SlideShare a Scribd company logo

Next Generation Firewalls and VPN Technology

E
Ernest Celyblation

Firewalls is an information security program that prevents specific type of information between the outside world and the inside world. VPN Technology is a secure and separate network, which allows users connect to the internet through an encrypted tunnel by encapsulating the packet.

Internet
1 of 16
Download to read offline
DEPARTMENT OF COMPUTER SCIENCE AND INFORMATICS A report on Next Generation Firewalls & VPN Technology Date: 10/02/2017 Course: Information Security Course Code: INFT 308
Next Generation Firewalls and VPN Technology | 2 NEXT GENERATION FIREWALLS & VPN TECHNOLOGY
Next Generation Firewalls and VPN Technology | 3 ABSTRACT Next Generation Firewalls Next-generation firewalls (NGFWs) have developed out of necessity in today’s computing environments, where malware attacks have grown in sophistication and intensity and have found ways of exploiting weaknesses in traditional firewalls. Because the firewall is the first line of defence against such attacks, and protection of the corporate network is of the utmost importance, it stands to reason that firewalls have evolved as well to meet the threat. Where traditional firewalls have fallen down is in their inability to inspect the data payload of network packets and their lack of granular intelligence in distinguishing different kinds of web traffic. With most network traffic using web protocols, traditional firewalls cannot distinguish between legitimate business applications and attacks, so they must either allow all or reject all. Clearly, something beyond a traditional firewall was needed that could carry out advanced security functions without impacting the latency of the network, which is what led to the development of NGFWs.
Next Generation Firewalls and VPN Technology | 4 TABLE OF CONTENT ABSTRACT............................................................................................3 CHAPTER ONE – NEXT GENERATION FIREWALLS................................5 INTRODUCTION.......................................................................................5 Firewalls ...............................................................................................5 Next Generation Firewalls......................................................................6 Next generation firewalls services .............................................................7 Application identification.......................................................................7 User identification.................................................................................7 Content identification............................................................................7 Policy control ........................................................................................8 High-performance architecture..............................................................9 Traditional Firewalls and Next-generation Firewalls..................................9 Similarities between the two..................................................................9 Differences between the two ..................................................................9 CHAPTER TWO – VPN TECHNOLOGY ..................................................10 ABSTRACT.............................................................................................10 INTRODUCTION.....................................................................................11 VIRTUAL PRIVATE NETWORK (VPN) TECHNOLOGY...............................12 How a VPN Works?..............................................................................12 What Makes a VPN? ............................................................................13 VPN Technologies ................................................................................14
Next Generation Firewalls and VPN Technology | 5 CHAPTER ONE – NEXT GENERATION FIREWALLS INTRODUCTION Firewall has been used for many years as something to keep the bad people out of the corporate network and keeping your data safe. Now, the phrase on the lips of networking professionals is Next Generation Firewalls, where the safety of the application is king. The firewall has come a long way since the packet-filtering days of time long past. The first firewalls were developed by the Digital Equipment Corporation (DEC) back in the late 1980s. These early firewalls operated mainly on the first four layers of the Open Systems Interconnection (OSI) model, intercepting traffic on the wire and inspecting the properties of every individual packet to determine if they matched a configured set of rules (source and destination address and port numbers, for example). These packets would then either be dropped or forwarded as appropriate. This method of traffic inspection, while rapid, was soon found to be unnecessarily resource-intensive and led directly to the introduction of circuit- level firewalls, later known as ―stateful‖ firewalls, pioneered by Check Point Software Technologies. This first next-generation of firewalls looked deeper into the transport layer headers and maintained a table of currently active connections allowing the ―state‖ of a connection (new, active, non-existent) to be used as a part of the rule-set. The introduction of the stateful firewall led to the packet-filtering firewall, becoming known as stateless. Firewalls Antivirus software has been a cornerstone of computers security since the early days of the Internet; firewalls have been the cornerstone of network security. Applications are the channel through which everything flows. A vector for our business and personal lives along with their associated benefits and risks. Such risks include new and emerging threats, data leakage, and noncompliance. Traditional firewalls operate, why they cannot meet today’s application and threat challenges, and how data leakage and compliance issues are defining network security and the need for a better firewall.
Next Generation Firewalls and VPN Technology | 6 Most firewalls are configured to allow all traffic originating from the trusted network to pass through to the untrusted network, unless it is explicitly blocked by a rule. For example, the Simple Network Management Protocol (SNMP) might be explicitly blocked to prevent certain network information from being inadvertently transmitted to the Internet. Port-based firewalls have poor vision Figure 1: Port-based firewalls can’t see or control applications Firewalls see all traffic and, therefore, are the ideal resource to provide rough access control. The problem, however, is that most firewalls are ―far-sighted.‖ They can see the general shape of things, but not the finer details of what is actually happening. This is because they operate by inferring the application-layer service that a given stream of traffic is associated with, based on the port number used in the packet’s header, and they only look at the first packet in a session to determine the type of traffic being processed, typically to improve performance. The net result is that traditional, ―port-based‖ firewalls have basically gone blind. Besides being unable to account for common evasion techniques such as port hopping, protocol tunnelling, and the use of nonstandard ports, these firewalls simply lack the visibility and intelligence to discern which network traffic. Next Generation Firewalls A next-generation firewall is application-aware deal in ports and protocols, next-generation firewalls drill into traffic to identify the applications traversing the network. Passing through it, taking action to block traffic that might exploit Web application vulnerabilities. To restore the firewall as the cornerstone of network security, next-generation firewalls “fix the problem at its core.” Next-generation firewalls classify traffic by the application’s identity in order to enable visibility and control of all types of applications running on networks. The essential functional requirements for an effective next-generation firewall include the ability to:  Identify applications regardless of port, protocol, evasive techniques.  Accurately identify users and subsequently use identity information as an attribute for policy control.  Provide real-time protection against a wide array of threats, including those operating at the application layer.
