UNIT-5

WEB SECURITY
WEB SECURITY CONSIDERATIONS

The World Wide Web is fundamentally a client/server application running over

the Internet and TCP/IP intranets.

 The Internet is two-way.

 The Web is increasingly serving as a highly visible outlet for corporate
and product information and as the platform for business transactions.
 Although Web browsers are very easy to use, Web servers are relatively
easy to configure and manage, and Web content is increasingly easy to
develop, the underlying software is extraordinarily complex.
 A Web server can be exploited as a launching pad into the corporation’s
or agency’s entire computer complex
 Casual and untrained (in security matters) users are common clients for
Web-based services

Web Security Threats

1
One way to group these threats is in terms of passive and active attacks.

Another way to classify Web security threats is in terms of the location of the
threat: Web server, Web browser, and network traffic between browser and
server.

Web Traffic Security Approaches

One way to provide Web security is to use IP security (IPsec) (Figure 16.1a).
The advantage of using IPsec is that it is transparent to end users and
applications and provides a general-purpose solution.

Another relatively general-purpose solution is to implement security just above

TCP.

Application-specific security services are embedded within the particular

application.

SECURE SOCKET LAYER AND TRANSPORT LAYER SECURITY

SSL Architecture

SSL is designed to make use of TCP to provide a reliable end-to-end secure

service. SSL is not a single protocol but rather two layers of protocols.

The SSL Record Protocol provides basic security services to various higher-
layer protocols. In particular, the Hypertext Transfer Protocol (HTTP), which
provides the transfer service for Web client/server interaction, can operate on
top of SSL. Three higher-layer protocols are defined as part of SSL: the
Handshake Protocol, The Change Cipher Spec Protocol, and the Alert Protocol.
These SSL-specific protocols are used in the management of SSL exchanges
and are examined later in this section

2
Two important SSL concepts are the SSL session and the SSL connection, which
are defined in the specification as follows.

 Connection: A connection is a transport (in the OSI layering model

definition) that provides a suitable type of service. For SSL, such
connections are peer-to-peer relationships. The connections are
transient. Every connection is associated with one session.
 Session: An SSL session is an association between a client and a server.
Sessions are created by the Handshake Protocol. Sessions define a set of
cryptographic

A session state is defined by the following parameters.

 Session identifier: An arbitrary byte sequence chosen by the server to

identify an active or resumable session state.
 Peer certificate: An X509.v3 certificate of the peer. This element of
the state may be null.
 Compression method: The algorithm used to compress data prior to
encryption.
 Cipher spec: Specifies the bulk data encryption algorithm (such as null,
AES, etc.) and a hash algorithm (such as MD5 or SHA-1) used for MAC
calculation.
 Master secret: 48-byte secret shared between the client and server.
 Is resumable: A flag indicating whether the session can be used to
initiate new connections

A connection state is defined by the following parameters.

3
  Server and client random: Byte sequences that are chosen by the server
and client for each connection.
 Server write MAC secret: The secret key used in MAC operations on
data sent by the server.
 Client write MAC secret: The secret key used in MAC operations on data
sent by the client.
 Server write key: The secret encryption key for data encrypted by the
server and decrypted by the client.
 Client write key: The symmetric encryption key for data encrypted by
the client and decrypted by the server.
 Initialization vectors: When a block cipher in CBC mode is used, an
initialization vector (IV) is maintained for each key. This field is first
initialized by the SSL Handshake Protocol. Thereafter, the final
ciphertext block from each record is preserved for use as the IV with
the following record.
 Sequence numbers: Each party maintains separate sequence numbers for
transmitted and received messages for each connection.

SSL Record Protocol

The SSL Record Protocol provides two services for SSL connections:

Confidentiality: The Handshake Protocol defines a shared secret key that is

used for conventional encryption of SSL payloads.

Message Integrity: The Handshake Protocol also defines a shared secret key
that is used to form a message authentication code (MAC).

4
The final step of SSL Record Protocol processing is to prepare a header
consisting of the following fields:

 Content Type (8 bits): The higher-layer protocol used to process the

enclosed fragment.
 Major Version (8 bits): Indicates major version of SSL in use. For
SSLv3, the value is 3.
 Minor Version (8 bits): Indicates minor version in use. For SSLv3, the
value is 0.
 Compressed Length (16 bits): The length in bytes of the plaintext
fragment (or compressed fragment if compression is used). The maximum
value is 214 +2048.

