PGP

○ PGP stands for Pretty Good Privacy (PGP) which is invented by Phil
Zimmermann.
○ PGP was designed to provide all four aspects of security, i.e., privacy,
integrity, authentication, and non-repudiation in the sending of email.
○ PGP uses a digital signature (a combination of hashing and public key
encryption) to provide integrity, authentication, and non-repudiation.
PGP uses a combination of secret key encryption and public key
encryption to provide privacy. Therefore, we can say that the digital
signature uses one hash function, one secret key, and two
private-public key pairs.
○ PGP is an open source and freely available software package for email
security.
○ PGP provides authentication through the use of Digital Signature.
○ It provides confidentiality through the use of symmetric block
encryption.
○ It provides compression by using the ZIP algorithm, and EMAIL
compatibility using the radix-64 encoding scheme.

Following are the steps taken by PGP to create secure e-mail

at the sender site:
○ The e-mail message is hashed by using a hashing function to create a
digest.
○ The digest is then encrypted to form a signed digest by using the
sender's private key, and then signed digest is added to the original
email message.
○ The original message and signed digest are encrypted by using a
one-time secret key created by the sender.
○ The secret key is encrypted by using a receiver's public key.
○ Both the encrypted secret key and the encrypted combination of
message and digest are sent together.

PGP at the Sender site (A)

Following are the steps taken to show how PGP uses hashing
and a combination of three keys to generate the original
message:
○ The receiver receives the combination of encrypted secret key and
message digest is received.
○ The encrypted secret key is decrypted by using the receiver's private
key to get the one-time secret key.
○ The secret key is then used to decrypt the combination of message and
digest.
○ The digest is decrypted by using the sender's public key, and the
original message is hashed by using a hash function to create a digest.
○ Both the digests are compared if both of them are equal means that all
the aspects of security are preserved.

PGP at the Receiver site (B)

Disadvantages of PGP Encryption
○ The Administration is difficult: The different versions of PGP complicate
the administration.
○ Compatibility issues: Both the sender and the receiver must have
compatible versions of PGP. For example, if you encrypt an email by
using PGP with one of the encryption technique, the receiver has a
different version of PGP which cannot read the data.
○ Complexity: PGP is a complex technique. Other security schemes use
symmetric encryption that uses one key or asymmetric encryption that
uses two different keys. PGP uses a hybrid approach that implements
symmetric encryption with two keys. PGP is more complex, and it is less
familiar than the traditional symmetric or asymmetric methods.
○ No Recovery: Computer administrators face the problems of losing their
passwords. In such situations, an administrator should use a special
program to retrieve passwords. For example, a technician has physical
access to a PC which can be used to retrieve a password. However, PGP
does not offer such a special program for recovery; encryption methods
are very strong so, it does not retrieve the forgotten passwords results in
lost messages or lost files.
What is S/MIME

S/MIME stands for Secure/Multipurpose Internet Mail Extensions. Through

encryption, S/MIME offers protection for business emails. S/MIME comes

under the concept of Cryptography. S/MIME is a protocol used for encrypting

or decrypting digitally signed E-mails. This means that users can digitally

sign their emails as the owner(sender) of the e-mail.

Emails could only be sent in NVT 7-bit format in the past, due to which

images, videos, or audio were not a part of e-mail attachments. Bell

Communications launched the MIME standard protocol in 1991 to increase

the email's restricted functionality. S/MIME is an upgrade of

MIME(Multipurpose Internet Mail Extensions). Due to the limitations of MIME,

S/MIME came into play. S/MIME is based on asymmetric cryptography which

means that communications can be encrypted or decrypted using a pair of

related keys namely public and private keys.

How S/MIME Works?

S/MIME enables non-ASCII data to be sent using Secure Mail Transfer

Protocol (SMTP) via email. Moreover, many data files are sent, including

music, video, and image files. This data is securely sent using the encryption

method. The data which is encrypted using a public key is then decrypted

using a private key which is only present with the receiver of the E-mail. The
receiver then decrypts the message and then the message is used. In this

way, data is shared using e-mails providing an end-to-end security service

using the cryptography method.

Advantages of S/MIME

1. It offers verification.

2. It offers integrity to the message.

3. By the use of digital signatures, it facilitates non-repudiation of

origin.

4. Data security is ensured by the utilization of encryption.

5. Transfer of data files like images, audio, videos, documents, etc. in a

secure manner.

