Vie cw Frrewalt & “Inmusion deiection gin tay es > From_di i ey “ “puvate dafa~ ceseuyoos “et ‘ jlo - loyte fo Cléress oulside reso, il) tantra the Qu#side esouy cat nizations employees ase aucessing." — os SSeS ge oes Fea = < I aS 4 ! 1) Packet_filtes 2) stated packet filtea )-Applicalian Gateway A) Circuit osteo). all firewall to a _ MN ee 1) Packet: Filter : IX “me ea + Fig—Paucker « filsen.ng tollbem. sequrity Peatmeler. 1 1 7] fo 7 GET> filewation cules are based on} ~ — OF neluiork packed. Steen J j| Sialelul Packet fillen lay S¥4lem . — Source’ tp address + ste fp address of x i nee sabe arm tho ganeander TP pockets, a 4 the 12" Packed wey Sealy nas ns s (reate “ pessieation Yp Addroas 2. 3° address of oih,~—1 —1 . sin & ___Syssdin where the Sp patos —~L 4 a paying fo oredcle |» as [Source 2 destinadion drra0s post ~Leve hdd 03s | —“peliker Te 2 IRC ox ae aaa Sea ___Fire sranspos!- fevel_poat numbed =rCP} upp + pplication Gateway + . | 4o. detine “application Such 13 SNMP ete, od . “APP! wong __ [rp protec! field) + St Jells ‘the! tsanspost proig, | z po ee ide i Or _moxe_pords - z a Hs ; ——,+he_packet came =faom Ox whith’ inted-farce | —— patked ts__designed far. |= ace = a = buthen the. sea provides’ oll inlogmection Jike 4 GQ Nalid wer 2D & authentica Hon: information | ——] the gatewoy- contacts the appl cakion 01. emo | — | ~ host Aig Te eis. ening a” a ion) Wil aenn —4pPlication deta —belweor tne Huo endpolnis |__| nections. Up Hoo “Tep = teis very ead} 4o_quditos logs al intamtag drag, eo [One between TCP user on ad ionex hag eee = r Gateway eae +T4+_has_high secum'ty 4 pAitering WG. One “-bounben a aaie = : Teta fea 40 Scourisiae a fa “0 -an_Outside het er ounBle_applicadion: | Teint} sump port nam hea those Ger usec bt A. Octackee —_.__+——_—_ Tignen it _toight be exploited atten me tine ugitouk your: enosaleclges ina: A. ae eae |‘OMT P- SWopre PesaneReT. for DNe — Domain Name ystems ’ Sst - ature Coker Shell 7 fee poptocol . Foke = Reet. Ai kee proto! Fhe wll Tule sed & “eiljouns FETT P , ETP 1 SSH:_DNS__proten 40 Communicate trom Loremnal _Nebudoet bo Loten —_® Prrewey aslous 771e!_.potocol cto _—Cashmun} 1) somyer sfapmn any ober fase ier sate & DNS Panne) +o ay ER mai\ Server to. \nternes i Ses =o a ee wall alos only eply -packetsen 2. Totermal wenpomk | Firewas con lock every Oso . ae Fig-~ Single Horied! Gassion Consigurqtion 2 A frewalk: $e as Combjrasion ost | ____-parket filtee 2. application Level gateway { Based on these, these ore three =Wypea of Configuration ’ fox _the application goeway , by_exoi Udestination address tiole| ey each es TTT packer. a i! | _& Ap_dpplication level Gateway feuforms autbentiatn t Has well ox pyoxy Fundion. 4 GF the Neksdoak test Packet 4 —|-+$=—1o.pp : |} 10-211 proufdes_fleibility: to the ebunesk: admin —_| 40 detine more security polities. =the 4ireurd\)_consigurasi z . advantage + Internal Uses Oxe— connetted 1 O_facket fitter Routen 8 cfipplication Level fraeu | 40 the application’ Bee O8_wellas patket —eee 0 i = eo _router- 90, cny how» the packet =f packer filten: woutea will ensure phat the Her Ts_ostecked_, dhen Pe. tohale internal Ancoraiines ‘tnorttie Ys ditauwedl ply Bl Gi is 3 exwoenk fs exposed] to. -the_lackea“as eras: Firewall, Dual aie 7 “The direct Connections bewween_ thet inlemal A St : Toes 2 packer filters. are provided . | a | = Here packet filtes_Connetts only t0_cipplicadi.. 4 a | —-gosenno uF park ‘Chor f “quctesstully | | APplical | Qhacked’_,fhen_only application _gaseinay Rs _Nisibie. to the oat ia cal a ts Hale z/ es [pares 7 pet ae ened Subnet Cinewalt 4 Limitation ns of Firewa = £ Begone panied aqcins 2 ariacks tak bypass r Hdloesn'+ protect against i insides threads Like Hnnicendly- tooptanses tbh aa edeera— 19a ins} the franstea of virus abl ia pal ajo ln al US ee a _ ea} ie ; -s — - * Sz Chem uariced zone) pamsion Deieition Nustem ( = tht sa a the process of fp, te etal Tee cthem fou. pessihle reals 8 Viclation of Std- Secusit} pradics. burglna_allasm Incase es? _jateusion LDS! system will’ _poovide. Some. type of - worming 6x ceed. - oo - 4 pS ore Mainly divided. into joo calagenies tf depending on_menisaring _adividd —f to Host Based tps __@ Norwsovk based Ds ponenss OP TDS— a _ = \ysis _( sew _ re - ce 7 snextace - —Collector ~The job OF tea rele Colledioy used to Collec? the ceivity Or evens, Prom _sp$ fes_-examinotion -—_— Host based IDs.