Next Generation Firewalls and VPN Technology | 7  Integrate, not just combine, traditional firewall and network intrusion prevention capabilities.  Support multi-gigabit, in-line deployments with negligible performance degradation. NEXT GENERATION FIREWALLS SERVICES Application identification  Application protocol detection and decryption.  Application protocol decoding.  Application signatures.  Heuristics Figure 2: Application-centric traffic classification identifies Figure 3: NGFW techniques used to identify applications applications flowing across the network, irrespective of the regardless of port, protocol, and encryption. port and protocol in use. User identification With user identification, is another powerful mechanism to help control the use of applications in an intelligent manner. For example, a social networking application that would otherwise be blocked because of its risky nature can be enabled for individuals or groups that have a legitimate need to use it, such as the human resources department. Content identification Content identification infuses next-generation firewalls with capabilities previously unheard of in enterprise firewalls, such as real-time prevention of threats within permitted traffic, control of Web surfing activities, and file and data filtering. Threat prevention: This component prevents spyware, viruses, and vulnerabilities from penetrating the network, regardless of the application traffic on which they ride.
Next Generation Firewalls and VPN Technology | 8 Figure 4: User identification integrates enterprise directories for user-based policies, reporting, and forensic With content identification, information technology departments gain the ability to stop threats, reduce inappropriate use of the Internet, and help prevent data leaks all without having to invest in a pile of additional products and risk appliance. Figure 5: Content identification unifies content scanning for threats, confidential data, and URL filtering. Policy control Identifying the applications in use (application identification), who is using them (user identification), and what they are using them for (content identification) is an important first step in learning about the traffic traversing the network. Learning what the application does, the ports it uses, its underlying technology, and its behaviour is the next step towards making an informed decision about how to treat the application. Examples of policy control options in next generation firewalls (NGFWs) include;  Allow or deny  Allow but scan for exploits, viruses, and other threats  Allow based on schedule, users, or groups  Decrypt and inspect  Apply traffic shaping through qualify od service (QoS)  Apply policy-based forwarding  Allow certain application functions  Any combination of the aforementioned
Next Generation Firewalls and VPN Technology | 9 High-performance architecture It is important to select a next-generation firewall that is designed from the start to deliver high performance. There’s also the tremendous traffic volume confronting today’s security infrastructure, not to mention the latency sensitivity of many applications. Rated throughput and reasonable latency should be sustainable under heavy loads, even when all application and threat inspection features are engaged simultaneously, which is the ideal configuration from a security perspective. This multi-pass approach requires low-level packet processing Figure 6: Single-pass parallel processing architecture and separate control and data planes provide enterprise performance. routines to be repeated numerous times. System resources are used inefficiently and significant. Next generation technology (NGFW) that uses single-pass architecture eliminates repetitive handling of packets, reducing the burden placed on hardware and minimizing latency. Other innovations, such as customized hardware architecture that maintains separate data and control planes, help provide an enterprise-class solution. Traditional Firewalls and Next-generation Firewalls Similarities between the two  Static packet filtering that blocks packets at the point of interface to a network, based on protocols, ports, or addresses.  Stateful inspection or dynamic packet filtering, which checks every connection on every interface of a firewall for validity  Port address translation that facilitates the mapping of multiple devices on a LAN to a single IP address Differences between the two According to Gartner, firewall is ―a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.‖  Integrated signature-based intrusion prevention system (IPS), which specifies which kinds of attacks to scan for and report on  Capability to incorporate information from outside the firewall, including directory-based policies, white lists, and black lists  Secure sockets layer (SSL) decryption to enable identification of undesirable encrypted applications.
Next Generation Firewalls and VPN Technology | 10 CHAPTER TWO – VPN TECHNOLOGY ABSTRACT Virtual Private Network (VPN) is a communication network which provides secure data transmission in an unsecured or public network by using any combination of technologies. A virtual connection is made across the users who are geographically dispersed and networks over a shared or public network, like the Internet. Even though the data is transmitted in a public network, VPN provides an impression as if the data is transmitted through private connection. This paper provides a survey report on VPN security and its technologies.
Next Generation Firewalls and VPN Technology | 11 INTRODUCTION A virtual private network (VPN) is the collection of private and public network such as Internet, and performs secure data transmission. A virtual private network can establish secured virtual links among different organizations, such as branch offices. It will not provide any other external service between them and it will not allow any other organization to interrupt them. A VPN sends data between two systems across a public network in such a way that the transmitted data is transparent to the other systems connected in the network. This transparency in data transmission is possible because VPN emulates point to point link between the two systems. Point to point link is provided by encapsulation of data. Data encapsulation is done by wrapping the data with a header, which provides routing information. This process is called as tunnelling. To provide confidentiality to the encapsulated data, the data is secured by encryption. When data reaches a tunnel end point, the encapsulated data is decrypted and forwarded to its final destination point. VPN allows organizations to connect to their branch offices or to other companies over a public network while maintaining secure communications. The VPN connection across the Internet logically operates as a wide area network (WAN) link between the sites. The secure connection across the internet appears to the user as a private network communication despite the fact that this communication occurs over a public internetwork hence the name virtual private network. A typical VPN might have a main local-area network (LAN) at the corporate headquarters of a company, other LANs at remote offices or facilities, and individual users that connect from out in the field. A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection, such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee.