Services of S/MIME

1. Digital Signature, which can maintain data integrity.

2. S/MIME can be used in encrypting messages.

3. By using this we can transfer our data using an e-mail without any

problem.

Versions of S/MIME Versions

● 1st Version: 1995

● 2nd Version: 1998

 ● 3rd Version: 1999

Microsoft products that support the third version of S/MIME:-

1. Microsoft Outlook 2000 and more ( SR-1 ).

2. Outlook Express 5.01 and later.

3. Microsoft Exchange version 5.5 and later.

How to Get S/MIME Certificates

The following are steps to have S/MIME certificates for securing your emails:

● Choose a Certificate Authority: You can select any trusted

Certificate Authority, such as Sectigo, DigiCert, or GlobalSign, that

has the functionality to provide you with S/MIME certificates. Most

of these Certificate Authorities provide both free and paid versions

according to one's needs.

● Get or Apply for a Certificate: Log on to the website of the CA, and

select the S/MIME certificate you would like to buy or apply for. You

might be asked for your name, email address, and organizational

details.

● Validate Your Identity: The CA may request you to validate your

identity before issuing the certificate. It could be in the form of email

verification, sending official documents, or other means of

authentication.
 ● Download and install the certificate: If your identity can be verified,

then a CA issues your certificate. Instructions will be provided about

downloading/installing the certificate into your email client say,

Outlook or Apple Mail.

● Configuration of Your Email Client: Configure your email client to

use the S/MIME certificate for encrypting and digitally signing all of

your messages upon installation. Typically, this step is different for

various clients. However, in general, you will need to pick the

certificate within the security settings.

● Test Your Setup: At a minimum, you will have to send an email to

test that everything works fine with both encryption and digital

signing.

New S/MIME Requirements in 2024

This document has seen rather a large number of upcoming modifications to

the way S/MIME certificates are issued during 2024. Many of these changes

result from new S/MIME Baseline Requirements from the CA/Browser Forum.

● New Intermediate CA Certificates: Certificate authorities, including

DigiCert, have migrated to new intermediate CA certificates in order

to stay compliant with baseline requirements. This transition is said

to be an improvement in security and trust.

 ● Mailbox validation: To get an S/MIME certificate for a shared email

address, such as Gmail or Outlook, it requires mailbox validation in

order to have a greater degree of control over the email account.

● Organization Units (OUs) Removed: Public S/MIME Certificates no

longer support the use of Organization Units for public S/MIME

certificates, newly-issued to simplify the structure of the certificate

and to increase security.

● Email Address in SAN: Please add the email address in the SAN

field of the helping certificate for better identification.

● Updated OIDs for certificate policy: The object identifiers for the

relevant certificate policies have been updated to accommodate the

new S/MIME Baseline Requirements.

Firewall Design Principles

A Firewall is a hardware or software to prevent a private computer or a

network of computers from unauthorized access, it acts as a filter to avoid

unauthorized users from accessing private computers and networks. It is a

vital component of network security. It is the first line of defense for network

security. It filters network packets and stops malware from entering the
user’s computer or network by blocking access and preventing the user from

being infected.

Characteristics of Firewall

1. Physical Barrier: A firewall does not allow any external traffic to

enter a system or a network without its allowance. A firewall

creates a choke point for all the external data trying to enter the

system or network and hence can easily block access if needed.

2. Multi-Purpose: A firewall has many functions other than security

purposes. It configures domain names and Internet Protocol (IP)

addresses. It also acts as a network address translator. It can act as

a meter for internet usage.

3. Flexible Security Policies: Different local systems or networks need

different security policies. A firewall can be modified according to

the requirement of the user by changing its security policies.

4. Security Platform: It provides a platform from which any alert to the

issue related to security or fixing issues can be accessed. All the

queries related to security can be kept under check from one place in

a system or network.

5. Access Handler: Determines which traffic needs to flow first

according to priority or can change for a particular network or

 system. specific action requests may be initiated and allowed to

flow through the firewall.

Need and Importance of Firewall Design Principles

1. Different Requirements: Every local network or system has its

threats and requirements which needs different structure and

devices. All this can only be identified while designing a firewall.

Accessing the current security outline of a company can help to

create a better firewall design.

2. Outlining Policies: Once a firewall is being designed, a system or

network doesn’t need to be secure. Some new threats can arise and

if we have proper paperwork of policies then the security system

can be modified again and the network will become more secure.