TRANSPORT LAYER SECURITY

TLS is an IETF standardization initiative whose goal is to produce an Internet

standard version of SSL.

Version Number

The TLS Record Format is the same as that of the SSL Record Format For the
current version of TLS, the major version is 3 and the minor version is 3.

Message Authentication Code

There are two differences between the SSLv3 and TLS MAC schemes: the
actual algorithm and the scope of the MAC calculation. TLS makes use of the

5
HMAC algorithm defined in RFC 2104. Recall from Chapter 12 that HMAC is
defined as

HMACK(M)= H[(K+ opad)||H[(K+ ipad)||M]

Pseudorandom Function

TLS makes use of a pseudorandom function referred to as PRF to expand

secrets into blocks of data for purposes of key generation or validation. The
objective is to make use of a relatively small shared secret value but to
generate longer blocks of data in a way that is secure from the kinds of attacks
made on hash functions and MACs.

Alert Codes

TLS supports all of the alert codes defined in SSLv3 with the exception of
no_certificate. A number of additional codes are defined in TLS; of these, the
following are always fatal.

6
  record_overflow: A TLS record was received with a payload (ciphertext)
whose length exceeds 214+2048bytes, or the ciphertext decrypted to a
length of greater than 214+1024 bytes
 unknown_ca: A valid certificate chain or partial chain was received, but
the certificate was not accepted because the CA certificate could not be
located or could not be matched with a known, trusted CA.
 access_denied: A valid certificate was received, but when access control
was applied, the sender decided not to proceed with the negotiation.
 decode_error: A message could not be decoded, because either a field
was out of its specified range or the length of the message was incorrect.
 protocol_version: The protocol version the client attempted to negotiate
is recognized but not supported.
 insufficient_security: Returned instead of handshake_failure when a
negotiation has failed specifically because the server requires ciphers
more secure than those supported by the client.
 unsupported_extension: Sent by clients that receive an extended server
hello containing an extension not in the corresponding client hello.
 internal_error: An internal error unrelated to the peer or the
correctness of the protocol makes it impossible to continue.
 decrypt_error: A handshake cryptographic operation failed, including
being unable to verify a signature, decrypt a key exchange, or validate a
finished message.

SECURE ELECTRONIC TRANSACTION (SET)

Secure Electronic Transaction or SET is a system that ensures the security and
integrity of electronic transactions done using credit cards in a scenario. SET is
not some system that enables payment but it is a security protocol applied to
those payments. It uses different encryption and hashing techniques to secure
payments over the internet done through credit cards. The SET protocol was
supported in development by major organizations like Visa, Mastercard,
Microsoft which provided its Secure Transaction Technology (STT), and
Netscape which provided the technology of Secure Socket Layer (SSL).

SET protocol restricts the revealing of credit card details to merchants thus
keeping hackers and thieves at bay. The SET protocol includes Certification
Authorities for making use of standard Digital Certificates like X.509
Certificate.

7
Before discussing SET further, let’s see a general scenario of electronic
transactions, which includes client, payment gateway, client financial institution,
merchant, and merchant financial institution.

 Cardholder: A cardholder is an authorized holder of the payment card.

The card can be a Master card or a Visa which an issuer has issued.
 Merchant: A merchant is any person or organization who wants to sell its
goods and services to cardholders. Note that a merchant must have a
relationship with the acquirer to accept the payment through the
internet.
 Issuer: An issuer is a financial organization such as a bank that issues
payment card – Master card or visa to user or cardholder. The issuer is
responsible for the cardholder’s debt payment.
 Acquirer: This is a financial organization with a relationship with the
merchant for processing the card payment authorization and all the
payments. An acquirer is part of this process because the merchant can
accept credit cards of more than one brand. It also provides an electronic
fund transfer to the merchant account.
 Payment Gateway: For payment authorization, the payment gateway acts
as an interface between secure electronic transactions and existing card
payment networks. The merchant exchanges the Secure Electronic
Transaction message with the payment gateway through the internet. In
response to that, the payment gateway connects to the acquirer’s system
by using a dedicated network line.
 Certification Authority: It is a trusted authority that provides public-
key certificates to cardholders, payment gateways, and merchants.

How Secure Electronic Transaction Works?

