Secure Network Architecture

Evaluate the security of the network everyday. One question worth asking is that the answer "Are you that person?" Is that someone around you is involved in evaluating the effectiveness of your defenses. . A system that connects directly to the Internet - Computers with IP addresses accessible from the Internet - Hundreds to thousands of attacks a day. Many of them are simple scans, we know how to protect them, but others are surprised at catching us and erroneously moving us into accident investigation and cleaning mode.

My experience is primarily information security and network architecture. I have a master's degree in network and distributed systems and have been working in this field since 1992. Prior to finding Bitcoin at the end of 2011, I worked at a financial services company network and data center for 20 years. I am working full time. Bit coin space In the past two years, books on bit coins were written for software developers. Until Bitcoin was invented in 2008, security and distribution seemed to be the opposite concept. The traditional model of financial settlement networks and banking transactions relies on centralized management to provide security. The structure of the traditional financial network is built around the central organization such as clearinghouse. Therefore, safety and authority must be attributed to stakeholders in the center.

Bit coins based on block chain architecture are fundamentally different from other digital currencies. The security model of the block chain currency is decentralized - the network has no core, authority, power concentration, and complete trust to actors that need to belong. Instead, the core security function is in the hands of the end user of the system. In this architecture, security is a new attribute of thousands of participants' collaborations in the network, not a single privilege function.

Compared to the traditional approach of securing the network using a client-server architecture, the PoP trust model provides a new way to build a network with end-to-end security and assurance. In such a network, evidence can be exchanged among participants and participants can play the role of prover and verifier in an exchangeable way. In the client server architecture, the client trusts the server, but not the reverse. This trust asymmetry is centered on all security measures inside and outside the server, as the server is based on a radiated center architecture where the client is a spoke at the hub. Therefore, while allowing only authenticated clients using the access control system, the server itself needs to prevent all attacks by hiding the services behind the firewall to prevent attacks. As a result, the server ultimately isolates itself, so the flexibility of the network topology is lost.