SlideShare a Scribd company logo

VPN & FIREWALL

Download as PPTX, PDF
Moin Islam
Moin Islam

1) A VPN creates a secure connection over public networks to protect users' privacy and allow them to access blocked content. It works by extending a private network across the internet. 2) There are two main types of VPNs - remote access VPNs that allow users to remotely access a private network, and site-to-site VPNs that connect networks in different locations. 3) VPNs use encryption protocols like IPsec and SSL/TLS to securely tunnel traffic over the internet and authenticate users. This provides confidentiality, integrity, and sender authentication for VPN connections.

1 of 54
In General Life and Computer Science 1
VPN & FIREWALL Presented by : MD Moinul Islam 3-16120103 Instructor : Md. Bayazid Rahman Lecturer , NDUB 2
VPN 3 What is VPN ! Is it necessary ?
VPN • VPN stands for Virtual Private Network. • A virtual private network offers a higher degree of protection and privacy as you’re surfing the web, whether at home or outside. • A VPN creates a secure connection over public networks (such as the wi-fi in public transport, hotels, or your favorite café) as well as home networks. 4
• Not only do they provide better security for you and your devices, but they can also help you bypass censorship and access geographically blocked content on the internet from anywhere! • It lets you remotely connect to a private network. 5
VPN • A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. • Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection. 6
Types of VPN There are two basic VPN types : I. Remote Access VPN II. Site – to – Site VPN 7
Remote access VPN • Remote access VPN allows a user to connect to a private network and access its services and resources remotely. The connection between the user and the private network happens through the Internet and the connection is secure and private. Allow employees to access the company’s internet from outside the office. 8
Site-to-site VPN • Site-to-site VPNs allow collaborators in geographically disparate offices to share the same virtual network. • Basically, Site-to-site VPN create a virtual bridge between the networks at geographically distant offices and connect them through the Internet and maintain a secure and private communication between the networks. • Site-to-site VPN to connect the network of one office location to the network at another office location 9
VPN • A VPN can also be used to interconnect two similar networks over a dissimilar intermediate network, such as two IPv6 networks connected over an IPv4 network. 10
VPN systems VPN systems may be classified by:  the tunneling protocol used to tunnel the traffic  the tunnel's termination point location, e.g., on the customer edge or network-provider edge  the type of topology of connections, such as site-to-site or network-to- network  the levels of security provided  the OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity  the number of simultaneous connections 11
VPN security model VPNs typically allow only authenticated remote access using tunnelling protocols and encryption techniques. The VPN security model provides: • confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and deep packet inspection), an attacker would see only encrypted data • sender authentication to prevent unauthorized users from accessing the VPN • message integrity to detect any instances of tampering with transmitted messages. 12
Network steps 13
Secure VPN protocols include the following: • Internet Protocol Security (IPsec) • Transport Layer Security (SSL/TLS) • Datagram Transport Layer Security (DTLS) • Microsoft Point-to-Point Encryption (MPPE) • Microsoft Secure Socket Tunnelling Protocol (SSTP) • Multi Path Virtual Private Network (MPVPN). • Secure Shell (SSH) VPN 14
Vpn Authentication • User-created remote-access VPNs may use passwords, biometrics, two- factor authentication or other cryptographic methods • Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator. 15
Vpn Routing • Tunnelling protocols can operate in a point-to-point network topology that would theoretically not be considered a VPN because a VPN by definition is expected to support arbitrary and changing sets of network nodes • But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols 16
• Provider-provisioned VPN building-blocks • Customer (C) devices • Customer Edge device (CE) • Provider edge device (PE) • Provider device (P) 17
User-visible PPVPN services: • Virtual LAN • Virtual private LAN service (VPLS) • Pseudo wire (PW) 18
Ethernet over IP tunnelling: • IP-only LAN-like service (IPLS) • OSI Layer 3 PPVPN architectures • BGP/MPLS PPVPN • Virtual router PPVPN 19
Unencrypted tunnels • Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization. For example, a tunnel set up between two hosts with Generic Routing Encapsulation (GRE) is a virtual private network but is neither secure nor trusted. 20
Trusted delivery networks: Trusted VPNs do not use cryptographic tunneling; instead they rely on the security of a single provider's network to protect the traffic. • Multi-Protocol Label Switching (MPLS) often overlays VPNs, often with quality-of-service control over a trusted delivery network. • L2TP which is a standards-based replacement, and a compromise taking the good features from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F) (obsolete as of 2009) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). 21