Next Generation Firewalls and VPN Technology | 12 VIRTUAL PRIVATE NETWORK (VPN) TECHNOLOGY A Virtual Private Network (VPN) is a secure and separate network, which let users connect to the internet through an encrypted tunnel bypassing their public network and securely transfers their internet data packets through it, VPN is just like a firewall in computers which protects you from the local area network (LAN) attacks, VPN works as an online firewall to protect you from all the cyber hazards and attackers, to use a VPN an active connection is mandatory. VPNs are a mix of various technologies which;  Gives you Anonymity over the internet  Hides your IP address and internet activities from your intrusive security protocol (ISP) and other snoopers like government surveillance and security agencies provide internet security and privacy  Let you bypass geo-restrictions and access all the blocked websites when you are outside your country  Gives you absolute protection from cyber attackers like hackers, spammers, etc.  Let you share files using peer-to-peer (P2P) file sharing websites How a VPN Works? Virtual Private Network (VPN) uses mix of various technologies like dedicated connection and encryption protocols to create virtual point-to-point connections and connects you to the internet through an encrypted tunnel and transmits all your internet data through this tunnel and the data transmitter is so secure that even if intercepted, the snooper cannot read the data because of the encryption. This way VPNs can provide you security and anonymity over the internet which is required when you are torrenting or using peer–to-peer (P2P) file sharing platforms or to avoid hacking, spamming, snooping by the government and surveillance agencies and other cyber-attacks. VPNs also let you change your geographical location without being physically moving to any other country you can show the internet you are in that country, how? The answer is simple, VPN alters your IP address and let you choose any country’s server provided by it and changes your IP address to that country’s IP address. This way you can access all the blocked websites of any country you wish to.
Next Generation Firewalls and VPN Technology | 13 What Makes a VPN? There are two common types of VPNs.  Remote-Access VPN: Also called a Virtual Private Dial-up Network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN provides some form of Internet dial-up account to their users using an Internet service provider (ISP). The telecommuters can then dial a 1-800 number to reach the Internet and use their VPN client software to access the corporate network. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third- party service provider.  Site-to-Site VPN: Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Each site needs only a local connection to the same public network, thereby saving money on long private leased-lines. Site-to-site VPNs can be further categorized into intranets or extranets. A site-to-site VPN built between offices of the same company is said to be an intranet VPN, while a VPN built to connect the company to its partner or customer is referred to as an extranet VPN.
Next Generation Firewalls and VPN Technology | 14 A well-designed VPN can greatly benefit a company. For example, it can:  Extend geographic connectivity  Reduce operational costs versus traditional WANs  Reduce transit times and traveling costs for remote users  Improve productivity  Simplify network topology  Provide global networking opportunities  Provide telecommuter support  Provide faster Return On Investment (ROI) than traditional WAN What features are needed in a well-designed VPN? It should incorporate these items:  Security  Reliability  Scalability  Network Management  Policy Management VPN Technologies A well-designed VPN uses several methods in order to keep your connection and data secure.  Data Confidentiality: This is perhaps the most important service provided by any VPN implementation. Since your private data travels over a public network, data confidentiality is vital and can be attained by encrypting the data. This is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most VPNs use one of these protocols to provide encryption. o IPsec: Internet Protocol Security Protocol (IPsec) o PPTP/MPPE — Microsoft Point-to-Point Encryption (MPPE). o L2TP/IPsec - Layer 2 Tunnelling Protocol (L2TP).
Next Generation Firewalls and VPN Technology | 15  Data Integrity: While it is important that your data is encrypted over a public network, it is just as important to verify that it has not been changed while in transit. For example, IPsec has a mechanism to ensure that the encrypted portion of the packet, or the entire header and data portion of the packet, has not been tampered with. If tampering is detected, the packet is dropped.  Data Origin Authentication: It is extremely important to verify the identity of the source of the data that is sent. This is necessary to guard against a number of attacks that depend on spoofing the identity of the sender.  Anti-Replay: This is the ability to detect and reject replayed packets and helps prevent spoofing.  Data Tunnelling/Traffic Flow Confidentiality: Tunneling is the process of encapsulating an entire packet within another packet and sending it over a network. Data tunneling is helpful in cases where it is desirable to hide the identity of the device originating the traffic.  Tunneling requires three different protocols. o Passenger protocol: the original data that is carried. o Encapsulating protocol: the protocol that is wrapped around the original data. o Carrier protocol: the protocol used by the network over which the information is traveling.
Next Generation Firewalls and VPN Technology | 16 REFERENCE  https://www.ukessays.com/essays/information-technology/history-of-the-virtual- private-network-information-technology-essay.php?utm_expid=309629- 42.KXZ6CCs5RRCgVDyVYVWeng.0&utm_referrer=https%3A%2F%2Fwww.goog le.com.gh%2F - ( 06 / 02 / 17 - 8:34 PM )  http://search.aol.com/aol/search?q=history+of+next+generation+firewalls ( 07 / 02 / 17 - 9:23 PM )  http://www.computerweekly.com/news/2240159617/Sophos-combines-endpoint- security-and-UTM - ( 07 / 02 / 17 - 10:01 PM )  http://www.networkcomputing.com/networking/choosing-next-generation-firewall-7- factors/1132111325 - ( 07 / 02 / 17 - 10:17 PM )  http://www.sonicwall.com/us/en/products/Network_Security.html  ebook_how_traditional_firewalls_fail.pdf  firewalls-for-dummies.pdf