3. Identifying Requirements: While designing a firewall data related

to threats, devices needed to be integrated, Missing resources, and

updating security devices. All the information collected is combined

to get the best results. Even if one of these things is misidentified

leads to security issues.

4. Setting Restrictions: Every user has limitations to access different

level of data or modify it and it needed to be identified and taken

action accordingly. After retrieving and processing data, priority is

set to people, devices, and applications.

 5. Identify Deployment Location: Every firewall has its strengths and

to get the most use out of it, we need to deploy each of them at the

right place in a system or network. In the case of a packet filter

firewall, it needs to be deployed at the edge of your network in

between the internal network and web server to get the most out of

it.

Firewall Design Principles

1. Developing Security Policy

Security policy is a very essential part of firewall design. Security policy is

designed according to the requirement of the company or client to know

which kind of traffic is allowed to pass. Without a proper security policy, it is

impossible to restrict or allow a specific user or worker in a company network

or anywhere else. A properly developed security policy also knows what to

do in case of a security breach. Without it, there is an increase in risk as there

will not be a proper implementation of security solutions.

2. Simple Solution Design

If the design of the solution is complex. then it will be difficult to implement

it. If the solution is easy. then it will be easier to implement it. A simple

design is easier to maintain. we can make upgrades in the simple design

according to the new possible threats leaving it with an efficient but more
simple structure. The problem that comes with complex designs is a

configuration error that opens a path for external attacks.

3. Choosing the Right Device

Every network security device has its purpose and its way of implementation.

if we use the wrong device for the wrong problem, the network becomes

vulnerable. if the outdated device is used for a designing firewall, it exposes

the network to risk and is almost useless. Firstly the designing part must be

done then the product requirements must be found out, if the product is

already available then it is tried to fit in a design that makes security weak.

4. Layered Defense

A network defense must be multiple-layered in the modern world because if

the security is broken, the network will be exposed to external attacks.

Multilayer security design can be set to deal with different levels of threat. It

gives an edge to the security design and finally neutralizes the attack on the

system.

5. Consider Internal Threats

While giving a lot of attention to safeguarding the network or device from

external attacks. The security becomes weak in case of internal attacks and

most of the attacks are done internally as it is easy to access and designed

weakly. Different levels can be set in network security while designing

internal security. Filtering can be added to keep track of the traffic moving

from lower-level security to higher level.

Advantages of Firewall:

1. Blocks infected files: While surfing the internet we encounter many

unknown threats. Any friendly-looking file might have malware in it.

The firewall neutralizes this kind of threat by blocking file access to

the system.

2. Stop unwanted visitors: A firewall does not allow a cracker to break

into the system through a network. A strong firewall detects the

threat and then stops the possible loophole that can be used to

penetrate through security into the system.

3. Safeguard the IP address: A network-based firewall like an internet

connection firewall(ICF). Keeps track of the internet activities done

on a network or a system and keeps the IP address hidden so that it

can not be used to access sensitive information against the user.

4. Prevents Email spamming: In this too many emails are sent to the

same address leading to the server crashing. A good firewall blocks

the spammer source and prevents the server from crashing.

5. Stops Spyware: If a bug is implanted in a network or system it

tracks all the data flowing and later uses it for the wrong purpose. A
 firewall keeps track of all the users accessing the system or network

and if spyware is detected it disables it.

Limitations:

1. Internal loose ends: A firewall can not be deployed everywhere

when it comes to internal attacks. Sometimes an attacker bypasses

the firewall through a telephone lane that crosses paths with a data

lane that carries the data packets or an employee who unwittingly

cooperates with an external attacker.

2. Infected Files: In the modern world, we come across various kinds

of files through emails or the internet. Most of the files are

executable under the parameter of an operating system. It becomes

impossible for the firewall to keep a track of all the files flowing

through the system.

3. Effective Cost: As the requirements of a network or a system

increase according to the level of threat increases. The cost of

devices used to build the firewall increases. Even the maintenance

cost of the firewall also increases. Making the overall cost of the

firewall quite expensive.

4. User Restriction: Restrictions and rules implemented through a

firewall make a network secure but they can make work less

effective when it comes to a large organization or a company. Even

 making a slight change in data can require a permit from a person of

higher authority making work slow. The overall productivity drops

because of all of this.