VPN Legality • Unapproved VPNs are reportedly illegal in China, as they can be used to circumvent the Great Firewall. • users with the right credentials can connect to this server using a VPN client. • There are many VPN clients out there on computers, mobile devices and even routers. Windows, Android, iOS and macOS even come with a basic VPN client in your device’s settings 22
How Does a VPN Guarantee My Privacy? • That’s a valid concern – and the answer is that you can never be 100% anonymous, even with a VPN. 23
No-Logs Policies • It’s crucial to understand that privacy doesn’t equal anonymity, and there’s a huge difference. No matter what, your VPN provider can view your online activity. Unless it operates under a no-logs policy. 24
VPNs vs Proxy Servers • A proxy server is a middle man that masks your IP address on the internet, without doing anything to secure your data. If changing your IP address is the only task you’re looking for, a proxy might be a good option. • However, a VPN will change your IP address while also encrypting your information. You can think of it as a two in one service. amazing properties: • It's fast. • It's easy to take with you wherever you go. • It's able to completely hide you from any other boats or submarines. • It's dependable. • It costs little to add additional submarines to your fleet once you've purchased the first one. 25
• The following are dedicated VPN devices a business can add to its network: • VPN Concentrator — This device replaces an AAA server installed on a generic server. The hardware and software work together to establish VPN tunnels and handle large numbers of simultaneous connections. • VPN-enabled/VPN-optimized Router — This is a typical router that delegates traffic on a network, but with the added feature of routing traffic using protocols specific to VPNs. • VPN-enabled Firewall — This is a conventional firewall protecting traffic between networks, but with the added feature of managing traffic using protocols specific to VPNs. • VPN Client — This is software running on a dedicated device that acts as the tunnel interface for multiple connections. This setup spares each computer from having to run its own VPN client software. 26
VPN • A VPN is not able to set up security rules and restrict data packets from entering your computer. • A VPN is not able to protect your computer from malware. 27
Firewall 28
Firewall (computing) Firewall is hardware and/or software that is used for protection. A firewall, simply explained, is a shield between the internal network (your computer) and the external network (the internet). Basically, a firewall is a barrier to keep destructive forces away from your property. 29
Why Firewall Security? • Remote login • Application backdoors • SMTP session hijacking • Operating system bugs • Denial of service • E-mail bombs • Macros • Viruses • Spam • Redirect bombs • Source routing 30
Proxy Servers and DMZ • A function that is often combined with a firewall is a proxy server. • DMZ (Demilitarized Zone) Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ. 31
Firewall Category • Firewalls are often categorized as either network firewalls or host-based firewalls • Network firewalls filter traffic between two or more networks and run on network hardware. • Host-based firewalls run on host computers and control network traffic in and out of those machines. 32
Firewall Generation First generation: packet filters • The first reported type of network firewall is called a packet filter. • Packet filters act by inspecting packets transferred between computers. When a packet does not match the packet filter's set of filtering rules, the packet filter either drops (silently discards) the packet, or rejects the packet (discards it and generates an Internet Control Message Protocol notification for the sender) else it is allowed to pass. • Packets may be filtered by source and destination network addresses, protocol, source and destination port numbers. 33
Second generation: stateful filters • Second-generation firewalls perform the work of their first-generation predecessors but also maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses are using at layer 4 (transport layer) of the OSI model for their conversation, allowing examination of the overall exchange between the nodes. • This type of firewall is potentially vulnerable to denial-of-service attacks that bombard the firewall with fake connections in an attempt to overwhelm the firewall by filling its connection state memory. 34
• Third generation: application layer • The key benefit of application layer filtering is that it can understand certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted application or service is attempting to bypass the firewall using a disallowed protocol on an allowed port, or detect if a protocol is being abused in any harmful way. • As of 2012, the so-called next-generation firewall (NGFW) is a wider or deeper inspection at the application layer. For example : 35
(cont.…’d) • Intrusion prevention systems (IPS) • User identity management integration (by binding user IDs to IP or MAC addresses for "reputation") • Web application firewall (WAF). WAF attacks may be implemented in the tool "WAF Fingerprinting utilizing timing side channels" (WAFFle) 36