Recommended

Vpn
VpnVpn
Vpn
Kajal Thakkar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
stolentears
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 

Recommended

Vpn
VpnVpn
Vpn
Kajal Thakkar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
stolentears
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Dan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat HoodieDan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat Hoodie
rahman018755
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirts
rahman018755
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
AS
 
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic ManagementBeyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
seank14
 
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
Fir
 
一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书
A
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
musaddumba454
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
A
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
hfkmxufye
 
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Dewi Agency
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
AS
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理
AS
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303
Dewi Agency
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
APNIC
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
AS
 
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide HandbookTOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
Varun Mithran
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
c6eb683559b3
 
The Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfThe Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdf
e-Market Hub
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
A
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

More Related Content

Recently uploaded

原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
AS
 
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
Fir
 
一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书
A
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
musaddumba454
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
A
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
hfkmxufye
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
AS
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
AS
 
一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理
AS
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
AS
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
c6eb683559b3
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
A
 

Recently uploaded (20)

Dan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat HoodieDan Quinn Commanders Feather Dad Hat Hoodie
Dan Quinn Commanders Feather Dad Hat Hoodie
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirts
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
 
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic ManagementBeyond Inbound: Unlocking the Secrets of API Egress Traffic Management
Beyond Inbound: Unlocking the Secrets of API Egress Traffic Management
 
