SlideShare a Scribd company logo

DataCommunication Network - Unit 5.pdf

K
krishnapriya673257

Computer Security Concepts - Security Attacks: Active Attacks, Passive Attacks -Message authentication Codes: message Authentication Requirements, Message Authentication Functions - Requirements for message Authentication codes - Electronic mail Security: s/MIME, Domain Keys Identified Mail - IP Security: IP Security Overview, IP Security Policy, Encapsulating Security payload, Combining Security Associations, Internet key Exchange, Cryptographic suits - Firewalls: The Need for Firewalls, Firewall Characteristics, Types of Firewalls, Firewalls Basing, Firewall Location and Configuration

Education
1 of 39
Download to read offline
Data Communication and Networking UNIT V Computer Security Concepts - Security Attacks: Active Attacks, Passive Attacks -Message authentication Codes: message Authentication Requirements, Message Authentication Functions - Requirements for message Authentication codes - Electronic mail Security: s/MIME, Domain Keys Identified Mail - IP Security: IP Security Overview, IP Security Policy, Encapsulating Security payload, Combining Security Associations, Internet key Exchange, Cryptographic suits - Firewalls: The Need for Firewalls, Firewall Characteristics, Types of Firewalls, Firewalls Basing, Firewall Location and Configuration.
Security Attacks ▪ Security of a computer system is a crucial task. ▪ It is a process of ensuring privacy and reliability of the OS. ▪ A system is said to be secure if its resources are used and accessed as intended under all the circumstances. ▪ But no system can guarantee absolute security from several of the various malicious threats and unauthorized access. ▪ Security of a system can be threatened via two violations: ➢ Threat: A program which has the potential to cause serious damage to the system. ➢ Attack: An attempt to break security and make unauthorized use of an asset. ▪ Security violations affecting the system can be categorized as malicious and accidental. ▪ Malicious threats, as the name suggests are a kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. ▪ Accidental Threats, on the other hand, are comparatively easier to be protected against. Example: Denial of Service DDoS attack.
Threats can be classified into the following two categories: 1. Program Threats: ▪ A program written by a cracker to hijack the security or to change the behavior of a normal process. 2. System Threats: ▪ These threats involve the abuse of system services. ▪ They strive to create a situation in which operating-system resources and user files are misused. ▪ They are also used as a medium to launch program threats. Two types of Threats: 1. Program Threats : Virus, Trojan Horse, Trap Door, Logic Bomb etc., 2. System Threats : Worm, Port Scanning, Denial of Service etc.,
Security measures taken to protect the system in the following levels. Physical: ▪ The sites containing computer systems must be physically secured against armed and malicious intruders. ▪ The workstations must be carefully protected. Human: ▪ Only appropriate users must have the authorization to access the system. ▪ Phishing(collecting confidential information) and Dumpster Diving(collecting basic information so as to gain unauthorized access) must be avoided. Operating system: ▪ The system must protect itself from accidental or purposeful security breaches. Networking System: ▪ Almost all of the information is shared between different systems via a network. ▪ Intercepting these data could be just as harmful as breaking into a computer. ▪ Henceforth, Network should be properly secured against such attacks.
▪ Confidentiality: Information about system or its users cannot be learned by an attacker. ▪ Integrity: The system continues to operate properly, only reaching states that would occur if there were no attacker. ▪ Availability: Actions by an attacker do not prevent users from having access to use of the system.
• Taxonomy of attacks with relation to goals
• Attacks threatening Confidentiality
▪ Attacks threatening Integrity
▪ Attacks threatening Availability
Security attack types : Active attacks: An Active attack attempts to alter system resources or effect their operations. Active attack involve some modification of the data stream or creation of false statement. Types of active attacks are as following: 1. Masquerade ▪ Masquerade attack takes place when one entity pretends to be different entity. ▪ A Masquerade attack involves one of the other form of active attacks. ▪ 2. Modification of messages It means that some portion of a message is altered or that message is ▪ delayed or reordered to produce an unauthorized effect. ▪ For example, a message meaning “Allow JOHN to read confidential file ▪ X” is modified as “Allow Smith to read confidential file X”.
3.Repudiation ▪ This attack is done by either sender or receiver. ▪ The sender or receiver can deny later that he/she has send or receive a message. ▪ For example, customer ask his Bank “To transfer an amount to someone” and later on the sender(customer) deny that he had made such a request. ▪ This is repudiation. 4.Replay ▪ It involves the passive capture of a message and its subsequent the transmission to produce an authorized effect. 5. Denial of Service ▪ It prevents normal use of communication facilities. ▪ This attack may have a specific target. ▪ For example, an entity may suppress all messages directed to a particular destination. ▪ Another form of service denial is the disruption of an entire network wither by disabling the network or by overloading it by messages so as to degrade performance.
Passive attacks: ▪ A Passive attack attempts to learn or make use of information from the system but does not affect system resources. ▪ They are in the nature of eavesdropping on or monitoring of transmission. ▪ The goal of the opponent is to obtain information is being transmitted. ▪ Types of Passive attacks are as following: 1.The release of message content ▪ Telephonic conversation, an electronic mail message or a transferred file ▪ may contain sensitive or confidential information. ▪ We would like to prevent an opponent from learning the contents of these transmissions. 2.Traffic analysis ▪ Suppose that we had a way of masking (encryption) of information, so that the attacker even if captured the message could not extract any information from the message. ▪ The opponent could determine the location and identity of communicating host and could observe the frequency and length of messages being exchanged. ▪ This information might be useful in guessing the nature of the communication that was taking place.
▪ Categorization of Active and Passive Attacks
Message Authentication • Another type of threat that exist for data is the lack of message authentication. • In this threat, the user is not sure about the originator of the message. • Message authentication can be provided using the cryptographic techniques that use secret keys as done in case of encryption. Message Authentication Code (MAC) • MAC algorithm is a symmetric key cryptographic technique to provide message authentication. • Sometimes known as a tag, is a short piece of information used to authenticate a message. • In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. • For establishing MAC process, the sender and receiver share a symmetric key K. • Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.
