A = ( 0 1 ) B = ( 0 0 ) ( 0 0 ) ( 1 0 )acting on a two-component vector
v = ( yes ) ( no )Compute ABv and BAv. Suppose we apply this property to an access control system with two security checkpoints A and B. If we assign a matrix-valued security token after authentication to each secure area, how could we use this property to ensure that only those who have successfully be authenticated to A and then B (in that order) will gain access to data?
Restriction of access to and from certain IP addresses, to and from certain ports, is often controlled at the perimeter by passing traffic through a firewall, which includes a filtering router. Here is an example Cisco router configuration:
! Cisco IOS router config interface Ethernet 0 description site 1 LAN interface ip address 22.214.171.124 255.255.254.0 ip access-group 100 in ip access-group 101 out ! ACL's access-list 100 permit tcp any host 126.96.36.199 eq http access-list 100 permit tcp any host 188.8.131.52 eq 443 access-list 100 permit tcp any host 184.108.40.206 eq 22 access-list 100 permit udp host 220.127.116.11 host 18.104.22.168 eq ntp access-list 100 deny ip any any access-list 101 permit tcp host host 22.214.171.124 eq http anyWhat ports are open/closed here?
Many firewalls are programmed to pass traffic on port 80 (WWW), so it is becoming common to disguise traffic to other services as traffic to port 80. This is called port-80 tunneling. This "wolf in sheep's clothing" approach is clearly a security breach, which would be unnecessary if hosts protected themselves instead of relying on a firewall. Recently, host-based protection has obtained more acceptance:
Do you see how a system is most vulernable to attack on this "inside" of the system?