• Network layer or packet filters • Network layer firewalls generally fall into two sub-categories, stateful and stateless. • Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP stack, blocking packets unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. 37
• Application-layer • Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or FTP traffic), and may intercept all packets traveling to or from an application. • Application firewalls function by determining whether a process should accept any given connection. • Application firewalls work much like a packet filter but application filters apply filtering rules (allow/block) on a per process basis instead of filtering connections on a per port basis. 38
• Network address translation • Firewalls often have such functionality to hide the true address of computer which is connected to the network. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. • Although NAT on its own is not considered a security feature, hiding the addresses of protected devices has become an often used defence against network reconnaissance. 39
• Great Firewall • The Great Firewall of China (GFW) is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in Internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic • The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google search, Facebook, Twitter, Wikipedia, and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations 40
Great firewall systems assumptions • IP range ban using Black holes • DNS spoofing, filtering and redirection • URL filtering using transparent proxies • Quality of service filtering • Packet forging and TCP reset attacks • Man-in-the-middle attacks with TLS • SMTP, IMAP4 and POP3 Filtering 41
VPN vs. Firewall • A firewall allows you to configure how your computer communicates with the web to prevent malicious files and hackers from compromising it. • A VPN lets you secure your connection (not your computer) when you’re on the Internet to make sure cybercriminals don’t monitor your Internet traffic to steal your personal data (like credit card details and login credentials). 42
VPN vs. Firewall (cont..’d) • Unlike a firewall, a VPN doesn’t allow you to establish data packet and network port restrictions on your computer. While some VPNs might feature a Killswitch that cuts Internet access if the VPN connection fails, that is not the same thing. • Lastly, a firewall will not help you bypass geo-restrictions online. In fact, firewalls can be used to enforce content restrictions like we just mentioned. 43
VPN vs. Antivirus • VPN will keep you safe when you’re on the Internet from hackers trying to monitor your activities. • An antivirus will keep your device safe by preventing malware or viruses from infecting it, and by removing malicious files when necessary. 44
Firewall vs. Antivirus • A firewall lets you configure how your computer communicates with the Internet. For instance, you can have your firewall block certain websites that are known to contain malicious content. Antivirus software, on the other hand, is used for securing a device (be it a computer, laptop, or even a USB stick) by scanning it for malware and computer viruses, and deleting or quarantining any malicious files. 45
Advantages of VPN Services: • A VPN Hides Your Online Identity • VPNs Help You Bypass Geo-Blocks • VPN Services Secure Your Online Connections • Credit card details • Bank account details • Email login credentials • A VPN Can Prevent Bandwidth Throttling 46
• VPNs Offer Secure Torrenting • VPNs Can Bypass Firewalls • VPNs Make Online Gaming Better • VPNs Might Help You Avoid Online Price Discrimination 47
Disadvantages of VPN Services: • VPNs Can Sometimes Slow Down Your Online Speeds • Using the Wrong VPN Can Put Your Privacy in Danger • Quality VPNs Will Cost Money • Not All Devices Natively Support VPNs • Using VPN Might Actually Be Illegal In Your Country 48
• The VPN Service Might Monitor Your Activity And Use Your Data • It Might Be Difficult To Set Up For Business Users • It Might Add More Cost To Your Network Connection • Not Possible to Bypass All the Restrictions • Your VPN Connection Can Suddenly Drop • The Best VPNs Aren’t Free 49
Advantages of Using a Firewall • A Company network or a home computer will have number of advantages when using a firewall. • They are more cost effective than securing each computer in the corporate network since there are often only one or a few firewall systems to concentrate on. • There are some firewalls which are able to detect viruses, Trojans, worms and spyware etc. 50
Disadvantages of Using a Firewall • Even if a firewall helps in keeping the network safe from intruders, but if a firewall is not used properly it would give a false impression to you that the network is safe. The main disadvantage of a firewall is that it cannot protect the network from attacks from the inside. • They often cannot protect against an insider attack. • Firewalls cannot protect a network or pc from viruses, Trojans, worms and spyware which spread through flash drives, potable hard disk and floppy etc. 51
Disadvantages of Using a Firewall(cont…’d) • They may restrict authorized users from accessing valuable services. • They do not protect against backdoor attacks. • They cannot protect the network if someone uses a broadband modem to access the internet. 52
ANY QUESTIONS ? 53
THANKS 54