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
 
一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书一比一定制美国罗格斯大学毕业证学位证书
一比一定制美国罗格斯大学毕业证学位证书
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
 
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
如何办理(UCLA毕业证)加州大学洛杉矶分校毕业证成绩单本科硕士学位证留信学历认证
 
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303Lowongan Kerja LC Yogyakarta Terbaru 085746015303
Lowongan Kerja LC Yogyakarta Terbaru 085746015303
 
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
一比一原版(毕业证书)新西兰怀特克利夫艺术设计学院毕业证原件一模一样
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理一比一原版英国创意艺术大学毕业证如何办理
一比一原版英国创意艺术大学毕业证如何办理
 
Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303Loker Pemandu Lagu LC Semarang 085746015303
Loker Pemandu Lagu LC Semarang 085746015303
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
一比一原版(毕业证书)新加坡南洋理工学院毕业证原件一模一样
 
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide HandbookTOP 100 Vulnerabilities Step-by-Step Guide Handbook
TOP 100 Vulnerabilities Step-by-Step Guide Handbook
 
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
一比一原版(NYU毕业证书)美国纽约大学毕业证学位证书
 
The Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdfThe Rise of Subscription-Based Digital Services.pdf
The Rise of Subscription-Based Digital Services.pdf
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Featured (20)

Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 

Next Generation Firewalls and VPN Technology

  • 1. DEPARTMENT OF COMPUTER SCIENCE AND INFORMATICS A report on Next Generation Firewalls & VPN Technology Date: 10/02/2017 Course: Information Security Course Code: INFT 308
  • 2. Next Generation Firewalls and VPN Technology | 2 NEXT GENERATION FIREWALLS & VPN TECHNOLOGY
  • 3. Next Generation Firewalls and VPN Technology | 3 ABSTRACT Next Generation Firewalls Next-generation firewalls (NGFWs) have developed out of necessity in today’s computing environments, where malware attacks have grown in sophistication and intensity and have found ways of exploiting weaknesses in traditional firewalls. Because the firewall is the first line of defence against such attacks, and protection of the corporate network is of the utmost importance, it stands to reason that firewalls have evolved as well to meet the threat. Where traditional firewalls have fallen down is in their inability to inspect the data payload of network packets and their lack of granular intelligence in distinguishing different kinds of web traffic. With most network traffic using web protocols, traditional firewalls cannot distinguish between legitimate business applications and attacks, so they must either allow all or reject all. Clearly, something beyond a traditional firewall was needed that could carry out advanced security functions without impacting the latency of the network, which is what led to the development of NGFWs.
  • 4. Next Generation Firewalls and VPN Technology | 4 TABLE OF CONTENT ABSTRACT............................................................................................3 CHAPTER ONE – NEXT GENERATION FIREWALLS................................5 INTRODUCTION.......................................................................................5 Firewalls ...............................................................................................5 Next Generation Firewalls......................................................................6 Next generation firewalls services .............................................................7 Application identification.......................................................................7 User identification.................................................................................7 Content identification............................................................................7 Policy control ........................................................................................8 High-performance architecture..............................................................9 Traditional Firewalls and Next-generation Firewalls..................................9 Similarities between the two..................................................................9 Differences between the two ..................................................................9 CHAPTER TWO – VPN TECHNOLOGY ..................................................10 ABSTRACT.............................................................................................10 INTRODUCTION.....................................................................................11 VIRTUAL PRIVATE NETWORK (VPN) TECHNOLOGY...............................12 How a VPN Works?..............................................................................12 What Makes a VPN? ............................................................................13 VPN Technologies ................................................................................14
  • 5. Next Generation Firewalls and VPN Technology | 5 CHAPTER ONE – NEXT GENERATION FIREWALLS INTRODUCTION Firewall has been used for many years as something to keep the bad people out of the corporate network and keeping your data safe. Now, the phrase on the lips of networking professionals is Next Generation Firewalls, where the safety of the application is king. The firewall has come a long way since the packet-filtering days of time long past. The first firewalls were developed by the Digital Equipment Corporation (DEC) back in the late 1980s. These early firewalls operated mainly on the first four layers of the Open Systems Interconnection (OSI) model, intercepting traffic on the wire and inspecting the properties of every individual packet to determine if they matched a configured set of rules (source and destination address and port numbers, for example). These packets would then either be dropped or forwarded as appropriate. This method of traffic inspection, while rapid, was soon found to be unnecessarily resource-intensive and led directly to the introduction of circuit- level firewalls, later known as ―stateful‖ firewalls, pioneered by Check Point Software Technologies. This first next-generation of firewalls looked deeper into the transport layer headers and maintained a table of currently active connections allowing the ―state‖ of a connection (new, active, non-existent) to be used as a part of the rule-set. The introduction of the stateful firewall led to the packet-filtering firewall, becoming known as stateless. Firewalls Antivirus software has been a cornerstone of computers security since the early days of the Internet; firewalls have been the cornerstone of network security. Applications are the channel through which everything flows. A vector for our business and personal lives along with their associated benefits and risks. Such risks include new and emerging threats, data leakage, and noncompliance. Traditional firewalls operate, why they cannot meet today’s application and threat challenges, and how data leakage and compliance issues are defining network security and the need for a better firewall.
  • 6. Next Generation Firewalls and VPN Technology | 6 Most firewalls are configured to allow all traffic originating from the trusted network to pass through to the untrusted network, unless it is explicitly blocked by a rule. For example, the Simple Network Management Protocol (SNMP) might be explicitly blocked to prevent certain network information from being inadvertently transmitted to the Internet. Port-based firewalls have poor vision Figure 1: Port-based firewalls can’t see or control applications Firewalls see all traffic and, therefore, are the ideal resource to provide rough access control. The problem, however, is that most firewalls are ―far-sighted.‖ They can see the general shape of things, but not the finer details of what is actually happening. This is because they operate by inferring the application-layer service that a given stream of traffic is associated with, based on the port number used in the packet’s header, and they only look at the first packet in a session to determine the type of traffic being processed, typically to improve performance. The net result is that traditional, ―port-based‖ firewalls have basically gone blind. Besides being unable to account for common evasion techniques such as port hopping, protocol tunnelling, and the use of nonstandard ports, these firewalls simply lack the visibility and intelligence to discern which network traffic. Next Generation Firewalls A next-generation firewall is application-aware deal in ports and protocols, next-generation firewalls drill into traffic to identify the applications traversing the network. Passing through it, taking action to block traffic that might exploit Web application vulnerabilities. To restore the firewall as the cornerstone of network security, next-generation firewalls “fix the problem at its core.” Next-generation firewalls classify traffic by the application’s identity in order to enable visibility and control of all types of applications running on networks. The essential functional requirements for an effective next-generation firewall include the ability to:  Identify applications regardless of port, protocol, evasive techniques.  Accurately identify users and subsequently use identity information as an attribute for policy control.  Provide real-time protection against a wide array of threats, including those operating at the application layer.