5. System Performance: A software-based firewall consumes a lot of

resources of a system. Using the RAM and consuming the power

supply leaves very less resources for the rest of the functions or

programs. The performance of a system can experience a drop. On

the other hand hardware firewall does not affect the performance of

a system much, because its very less dependent on the system

resources.

Types of Firewall
There are mainly three types of firewalls, such as software firewalls, hardware
firewalls, or both, depending on their structure. Each type of firewall has different
functionality but the same purpose. However, it is best practice to have both to
achieve maximum possible protection.

A hardware firewall is a physical device that attaches between a computer

network and a gateway. For example- a broadband router. A hardware firewall is
sometimes referred to as an Appliance Firewall. On the other hand, a software
firewall is a simple program installed on a computer that works through port
numbers and other installed software. This type of firewall is also called a Host
Firewall.
Besides, there are many other types of firewalls depending on their features and
the level of security they provide. The following are types of firewall techniques
that can be implemented as software or hardware:

○ Packet-filtering Firewalls
○ Circuit-level Gateways
○ Application-level Gateways (Proxy Firewalls)
○ Stateful Multi-layer Inspection (SMLI) Firewalls
○ Next-generation Firewalls (NGFW)
○ Threat-focused NGFW
○ Network Address Translation (NAT) Firewalls
○ Cloud Firewalls
○ Unified Threat Management (UTM) Firewalls
Packet Filters –

● It works in the network layer of the OSI Model. It applies a set of

rules (based on the contents of IP and transport header fields) on

each packet and based on the outcome, decides to either forward or

discard the packet.

● Packet filter firewall controls access to packets on the basis of

packet source and destination address or specific transport protocol

type. It is done at the OSI (Open Systems Interconnection) data link,

network, and transport layers. Packet filter firewall works on the

network layer of the OSI model.

● Packet filters consider only the most basic attributes of each packet,

and they don’t need to remember anything about the traffic since
 each packet is examined in isolation. For this reason, they can decide

packet flow very quickly.

● Example: Filter can be set to block all UDP segments and all Telnet

connections. This type of configuration prevents outsiders from

logging onto internal hosts using Telnet and insider from logging

onto external hosts using Telnet connections.

Application Gateways –

● Application-level gateway is also called a bastion host. It operates

at the application level. Multiple application gateways can run on

the same host but each gateway is a separate server with its own

processes.
 ● These firewalls, also known as application proxies, provide the most

secure type of data connection because they can examine every

layer of the communication, including the application data.

● Example: Consider FTP service. The FTP commands like getting the

file, putting the file, listing files, and positioning the process at a

particular point in a directory tree. Some system admin blocks put

command but permits get command, list only certain files, or

prohibit changing out of a particular directory. The proxy server

would simulate both sides of this protocol exchange. For example,

the proxy might accept get commands and reject put commands.

It works as follows:

Step-1: User contacts the application gateway using a TCP/IP application

such as HTTP.

Step-2: The application gateway asks about the remote host with which the

user wants to establish a connection. It also asks for the user id and

password that is required to access the services of the application gateway.

Step-3: After verifying the authenticity of the user, the application gateway

accesses the remote host on behalf of the user to deliver the packets.

Difference :
 Packet filter Application-level

Simplest Even more complex

Screens based on behaviour or

Screens based on connection rules
proxies

Auditing is difficult Activity can audit

Low impact on network High impact on network

performance performance
 Network topology can hide from
Network topology can not hide
the attacker

Transparent to user Not transparent to the user

Sees full data portion of a packet

See only addresses and service

protocol type

Circuit-level Gateways
Circuit-level gateways are another simplified type of firewall that can be easily
configured to allow or block traffic without consuming significant computing
resources. These types of firewalls typically operate at the session-level of the OSI
model by verifying TCP (Transmission Control Protocol) connections and sessions.
Circuit-level gateways are designed to ensure that the established sessions are
protected.

Typically, circuit-level firewalls are implemented as security software or

pre-existing firewalls. Like packet-filtering firewalls, these firewalls do not check
for actual data, although they inspect information about transactions. Therefore,
if a data contains malware, but follows the correct TCP connection, it will pass
through the gateway. That is why circuit-level gateways are not considered safe
enough to protect our systems.

Stateful Multi-layer Inspection (SMLI) Firewalls

Stateful multi-layer inspection firewalls include both packet inspection
technology and TCP handshake verification, making SMLI firewalls superior to
packet-filtering firewalls or circuit-level gateways. Additionally, these types of
firewalls keep track of the status of established connections.