Recommended

Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpn
Joseph Sebastian
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)
Avinash Nath
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
Netwax Lab
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
 

Recommended

Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpn
Joseph Sebastian
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)
Avinash Nath
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
Netwax Lab
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)
sonalikasingh15
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
cyber security notes
cyber security notescyber security notes
cyber security notes
SHIKHAJAIN163
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Kuldeep Padhiyar
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Network Security
Network SecurityNetwork Security
Network SecuritySayantan Sur
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Network Security
Network SecurityNetwork Security
Network Security
forpalmigho
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
HASHIR RAZA
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpnShradha Maheshwari
 

More Related Content

What's hot

Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)
sonalikasingh15
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
cyber security notes
cyber security notescyber security notes
cyber security notes
SHIKHAJAIN163
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Kuldeep Padhiyar
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Network Security
Network SecurityNetwork Security
Network Security
forpalmigho
 

What's hot (20)

Dmz
Dmz Dmz
Dmz
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
 
Virtual private network(vpn)
Virtual private network(vpn)Virtual private network(vpn)
Virtual private network(vpn)
 
Network security
Network security Network security
Network security
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
Firewall
FirewallFirewall
Firewall
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Network Security
Network SecurityNetwork Security
Network Security
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Network Security
Network SecurityNetwork Security
Network Security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network Security
Network SecurityNetwork Security
Network Security
 

Similar to VPN & FIREWALL

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
HASHIR RAZA
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
@zenafaris91
 
Vpn
VpnVpn
Vpn
Kajal Thakkar
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Richa Singh
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
Shreyank Gupta
 
Network Concepts
Network ConceptsNetwork Concepts
Network Concepts
Rajamanickam Gomathijayam
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
Swarup Kumar Mall
 
MVA slides lesson 8
MVA slides lesson 8MVA slides lesson 8
MVA slides lesson 8
Fabio Almeida- Oficina Eletrônica
 
98 366 mva slides lesson 8
98 366 mva slides lesson 898 366 mva slides lesson 8
98 366 mva slides lesson 8
suddenven
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
earleanp
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual Networks
Nicole Gomez
 

Similar to VPN & FIREWALL (20)

Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Vpn
VpnVpn
Vpn
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
VPN
VPN VPN
VPN
 
The vpn
The vpnThe vpn
The vpn
 
Network Concepts
Network ConceptsNetwork Concepts
Network Concepts
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
MVA slides lesson 8
MVA slides lesson 8MVA slides lesson 8
MVA slides lesson 8
 
98 366 mva slides lesson 8
98 366 mva slides lesson 898 366 mva slides lesson 8
98 366 mva slides lesson 8
 
Describe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docxDescribe the major types of VPNs and technologies- protocols- and serv.docx
Describe the major types of VPNs and technologies- protocols- and serv.docx
 
Lan Virtual Networks
Lan Virtual NetworksLan Virtual Networks
Lan Virtual Networks
 
V P N
V P NV P N
V P N
 

Recently uploaded

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 

Recently uploaded (20)

DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 

VPN & FIREWALL

  • 1. In General Life and Computer Science 1
  • 2. VPN & FIREWALL Presented by : MD Moinul Islam 3-16120103 Instructor : Md. Bayazid Rahman Lecturer , NDUB 2
  • 3. VPN 3 What is VPN ! Is it necessary ?
  • 4. VPN • VPN stands for Virtual Private Network. • A virtual private network offers a higher degree of protection and privacy as you’re surfing the web, whether at home or outside. • A VPN creates a secure connection over public networks (such as the wi-fi in public transport, hotels, or your favorite café) as well as home networks. 4
  • 5. • Not only do they provide better security for you and your devices, but they can also help you bypass censorship and access geographically blocked content on the internet from anywhere! • It lets you remotely connect to a private network. 5
  • 6. VPN • A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. • Applications running on a computing device, e.g., a laptop, desktop, smartphone, across a VPN may therefore benefit from the functionality, security, and management of the private network. Encryption is a common, though not an inherent, part of a VPN connection. 6
  • 7. Types of VPN There are two basic VPN types : I. Remote Access VPN II. Site – to – Site VPN 7
  • 8. Remote access VPN • Remote access VPN allows a user to connect to a private network and access its services and resources remotely. The connection between the user and the private network happens through the Internet and the connection is secure and private. Allow employees to access the company’s internet from outside the office. 8
  • 9. Site-to-site VPN • Site-to-site VPNs allow collaborators in geographically disparate offices to share the same virtual network. • Basically, Site-to-site VPN create a virtual bridge between the networks at geographically distant offices and connect them through the Internet and maintain a secure and private communication between the networks. • Site-to-site VPN to connect the network of one office location to the network at another office location 9
  • 10. VPN • A VPN can also be used to interconnect two similar networks over a dissimilar intermediate network, such as two IPv6 networks connected over an IPv4 network. 10
  • 11. VPN systems VPN systems may be classified by:  the tunneling protocol used to tunnel the traffic  the tunnel's termination point location, e.g., on the customer edge or network-provider edge  the type of topology of connections, such as site-to-site or network-to- network  the levels of security provided  the OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity  the number of simultaneous connections 11
  • 12. VPN security model VPNs typically allow only authenticated remote access using tunnelling protocols and encryption techniques. The VPN security model provides: • confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and deep packet inspection), an attacker would see only encrypted data • sender authentication to prevent unauthorized users from accessing the VPN • message integrity to detect any instances of tampering with transmitted messages. 12
  • 14. Secure VPN protocols include the following: • Internet Protocol Security (IPsec) • Transport Layer Security (SSL/TLS) • Datagram Transport Layer Security (DTLS) • Microsoft Point-to-Point Encryption (MPPE) • Microsoft Secure Socket Tunnelling Protocol (SSTP) • Multi Path Virtual Private Network (MPVPN). • Secure Shell (SSH) VPN 14
  • 15. Vpn Authentication • User-created remote-access VPNs may use passwords, biometrics, two- factor authentication or other cryptographic methods • Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator. 15
  • 16. Vpn Routing • Tunnelling protocols can operate in a point-to-point network topology that would theoretically not be considered a VPN because a VPN by definition is expected to support arbitrary and changing sets of network nodes • But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols 16
  • 17. • Provider-provisioned VPN building-blocks • Customer (C) devices • Customer Edge device (CE) • Provider edge device (PE) • Provider device (P) 17
  • 18. User-visible PPVPN services: • Virtual LAN • Virtual private LAN service (VPLS) • Pseudo wire (PW) 18
  • 19. Ethernet over IP tunnelling: • IP-only LAN-like service (IPLS) • OSI Layer 3 PPVPN architectures • BGP/MPLS PPVPN • Virtual router PPVPN 19
  • 20. Unencrypted tunnels • Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization. For example, a tunnel set up between two hosts with Generic Routing Encapsulation (GRE) is a virtual private network but is neither secure nor trusted. 20
  • 21. Trusted delivery networks: Trusted VPNs do not use cryptographic tunneling; instead they rely on the security of a single provider's network to protect the traffic. • Multi-Protocol Label Switching (MPLS) often overlays VPNs, often with quality-of-service control over a trusted delivery network. • L2TP which is a standards-based replacement, and a compromise taking the good features from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F) (obsolete as of 2009) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). 21
  • 22. VPN Legality • Unapproved VPNs are reportedly illegal in China, as they can be used to circumvent the Great Firewall. • users with the right credentials can connect to this server using a VPN client. • There are many VPN clients out there on computers, mobile devices and even routers. Windows, Android, iOS and macOS even come with a basic VPN client in your device’s settings 22