Message Authentication Another type of threat that exist for data is the lack of message authentication. In this threat, the user is not sure about the originator of the message. Message authentication can be provided using the cryptographic techniques that use secret keys as done in case of encryption. ▪ MAC algorithm is a symmetric key cryptographic technique to provide message authentication. ▪ Sometimes known as a tag, is a short piece of information used to authenticate a message. ▪ In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. ▪ For establishing MAC process, the sender and receiver share a symmetric key K. ▪ Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.
Limitations of MAC 1. Establishment of Shared Secret. ▪ It can provide message authentication among pre-decided legitimate users who have shared key. ▪ This requires establishment of shared secret prior to use of MAC. 2. Inability to Provide Non-Repudiation ▪ Non-repudiation is the assurance that a message originator cannot deny any previously sent messages and commitments or actions. Authentication Requirements • Message authentication • A procedure to verify that messages come from the alleged source and have not been altered. • Message authentication may also verify sequencing and timeliness. • Digital signature • An authentication technique that also includes measures to counter repudiation by either source or destination.
Message Authentication Function • Message authentication or digital signature mechanism can be viewed as having two levels • At lower level: There must be some sort of functions producing an authenticator – a value to be used to authenticate a message • At higher Level: This lower level functions is used as primitive in a higher level authentication protocol ▪ Three classes of functions that may be used to produce an authenticator. ▪ Message encryption ❖Ciphertext itself serves as authenticator. ▪ Message authentication code (MAC) ❖A public function of the message and a secret key that produces a fixed-length value that serves as the authenticator. ▪ Hash function ❖A public function that maps a message of any length into a fixed-length hash value, which serves as the authenticator.
Message Authentication Functions • Authentication function is of two levels of functionality : • Lower Value produces an authenticator value used to authenticate a message. • Higher Value : indicates a receiver to verify the authenticity of message. Grouped into three classes • Message Encryption : The ciphertext of the entire message serves as authenticator • Message Authentication Code (MAC) : The function of the message, a secret key that produces a fixed-length value that serves as that authenticator. • Hash Function: A function that maps a message of any length into fixed-length hash value which serves as the authenticator
Email Security • Email security is the term for any procedure that protects email content and accounts against unauthorized access. • Email is popular with hackers as a tool for spreading malware, spam, and phishing attacks. • They use deceptive messages to trick recipients into sharing sensitive information, resulting in identity theft. • They lure people into opening attachments or clicking hyperlinks that install malware (such as email viruses) on the user’s device. • Email is also a main entry point for attackers looking to access an enterprise network and breach valuable company data. • Email service providers have email security measures in place to secure client accounts and information from hackers. • Such measures include ▪ email servers with strong password ▪ access control mechanisms ▪ encrypted email messages (both inbox or in transit) ▪ web application firewalls ▪ spam filtering software.
Email Security Features • Spam Filters. A significant proportion of emails that you receive daily are marketing emails. ... • Anti-virus Protection. Spam filters play the role of separating the spam emails from the regular ones. ... • Image & Content Control. Hackers use emails for phishing purposes. ... • Data Encryption.
IP Security ▪ IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. ▪ These protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). ▪ IPSec Architecture include protocols, algorithms, DOI, and Key Management. ▪ All these components are very important in order to provide the three main services: ➢ Confidentiality ➢ Authentication ➢ Integrity
▪ 1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology. ▪ 2. ESP Protocol: ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security Payload is implemented in either two ways: ❖ESP with optional Authentication. ❖ESP with Authentication. Packet Format:
▪ Security Parameter Index(SPI): This parameter is used in Security Association. It is used to give a unique number to the connection build between Client and Server. ▪ Sequence Number: Unique Sequence number are allotted to every packet so that at the receiver side packets can be arranged properly. ▪ Payload Data: Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve confidentiality. ▪ Padding: Extra bits or space added to the original message in order to ensure confidentiality. Padding length is the size of the added bits or space in the original message. ▪ Next Header: Next header means the next payload or next actual data. ▪ Authentication Data This field is optional in ESP protocol packet format.
3. Encryption algorithm: Encryption algorithm is the document that describes various encryption algorithm used for Encapsulation Security Payload. 4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity service. Authentication Header is implemented in one way only: Authentication along with Integrity.
• Authentication Header covers the packet format and general issue related to the use of AH for packet authentication and integrity. 5. Authentication Algorithm: Authentication Algorithm contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP. 6. DOI (Domain of Interpretation): DOI is the identifier which support both AH and ESP protocols. It contains values needed for documentation related to each other. 7. Key Management: Key Management contains the document that describes how the keys are exchanged between sender and receiver.
CRYPTOGRAPHIC SUITES • A cipher suite is a set of algorithms that help secure a network connection. • Suites typically use Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer (SSL). • The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm. • The key exchange algorithm is used to exchange a key between two devices. • This key is used to encrypt and decrypt the messages being sent between two machines. • The bulk encryption algorithm is used to encrypt the data being sent. • The MAC algorithm provides data integrity checks to ensure that the data sent does not change in transit. • Overall, there are hundreds of different cipher suites that contain different combinations of these algorithms. Some cipher suites offer better security than others. • The structure and use of the cipher suite concept are defined in the TLS standard document. • TLS 1.2 is the most prevalent version of TLS.
