1) A VPN creates a secure connection over public networks to protect users' privacy and allow them to access blocked content. It works by extending a private network across the internet.
2) There are two main types of VPNs - remote access VPNs that allow users to remotely access a private network, and site-to-site VPNs that connect networks in different locations.
3) VPNs use encryption protocols like IPsec and SSL/TLS to securely tunnel traffic over the internet and authenticate users. This provides confidentiality, integrity, and sender authentication for VPN connections.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
SSH is a protocol for secure remote access to a machine over untrusted networks.
SSH is a replacement for telnet, rsh, rlogin and can replace ftp.
Uses Encryption.
SSH is not a shell like Unix Bourne shell and C shell (wildcard expansion and command interpreter)
A VPN (Virtual Private Network) extends a private network across a public network, such as the
Internet.
A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their organization's network. A VPN ensures
privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol
(L2TP). Data is encrypted at the sending end and decrypted at the receiving end.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
In this PPT you can learn a firewall and types which help you a lot and you can able to understand. So, that you must read at once I sure that you are understand
Thank you!!!
I
A technology that creates a network that is physically public, but virtually private
That is a Secure way of adding an extra level of privacy to your online activity Like web surfing.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
In this PPT you can learn a firewall and types which help you a lot and you can able to understand. So, that you must read at once I sure that you are understand
Thank you!!!
I
A technology that creates a network that is physically public, but virtually private
That is a Secure way of adding an extra level of privacy to your online activity Like web surfing.
A virtual private network gives secure access to LAN resources over a shared network infrastructure such as the internet. It can be conceptualized as creating a tunnel from one location to another, with Encrypted data traveling through the tunnel before being decrypted at its destination.
Describe the major types of VPNs and technologies- protocols- and serv.docxearleanp
Describe the major types of VPNs and technologies, protocols, and services used to deploy VPNs. Also describe the business benefits of VPNs.
Solution
A virtual private network (VPN) is a technology that creates an encrypted connection over a less secure network. The benefit of using a VPN is that it ensures the appropriate level of security to the connected systems when the underlying network infrastructure alone cannot provide it. The justification for using a VPN instead of a private network usually boils down to cost and feasibility: It is either not feasible to have a private network (e.g., for a traveling sales rep) or it is too costly to do so. The most common types of VPNs are remote-access VPNs and site-to-site VPNs
A remote-access VPN uses a public telecommunication infrastructure like the Internet to provide remote users secure access to their organization\'s network. A VPN client on the remote user\'s computer or mobile device connects to a VPN gateway on the organization\'s network, which typically requires the device to authenticate its identity, then creates a network link back to the device that allows it to reach internal network resources (e.g., file servers, printers, intranets) as though it was on that network locally. A remote-access VPN usually relies on either IPsec or SSL to secure the connection, although SSL VPNs are often focused on supplying secure access to a single application rather than to the whole internal network. Some VPNs provide Layer 2access to the target network; these require a tunneling protocol like PPTP or L2TP running across the base IPsec connection.
A site-to-site VPN uses a gateway device to connect the entire network in one location to the network in another, usually a small branch connecting to a data center. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the Internet use IPsec. It is also common to use carrier MPLS clouds rather than the public Internet as the transport for site VPNs. Here, too, it is possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (Virtual Private LAN Service, or VPLS) running across the base transport.
VPNs can also be defined between specific computers, typically servers in separate data centers, when security requirements for their exchanges exceed what the enterprise network can deliver. Increasingly, enterprises also use VPNs in either remote-access mode or site-to-site mode to connect (or connect to) resources in a public infrastructure as a service environment. Newer hybrid-access scenarios put the VPN gateway itself in the cloud, with a secure link from the cloud service provider into the internal network.
.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
4. VPN
• VPN stands for Virtual Private Network.
• A virtual private network offers a higher degree of protection and privacy
as you’re surfing the web, whether at home or outside.
• A VPN creates a secure connection over public networks (such as the wi-fi
in public transport, hotels, or your favorite café) as well as home networks.
4
5. • Not only do they provide better security for you and your devices, but they
can also help you bypass censorship and access geographically blocked
content on the internet from anywhere!
• It lets you remotely connect to a private network.
5
6. VPN
• A virtual private network (VPN) extends a private network across a public
network, and enables users to send and receive data across shared or
public networks as if their computing devices were directly connected to
the private network.
• Applications running on a computing device, e.g., a laptop, desktop,
smartphone, across a VPN may therefore benefit from the functionality,
security, and management of the private network. Encryption is a common,
though not an inherent, part of a VPN connection.