  • 7. Next Generation Firewalls and VPN Technology | 7  Integrate, not just combine, traditional firewall and network intrusion prevention capabilities.  Support multi-gigabit, in-line deployments with negligible performance degradation. NEXT GENERATION FIREWALLS SERVICES Application identification  Application protocol detection and decryption.  Application protocol decoding.  Application signatures.  Heuristics Figure 2: Application-centric traffic classification identifies Figure 3: NGFW techniques used to identify applications applications flowing across the network, irrespective of the regardless of port, protocol, and encryption. port and protocol in use. User identification With user identification, is another powerful mechanism to help control the use of applications in an intelligent manner. For example, a social networking application that would otherwise be blocked because of its risky nature can be enabled for individuals or groups that have a legitimate need to use it, such as the human resources department. Content identification Content identification infuses next-generation firewalls with capabilities previously unheard of in enterprise firewalls, such as real-time prevention of threats within permitted traffic, control of Web surfing activities, and file and data filtering. Threat prevention: This component prevents spyware, viruses, and vulnerabilities from penetrating the network, regardless of the application traffic on which they ride.
  • 8. Next Generation Firewalls and VPN Technology | 8 Figure 4: User identification integrates enterprise directories for user-based policies, reporting, and forensic With content identification, information technology departments gain the ability to stop threats, reduce inappropriate use of the Internet, and help prevent data leaks all without having to invest in a pile of additional products and risk appliance. Figure 5: Content identification unifies content scanning for threats, confidential data, and URL filtering. Policy control Identifying the applications in use (application identification), who is using them (user identification), and what they are using them for (content identification) is an important first step in learning about the traffic traversing the network. Learning what the application does, the ports it uses, its underlying technology, and its behaviour is the next step towards making an informed decision about how to treat the application. Examples of policy control options in next generation firewalls (NGFWs) include;  Allow or deny  Allow but scan for exploits, viruses, and other threats  Allow based on schedule, users, or groups  Decrypt and inspect  Apply traffic shaping through qualify od service (QoS)  Apply policy-based forwarding  Allow certain application functions  Any combination of the aforementioned
  • 9. Next Generation Firewalls and VPN Technology | 9 High-performance architecture It is important to select a next-generation firewall that is designed from the start to deliver high performance. There’s also the tremendous traffic volume confronting today’s security infrastructure, not to mention the latency sensitivity of many applications. Rated throughput and reasonable latency should be sustainable under heavy loads, even when all application and threat inspection features are engaged simultaneously, which is the ideal configuration from a security perspective. This multi-pass approach requires low-level packet processing Figure 6: Single-pass parallel processing architecture and separate control and data planes provide enterprise performance. routines to be repeated numerous times. System resources are used inefficiently and significant. Next generation technology (NGFW) that uses single-pass architecture eliminates repetitive handling of packets, reducing the burden placed on hardware and minimizing latency. Other innovations, such as customized hardware architecture that maintains separate data and control planes, help provide an enterprise-class solution. Traditional Firewalls and Next-generation Firewalls Similarities between the two  Static packet filtering that blocks packets at the point of interface to a network, based on protocols, ports, or addresses.  Stateful inspection or dynamic packet filtering, which checks every connection on every interface of a firewall for validity  Port address translation that facilitates the mapping of multiple devices on a LAN to a single IP address Differences between the two According to Gartner, firewall is ―a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.‖  Integrated signature-based intrusion prevention system (IPS), which specifies which kinds of attacks to scan for and report on  Capability to incorporate information from outside the firewall, including directory-based policies, white lists, and black lists  Secure sockets layer (SSL) decryption to enable identification of undesirable encrypted applications.
  • 10. Next Generation Firewalls and VPN Technology | 10 CHAPTER TWO – VPN TECHNOLOGY ABSTRACT Virtual Private Network (VPN) is a communication network which provides secure data transmission in an unsecured or public network by using any combination of technologies. A virtual connection is made across the users who are geographically dispersed and networks over a shared or public network, like the Internet. Even though the data is transmitted in a public network, VPN provides an impression as if the data is transmitted through private connection. This paper provides a survey report on VPN security and its technologies.
  • 11. Next Generation Firewalls and VPN Technology | 11 INTRODUCTION A virtual private network (VPN) is the collection of private and public network such as Internet, and performs secure data transmission. A virtual private network can establish secured virtual links among different organizations, such as branch offices. It will not provide any other external service between them and it will not allow any other organization to interrupt them. A VPN sends data between two systems across a public network in such a way that the transmitted data is transparent to the other systems connected in the network. This transparency in data transmission is possible because VPN emulates point to point link between the two systems. Point to point link is provided by encapsulation of data. Data encapsulation is done by wrapping the data with a header, which provides routing information. This process is called as tunnelling. To provide confidentiality to the encapsulated data, the data is secured by encryption. When data reaches a tunnel end point, the encapsulated data is decrypted and forwarded to its final destination point. VPN allows organizations to connect to their branch offices or to other companies over a public network while maintaining secure communications. The VPN connection across the Internet logically operates as a wide area network (WAN) link between the sites. The secure connection across the internet appears to the user as a private network communication despite the fact that this communication occurs over a public internetwork hence the name virtual private network. A typical VPN might have a main local-area network (LAN) at the corporate headquarters of a company, other LANs at remote offices or facilities, and individual users that connect from out in the field. A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection, such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee.