Secure Electronic Transaction works as follows:

8
Step 1: Customer Open an Account
The customer opens a credit card account like a master card or visa with a bank,
i.e. issuer that supports electronic payment transactions and the secure
electronic transaction protocol.
Step 2: Customer Receive a Certificate
Once the customer identity is verified (Verification can be done by using a
passport, business documents or other documents), it receives a digital
certificate which is issued by CA (Certificate Authority). This certificate
contains customer details like name, public key, expiry date, certificate number,
etc.
Step 3: Merchant Receives a Certificate
The merchant who wants to accept certain credit card brands must process a
digital certificate for trustworthiness.
Step 4: Customer Place an Order
It is a shopping cart process where customers borrow an item from the
available list, search for the specific item according to requirements, and place
the order. Once the customer places the orders, the merchant, in return, sends
the details of the order, such as a list of items selected, their quantity and
price, total bill, etc., to maintain a record of the order at the customer site.
Step 5: Merchant is Verified
Merchant also sends a digital certificate to the customer to ensure the
customers that they are dealing with an authorized or valid merchant.
Step 6: The Order and Payment Details Are Sent
Along with the customer’s digital certificate customer also sends an order and
payment details to the merchant. The order part is used to confirm the
transaction with the reference of items that are mentioned in the order form.
The payment part contains the credit card( master card or visa) details. This
payment information is in encrypted form; even the merchant cannot read it.
The customer certificate ensures the merchant of a customer’s identity.
Step 7: Merchant Requests Payment Authorization
Once the merchant gets the customer’s payment details, it transfers them to
the payment gateway via the acquirer and requests the payment gateway to
authorize the payment details. This process ensures start the customer credit
card is valid, and the credit limit is not breached.
Step 8: Payment Gateway Authorizes the Payment
Using the credit card information received from the merchant, the payment
gateway cross verify the customer’s credit card with the help of the issuer.

9
Based on the verification result, it either authorizes the payment or rejects the
payment.
Step 9: Merchant Confirm the Order
Assuming that the payment gateway authorizes the payment, merchants send
confirmation of the order to the customer.
Step 10: Merchant Provides a Goods and Services
Now the merchant provides goods and services according to the customer’s
order.
Step 11: Merchant Request Payment
The merchant sends a request to the payment gateway for making payment.
After that, the payment gateway interacts with various financial organizations
such as the issuer, acquirer and the clearinghouse to effect the payment from
the customer’s account to the merchant’s account.

INTRUDER

The most common threat to security is the attack by the intruder. Intruders
are often referred to as hackers and are the most harmful factors contributing
to the vulnerability of security. They have immense knowledge and an in-depth
understanding of technology and security. Intruders breach the privacy of
users and aim at stealing the confidential information of the users. The stolen
information is then sold to third-party, which aim at misusing the information
for their own personal or professional gains.

Intruders are divided into three categories:

 Masquerader: The category of individuals that are not authorized to use

the system but still exploit user’s privacy and confidential information by
possessing techniques that give them control over the system, such
category of intruders is referred to as Masquerader. Masqueraders are
outsiders and hence they don’t have direct access to the system, their
aim is to attack unethically to steal data/ information.
 Misfeasor: The category of individuals that are authorized to use the
system, but misuse the granted access and privilege. These are individuals
that take undue advantage of the permissions and access given to them,
such category of intruders is referred to as Misfeasor. Misfeasors are
insiders and they have direct access to the system, which they aim to
attack unethically for stealing data/ information.
 Clandestine User: The category of individuals those have
supervision/administrative control over the system and misuse the
authoritative power given to them. The misconduct of power is often done
by superlative authorities for financial gains, such a category of intruders

10
 is referred to as Clandestine User. A Clandestine User can be any of the
two, insiders or outsiders, and accordingly, they can have direct/ indirect
access to the system, which they aim to attack unethically by stealing
data/ information.

INTRUSION DETECTION

An illegal entrance into your network or an address in your assigned domain is

referred to as a network intrusion. An intrusion can be passive (in which access
is achieved quietly and undetected) or aggressive (in which access is gained
overtly and without detection) (in which changes to network resources are
effected).

Intrusions might occur from the outside or from within your network structure
(an employee, customer, or business partner). Some intrusions are just aimed to
alert you that an intruder has entered your site and is defacing it with various
messages or obscene graphics. Others are more malevolent, attempting to
harvest sensitive data on a one-time basis or as part of a long-term parasitic
connection that will continue to siphon data until it is identified.

Some intruders will try to implant code that has been carefully developed.
Others will infiltrate the network, stealthily siphoning out data on a regular
basis or altering public-facing Web sites with varied messages.

An attacker can acquire physical access to your system (by physically accessing
a restricted computer and its hard drive and/or BIOS), externally (by
assaulting your Web servers or breaching your firewall), or internally (by
physically accessing a restricted machine and its hard disc and/or BIOS) (your
own users, customers, or partners).