Firewalls ▪ A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. ▪ At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. ▪ A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out. Firewall History ▪ Firewalls have existed since the late 1980’s and started out as packet filters, which were networks set up to examine packets, or bytes, transferred between computers. ▪ Though packet filtering firewalls are still in use today, firewalls have come a long way as technology has developed throughout the decades.
Types ▪ Firewall types can be divided into several different categories based on their general structure and method of operation. Here are eight types of firewalls: 1. Packet-filtering firewalls 2. Circuit-level gateways 3. Stateful inspection firewalls 4. Application-level gateways (a.k.a. proxy firewalls) 5. Next-gen firewalls 6. Software firewalls 7. Hardware firewalls 8. Cloud firewalls
Packet-filtering firewalls • Is the most “basic” and oldest type of firewall architecture, packet-filtering firewalls basically create a checkpoint at a traffic router or switch. • The firewall performs a simple check of the data packets coming through the router. • Also inspecting information such as the destination and origination IP address, packet type, port number, and other surface-level information without opening up the packet to inspect its contents. • If the information packet doesn’t pass the inspection, it is dropped. • The good thing about these firewalls is that they aren’t very resource-intensive. • This means they don’t have a huge impact on system performance and are relatively simple. • However, they’re also relatively easy to bypass compared to firewalls with more robust inspection capabilities.
Circuit-level gateways • As another simplistic firewall type that is meant to quickly and easily approve or deny traffic without consuming significant computing resources, circuit-level gateways work by verifying the transmission control protocol (TCP) handshake. • This TCP handshake check is designed to make sure that the session the packet is from is legitimate. • While extremely resource-efficient, these firewalls do not check the packet itself. • So, if a packet held malware, but had the right TCP handshake, it would pass right through. • This is why circuit-level gateways are not enough to protect your business by themselves. Stateful Inspection Firewalls • These firewalls combine both packet inspection technology and TCP handshake verification to create a level of protection greater than either of the previous two architectures could provide alone. • However, these firewalls do put more of a strain on computing resources as well. • This may slow down the transfer of legitimate packets compared to the other solutions.
Application-level gateways (Application-Level Gateways/Cloud Firewalls) • Proxy firewalls operate at the application layer to filter incoming traffic between your network and the traffic source—hence, the name “application-level gateway.” • These firewalls are delivered via a cloud-based solution or another proxy device. • Rather than letting traffic connect directly, the proxy firewall first establishes a connection to the source of the traffic and inspects the incoming data packet. • This check is similar to the stateful inspection firewall in that it looks at both the packet and at the TCP handshake protocol. • However, proxy firewalls may also perform deep-layer packet inspections, checking the actual contents of the information packet to verify that it contains no malware. • Once the check is complete, and the packet is approved to connect to the destination, the proxy sends it off. • This creates an extra layer of separation between the “client” (the system where the packet originated) and the individual devices on your network—obscuring them to create additional anonymity and protection for your network. • If there’s one drawback to proxy firewalls, it’s that they can create significant slowdown because of the extra steps in the data packet transferal process.
Next-gen firewalls • Many of the most recently-released firewall products are being touted as “next-generation” architectures. • However, there is not as much consensus on what makes a firewall truly next-gen. • Some common features of next-generation firewall architectures include deep-packet inspection (checking the actual contents of the data packet), TCP handshake checks, and surface-level packet inspection. • Next-generation firewalls may include other technologies as well, such as intrusion prevention systems (IPSs) that work to automatically stop attacks against your network. • The issue is that there is no one definition of a next-generation firewall, so it’s important to verify what specific capabilities such firewalls have before investing in one.
Software firewalls • It includes any type of firewall that is installed on a local device rather than a separate piece of hardware (or a cloud server). • The big benefit of a software firewall is that it's highly useful for creating defense in depth by isolating individual network endpoints from one another. • However, maintaining individual software firewalls on different devices can be difficult and time-consuming. • Furthermore, not every device on a network may be compatible with a single software firewall, which may mean having to use several different software firewalls to cover every asset. Hardware firewalls • Hardware firewalls use a physical appliance that acts in a manner similar to a traffic router to intercept data packets and traffic requests before they're connected to the network's servers. • Physical appliance-based firewalls like this excel at perimeter security by making sure malicious traffic from outside the network is intercepted before the company's network endpoints are exposed to risk. • The major weakness of a hardware-based firewall, however, is that it is often easy for insider attacks to bypass them. • Also, the actual capabilities of a hardware firewall may vary depending on the manufacturer—some may have a more limited capacity to handle simultaneous connections than others, for example.
Cloud firewalls • Whenever a cloud solution is used to deliver a firewall, it can be called a cloud firewall, or firewall-as-a- service (FaaS). • Cloud firewalls are considered synonymous with proxy firewalls by many, since a cloud server is often used in a proxy firewall setup (though the proxy doesn't necessarily have to be on the cloud, it frequently is). • The big benefit of having cloud-based firewalls is that they are very easy to scale with your organization. • As your needs grow, you can add additional capacity to the cloud server to filter larger traffic loads. • Cloud firewalls, like hardware firewalls, excel at perimeter security.
Firewalls Basing
Location of Internal and External Firewall ▪ An internal firewall is a security solution designed to protect a network from attacks that have already gotten past the perimeter. ▪ A firewall, in general, is a device or software designed to monitor traffic and prevent unauthorized access, and an internal firewall is an advanced application of that concept. ▪ An external firewall is placed at the edge of a local or enterprise network, just inside the boundary router that con nects to the Internet or some wide area network (WAN).

