Section 1: Network Security Essentials

1. Firewalls and VPNs

Firewalls

• Purpose:

Firewalls act as a security barrier that monitors and controls incoming and outgoing network
traffic based on predetermined security rules. They prevent unauthorized access while
allowing legitimate communication.

• Types of Firewalls:

• Packet-Filtering Firewalls: Analyze network packets based on headers like IP

address, port, and protocol but lack deep content inspection.

• Proxy-Based Firewalls: Operate at the application layer and act as

intermediaries between users and external systems, providing deep packet inspection.

• Stateful Inspection Firewalls: Monitor the state of active connections and

make decisions based on context, such as the flow of traffic or packet order.

Virtual Private Networks (VPNs)

• Definition:

VPNs create a secure, encrypted tunnel for data transmission over public networks, ensuring
confidentiality and integrity.

• How VPNs Protect Data:

VPNs use encryption protocols like IPsec or SSL/TLS to secure data, making it unreadable
to attackers intercepting the communication.

Combined Use of Firewalls and VPNs:

• A firewall ensures only legitimate traffic reaches the internal network, while a
VPN secures data transmission over untrusted networks. Together, they provide robust
security by preventing unauthorized access and encrypting sensitive data.

2. Intrusion Detection Systems (IDS)

Role of IDS

• IDS are designed to detect and alert administrators of malicious activity, policy
violations, or security breaches on a network or host.

Types of IDS
 • Network-Based IDS (NIDS):

Monitors traffic across an entire network and detects malicious activity using packet analysis.

Example: Snort.

• Host-Based IDS (HIDS):

Runs on individual devices to monitor file changes, system logs, and processes.

Example: OSSEC.

IDS vs. IPS

• Intrusion Detection Systems (IDS): Identify threats and send alerts but do not
actively block malicious activities.

• Intrusion Prevention Systems (IPS): Take immediate action, such as blocking

malicious traffic, to prevent intrusions.

Detection Methods

• Signature-Based Detection:

Relies on predefined attack patterns or signatures. It is effective for known threats but
cannot detect new attacks.

• Anomaly-Based Detection:

Identifies deviations from normal behavior. It is effective against zero-day attacks but prone
to false positives.

3. Access Control Mechanisms

Access Control Models

1. Discretionary Access Control (DAC):

• Access is assigned based on the discretion of the data owner.

• Example: File permissions in Windows or Linux where users grant read/write

access.

• Significance: Flexible but susceptible to insider threats.

2. Mandatory Access Control (MAC):

• Enforces strict access controls based on classification levels.

• Example: Military systems where data is labeled as “Confidential” or “Top

Secret.”
 • Significance: Highly secure, ideal for environments requiring stringent access
rules.

3. Role-Based Access Control (RBAC):

• Access is assigned based on user roles and responsibilities.

• Example: An HR system where only HR staff can access employee data.

• Significance: Streamlines management and minimizes the risk of

over-provisioning.