Any of the following can be considered an intrusion −

 Malware, sometimes known as ransomware, is a type of computer virus.

 Attempts to obtain unauthorized access to a system
 DDOS (Distributed Denial of Service) attacks
 Destruction of cyber-enabled equipment
 Employee security breaches that are unintentional (like moving a secure
file into a shared folder)
 Untrustworthy users, both within and external to your company
 Phishing campaigns and other methods of deceiving consumers with
ostensibly genuine communication are examples of social engineering
assaults.

11
Network Intrusion Attack Techniques

When it comes to compromising networks, attackers are increasingly relying on

existing tools and procedures as well as stolen credentials. Operating system
utilities, commercial productivity software, and scripting languages, for
example, are clearly not malware and have a wide range of lawful applications.

 Asymmetric Routing − Attackers will typically employ several routes to

gain access to the targeted device or network if the network allows for
asymmetric routing.
 Buffer Overwriting − Attackers can substitute regular data in specified
parts of computer memory on a network device with a barrage of
commands that can subsequently be utilized as a part of a network
incursion by overwriting certain memory locations.
 Covert CGI Scripts − The Common Gateway Interface (CGI), which allows
servers to relay user requests to appropriate programs and get data back
to then forward to users, unfortunately, provides an easy mechanism for
attackers to gain access to network system files.
 Enormous traffic loads − Attackers can cause chaos and congestion in
network settings by producing traffic loads that are too enormous for
systems to fully filter, allowing them to carry out assaults without being
discovered.
 Worms − The typical, isolated computer virus, or worm, is one of the
easiest and most dangerous network penetration tools. Worms, which are
commonly distributed by email attachments or instant messaging, use a
considerable amount of network resources, preventing permitted
activities from taking place.

How Does Intrusion Detection Work?

An intrusion detection system (IDS) is a monitor-only program that detects and

reports irregularities in your network architecture before hackers may do
damage. IDS can be set up on your network or on a client system (host-based
IDS).

Intrusion detection systems often seek known attack signatures or aberrant

departures from predetermined standards. These anomalous network traffic
patterns are then transmitted up the stack to the OSI (Open Systems
Interconnection) model's protocol and application layers for further
investigation.

An IDS is a detection system that is positioned outside of the real-time

communication band (a channel between the information transmitter and
receiver) within your network infrastructure. Instead, it uses a SPAN or TAP

12
port to watch the network and examines a copy of inline network packets
(acquired through port mirroring) to ensure that the streaming traffic is not
fraudulent or faked in any manner.

The IDS can readily identify malformed information packets, DNS poisonings,
Xmas scans, and other polluted materials, which can have a severe impact on
your overall network performance.

Intrusion detection systems employ two detection methods −

 Signature-based detection matches data activity to a signature or

pattern in a signatures database. A new harmful behavior that is not in
the database, for example, is overlooked when using signature-based
detection.
 Unlike signature-based detection, behavior-based detection recognizes
any abnormality and issues alarms, making it capable of identifying new
sorts of threats. It's referred to as an expert system since it learns
what regular behavior looks like in your system.

PASSWORD MANAGEMENT

Passwords are a set of strings provided by users at the authentication prompts

of web accounts. Although passwords still remain as one of the most secure
methods of authentication available to date, they are subjected to a number of
security threats when mishandled. The role of password management comes in
handy there. Password management is a set of principles and best practices to
be followed by users while storing and managing passwords in an efficient
manner to secure passwords as much as they can to prevent unauthorized
access.

What are the challenges in password management?

There are many challenges in securing passwords in this digital era. When the
number of web services used by individuals are increasing year-over-year on one
end, the number of cyber crimes is also skyrocketing on the other end. Here are
a few common threats to protecting our passwords:

 Login spoofing - Passwords are illegally collected through a fake login

page by cybercriminals.
 Sniffing attack - Passwords are stolen using illegal network access and
with tools like key loggers.
 Shoulder surfing attack - Stealing passwords when someone types them,
at times using a micro-camera and gaining access to user data.
 Brute force attack - Stealing passwords with the help of automated
tools and gaining access to user data.

13
  Data breach - Stealing login credentials and other confidential data
directly from the website database.

All of these threats create an opportunity for attackers to steal user

passwords and enjoy unlimited access benefits. Let's take a look at how
individuals and businesses typically manage their passwords.