  • 23. How Does a VPN Guarantee My Privacy? • That’s a valid concern – and the answer is that you can never be 100% anonymous, even with a VPN. 23
  • 24. No-Logs Policies • It’s crucial to understand that privacy doesn’t equal anonymity, and there’s a huge difference. No matter what, your VPN provider can view your online activity. Unless it operates under a no-logs policy. 24
  • 25. VPNs vs Proxy Servers • A proxy server is a middle man that masks your IP address on the internet, without doing anything to secure your data. If changing your IP address is the only task you’re looking for, a proxy might be a good option. • However, a VPN will change your IP address while also encrypting your information. You can think of it as a two in one service. amazing properties: • It's fast. • It's easy to take with you wherever you go. • It's able to completely hide you from any other boats or submarines. • It's dependable. • It costs little to add additional submarines to your fleet once you've purchased the first one. 25
  • 26. • The following are dedicated VPN devices a business can add to its network: • VPN Concentrator — This device replaces an AAA server installed on a generic server. The hardware and software work together to establish VPN tunnels and handle large numbers of simultaneous connections. • VPN-enabled/VPN-optimized Router — This is a typical router that delegates traffic on a network, but with the added feature of routing traffic using protocols specific to VPNs. • VPN-enabled Firewall — This is a conventional firewall protecting traffic between networks, but with the added feature of managing traffic using protocols specific to VPNs. • VPN Client — This is software running on a dedicated device that acts as the tunnel interface for multiple connections. This setup spares each computer from having to run its own VPN client software. 26
  • 27. VPN • A VPN is not able to set up security rules and restrict data packets from entering your computer. • A VPN is not able to protect your computer from malware. 27
  • 29. Firewall (computing) Firewall is hardware and/or software that is used for protection. A firewall, simply explained, is a shield between the internal network (your computer) and the external network (the internet). Basically, a firewall is a barrier to keep destructive forces away from your property. 29
  • 30. Why Firewall Security? • Remote login • Application backdoors • SMTP session hijacking • Operating system bugs • Denial of service • E-mail bombs • Macros • Viruses • Spam • Redirect bombs • Source routing 30
  • 31. Proxy Servers and DMZ • A function that is often combined with a firewall is a proxy server. • DMZ (Demilitarized Zone) Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ. 31
  • 32. Firewall Category • Firewalls are often categorized as either network firewalls or host-based firewalls • Network firewalls filter traffic between two or more networks and run on network hardware. • Host-based firewalls run on host computers and control network traffic in and out of those machines. 32
  • 33. Firewall Generation First generation: packet filters • The first reported type of network firewall is called a packet filter. • Packet filters act by inspecting packets transferred between computers. When a packet does not match the packet filter's set of filtering rules, the packet filter either drops (silently discards) the packet, or rejects the packet (discards it and generates an Internet Control Message Protocol notification for the sender) else it is allowed to pass. • Packets may be filtered by source and destination network addresses, protocol, source and destination port numbers. 33
  • 34. Second generation: stateful filters • Second-generation firewalls perform the work of their first-generation predecessors but also maintain knowledge of specific conversations between endpoints by remembering which port number the two IP addresses are using at layer 4 (transport layer) of the OSI model for their conversation, allowing examination of the overall exchange between the nodes. • This type of firewall is potentially vulnerable to denial-of-service attacks that bombard the firewall with fake connections in an attempt to overwhelm the firewall by filling its connection state memory. 34
  • 35. • Third generation: application layer • The key benefit of application layer filtering is that it can understand certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted application or service is attempting to bypass the firewall using a disallowed protocol on an allowed port, or detect if a protocol is being abused in any harmful way. • As of 2012, the so-called next-generation firewall (NGFW) is a wider or deeper inspection at the application layer. For example : 35
  • 36. (cont.…’d) • Intrusion prevention systems (IPS) • User identity management integration (by binding user IDs to IP or MAC addresses for "reputation") • Web application firewall (WAF). WAF attacks may be implemented in the tool "WAF Fingerprinting utilizing timing side channels" (WAFFle) 36
  • 37. • Network layer or packet filters • Network layer firewalls generally fall into two sub-categories, stateful and stateless. • Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP stack, blocking packets unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. 37