6
7. Types of VPN
There are two basic VPN types :
I. Remote Access VPN
II. Site – to – Site VPN
7
8. Remote access VPN
• Remote access VPN allows a user to connect to a private network and
access its services and resources remotely. The connection between the
user and the private network happens through the Internet and the
connection is secure and private. Allow employees to access the
company’s internet from outside the office.
8
9. Site-to-site VPN
• Site-to-site VPNs allow collaborators in geographically disparate offices to
share the same virtual network.
• Basically, Site-to-site VPN create a virtual bridge between the networks at
geographically distant offices and connect them through the Internet and
maintain a secure and private communication between the networks.
• Site-to-site VPN to connect the network of one office location to the
network at another office location
9
10. VPN
• A VPN can also be used to interconnect two similar networks over a
dissimilar intermediate network, such as two IPv6 networks connected
over an IPv4 network.
10
11. VPN systems
VPN systems may be classified by:
the tunneling protocol used to tunnel the traffic
the tunnel's termination point location, e.g., on the customer edge or
network-provider edge
the type of topology of connections, such as site-to-site or network-to-
network
the levels of security provided
the OSI layer they present to the connecting network, such as Layer 2
circuits or Layer 3 network connectivity
the number of simultaneous connections
11
12. VPN security model
VPNs typically allow only authenticated remote access using tunnelling
protocols and encryption techniques.
The VPN security model provides:
• confidentiality such that even if the network traffic is sniffed at the packet level
(see network sniffer and deep packet inspection), an attacker would see only encrypted
data
• sender authentication to prevent unauthorized users from accessing the VPN
• message integrity to detect any instances of tampering with transmitted messages.
12
14. Secure VPN protocols include the following:
• Internet Protocol Security (IPsec)
• Transport Layer Security (SSL/TLS)
• Datagram Transport Layer Security (DTLS)
• Microsoft Point-to-Point Encryption (MPPE)
• Microsoft Secure Socket Tunnelling Protocol (SSTP)
• Multi Path Virtual Private Network (MPVPN).
• Secure Shell (SSH) VPN
14
15. Vpn Authentication
• User-created remote-access VPNs may use passwords, biometrics, two-
factor authentication or other cryptographic methods
• Network-to-network tunnels often use passwords or digital certificates.
They permanently store the key to allow the tunnel to establish
automatically, without intervention from the administrator.
15
16. Vpn Routing
• Tunnelling protocols can operate in a point-to-point network topology that
would theoretically not be considered a VPN because a VPN by definition
is expected to support arbitrary and changing sets of network nodes
• But since most router implementations support a software-defined tunnel
interface, customer-provisioned VPNs often are simply defined tunnels
running conventional routing protocols
16
19. Ethernet over IP tunnelling:
• IP-only LAN-like service (IPLS)
• OSI Layer 3 PPVPN architectures
• BGP/MPLS PPVPN
• Virtual router PPVPN
19
20. Unencrypted tunnels
• Some virtual networks use tunneling protocols without encryption for
protecting the privacy of data. While VPNs often do provide security, an
unencrypted overlay network does not neatly fit within the secure or
trusted categorization. For example, a tunnel set up between two hosts
with Generic Routing Encapsulation (GRE) is a virtual private network but
is neither secure nor trusted.
20
21. Trusted delivery networks:
Trusted VPNs do not use cryptographic tunneling; instead they rely on the
security of a single provider's network to protect the traffic.
• Multi-Protocol Label Switching (MPLS) often overlays VPNs, often with quality-of-service
control over a trusted delivery network.
• L2TP which is a standards-based replacement, and a compromise taking the good features
from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F) (obsolete as
of 2009) and Microsoft's Point-to-Point Tunneling Protocol (PPTP).
21
22. VPN Legality
• Unapproved VPNs are reportedly illegal in China, as they can be used to
circumvent the Great Firewall.
• users with the right credentials can connect to this server using a VPN
client.
• There are many VPN clients out there on computers, mobile devices and
even routers. Windows, Android, iOS and macOS even come with a basic
VPN client in your device’s settings
22
23. How Does a VPN Guarantee My Privacy?
• That’s a valid concern – and the answer is that you can never be 100%
anonymous, even with a VPN.
23
24. No-Logs Policies
• It’s crucial to understand that privacy doesn’t equal anonymity, and there’s
a huge difference. No matter what, your VPN provider can view your
online activity. Unless it operates under a no-logs policy.
24
25. VPNs vs Proxy Servers
• A proxy server is a middle man that masks your IP address on the internet,
without doing anything to secure your data. If changing your IP address is
the only task you’re looking for, a proxy might be a good option.