-_the events Gm be. bog: Fite, audit }oq4_0%- charric coming 008 leaving . [aati fan F i _specific System At) es ep es | = Hj based IDs ~ “the events can -be_mechanis, ai ‘fox copying teaLetic of netwook fink.” LS) Analysts“ Enginet= Se examines the collecte: __ peknosk “toartic & compares tt to Kngwy eal Posten of suspicious oe malicious aciiNi-ty __=-These_maticious attvities Ove Stesea! In _sPanatine aa —— St ais... | hela < — = s {'Cxitical_) ; ; ee $8 ti = aes | danse | poor Analysis rot C On the Ernlenia bE =e t [ae : flax Gs frpoxt) Components of Fost bosed 0s. dadabel se “This examines activity'eo individual System Tike The analysis engine att like boaia of abe. es _. al moai| Seoves ; web Server Oo idual pe» the new Yensjon_of HIOs opemading 10 © Signature database: q¥*the collecHan oF patie “basen made.1 looking fea. suspicious activi ty =Ondn _|__& definasions Of known _Suspicioug adi dtu 7 hously ox daily basis: Deer DS. Es lating tax c@vioin activites ila fit |@ Logins atodd thouss____— fe Uses gnterrace ot Repoating = Ft's_job sto | ponitidle inteaface uaith “the human. elecen's __ & patnide aleat toheneven mequined — Becauss —0r_this_Useas Can jotenack awit & opecote aS * a |®@ {ogin ausheniication “failure poe | ding _ne0_Usew Ale. — ___— edi Atation or access critical ttle Syotem_.—§ | 2 M | " IG_ modweication as semoval ot binaxy files ©) Stet 2 Step process ——_— Cephin a.clvitie ty | —— Dos _atiack @_ Poet Sean + — © =rejan _honse_ +IMIS2e% 2 (Homme a Nulnennbility. scanning: 2 —| aatomagea ie | Ont Sao ban Pate 5 a P Lewes_tost Fox deploy : ic nes 125 nal Hat inti —Jokacall Deb sork (Tunneling " @)- Route < teueeulesh > J Og Site 8) Deo's know the adi [Pe Honey pops = ane 4 t devectiod tech no! eed Seas +— 7 A_honeypot fe. a “Computes system ond ——llushieh fs specially Seb up “to gasack & yea" p-—;People_wwho C72 _o.emp3ing | 40 ‘penetrate [ther _caitical system i eee p——SHHoney ‘pot are destyned = ~——j4--To_pumpasely ‘divest hackems fron a jevensing Critical eystem. (42: Te Tdentity ‘mafitious activities joeoeand| DOR cossiogidocres nates * sie 5 P4810 engage the atatkes foo longeo Me — an. he ua) [ [| DR advantages Le {—1@ Theffedive cohen: Ama fFi¢ is eneayptedl: J I@® shourd thandie high Volumes of toaftic Hyon the hosts . +_Inndvettions_jn, TAtusion YON System for qelmin 1724pQD Research thon; Ng ditferens plescinonks. t ame COncjdeaed GL aN effective Melhod +o Asack hackea b@hayiour &highten dhe. CAfectivenees of cénipuden Security ool. a) Nulnewabilily fesese ment — Th ie examining { cthe state of netwosk Security + Data abous pen Pors , S}w package sunning , Nlwo +epalogy etc» ae allocaled & priovitized the lisd of Vulnemabilities . T+ Need be updated vegulsrly +0 handle w ctheedts to security. . In many Organization ; they keep -the ‘rack Te geunsy Vulnerabilities & list oF = | Ovaitabte patches. T rhda T rT] Honey pot lindo . -H, NM Psuse Deletion &— Misuse detection looks Foo Paver of Ni lAsurefe o7 atiivity Log lee that cit Suspidous 19+ Ps. king.o0 as aHeck 1 tee, chats Cigna. Attack. Signeduse May Consain um wh iogn seeitie! host , bits In FP adelvess 4. Production | - | of burres oveoflow asjack, “TCP SYN packet uation Honeypot = Used by companfes L_| ag _sin_floading ectiaek. - . (o-opemations forthe puspose of spesearching LL Fox _monijering the systern., EDs can cheek he aims ef hackew ave diverting @ - foe Miigading the isk of atacks on Ovecoblmuoals Poodee RI! Honey pore. There ore Awe diFfepen} kinds of heneypots. Thy ge dassiti ed bused On Fheiz deployment TTT TTT— Anomaly Detection * Te deteth. Potential \ndwustond_ crtfssfcal_ annnnalyAievtlons The: tooaol int bs, ‘estabtiahed- pete ii) During. Hr © _opemuian -a_sastical apap << ot date Monitaredl Ps perkoom ay — a “AE the difference erence aimom ihe basolina F _ ts measured & threshold Fs exceeded: 1 Shen Gn_alasm Ps needed + fs = Anomoly, _.ovesy 4 me "nor lO attack c= = 2G. fh Foiled: yoatn atternpt can be clus 4x = ree ae C=