Traditional methods of password management

 Writing down passwords on sticky notes, post-its, etc.

 Sharing them via spreadsheets, email, telephone, etc.
 Using simple and easy to guess passwords
 Reusing them for all web applications
 Often forgetting passwords and seeking the help of 'Forgot Password'
option

While hackers are equipped with advanced tools and attacks, individuals and
businesses still rely on traditional methods of password management. This
clearly raises the need for the best password management practices to curb
security threats.

How to manage passwords

 Use strong and unique passwords for all websites and applications
 Reset passwords at regular intervals
 Configure two-factor authentication for all accounts
 Securely share passwords with friends, family, and colleagues
 Store all enterprise passwords in one place and enforce secure password
policies within the business environment
 Periodically review the violations and take necessary actions.

Virus and related threats

The most sophisticated types of threats to computer systems are presented by

programs that exploit vulnerabilities in computing systems.

Malicious Programs

Malicious software can be divided into two categories: those that need a host
program, and those that are independent.

The former are essentially fragments of programs that cannot exist

independently of some actual application program, utility, or system program.
Viruses, logic bombs, and backdoors are examples. The latter are self-contained

14
programs that can be scheduled and run by the operating system. Worms and
zombie programs are examples.

Taxonomy of malicious programs

15
The Nature of Viruses

A virus is a piece of software that can "infect" other programs by modifying

them; the modification includes a copy of the virus program, which can then go
on to infect other programs.

A virus can do anything that other programs do. The only difference is that it
attaches itself to another program and executes secretly when the host
program is run. Once a virus is executing, it can perform any function, such as
erasing files and programs.

During its lifetime, a typical virus goes through the following four phases:

Dormant phase: The virus is idle. The virus will eventually be activated by some
event, such as a date, the presence of another program or file, or the capacity
of the disk exceeding some limit. Not all viruses have this stage.

Propagation phase: The virus places an identical copy of itself into other
programs or into certain system areas on the disk. Each infected program will
now contain a clone of the virus, which will itself enter a propagation phase.

Triggering phase: The virus is activated to perform the function for which it
was intended. As with the dormant phase, the triggering phase can be caused by
a variety of system events, including a count of the number of times that this
copy of the virus has made copies of itself.

Execution phase: The function is performed. The function may be harmless,

such as a message on the screen, or damaging, such as the destruction of
programs and data files.

Virus Structure

A virus can be prepended or postpended to an executable program, or it can be

embedded in some other fashion. The key to its operation is that the infected
program, when invoked, will first execute the virus code and then execute the
original code of the program.

An infected program begins with the virus code and works as follows.

The first line of code is a jump to the main virus program. The second line is a
special marker that is used by the virus to determine whether or not a potential
victim program has already been infected with this virus.

16
When the program is invoked, control is immediately transferred to the main
virus program. The virus program first seeks out uninfected executable files
and infects them. Next, the virus may perform some action, usually detrimental
to the system.

This action could be performed every time the program is invoked, or it could be
a logic bomb that triggers only under certain conditions.

Finally, the virus transfers control to the original program. If the infection
phase of the program is reasonably rapid, a user is unlikely to notice any
difference between the execution of an infected and uninfected program.

A virus such as the one just described is easily detected because an infected
version of a program is longer than the corresponding uninfected one. A way to
thwart such a simple means of detecting a virus is to compress the executable
file so that both the infected and uninfected versions are of identical length..
The key lines in this virus are numbered. We assume that program P1 is infected
with the virus CV. When this program is invoked, control passes to its virus,
which performs the following steps:

1. For each uninfected file P2 that is found, the virus first compresses that file
to produce P'2, which is shorter than the original program by the size of the
virus.

2. A copy of the virus is prepended to the compressed program.

3. The compressed version of the original infected program, P'1, is

uncompressed.

4. The uncompressed original program is executed.

17
FIREWALL DESIGN PRINCIPLES

A Firewall is hardware or software to prevent a private computer or a network

of computers from, it acts as a filter to avoid unauthorized users from
accessing private computers and networks. It is a vital component of network
security. It is the first line of defense for network security. It filters network
packets and stops malware from entering the user’s computer or network by
blocking access and preventing the user from being infected.

