RFC 3031). Since then its capabilities have expanded massively, for example to support service creation (VPNs), traffic engineering, network convergence, and increased resiliency.

MPLS works by tagging the traffic, in this example packets, with an identifier (a label) to distinguish the LSPs. When a packet is received, the router uses this label (and sometimes also the link over which it was received) to identify the LSP. It then looks up the LSP in its own forwarding table to determine the best link over which to forward the packet, and the label to use on this next hop.

MPLS plays a major role in keeping the networks of big businesses running smoothly today. The labeling process involves setting the criteria for information retrieval, sometimes determined by an IP address. The data is then directed through routers that have been pre-determined by the label switching.

MPLS network requirements

The following elements must exist in the network to be able to run MPLS

• A layer 3 routing protocol (IS-IS, OSPF, EIGRP or RIP); preferably IS-IS or OSPF for Traffic engineering.
  
• Label distribution protocol (RSVP, LDP or BGP).
  
• Network capable of handling MPLS traffic.

MPLS Benefits:

• BGP free core in the service provider.
  
• MPLS Applications like MPLS VPN and Traffic Engineering.
  
• Having unified network in the service provider as you can provide IP, L3 VPN or L2 VPN over the same network.
  
• Since a packet is assigned to a FEC when it enters the network, information that cannot be gleaned from the network layer header, can be used for FEC assignment. For example, classification of packets based on the source of the packets.

• Packets can be assigned a priority label, making Frame Relay and ATM-like quality-of-service guarantees possible. This function relates to the CoS field.

• The considerations that determine how a packet is assigned to a FEC can become ever more and more complicated, without any impact at all on the routers that merely forward labeled packets.

• Packet payloads are not examined by the forwarding routers, allowing for different levels of traffic encryption and the transport of multiple protocols.

• In MPLS, a packet can be forced to follow an explicit route rather than the route chosen by normal dynamic algorithm as the packet travels through the network. This may be done to support traffic engineering, as a matter of policy or to support a given QoS.
  

Virtual Private Network (VPN)

A VPN is a shared network where private data is segmented from other traffic so that only the intended recipient has access. The term VPN was originally used to describe a secure connection over the Internet.

A key aspect of data security is that the data flowing across the network is protected by encryption technologies. Private networks lack data security, which can allow data attackers to tap directly into the network and read the data. IPSec-based VPNs use encryption to provide data security, which increases the network’s resistance to data tampering or theft. VPNs are used for:

• Intranets: Intranets connect an organization’s locations. These locations range from the headquarters offices, to branch offices, to a remote employee’s home. Often this connectivity is used for e-mail and for sharing applications and files. While Frame Relay, ATM, and MPLS accomplish these tasks, the shortcomings of each limits connectivity. The cost of connecting home users is also very expensive compared to Internet-access technologies, such as DSL or cable. Because of this, organizations are moving their networks to the Internet, which is inexpensive, and using IPSec to create these networks.

• Remote Access: Remote access enables telecommuters and mobile workers to access e-mail and business applications. A dial-up connection to an organization’s modem pool is one method of access for remote workers, but it is expensive because the organization must pay the associated long distance telephone and service costs. Remote access VPNs greatly reduce expenses by enabling mobile workers to dial a local Internet connection and then set up a secure IPSec-based VPN communications to their organization.
• Extranets: Extranets are secure connections between two or more organizations. Common uses for extranets include supply-chain management, development partnerships, and subscription services. These undertakings can be difficult using legacy network technologies due to connection costs, time delays, and access availability. IPSec-based VPNs are ideal for extranet connections. IPSec-capable devices can be quickly and inexpensively installed on existing Internet connections.

MultiProtocol Label Switching (MPLS) Virtual Private Network (VPN)

MPLS VPN is a data-carrying mechanism which operates at a layer that is generally considered to lie between traditional definitions of Layer 2 (data link layer) and Layer 3 (network layer), and thus is often referred to as a "Layer 2.5" protocol. MPLS offers a great opportunity for companies wanting to expand their support to end users in different countries. MPLS allows the convergence of corporate applications with high quality of service (QoS) to configure Intranet/Extranet and remote access. MPLS based solutions provide extra value by connecting remote corporate sites whose applications are critical and require high QoS.

International MPLS VPN for business helps your company connect all of its offices anywhere in the world securely,without having to invest in costly infrastructures thanks to its robust network aided with MPLS technology. The service creates a Virtual Private Network connecting all of the company's offices, which provides a high quality multimedia solution (data, image and voice) easily adaptable to your growing needs. As an added value, MPLS simplify the evolution of Extranet environments where customers and providers would be able to work integrated with your company in a unique workplace. MPLS forms the basis for cost-efficient, highly reliable, multi-service IP networks. With MPLS, enterprises increase bandwidth efficiency and scalability, reduce operational and management expense and deliver reliable service.