  • 12. Next Generation Firewalls and VPN Technology | 12 VIRTUAL PRIVATE NETWORK (VPN) TECHNOLOGY A Virtual Private Network (VPN) is a secure and separate network, which let users connect to the internet through an encrypted tunnel bypassing their public network and securely transfers their internet data packets through it, VPN is just like a firewall in computers which protects you from the local area network (LAN) attacks, VPN works as an online firewall to protect you from all the cyber hazards and attackers, to use a VPN an active connection is mandatory. VPNs are a mix of various technologies which;  Gives you Anonymity over the internet  Hides your IP address and internet activities from your intrusive security protocol (ISP) and other snoopers like government surveillance and security agencies provide internet security and privacy  Let you bypass geo-restrictions and access all the blocked websites when you are outside your country  Gives you absolute protection from cyber attackers like hackers, spammers, etc.  Let you share files using peer-to-peer (P2P) file sharing websites How a VPN Works? Virtual Private Network (VPN) uses mix of various technologies like dedicated connection and encryption protocols to create virtual point-to-point connections and connects you to the internet through an encrypted tunnel and transmits all your internet data through this tunnel and the data transmitter is so secure that even if intercepted, the snooper cannot read the data because of the encryption. This way VPNs can provide you security and anonymity over the internet which is required when you are torrenting or using peer–to-peer (P2P) file sharing platforms or to avoid hacking, spamming, snooping by the government and surveillance agencies and other cyber-attacks. VPNs also let you change your geographical location without being physically moving to any other country you can show the internet you are in that country, how? The answer is simple, VPN alters your IP address and let you choose any country’s server provided by it and changes your IP address to that country’s IP address. This way you can access all the blocked websites of any country you wish to.
  • 13. Next Generation Firewalls and VPN Technology | 13 What Makes a VPN? There are two common types of VPNs.  Remote-Access VPN: Also called a Virtual Private Dial-up Network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN provides some form of Internet dial-up account to their users using an Internet service provider (ISP). The telecommuters can then dial a 1-800 number to reach the Internet and use their VPN client software to access the corporate network. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third- party service provider.  Site-to-Site VPN: Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Each site needs only a local connection to the same public network, thereby saving money on long private leased-lines. Site-to-site VPNs can be further categorized into intranets or extranets. A site-to-site VPN built between offices of the same company is said to be an intranet VPN, while a VPN built to connect the company to its partner or customer is referred to as an extranet VPN.
  • 14. Next Generation Firewalls and VPN Technology | 14 A well-designed VPN can greatly benefit a company. For example, it can:  Extend geographic connectivity  Reduce operational costs versus traditional WANs  Reduce transit times and traveling costs for remote users  Improve productivity  Simplify network topology  Provide global networking opportunities  Provide telecommuter support  Provide faster Return On Investment (ROI) than traditional WAN What features are needed in a well-designed VPN? It should incorporate these items:  Security  Reliability  Scalability  Network Management  Policy Management VPN Technologies A well-designed VPN uses several methods in order to keep your connection and data secure.  Data Confidentiality: This is perhaps the most important service provided by any VPN implementation. Since your private data travels over a public network, data confidentiality is vital and can be attained by encrypting the data. This is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most VPNs use one of these protocols to provide encryption. o IPsec: Internet Protocol Security Protocol (IPsec) o PPTP/MPPE — Microsoft Point-to-Point Encryption (MPPE). o L2TP/IPsec - Layer 2 Tunnelling Protocol (L2TP).
  • 15. Next Generation Firewalls and VPN Technology | 15  Data Integrity: While it is important that your data is encrypted over a public network, it is just as important to verify that it has not been changed while in transit. For example, IPsec has a mechanism to ensure that the encrypted portion of the packet, or the entire header and data portion of the packet, has not been tampered with. If tampering is detected, the packet is dropped.  Data Origin Authentication: It is extremely important to verify the identity of the source of the data that is sent. This is necessary to guard against a number of attacks that depend on spoofing the identity of the sender.  Anti-Replay: This is the ability to detect and reject replayed packets and helps prevent spoofing.  Data Tunnelling/Traffic Flow Confidentiality: Tunneling is the process of encapsulating an entire packet within another packet and sending it over a network. Data tunneling is helpful in cases where it is desirable to hide the identity of the device originating the traffic.  Tunneling requires three different protocols. o Passenger protocol: the original data that is carried. o Encapsulating protocol: the protocol that is wrapped around the original data. o Carrier protocol: the protocol used by the network over which the information is traveling.
  • 16. Next Generation Firewalls and VPN Technology | 16 REFERENCE  https://www.ukessays.com/essays/information-technology/history-of-the-virtual- private-network-information-technology-essay.php?utm_expid=309629- 42.KXZ6CCs5RRCgVDyVYVWeng.0&utm_referrer=https%3A%2F%2Fwww.goog le.com.gh%2F - ( 06 / 02 / 17 - 8:34 PM )  http://search.aol.com/aol/search?q=history+of+next+generation+firewalls ( 07 / 02 / 17 - 9:23 PM )  http://www.computerweekly.com/news/2240159617/Sophos-combines-endpoint- security-and-UTM - ( 07 / 02 / 17 - 10:01 PM )  http://www.networkcomputing.com/networking/choosing-next-generation-firewall-7- factors/1132111325 - ( 07 / 02 / 17 - 10:17 PM )  http://www.sonicwall.com/us/en/products/Network_Security.html  ebook_how_traditional_firewalls_fail.pdf  firewalls-for-dummies.pdf