Characteristics of Firewall

1. Physical Barrier: A firewall does not allow any external traffic to enter
a system or a network without its allowance. A firewall creates a choke
point for all the external data trying to enter into the system or network
and hence can easily block the access if needed.
2. Multi-Purpose: A firewall has many functions other than security
purposes. It configures domain names and Internet Protocol (IP)
addresses. It also acts as a network address translator. It can act as a
meter for internet usage.
3. Flexible Security Policies: Different local systems or networks need
different security policies. A firewall can be modified according to the
requirement of the user by changing its security policies.
4. Security Platform: It provides a platform from which any alert to the
issue related to security or fixing issues can be accessed. All the queries
related to security can be kept under check from one place in a system or
network.
5. Access Handler: Determines which traffic needs to flow first according
to priority or can change for a particular network or system. specific
action requests may be initiated and allowed to flow through the firewall.

Need and Importance of Firewall Design Principles

1. Different Requirements: Every local network or system has its threats

and requirements which needs different structure and devices. All this
can only be identified while designing a firewall. Accessing the current
security outline of a company can help to create a better firewall design.
2. Outlining Policies: Once a firewall is being designed, a system or network
doesn’t need to be secure. Some new threats can arise and if we have
proper paperwork of policies then the security system can be modified
again and the network will become more secure.
3. Identifying Requirements: While designing a firewall data related to
threats, devices needed to be integrated, Missing resources, updating the
security devices. All the information collected is combined to get the

18
 best results. Even if one of these things is misidentified leads to security
issues.
4. Setting Restrictions: Every user has its limitations to access different
level of data or modify it and it needed to be identified and taken action
accordingly. After retrieving and processing data, priority is set to
people, devices, and applications.
5. Identify Deployment Location: Every firewall has its strengths and to
get the most use out of it, we need to deploy each of them at the right
place in a system or network. In the case of a packet filter firewall, it
needs to be deployed at the edge of your network in between the internal
network and webserver to get the most out of it.

Firewall Design Principles

1. Developing Security Policy

Security policy is a very essential part of firewall design. Security policy is

designed according to the requirement of the company or client to know which
kind of traffic is allowed to pass. Without a proper security policy, it is
impossible to restrict or allow a specific user or worker in a company network or
anywhere else. A properly developed security policy also knows what to do in
case of a security breach. Without it, there is an increase in risk as there will
not be a proper implementation of security solutions.

2. Simple Solution Design

If the design of the solution is complex. then it will be difficult to implement it.
If the solution is easy. then it will be easier to implement it. A simple design is
easier to maintain. we can make upgrades in the simple design according to the
new possible threats leaving it with an efficient but more simple structure. The
problem that comes with complex designs is a configuration error that opens a
path for external attacks.

3. Choosing the Right Device

Every network security device has its purpose and its way of implementation. if
we use the wrong device for the wrong problem, the network becomes
vulnerable. if the outdated device is used for a designing firewall, it exposes the
network to risk and is almost useless. Firstly the designing part must be done
then the product requirements must be found out, if the product is already
available then it is tried to fit in a design that makes security weak.

4. Layered Defense

19
A network defense must be multiple layered in the modern world because if the
security is broken, the network will be exposed to external attacks. Multilayer
security design can be set to deal with different levels of threat. It gives an
edge to the security design and finally neutralizes the attack over the system.

5. Consider Internal Threats

While giving a lot of attention to safeguarding the network or device from

external attacks. The security becomes weak in case of internal attacks and
most of the attacks are done internally as it is easy to access and designed
weakly. Different levels can be set in network security while designing internal
security. Filtering can be added to keep track of the traffic moving from lower-
level security to higher level.

TYPES OF FIREWALL

The major purpose of the network firewall is to protect an inner network by

separating it from the outer network. Inner Network can be simply called a
network created inside an organization and a network that is not in the range of
inner network can be considered as Outer Network.

Types of Firewall:

Packet Filters

It is a technique used to control network access by monitoring outgoing and

incoming packets and allowing them to pass or halt based on the source and
destination Internet Protocol (IP) addresses, protocols, and ports. This firewall
is also known as a static firewall.

Stateful Inspection Firewalls

It is also a type of packet filtering which is used to control how data packets
move through a firewall. It is also called dynamic packet filtering. These
firewalls can inspect that if the packet belongs to a particular session or not. It
only permits communication if and only if, the session is perfectly established
between two endpoints else it will block the communication.

Application Layer Firewalls

These firewalls can examine application layer (of OSI model) information like an
HTTP request. If finds some suspicious application that can be responsible for
harming our network or that is not safe for our network then it gets blocked
right away.

20
Next-generation Firewalls

These firewalls are called intelligent firewalls. These firewalls can perform all
the tasks that are performed by the other types of firewalls that we learned
previously but on top of that, it includes additional features like application
awareness and control, integrated intrusion prevention, and cloud-delivered
threat intelligence.