• However, a VPN will change your IP address while also encrypting your
information. You can think of it as a two in one service.
amazing properties:
• It's fast.
• It's easy to take with you wherever you go.
• It's able to completely hide you from any other boats or submarines.
• It's dependable.
• It costs little to add additional submarines to your fleet once you've purchased the first
one.
25
26. • The following are dedicated VPN devices a business can add to its
network:
• VPN Concentrator — This device replaces an AAA server installed on a generic server. The
hardware and software work together to establish VPN tunnels and handle large numbers
of simultaneous connections.
• VPN-enabled/VPN-optimized Router — This is a typical router that delegates traffic on a
network, but with the added feature of routing traffic using protocols specific to VPNs.
• VPN-enabled Firewall — This is a conventional firewall protecting traffic between networks,
but with the added feature of managing traffic using protocols specific to VPNs.
• VPN Client — This is software running on a dedicated device that acts as the tunnel
interface for multiple connections. This setup spares each computer from having to run its
own VPN client software.
26
27. VPN
• A VPN is not able to set up security rules and restrict data packets from
entering your computer.
• A VPN is not able to protect your computer from malware.
27
29. Firewall (computing)
Firewall is hardware and/or software that is used for protection.
A firewall, simply explained, is a shield between the internal network (your
computer) and the external network (the internet).
Basically, a firewall is a barrier to
keep destructive forces away from
your property.
29
31. Proxy Servers and DMZ
• A function that is often combined with a firewall is a proxy server.
• DMZ (Demilitarized Zone) Setting up a DMZ is very easy. If you have
multiple computers, you can choose to simply place one of the computers
between the Internet connection and the firewall. Most of the software
firewalls available will allow you to designate a directory on the gateway
computer as a DMZ.
31
32. Firewall Category
• Firewalls are often categorized as either network firewalls or host-based
firewalls
• Network firewalls filter traffic between two or more networks and run on network
hardware.
• Host-based firewalls run on host computers and control network traffic in and out of those
machines.
32
33. Firewall Generation
First generation: packet filters
• The first reported type of network firewall is called a packet filter.
• Packet filters act by inspecting packets transferred between computers. When a
packet does not match the packet filter's set of filtering rules, the packet filter
either drops (silently discards) the packet, or rejects the packet (discards it and
generates an Internet Control Message Protocol notification for the sender) else
it is allowed to pass.
• Packets may be filtered by source and destination network addresses, protocol,
source and destination port numbers.
33
34. Second generation: stateful filters
• Second-generation firewalls perform the work of their first-generation
predecessors but also maintain knowledge of specific conversations between
endpoints by remembering which port number the two IP addresses are using at
layer 4 (transport layer) of the OSI model for their conversation, allowing
examination of the overall exchange between the nodes.
• This type of firewall is potentially vulnerable to denial-of-service attacks that
bombard the firewall with fake connections in an attempt to overwhelm the
firewall by filling its connection state memory.
34
35. • Third generation: application layer
• The key benefit of application layer filtering is that it can understand
certain applications and protocols (such as File Transfer
Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer
Protocol (HTTP)). This is useful as it is able to detect if an unwanted
application or service is attempting to bypass the firewall using a
disallowed protocol on an allowed port, or detect if a protocol is being
abused in any harmful way.
• As of 2012, the so-called next-generation firewall (NGFW) is a wider or
deeper inspection at the application layer. For example :
35
36. (cont.…’d)
• Intrusion prevention systems (IPS)
• User identity management integration (by binding user IDs to IP or MAC
addresses for "reputation")
• Web application firewall (WAF). WAF attacks may be implemented in the
tool "WAF Fingerprinting utilizing timing side channels" (WAFFle)
36
37. • Network layer or packet filters
• Network layer firewalls generally fall into two sub-categories, stateful and
stateless.
• Network layer firewalls, also called packet filters, operate at a relatively low
level of the TCP/IP stack, blocking packets unless they match the
established rule set. The firewall administrator may define the rules; or
default rules may apply.
37
38. • Application-layer
• Application-layer firewalls work on the application level of the TCP/IP stack (i.e.,
all browser traffic, or all telnet or FTP traffic), and may intercept all packets
traveling to or from an application.
• Application firewalls function by determining whether a process should accept
any given connection.
• Application firewalls work much like a packet filter but application filters apply
filtering rules (allow/block) on a per process basis instead of filtering connections
on a per port basis.