Recommended

cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptx
BisharSuleiman
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptx
RizwanBasha12
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptxCH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
JebasheelaSJ
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
UmangThakkar26
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security Introduction
Alwyn Rajiv
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network Security
SHUBHA CHATURVEDI
 

Recommended

cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptx
BisharSuleiman
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptx
RizwanBasha12
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptxCH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
JebasheelaSJ
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
UmangThakkar26
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security Introduction
Alwyn Rajiv
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network Security
SHUBHA CHATURVEDI
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
AparnaSunil24
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.ppt
SwapnaPavan2
 
cryptographic security
cryptographic securitycryptographic security
cryptographic security
Priyamvada Singh
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network security
sneha padhiar
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic Attack
Mona Rajput
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
surajthakur474818
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
Network Security
Network SecurityNetwork Security
Network Security
moviebro1
 
Ransomware 101
Ransomware 101Ransomware 101
Ransomware 101
William Mann
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
ssuseref9c81
 
Computer security
Computer securityComputer security
Computer security
Mahesh Singh Madai
 
Unit 1
Unit 1Unit 1
Unit 1
Vinod Kumar Gorrepati
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
Yasmeen Shaikh
 
information technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfinformation technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 
chapter 1-4.pdf
chapter 1-4.pdfchapter 1-4.pdf
chapter 1-4.pdf
zerihunnana
 
Cryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxCryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptx
SamiDan3
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communication
manish kumar
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
The Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptxThe Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptx
NehaChandwani11
 
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdfPost Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Pragya - UEM Kolkata Quiz Club
 

More Related Content

Similar to DataCommunication Network - Unit 5.pdf

Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
AparnaSunil24
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic Attack
Mona Rajput
 
information technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfinformation technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdf
wondimagegndesta
 

Similar to DataCommunication Network - Unit 5.pdf (20)

Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.ppt
 
cryptographic security
cryptographic securitycryptographic security
cryptographic security
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network security
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic Attack
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Network Security
Network SecurityNetwork Security
Network Security
 
Ransomware 101
Ransomware 101Ransomware 101
Ransomware 101
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
 
Computer security
Computer securityComputer security
Computer security
 
Unit 1
Unit 1Unit 1
Unit 1
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
 
information technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdfinformation technology cryptography Msc chapter 1-4.pdf
information technology cryptography Msc chapter 1-4.pdf
 
chapter 1-4.pdf
chapter 1-4.pdfchapter 1-4.pdf
chapter 1-4.pdf
 
Cryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptxCryptography and Network Security-ch1-4.pptx
Cryptography and Network Security-ch1-4.pptx
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Mutual Authentication For Wireless Communication
Mutual Authentication For Wireless CommunicationMutual Authentication For Wireless Communication
Mutual Authentication For Wireless Communication
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
 