Circuit-level gateways

A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP)

and Transmission Control Protocol (TCP) connection security and works between
an Open Systems Interconnection (OSI) network model’s transport and
application layers such as the session layer.

Software Firewall

The software firewall is a type of computer software that runs on our

computers. It protects our system from any external attacks such as
unauthorized access, malicious attacks, etc. by notifying us about the danger
that can occur if we open a particular mail or if we try to open a website that is
not secure.

Hardware Firewall

A hardware firewall is a physical appliance that is deployed to enforce a

network boundary. All network links crossing this boundary pass-through this
firewall, which enables it to perform an inspection of both inbound and outbound
network traffic and enforce access controls and other security policies.

Cloud Firewall

These are software-based, cloud-deployed network devices. This cloud-based

firewall protects a private network from any unwanted access. Unlike traditional
firewalls, a cloud firewall filters data at the cloud level.

Advantages of Network Firewall :

 Monitors network traffic

A network firewall monitors and analyzes traffic by inspecting whether
the traffic or packets passing through our network is safe for our
network or not. By doing so, it keeps our network away from any malicious
content that can harm our network.

 Halt Hacking

21
 In a society where everyone is connected to technology, it becomes more
important to keep firewalls in our network and use the internet safely.

 Stops viruses
Viruses can come from anywhere, such as from an insecure website, from a
spam message, or any threat, so it becomes more important to have a strong
defense system (i.e. firewall in this case), a virus attack can easily shut off a
whole network. In such a situation, a firewall plays a vital role.
 Better security
If it is about monitoring and analyzing the network from time to time and
establishing a malware-free, virus-free, spam-free environment so network
firewall will provide better security to our network.
 Increase privacy
By protecting the network and providing better security, we get a network
that can be trusted.

Disadvantages of Network Firewall :

 Cost
Depending on the type of firewall, it can be costly, usually, the hardware
firewalls are more costly than the software ones.
Restricts User
Restricting users can be a disadvantage for large organizations, because of
its tough security mechanism. A firewall can restrict the employees to do a
certain operation even though it’s a necessary operation.
 Issues with the speed of the network
Since the firewalls have to monitor every packet passing through the
network, this can slow down operations needed to be performed, or it can
simply lead to slowing down the network.
 Maintenance
Firewalls require continuous updates and maintenance with every change in
the networking technology. As the development of new viruses is increasing
continuously that can damage your system.

CASE STUDIES ON CRYPTOGRAPHY AND NETWORK SECURITY

Secure Inter-branch Payment

General Bank Of India (GBI) has implemented an Electronic Payment System

called as EPS in about 1200 branches across the country. This system transfers
payment instructions between two computerized branches of GBI. A central
server is maintained at the EPS office located in Mumbai. The branch offices
connect to the Local VSAT of a private network by using dial-up connection. The
local VSAT has a connectivity established with the EPS office. GBI utilizes its

22
proprietary messaging service called as GBI-Transfer to exchange payment
instructions.

Currently, EPS has minimal data security. As the system operates in a closed
network, the current security infrastructure may suffice the need. The data
moving across the network is in encrypted format.

Current EPS Architecture EPS is used to transmit payment details from the
payer branch to the payee branch via the central server in Mumbai. Fig. 10.5
depicts the flow, which is also described step-by-step

A typical payment transfer takes the following steps:

1. A data-entry person in the Payer Branch enters transaction details through

the EPS interface.
2. A Bank Officer checks the validity of the transaction through the EPS
interface.
3. After validating the transaction, the Bank Officer authorizes the
transaction. Authorized transaction is stored in a local Payment Master (PM)
database.