38
39. • Network address translation
• Firewalls often have such functionality to hide the true address of computer
which is connected to the network. Originally, the NAT function was developed
to address the limited number of IPv4 routable addresses that could be used or
assigned to companies or individuals as well as reduce both the amount and
therefore cost of obtaining enough public addresses for every computer in an
organization.
• Although NAT on its own is not considered a security feature, hiding the
addresses of protected devices has become an often used defence
against network reconnaissance.
39
40. • Great Firewall
• The Great Firewall of China (GFW) is the combination of legislative actions and
technologies enforced by the People's Republic of China to regulate
the Internet domestically. Its role in Internet censorship in China is to block
access to selected foreign websites and to slow down cross-border internet
traffic
• The effect includes: limiting access to foreign information sources, blocking
foreign internet tools (e.g. Google search, Facebook, Twitter, Wikipedia, and
others) and mobile apps, and requiring foreign companies to adapt to domestic
regulations
40
41. Great firewall systems assumptions
• IP range ban using Black holes
• DNS spoofing, filtering and redirection
• URL filtering using transparent proxies
• Quality of service filtering
• Packet forging and TCP reset attacks
• Man-in-the-middle attacks with TLS
• SMTP, IMAP4 and POP3 Filtering
41
42. VPN vs. Firewall
• A firewall allows you to configure how your computer communicates with
the web to prevent malicious files and hackers from compromising it.
• A VPN lets you secure your connection (not your computer) when you’re
on the Internet to make sure cybercriminals don’t monitor your Internet
traffic to steal your personal data (like credit card details and login
credentials).
42
43. VPN vs. Firewall (cont..’d)
• Unlike a firewall, a VPN doesn’t allow you to establish data packet and
network port restrictions on your computer. While some VPNs might
feature a Killswitch that cuts Internet access if the VPN connection fails,
that is not the same thing.
• Lastly, a firewall will not help you bypass geo-restrictions online. In fact,
firewalls can be used to enforce content restrictions like we just
mentioned.
43
44. VPN vs. Antivirus
• VPN will keep you safe when you’re on the Internet from hackers trying to
monitor your activities.
• An antivirus will keep your device safe by preventing malware or viruses
from infecting it, and by removing malicious files when necessary.
44
45. Firewall vs. Antivirus
• A firewall lets you configure how your computer communicates with the
Internet. For instance, you can have your firewall block certain websites
that are known to contain malicious content. Antivirus software, on the
other hand, is used for securing a device (be it a computer, laptop, or even
a USB stick) by scanning it for malware and computer viruses, and
deleting or quarantining any malicious files.
45
46. Advantages of VPN Services:
• A VPN Hides Your Online Identity
• VPNs Help You Bypass Geo-Blocks
• VPN Services Secure Your Online Connections
• Credit card details
• Bank account details
• Email login credentials
• A VPN Can Prevent Bandwidth Throttling
46
47. • VPNs Offer Secure Torrenting
• VPNs Can Bypass Firewalls
• VPNs Make Online Gaming Better
• VPNs Might Help You Avoid Online Price Discrimination
47
48. Disadvantages of VPN Services:
• VPNs Can Sometimes Slow Down Your Online Speeds
• Using the Wrong VPN Can Put Your Privacy in Danger
• Quality VPNs Will Cost Money
• Not All Devices Natively Support VPNs
• Using VPN Might Actually Be Illegal In Your Country
48
49. • The VPN Service Might Monitor Your Activity And Use Your Data
• It Might Be Difficult To Set Up For Business Users
• It Might Add More Cost To Your Network Connection
• Not Possible to Bypass All the Restrictions
• Your VPN Connection Can Suddenly Drop
• The Best VPNs Aren’t Free
49
50. Advantages of Using a Firewall
• A Company network or a home computer will have number of advantages
when using a firewall.
• They are more cost effective than securing each computer in the corporate
network since there are often only one or a few firewall systems to
concentrate on.
• There are some firewalls which are able to detect viruses, Trojans, worms
and spyware etc.
50
51. Disadvantages of Using a Firewall
• Even if a firewall helps in keeping the network safe from intruders, but if a
firewall is not used properly it would give a false impression to you that the
network is safe. The main disadvantage of a firewall is that it cannot
protect the network from attacks from the inside.
• They often cannot protect against an insider attack.
• Firewalls cannot protect a network or pc from viruses, Trojans, worms and
spyware which spread through flash drives, potable hard disk and floppy
etc.
51
52. Disadvantages of Using a Firewall(cont…’d)
• They may restrict authorized users from accessing valuable services.
• They do not protect against backdoor attacks.
• They cannot protect the network if someone uses a broadband modem to
access the internet.
52