Get a complete networking solution that provides secure access and promotes network flexibility. Connect multiple locations while converging voice, video, and data onto a single IP-based network. With Connet (MPLS VPN for private network, you'll have the flexibility to: Enable voice, data and other real-time, bandwidth-demanding applications Support a mobile sales force with wireless integration Simplify network management and reduce operating costs Your business requires a solution that has proven quality and reliability. The Connet network meets Cisco’s standards for running converged services such as voice, video, and data. MPLS VPN for private network allows you to take advantage of seamless connectivity and business continuity anywhere, at anytime, on any device.

more about GMPLS

Cisco MPLS VPN

Cisco IOS Multiprotocol Label Switching (MPLS) enables Enterprises and Service Providers to build next-generation intelligent networks that deliver a wide variety of advanced, value-added services over a single infrastructure. This economical solution can be integrated seamlessly over any existing infrastructure, such as IP, Frame Relay, ATM, or Ethernet. Subscribers with differing access links can be aggregated on an MPLS edge without changing their current environments, as MPLS is independent of access technologies.

Integration of MPLS application components, including Layer 3 VPNs, Layer 2 VPNs, Traffic Engineering, QoS, GMPLS, and IPV6 enable the development of highly efficient, scalable, and secure networks that guarantee Service Level Agreements.

Cisco IOS MPLS delivers highly scalable, differentiated, end-to-end IP services with simple configuration, management, and provisioning for providers and subscribers. A wide range of platforms support this solution, which is essential for both Service Provider and Enterprise networks.

more from Wikipedia http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
more from Youtubehttp://www.youtube.com/watch?v=H7KQcNRgGEk

One of the most significant cyber threats to businesses, local and federal government agencies is the Distributed-Denial-of-Service attack (DDoS). A Distributed Denial of Service attack (DDoS) occurs when an attacker commands a number of computers to send numerous requests to a target computer. The overwhelming flood of requests to the website or computer network can cause it to shut down or fail to handle the requests of legitimate users, much like a rush hour traffic jam on the freeway. This type of attack can completely disrupt an organization’s operations until the network is able to be restored. Understanding the basic concept and methods of a DDoS attack can help operators of both large and small networks mitigate the severity of the attack.

Distributed Denial of Service (DDoS) attacks disrupt and deny legitimate computer and network resource usage through compromised hosts that monopolize resources. Mitigation technologies have been developed to defend against DDoS attacks, but there is little understanding of the fundamental relationships between
DDoS attacks, mitigation strategies, and attacker performance. Without a solid understanding of these fundamental relationships, it is difficult to determine the
ability of mitigation technologies to address the DDoS problem or how mitigation technologies can successfully be deployed together.

The goal of a DDoS attack is usually to limit, disrupt, or prevent access to a particular
network resource or web service. While the worst case scenario of a DDoS is a failure of the operating system and a crash of the computer system, some common symptoms of a DDoS are:

• A particular web or e-mail resource becoming unavailable
• Slow network performance
• Inability to access some network resources

What Motivates DDoS Attacks?

• Extortion: some sites are hit with DDoS attacks if they refuse to pay "protection money"
• Direct Action: in other cases, a DDoS may be designed to directly accomplish a particular task, such as rendering a particular internet service unusable
(example: a DDoS targeting an anti-spam DNSBL site)
• Revenge: other sites may DDoS'd as an act of revenge for an actual or perceived slight or act of disrespect
• Ideology: a site may be targeted for a denial of service because it is associated with particular political, religious, cultural or philosophical beliefs
• Notoriety: because DDoS's are often very newsworthy, engaging in a DDoS attack can be one way of attempting to garner publicity or call attention to an cause
• Peer Recognition/Social Status – some attackers may not care about general publicity, but may be highly motivated by approval and recognition from smaller “in”
groups such as miscreant clans.
• Design Errors: Some denial-of-service-like attacks are simply the result of design errors in legitimate consumer hardware; this can result in what amounts to a real
denial of service attack, albeit an unintentional one.
• Simple Problems of Scaling to Internet Size Audiences: Similarly, mere mention of a sufficiently interesting web site on a popular news site such as slashdot.org can be sufficient to "DDoS" some sites…

more from Wikipedia http://en.wikipedia.org/wiki/Denial-of-service_attack
more from Webopedia http://www.webopedia.com/TERM/D/DDoS_attack.html

Many of the reasons that companies outsource to meet their IT needs are obvious. The specific projects are of such a duration that hiring the necessary people to do the job would be impractical. Hiring those people might also be impossible, at least budget-wise, considering the salaries and benefits they would demand. Even still, if the budget were ample enough, the experts sought to be hired would be reluctant to take the position in light of its lack of security - once the project was complete, there would be no more need for those people.