Recently uploaded

Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
MysoreMuleSoftMeetup
 
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
saipooja36
 
ppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyesppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyes
ashishpaul799
 

Recently uploaded (20)

The Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptxThe Ball Poem- John Berryman_20240518_001617_0000.pptx
The Ball Poem- John Berryman_20240518_001617_0000.pptx
 
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdfPost Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
 
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
 
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
Envelope of Discrepancy in Orthodontics: Enhancing Precision in Treatment
 
Open Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPointOpen Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPoint
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
Morse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptxMorse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptx
 
Features of Video Calls in the Discuss Module in Odoo 17
Features of Video Calls in the Discuss Module in Odoo 17Features of Video Calls in the Discuss Module in Odoo 17
Features of Video Calls in the Discuss Module in Odoo 17
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
 
Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).
 
How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17
 
“O BEIJO” EM ARTE .
“O BEIJO” EM ARTE .“O BEIJO” EM ARTE .
“O BEIJO” EM ARTE .
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
 
Discover the Dark Web .pdf InfosecTrain
Discover the Dark Web .pdf InfosecTrainDiscover the Dark Web .pdf InfosecTrain
Discover the Dark Web .pdf InfosecTrain
 
ppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyesppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyes
 
Essential Safety precautions during monsoon season
Essential Safety precautions during monsoon seasonEssential Safety precautions during monsoon season
Essential Safety precautions during monsoon season
 
Behavioral-sciences-dr-mowadat rana (1).pdf
Behavioral-sciences-dr-mowadat rana (1).pdfBehavioral-sciences-dr-mowadat rana (1).pdf
Behavioral-sciences-dr-mowadat rana (1).pdf
 
Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024Capitol Tech Univ Doctoral Presentation -May 2024
Capitol Tech Univ Doctoral Presentation -May 2024
 
Post Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdf
Post Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdfPost Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdf
Post Exam Fun(da) Intra UEM General Quiz 2024 - Prelims q&a.pdf
 
How to Manage Closest Location in Odoo 17 Inventory
How to Manage Closest Location in Odoo 17 InventoryHow to Manage Closest Location in Odoo 17 Inventory
How to Manage Closest Location in Odoo 17 Inventory
 