  • 38. • Application-layer • Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or FTP traffic), and may intercept all packets traveling to or from an application. • Application firewalls function by determining whether a process should accept any given connection. • Application firewalls work much like a packet filter but application filters apply filtering rules (allow/block) on a per process basis instead of filtering connections on a per port basis. 38
  • 39. • Network address translation • Firewalls often have such functionality to hide the true address of computer which is connected to the network. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. • Although NAT on its own is not considered a security feature, hiding the addresses of protected devices has become an often used defence against network reconnaissance. 39
  • 40. • Great Firewall • The Great Firewall of China (GFW) is the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically. Its role in Internet censorship in China is to block access to selected foreign websites and to slow down cross-border internet traffic • The effect includes: limiting access to foreign information sources, blocking foreign internet tools (e.g. Google search, Facebook, Twitter, Wikipedia, and others) and mobile apps, and requiring foreign companies to adapt to domestic regulations 40
  • 41. Great firewall systems assumptions • IP range ban using Black holes • DNS spoofing, filtering and redirection • URL filtering using transparent proxies • Quality of service filtering • Packet forging and TCP reset attacks • Man-in-the-middle attacks with TLS • SMTP, IMAP4 and POP3 Filtering 41
  • 42. VPN vs. Firewall • A firewall allows you to configure how your computer communicates with the web to prevent malicious files and hackers from compromising it. • A VPN lets you secure your connection (not your computer) when you’re on the Internet to make sure cybercriminals don’t monitor your Internet traffic to steal your personal data (like credit card details and login credentials). 42
  • 43. VPN vs. Firewall (cont..’d) • Unlike a firewall, a VPN doesn’t allow you to establish data packet and network port restrictions on your computer. While some VPNs might feature a Killswitch that cuts Internet access if the VPN connection fails, that is not the same thing. • Lastly, a firewall will not help you bypass geo-restrictions online. In fact, firewalls can be used to enforce content restrictions like we just mentioned. 43
  • 44. VPN vs. Antivirus • VPN will keep you safe when you’re on the Internet from hackers trying to monitor your activities. • An antivirus will keep your device safe by preventing malware or viruses from infecting it, and by removing malicious files when necessary. 44
  • 45. Firewall vs. Antivirus • A firewall lets you configure how your computer communicates with the Internet. For instance, you can have your firewall block certain websites that are known to contain malicious content. Antivirus software, on the other hand, is used for securing a device (be it a computer, laptop, or even a USB stick) by scanning it for malware and computer viruses, and deleting or quarantining any malicious files. 45
  • 46. Advantages of VPN Services: • A VPN Hides Your Online Identity • VPNs Help You Bypass Geo-Blocks • VPN Services Secure Your Online Connections • Credit card details • Bank account details • Email login credentials • A VPN Can Prevent Bandwidth Throttling 46
  • 47. • VPNs Offer Secure Torrenting • VPNs Can Bypass Firewalls • VPNs Make Online Gaming Better • VPNs Might Help You Avoid Online Price Discrimination 47
  • 48. Disadvantages of VPN Services: • VPNs Can Sometimes Slow Down Your Online Speeds • Using the Wrong VPN Can Put Your Privacy in Danger • Quality VPNs Will Cost Money • Not All Devices Natively Support VPNs • Using VPN Might Actually Be Illegal In Your Country 48
  • 49. • The VPN Service Might Monitor Your Activity And Use Your Data • It Might Be Difficult To Set Up For Business Users • It Might Add More Cost To Your Network Connection • Not Possible to Bypass All the Restrictions • Your VPN Connection Can Suddenly Drop • The Best VPNs Aren’t Free 49
  • 50. Advantages of Using a Firewall • A Company network or a home computer will have number of advantages when using a firewall. • They are more cost effective than securing each computer in the corporate network since there are often only one or a few firewall systems to concentrate on. • There are some firewalls which are able to detect viruses, Trojans, worms and spyware etc. 50
  • 51. Disadvantages of Using a Firewall • Even if a firewall helps in keeping the network safe from intruders, but if a firewall is not used properly it would give a false impression to you that the network is safe. The main disadvantage of a firewall is that it cannot protect the network from attacks from the inside. • They often cannot protect against an insider attack. • Firewalls cannot protect a network or pc from viruses, Trojans, worms and spyware which spread through flash drives, potable hard disk and floppy etc. 51
  • 52. Disadvantages of Using a Firewall(cont…’d) • They may restrict authorized users from accessing valuable services. • They do not protect against backdoor attacks. • They cannot protect the network if someone uses a broadband modem to access the internet. 52