3. Firewalls
• Firewall is a network security device , that monitors all inside and
outside traffic ,deny and accept traffic on the basis of predefined
policies and rules.
• With the grow of network and introduction of Internet companies
worried about two type of access
- How & What, employees are accessing outside resources
- How outsiders accessing its own private data resource.
• Characteristics of a firewall
1. All traffic must pass through the firewall.
2. Only traffic that follow local security policy rules should be allowed.
3. Firewall must be strong to protect it self from attacks on it.
• Limitations of Firewalls
1. Cannot protect against attacks that bypass the firewall.
2. Doesn't protect against internal threats.
4. • Types of Firewalls
1. Packet Filter
2. Application Level Gateway
• Packet filter firewall
Applies set of rules to each packet , and based on the
outcome decides to either forward or discard the packet.
Different policies are “default discard” or “default accept”
or apply number of rules.
Number of rules are based on headers of IP and TCP/UDP.
• Application Level Gateway
Such a firewall can filter packets at the application layer of
the OSI model.
Incoming or outgoing packets cannot access services for
which there is no proxy.
5. Virtual Private Network work, Kerberos
• VIRTUAL PRIVATE NETWORK (VPN)
A VPN is a mechanism of employing encryption, authentication,
and integrity protection so that we can use a public network as if
it is a private network.
Working:- Let us assume that host X on Network 1 wants to
send a data packet to host Y on Network 2.
1) Host X creates the packet, inserts its own IP address as the
source address and the IP address of host Y as the destination
address.
Source IPAddress Destination IP address
2) The packet reaches Firewall 1. Firewall 1 now adds new
headers to the packet. It changes the source IP address of the
packet from that of host X to its own address(i.e. IP address of
Firewall
IP of host X Actual Data IP of host Y
6. Source IPAddress Destination IP address
3) It also changes the destination IP address of the packet from
that of host Y to the IP address of Firewall 2.It also performs the
packet encryption and authentication, depending on the settings
and sends the modified packet over the Internet
4) The packet reaches to firewall 2 over the Internet, via routers.
Firewall 2 discards the outer header and performs the appropriate
decryption. It then takes a look at the plain text contents of the
packet and realizes that the packet is meant for host Y. It delivers
the packet to host Y.
KERBEROS
Kerberos is a mechanism through which we can authenticate a
user who want to access network resources. “Kerberos is a
authentication protocol who restrict unauthorized users to access
network resources”
IP of Firewall 2Step 1 Header + Actual DataIP of Firewall 1
Firewall 2 IPIP of YActual DataIP of XFirewall 1 IP
7. Intrusion Detection
• An intrusion detection system (IDS) monitors network traffic and
monitors for suspicious activity and alerts the system or network
administrator. In some cases the IDS may also respond to malicious
traffic by taking action such as blocking the user or source IP address
from accessing the network.
• IDS have following logical components
1) Traffic collection: collects activity as events from IDS to examine.
On Host-based IDS, this can be log files, Audit logs or traffic coming to
or leaving a system. On network based IDS, this is typically a
mechanism for copying traffic of network link.
2) Analysis Engine: examines collected network traffic & compares it to
known patterns of suspicious or malicious activity stored in digital
signature. The analysis engine act like a brain of IDS
3) Signature database: a collection of patterns & definitions‟ of known
suspicious or malicious activity.
4) User Interface & Reporting: interfaces with human element,
providing alerts when suitable & giving the user a means to interact
with & operate the IDS.
8. IP security
• IPSec Overview
IPSec is a capability that is added to IP protocol (IPv4 ,IPv6) by means
of some extra header to avoid following attacks at a network layer.
– Replay Attack
– Authentication attack
– Integrity Attack
– confidentiality attack
Authentication Header
Next Header is an 8-bit field that identifies the type of the next payload
after the Authentication Header.
Payload Length is length of AH in 32 bit word minus 2
Sequence Number is a number assigned to each incoming packet.
Authentication Data a variable length value used to check
authentication.
9. • IPsec ESP Format
• Security Parameters Index (32 bits): Identifies a security association.
• Sequence Number (32 bits): A monotonically increasing counter
value.
• Payload Data (variable): This is a transport-level segment (transport
mode) or IP packet(tunnel mode) that is protected by encryption.
• Padding (0–255 bytes): May be required if the encryption algorithm
requires the plaintext to be a multiple of some number of octets.
10. • Pad Length (8 bits): Indicates the number of pad bytes immediately
preceding this field.
• Next Header (8 bits): Identifies the type of data contained in the
Payload Data field by identifying the first header in that payload
(e.g., an extension header in IPv6, or an upper-layer protocol such as
TCP).
• ESP Authentication Data: A variable-length field (must be an integral
number of 32-bit words) that contains the integrity check value
computed over the ESP packet minus the Authentication Data field.