DataCommunication Network - Unit 5.pdf

  • 1. Data Communication and Networking UNIT V Computer Security Concepts - Security Attacks: Active Attacks, Passive Attacks -Message authentication Codes: message Authentication Requirements, Message Authentication Functions - Requirements for message Authentication codes - Electronic mail Security: s/MIME, Domain Keys Identified Mail - IP Security: IP Security Overview, IP Security Policy, Encapsulating Security payload, Combining Security Associations, Internet key Exchange, Cryptographic suits - Firewalls: The Need for Firewalls, Firewall Characteristics, Types of Firewalls, Firewalls Basing, Firewall Location and Configuration.
  • 2. Security Attacks ▪ Security of a computer system is a crucial task. ▪ It is a process of ensuring privacy and reliability of the OS. ▪ A system is said to be secure if its resources are used and accessed as intended under all the circumstances. ▪ But no system can guarantee absolute security from several of the various malicious threats and unauthorized access. ▪ Security of a system can be threatened via two violations: ➢ Threat: A program which has the potential to cause serious damage to the system. ➢ Attack: An attempt to break security and make unauthorized use of an asset. ▪ Security violations affecting the system can be categorized as malicious and accidental. ▪ Malicious threats, as the name suggests are a kind of harmful computer code or web script designed to create system vulnerabilities leading to back doors and security breaches. ▪ Accidental Threats, on the other hand, are comparatively easier to be protected against. Example: Denial of Service DDoS attack.
  • 3. Threats can be classified into the following two categories: 1. Program Threats: ▪ A program written by a cracker to hijack the security or to change the behavior of a normal process. 2. System Threats: ▪ These threats involve the abuse of system services. ▪ They strive to create a situation in which operating-system resources and user files are misused. ▪ They are also used as a medium to launch program threats. Two types of Threats: 1. Program Threats : Virus, Trojan Horse, Trap Door, Logic Bomb etc., 2. System Threats : Worm, Port Scanning, Denial of Service etc.,
  • 4. Security measures taken to protect the system in the following levels. Physical: ▪ The sites containing computer systems must be physically secured against armed and malicious intruders. ▪ The workstations must be carefully protected. Human: ▪ Only appropriate users must have the authorization to access the system. ▪ Phishing(collecting confidential information) and Dumpster Diving(collecting basic information so as to gain unauthorized access) must be avoided. Operating system: ▪ The system must protect itself from accidental or purposeful security breaches. Networking System: ▪ Almost all of the information is shared between different systems via a network. ▪ Intercepting these data could be just as harmful as breaking into a computer. ▪ Henceforth, Network should be properly secured against such attacks.
  • 5. ▪ Confidentiality: Information about system or its users cannot be learned by an attacker. ▪ Integrity: The system continues to operate properly, only reaching states that would occur if there were no attacker. ▪ Availability: Actions by an attacker do not prevent users from having access to use of the system.
  • 6.
  • 7. • Taxonomy of attacks with relation to goals
  • 8. • Attacks threatening Confidentiality
  • 10. ▪ Attacks threatening Availability
  • 11. Security attack types : Active attacks: An Active attack attempts to alter system resources or effect their operations. Active attack involve some modification of the data stream or creation of false statement. Types of active attacks are as following: 1. Masquerade ▪ Masquerade attack takes place when one entity pretends to be different entity. ▪ A Masquerade attack involves one of the other form of active attacks. ▪ 2. Modification of messages It means that some portion of a message is altered or that message is ▪ delayed or reordered to produce an unauthorized effect. ▪ For example, a message meaning “Allow JOHN to read confidential file ▪ X” is modified as “Allow Smith to read confidential file X”.
  • 12. 3.Repudiation ▪ This attack is done by either sender or receiver. ▪ The sender or receiver can deny later that he/she has send or receive a message. ▪ For example, customer ask his Bank “To transfer an amount to someone” and later on the sender(customer) deny that he had made such a request. ▪ This is repudiation. 4.Replay ▪ It involves the passive capture of a message and its subsequent the transmission to produce an authorized effect. 5. Denial of Service ▪ It prevents normal use of communication facilities. ▪ This attack may have a specific target. ▪ For example, an entity may suppress all messages directed to a particular destination. ▪ Another form of service denial is the disruption of an entire network wither by disabling the network or by overloading it by messages so as to degrade performance.
  • 13. Passive attacks: ▪ A Passive attack attempts to learn or make use of information from the system but does not affect system resources. ▪ They are in the nature of eavesdropping on or monitoring of transmission. ▪ The goal of the opponent is to obtain information is being transmitted. ▪ Types of Passive attacks are as following: 1.The release of message content ▪ Telephonic conversation, an electronic mail message or a transferred file ▪ may contain sensitive or confidential information. ▪ We would like to prevent an opponent from learning the contents of these transmissions. 2.Traffic analysis ▪ Suppose that we had a way of masking (encryption) of information, so that the attacker even if captured the message could not extract any information from the message. ▪ The opponent could determine the location and identity of communicating host and could observe the frequency and length of messages being exchanged. ▪ This information might be useful in guessing the nature of the communication that was taking place.
  • 14. ▪ Categorization of Active and Passive Attacks
  • 15. Message Authentication • Another type of threat that exist for data is the lack of message authentication. • In this threat, the user is not sure about the originator of the message. • Message authentication can be provided using the cryptographic techniques that use secret keys as done in case of encryption. Message Authentication Code (MAC) • MAC algorithm is a symmetric key cryptographic technique to provide message authentication. • Sometimes known as a tag, is a short piece of information used to authenticate a message. • In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. • For establishing MAC process, the sender and receiver share a symmetric key K. • Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.
  • 16. Message Authentication Another type of threat that exist for data is the lack of message authentication. In this threat, the user is not sure about the originator of the message. Message authentication can be provided using the cryptographic techniques that use secret keys as done in case of encryption. ▪ MAC algorithm is a symmetric key cryptographic technique to provide message authentication. ▪ Sometimes known as a tag, is a short piece of information used to authenticate a message. ▪ In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. ▪ For establishing MAC process, the sender and receiver share a symmetric key K. ▪ Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message to ensure message authentication.