From a Human Resources perspective in general, another benefit of outsourcing is lack of liability. Especially with large companies, hiring (and firing) employees is an undertaking with considerable implications for the employer. For example, immediately upon hiring an employee, the employer incurs liabilities, including worker's compensation and potential unemployment liabilities. These two examples merely scratch the surface. The greater the number of employees, the greater the probability that employer liability will manifest itself. With that in mind, many companies contract for outside services whenever possible.

Another more subtle reason to outsource IT needs is that it is more efficient and more profitable than doing it yourself. Even if a company could afford to address all of its IT needs in-house, and had liabilities covered, that company would still, more often than not, better serve itself by hiring a consulting firm to provide IT-related services.

Companies that rely on professional consulting firms for IT needs get better and more efficient results than those that attempt to address them in-house. One reason for this is that technology is usually ancillary to a company's goals. Information technology might be a tool or even a catalyst to the company's growth and earnings, but it is rarely the main business of a company. To spend excessive amounts of time and research towards managing its technology -- which is often completely unrelated in type to the company's primary business -- a company detracts resources that could otherwise be allocated to its main business strategies.

IT Consulting Firms, on the other hand, base their whole existence on being knowledgeable in the field of information technology. They are invariably more qualified than any given in-house IT department to provide the appropriate advice, solutions, and support. Companies that utilize these firms for their IT needs achieve optimum results. This in turn produces efficiency.

Our mission for providing IT outsourcing services is to raise the business agility of our clients while reducing their overall IT costs and technology risks. Above all, the key advantage of outsourcing IT staffing needs is that it enables our clients to invest their resources into other activities. In the case of your company, our job would be to support your staff enabling them to focus all their time and energy into managing your organization and the clients that you serve rather than having to concern yourselves about your IT infrastructure.

The most commonly cited reasons for outsourcing IT functions include:

• Reducing IT costs through efficiencies and economies of scale on the part of the service provider.

• Access to world-class IT skills, experiences and resources.

• Removing non-core business.

• Minimizing sizable capital expenditure on IT infrastructure.

• Certainty of future IT spend.

The following list is simply meant to serve as a guide. By no means is it meant to be a complete and all encompassing list. The following tasks would be completed on an ongoing basis in addition to any other tasks that may arise.

• Daily IT Support
  
• End User Training
  
• Database Development
  
• Website/Intranet Development and Maintenance
  
• Security Auditing
  
• Proactive Systems Management
  
• Ongoing Systems Analysis
  
• Backup/Disaster Recovery Policies and Testing
  
• System Documentation
  
• Preventative Maintenance Procedures
  
• Implementation of new technologies

IT firms are also part of the service-industry. Their success directly correlates to their ability to satisfy clients. With that in mind, consulting firms go the proverbial extra mile to get the job done -- and done right.

IT Outsourcing Planning

There are several steps organizations can take to help ensure successful execution of IT outsourcing:

• Create a robust business case to support the decision to outsource with senior executive backing.

• Know and understand your existing IT operation and what you seek to achieve by contracting external IT services from the service provider.

• Know and understand your existing IT organization and its cost base so you can evaluate whether the pricing model proposed by the service provider offers value for money.

• Consider what form of organization is best suited to meet your objectives.

• Conduct due diligence on third party contracts and licenses to ensure that your licenses permit use by the service provider.

• At the pre-contract stage and during contract negotiation, prepare and agree on an orderly transfer procedure so that the outsourced services can be transferred seamlessly back to you or another service provider at the end of the contract.

• Legally, be prepared to negotiate the details of the outsourcing transaction so that the terms can be documented in the services agreement.

Outsourcing IT to Asia

A combination of high overhead in the United States and strong cultural ties between the domestic and Asian information technology industries have led many companies to outsource labor-intensive software programming to Asia.

Despite its distinct advantages for companies looking to outsource their IT services, India's volatile political climate and rampant corruption present problems. Some of the 185 Fortune 500 companies that outsource software to Asia are choosing places like Vietnam or China with more predictable politics and less corruption. Other companies that outsource their customer service are finding that their customers prefer the Americanized English of the Philippines to the British English that predominates in India, though all of these countries have their drawbacks, from censored Internet lines in China and Vietnam to Muslim militancy in the Philippines.

Despite the hiccups the IT service industry continues to grow as the software industry becomes more competitive and U.S. companies try to reduce overhead. The Asian IT service market is still in its infancy.

more from Wikipedia http://en.wikipedia.org/wiki/Information_technology_outsourcing
more from About.comhttp://compnetworking.about.com/cs/.../a/career_outsourc.htm