Explore chapters and articles related to this topic
Storage and databases for big data
Published in Jun Deng, Lei Xing, Big Data in Radiation Oncology, 2019
Tomas Skripcak, Uwe Just, Ida Schönfeld, Esther G.C. Troost, Mechthild Krause
The most effective approach for dealing with NoSQL systems without any configurable security is via network-level security (Open Systems Interconnection [OSI] network layer). This allows for configuring the allowed and denied network hosts and data flows in detail. Such a configuration focuses on the underlying networks’ infrastructure that provides the transportation services and is completely independent from application software. A common way of securing database systems deployed within local networks from unwanted network traffic from the public Internet is by establishing a demilitarized zone (DMZ). A DMZ allows for the separation of the local network that is accessible within the organization from the public Internet by creating another perimeter network that will guard allowed communication to the local network. Multiple variants of DMZ topologies exist, but the dual firewall setup where the front-end firewall protects the Internet-to-DMZ communication and the back-end firewall controls communication between the DMZ and the local network is very common.
Lubricant Blending Issues
Published in R. David Whitby, Lubricant Blending and Quality Assurance, 2018
Effective cyber security is not achieved by simply installing and relying on technology. Protection requires a combination of people, procedures and technology, and everyone in the blending plant must be involved. The main programmes required for industrial cyber security are listed in Table 8.1. A demilitarised zone (DMZ) on a router refers to a DMZ host, which is a host on the internal network that has all user datagram protocol (UDP) and transmission control protocol (TCP) ports open and exposed, except those ports otherwise forwarded. They are often used as a simple method to forward all ports to another firewall. In the field of computer security, security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Continuous industrial control system (ICS) security monitoring technologies provide defenders with the visibility needed. While some companies may not be aware of these solutions, others are already integrating them into their cyber security management programmes.
A Framework for International Collaboration on ITER Using Large-Scale Data Transfer to Enable Near-Real-Time Analysis
Published in Fusion Science and Technology, 2021
R. M. Churchill, C. S. Chang, J. Choi, R. Wang, S. Klasky, R. Kube, H. Park, M. J. Choi, J. S. Park, M. Wolf, R. Hager, S. Ku, S. Kampel, T. Carroll, K. Silber, E. Dart, B. S. Cho
Removing the source of packet loss (in this case the firewall at PPPL) results in high, sustained throughput, even internationally over WANs, as shown in the iperf test between KSTAR and PPPL in Fig. 4. For this reason, network experts recommend for international transfers of large datasets that a “Science DMZ” be established, which consists of data transfer servers outside of the firewall that rely on router access control lists (ACLs) to accept connections from only trusted clients.7 Various other setups are possible, including firewalls that allow ACLs to be established. Whatever the scenario, the guiding principle for successful international streaming data transfers is to remove any sources of packet loss. This must be done in a manner that cybersecurity protections can be met.
Approach and practice: integrating earth observation resources for data sharing in China GEOSS
Published in International Journal of Digital Earth, 2019
Lianchong Zhang, Guoqing Li, Chi Zhang, Huanyin Yue, Xiaohan Liao
China GEOSS DSNet adopts three lightweight service middleware products to perform interoperability functions for data queries, access, and statistics. The middleware considers system security and firewall restrictions and is deployed in the demilitarized zone (DMZ) of each sub-center. It is responsible for invoking the subsystems for queries, access, and statistics. This operation mechanism helps the main center and sub-centers maintain a loose coupling relationship. It also achieves an interaction between the internal production process and the extranet sharing service (Figure 11). China GEOSS DSNet adopts an XML format order to encapsulate the query conditions (e.g. satellite, sensor, receive time, and geospatial range). The metadata query middleware converts the order to a SQL string and submits it to the query subsystem in sub-centers. The service considers the complexity of query lists and is asynchronously executed by middleware. Users first obtain the information for a total number of metadata and a Metadata ID, and then receive the metadata in batches to avoid memory overflow.The data access middleware is responsible for passing the order from the GEOSS DSNet portal to the access subsystem in the sub centers. The service considers the complexity of the access results as asynchronously executed by the middleware. The data is stored in the cache directory and a download link is provided to the user after the order is completed.The information statistics middleware is responsible for regularly harvesting archived satellite metadata from each data center and providing statistical results to the main center. It uses an incremental updating approach to synchronize metadata between the central database and each sub center database.