  • 17. Limitations of MAC 1. Establishment of Shared Secret. ▪ It can provide message authentication among pre-decided legitimate users who have shared key. ▪ This requires establishment of shared secret prior to use of MAC. 2. Inability to Provide Non-Repudiation ▪ Non-repudiation is the assurance that a message originator cannot deny any previously sent messages and commitments or actions. Authentication Requirements • Message authentication • A procedure to verify that messages come from the alleged source and have not been altered. • Message authentication may also verify sequencing and timeliness. • Digital signature • An authentication technique that also includes measures to counter repudiation by either source or destination.
  • 18. Message Authentication Function • Message authentication or digital signature mechanism can be viewed as having two levels • At lower level: There must be some sort of functions producing an authenticator – a value to be used to authenticate a message • At higher Level: This lower level functions is used as primitive in a higher level authentication protocol ▪ Three classes of functions that may be used to produce an authenticator. ▪ Message encryption ❖Ciphertext itself serves as authenticator. ▪ Message authentication code (MAC) ❖A public function of the message and a secret key that produces a fixed-length value that serves as the authenticator. ▪ Hash function ❖A public function that maps a message of any length into a fixed-length hash value, which serves as the authenticator.
  • 19. Message Authentication Functions • Authentication function is of two levels of functionality : • Lower Value produces an authenticator value used to authenticate a message. • Higher Value : indicates a receiver to verify the authenticity of message. Grouped into three classes • Message Encryption : The ciphertext of the entire message serves as authenticator • Message Authentication Code (MAC) : The function of the message, a secret key that produces a fixed-length value that serves as that authenticator. • Hash Function: A function that maps a message of any length into fixed-length hash value which serves as the authenticator
  • 20. Email Security • Email security is the term for any procedure that protects email content and accounts against unauthorized access. • Email is popular with hackers as a tool for spreading malware, spam, and phishing attacks. • They use deceptive messages to trick recipients into sharing sensitive information, resulting in identity theft. • They lure people into opening attachments or clicking hyperlinks that install malware (such as email viruses) on the user’s device. • Email is also a main entry point for attackers looking to access an enterprise network and breach valuable company data. • Email service providers have email security measures in place to secure client accounts and information from hackers. • Such measures include ▪ email servers with strong password ▪ access control mechanisms ▪ encrypted email messages (both inbox or in transit) ▪ web application firewalls ▪ spam filtering software.
  • 21. Email Security Features • Spam Filters. A significant proportion of emails that you receive daily are marketing emails. ... • Anti-virus Protection. Spam filters play the role of separating the spam emails from the regular ones. ... • Image & Content Control. Hackers use emails for phishing purposes. ... • Data Encryption.
  • 22. IP Security ▪ IPSec (IP Security) architecture uses two protocols to secure the traffic or data flow. ▪ These protocols are ESP (Encapsulation Security Payload) and AH (Authentication Header). ▪ IPSec Architecture include protocols, algorithms, DOI, and Key Management. ▪ All these components are very important in order to provide the three main services: ➢ Confidentiality ➢ Authentication ➢ Integrity
  • 23. ▪ 1. Architecture: Architecture or IP Security Architecture covers the general concepts, definitions, protocols, algorithms and security requirements of IP Security technology. ▪ 2. ESP Protocol: ESP(Encapsulation Security Payload) provide the confidentiality service. Encapsulation Security Payload is implemented in either two ways: ❖ESP with optional Authentication. ❖ESP with Authentication. Packet Format:
  • 24. ▪ Security Parameter Index(SPI): This parameter is used in Security Association. It is used to give a unique number to the connection build between Client and Server. ▪ Sequence Number: Unique Sequence number are allotted to every packet so that at the receiver side packets can be arranged properly. ▪ Payload Data: Payload data means the actual data or the actual message. The Payload data is in encrypted format to achieve confidentiality. ▪ Padding: Extra bits or space added to the original message in order to ensure confidentiality. Padding length is the size of the added bits or space in the original message. ▪ Next Header: Next header means the next payload or next actual data. ▪ Authentication Data This field is optional in ESP protocol packet format.
  • 25. 3. Encryption algorithm: Encryption algorithm is the document that describes various encryption algorithm used for Encapsulation Security Payload. 4. AH Protocol: AH (Authentication Header) Protocol provides both Authentication and Integrity service. Authentication Header is implemented in one way only: Authentication along with Integrity.
  • 26. • Authentication Header covers the packet format and general issue related to the use of AH for packet authentication and integrity. 5. Authentication Algorithm: Authentication Algorithm contains the set of the documents that describe authentication algorithm used for AH and for the authentication option of ESP. 6. DOI (Domain of Interpretation): DOI is the identifier which support both AH and ESP protocols. It contains values needed for documentation related to each other. 7. Key Management: Key Management contains the document that describes how the keys are exchanged between sender and receiver.
  • 27. CRYPTOGRAPHIC SUITES • A cipher suite is a set of algorithms that help secure a network connection. • Suites typically use Transport Layer Security (TLS) or its now-deprecated predecessor Secure Socket Layer (SSL). • The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm. • The key exchange algorithm is used to exchange a key between two devices. • This key is used to encrypt and decrypt the messages being sent between two machines. • The bulk encryption algorithm is used to encrypt the data being sent. • The MAC algorithm provides data integrity checks to ensure that the data sent does not change in transit. • Overall, there are hundreds of different cipher suites that contain different combinations of these algorithms. Some cipher suites offer better security than others. • The structure and use of the cipher suite concept are defined in the TLS standard document. • TLS 1.2 is the most prevalent version of TLS.