23
4. Once the transaction is stored in PM, a copy of the same is encrypted and
stored in a file. This transaction file is stored in OUT directory.
5. The GBI-Transfer application looks for any pending transactions (i.e. for the
presence of any files in the OUT directory) by a polling mechanism and if it
finds such transactions, it sends all these files one-by-one to the EPS central
office located in Mumbai by dialing the local VSAT.
6. The local VSAT gets connectivity to the EPS central office and the
transaction is transferred and stored in the IN directory at the EPS central
office.
7. The interface program at the EPS central office collects the file pending in
the IN directory and sends it to the PM application at that office.
8. In order to send the Credit Request to PM, the transaction headers are
changed. The transaction with changed headers in encrypted format is then
placed in OUT directory of the EPS central office.
9. The GBI-Transfer application at the EPS central office collects the
transactions pending in the OUT directory and sends them to the Payee Bank
through the VSAT.
10. The transaction is transferred and stored in the IN directory of the Payee
Branch.
11. The interface program at the Payee Branch collects the transaction and
posts it in PM.
12. PM marks the credit entry and returns back an acknowledgement of the
same. The acknowledgement is placed in OUT directory of the Payee Branch.
13. The acknowledgement is picked by GBI-Transfer at the Payee Branch and
sent to the EPS central office through the VSAT.
14. The EPS central office receives the credit acknowledgement and forwards it
to Payer Branch.
15. The Payer Branch receives the credit acknowledgement receipt. This
completes the transaction.
Requirements to Enhance EPS As GBI is in the process of complete automation
and setting u connectivity over the Internet or a private network, they need to
ensure stringent security measures, which demand the usage of a Public Key
Infrastructure (PKI) framework.
As a part of implementing security, GBI wants the following aspects to be
ensured:
• Non-repudiation (Digital Signatures)
• Encryption – 128-bit (Upgrade to the current 56-bit encryption)
• Smart card support for storing sensitive data & on-card digital signing
• Closed loop Public Key Infrastructure

24
The architecture for the Payer

On the Payee Leg, the EPS central office will create a Credit Request as before,
sign and encrypt it with the bank officer’s digital certificate. This signed-and-
encrypted request will be forwarded to the Payee Branch.

25
CROSS SITE SCRIPTING VULNERABILITY (CSSV)
Cross Site Scripting Vulnerability (CSSV) is a relatively new form of attacks
that exploits inadequate validations on the server-side. The term Cross Server
Scripting Vulnerability (CSSV) is actually not completely correct. However, this
term was coined when the problem was not completely understood and has stuck
ever since. Cross-site scripting happens when malicious tags and/or scripts
attack a Web browser via another site’s dynamically generated Web pages. The
attacker’s target is not a Website, but rather its users (i.e. clients or
browsers).
Suppose that the URL of the site sending this page is www.test.com and when
the user submits this form, it would be processed by a server-side program
called as address.asp. We would typically expect the user to enter the house
number, street name, city, postal code and country, etc. However, imagine that
the user enters the following weird string, instead:
<SCRIPT>Hello World</SCRIPT>

As a result, the URL submitted would be something like

www.test.com/address.asp?address=<SCRIPT>Hello World </SCRIPT>.
Now suppose that the server-side program address.asp does not validate the
input sent by the user and simply sends the value of the field address to the
next Web page. What would this translate to? It would mean that the next Web
page would receive the value of address as <SCRIPT>Hello World</SCRIPT>.
As we know, this would most likely treat the value of the address field as a
script, which would be executed as if it is written in a scripting language, such

26
as JavaScript etc on the Web browser. Therefore, the user would get to see
Hello World.
Obviously, no serious damage is done. However, extrapolate this possibility to
other situations where a user can actually send damaging scripts to the server.

VIRTUAL ELECTIONS
Computerized voting would become quite common in the next few decades. As
such, it is important that the protocol for virtual elections should protect
individual privacy and should also disallow cheating. Consider the following
protocol in order that voters can send their votes electronically to the Election
Authority (EA).

1. Each voter casts the vote and encrypts it with the public key of the EA.
2. Each voter sends the encrypted vote to the EA.
3. The EA decrypts all the votes to retrieve the original vote, tabulates all the
votes and announces the result of the election.
Is this protocol secure and does it provide comfort both to the voters as well as
to the EA? Not at all! There are following problems in this scheme:

1. The EA does not know whether the authorized voters have voted or it has
received fake (bogus) votes.

27
2. Secondly, there is no mechanism to prevent duplicate voting.
What is the advantage of this protocol? Clearly, no one would be able to change
another voter’s vote, because it is first encrypted with the EA’s public key and
is then sent to the EA. However, if we observe this scheme carefully, an
attacker need not change someone’s vote at all. The attacker can simply send
duplicate votes!

How can we improve upon this protocol to make it more robust? Let us rewrite
it, as follows:

1. Each voter casts the vote and signs it with her private key
2. Each voter then encrypts the signed vote with the public key of the EA.
3. Each voter sends the vote to the EA.
4. The EA decrypts the voter with its private key and verifies the signature of
the voter with the help of the voter’s public key.
5. The EA then tabulates all the votes and announces the result of the election

This protocol would now ensure that duplicate voting is disallowed.

28