  • 28. Firewalls ▪ A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. ▪ At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. ▪ A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out. Firewall History ▪ Firewalls have existed since the late 1980’s and started out as packet filters, which were networks set up to examine packets, or bytes, transferred between computers. ▪ Though packet filtering firewalls are still in use today, firewalls have come a long way as technology has developed throughout the decades.
  • 29. Types ▪ Firewall types can be divided into several different categories based on their general structure and method of operation. Here are eight types of firewalls: 1. Packet-filtering firewalls 2. Circuit-level gateways 3. Stateful inspection firewalls 4. Application-level gateways (a.k.a. proxy firewalls) 5. Next-gen firewalls 6. Software firewalls 7. Hardware firewalls 8. Cloud firewalls
  • 30. Packet-filtering firewalls • Is the most “basic” and oldest type of firewall architecture, packet-filtering firewalls basically create a checkpoint at a traffic router or switch. • The firewall performs a simple check of the data packets coming through the router. • Also inspecting information such as the destination and origination IP address, packet type, port number, and other surface-level information without opening up the packet to inspect its contents. • If the information packet doesn’t pass the inspection, it is dropped. • The good thing about these firewalls is that they aren’t very resource-intensive. • This means they don’t have a huge impact on system performance and are relatively simple. • However, they’re also relatively easy to bypass compared to firewalls with more robust inspection capabilities.
  • 31. Circuit-level gateways • As another simplistic firewall type that is meant to quickly and easily approve or deny traffic without consuming significant computing resources, circuit-level gateways work by verifying the transmission control protocol (TCP) handshake. • This TCP handshake check is designed to make sure that the session the packet is from is legitimate. • While extremely resource-efficient, these firewalls do not check the packet itself. • So, if a packet held malware, but had the right TCP handshake, it would pass right through. • This is why circuit-level gateways are not enough to protect your business by themselves. Stateful Inspection Firewalls • These firewalls combine both packet inspection technology and TCP handshake verification to create a level of protection greater than either of the previous two architectures could provide alone. • However, these firewalls do put more of a strain on computing resources as well. • This may slow down the transfer of legitimate packets compared to the other solutions.
  • 32. Application-level gateways (Application-Level Gateways/Cloud Firewalls) • Proxy firewalls operate at the application layer to filter incoming traffic between your network and the traffic source—hence, the name “application-level gateway.” • These firewalls are delivered via a cloud-based solution or another proxy device. • Rather than letting traffic connect directly, the proxy firewall first establishes a connection to the source of the traffic and inspects the incoming data packet. • This check is similar to the stateful inspection firewall in that it looks at both the packet and at the TCP handshake protocol. • However, proxy firewalls may also perform deep-layer packet inspections, checking the actual contents of the information packet to verify that it contains no malware. • Once the check is complete, and the packet is approved to connect to the destination, the proxy sends it off. • This creates an extra layer of separation between the “client” (the system where the packet originated) and the individual devices on your network—obscuring them to create additional anonymity and protection for your network. • If there’s one drawback to proxy firewalls, it’s that they can create significant slowdown because of the extra steps in the data packet transferal process.
  • 33. Next-gen firewalls • Many of the most recently-released firewall products are being touted as “next-generation” architectures. • However, there is not as much consensus on what makes a firewall truly next-gen. • Some common features of next-generation firewall architectures include deep-packet inspection (checking the actual contents of the data packet), TCP handshake checks, and surface-level packet inspection. • Next-generation firewalls may include other technologies as well, such as intrusion prevention systems (IPSs) that work to automatically stop attacks against your network. • The issue is that there is no one definition of a next-generation firewall, so it’s important to verify what specific capabilities such firewalls have before investing in one.
  • 34. Software firewalls • It includes any type of firewall that is installed on a local device rather than a separate piece of hardware (or a cloud server). • The big benefit of a software firewall is that it's highly useful for creating defense in depth by isolating individual network endpoints from one another. • However, maintaining individual software firewalls on different devices can be difficult and time-consuming. • Furthermore, not every device on a network may be compatible with a single software firewall, which may mean having to use several different software firewalls to cover every asset. Hardware firewalls • Hardware firewalls use a physical appliance that acts in a manner similar to a traffic router to intercept data packets and traffic requests before they're connected to the network's servers. • Physical appliance-based firewalls like this excel at perimeter security by making sure malicious traffic from outside the network is intercepted before the company's network endpoints are exposed to risk. • The major weakness of a hardware-based firewall, however, is that it is often easy for insider attacks to bypass them. • Also, the actual capabilities of a hardware firewall may vary depending on the manufacturer—some may have a more limited capacity to handle simultaneous connections than others, for example.
  • 35. Cloud firewalls • Whenever a cloud solution is used to deliver a firewall, it can be called a cloud firewall, or firewall-as-a- service (FaaS). • Cloud firewalls are considered synonymous with proxy firewalls by many, since a cloud server is often used in a proxy firewall setup (though the proxy doesn't necessarily have to be on the cloud, it frequently is). • The big benefit of having cloud-based firewalls is that they are very easy to scale with your organization. • As your needs grow, you can add additional capacity to the cloud server to filter larger traffic loads. • Cloud firewalls, like hardware firewalls, excel at perimeter security.
  • 37.
  • 38.
  • 39. Location of Internal and External Firewall ▪ An internal firewall is a security solution designed to protect a network from attacks that have already gotten past the perimeter. ▪ A firewall, in general, is a device or software designed to monitor traffic and prevent unauthorized access, and an internal firewall is an advanced application of that concept. ▪ An external firewall is placed at the edge of a local or enterprise network, just inside the boundary router that con nects to the Internet or some wide area network (WAN).