In simple words, when a user establishes a connection and requests data, the
SMLI firewall creates a database (state table). The database is used to store
session information such as source IP address, port number, destination IP
address, destination port number, etc. Connection information is stored for each
session in the state table. Using stateful inspection technology, these firewalls
create security rules to allow anticipated traffic.

In most cases, SMLI firewalls are implemented as additional security levels. These
types of firewalls implement more checks and are considered more secure than
stateless firewalls. This is why stateful packet inspection is implemented along
with many other firewalls to track statistics for all internal traffic. Doing so
increases the load and puts more pressure on computing resources. This can give
rise to a slower transfer rate for data packets than other solutions.

Next-generation Firewalls (NGFW)

Many of the latest released firewalls are usually defined as 'next-generation
firewalls'. However, there is no specific definition for next-generation firewalls. This
type of firewall is usually defined as a security device combining the features and
functionalities of other firewalls. These firewalls include deep-packet inspection
(DPI), surface-level packet inspection, and TCP handshake testing, etc.
NGFW includes higher levels of security than packet-filtering and stateful
inspection firewalls. Unlike traditional firewalls, NGFW monitors the entire
transaction of data, including packet headers, packet contents, and sources.
NGFWs are designed in such a way that they can prevent more sophisticated and
evolving security threats such as malware attacks, external threats, and advance
intrusion.

Threat-focused NGFW
Threat-focused NGFW includes all the features of a traditional NGFW.
Additionally, they also provide advanced threat detection and remediation. These
types of firewalls are capable of reacting against attacks quickly. With intelligent
security automation, threat-focused NGFW set security rules and policies, further
increasing the security of the overall defense system.

In addition, these firewalls use retrospective security systems to monitor

suspicious activities continuously. They keep analyzing the behavior of every
activity even after the initial inspection. Due to this functionality, threat-focus
NGFW dramatically reduces the overall time taken from threat detection to
cleanup.

Network Address Translation (NAT) Firewalls

Network address translation or NAT firewalls are primarily designed to access
Internet traffic and block all unwanted connections. These types of firewalls
usually hide the IP addresses of our devices, making it safe from attackers.

When multiple devices are used to connect to the Internet, NAT firewalls create a
unique IP address and hide individual devices' IP addresses. As a result, a single
IP address is used for all devices. By doing this, NAT firewalls secure independent
network addresses from attackers scanning a network for accessing IP addresses.
This results in enhanced protection against suspicious activities and attacks.
In general, NAT firewalls works similarly to proxy firewalls. Like proxy firewalls, NAT
firewalls also work as an intermediate device between a group of computers and
external traffic.

Cloud Firewalls
Whenever a firewall is designed using a cloud solution, it is known as a cloud
firewall or FaaS (firewall-as-service). Cloud firewalls are typically maintained and
run on the Internet by third-party vendors. This type of firewall is considered
similar to a proxy firewall. The reason for this is the use of cloud firewalls as proxy
servers. However, they are configured based on requirements.

The most significant advantage of cloud firewalls is scalability. Because cloud

firewalls have no physical resources, they are easy to scale according to the
organization's demand or traffic-load. If demand increases, additional capacity
can be added to the cloud server to filter out the additional traffic load. Most
organizations use cloud firewalls to secure their internal networks or entire cloud
infrastructure.

Unified Threat Management (UTM) Firewalls

UTM firewalls are a special type of device that includes features of a stateful
inspection firewall with anti-virus and intrusion prevention support. Such
firewalls are designed to provide simplicity and ease of use. These firewalls can
also add many other services, such as cloud management, etc.
Firewall Architectures- Dual Homed Architecture,

Dual-Homed Firewall Architecture

A dual-homed firewall is a network security device with two network interfaces

(NICs).

One NIC connects to the untrusted network (e.g., the internet), while the other
connects to the trusted network (e.g., the internal corporate network).

How it Works:

1. Packet Filtering: The firewall examines incoming and outgoing packets

based on predefined rules. These rules can filter traffic based on various
criteria, such as IP addresses, port numbers, and protocol types.
2. Packet Forwarding: If a packet passes the filtering rules, the firewall
forwards it to the appropriate network interface.
3. Security Services: Dual-homed firewalls can provide additional security
services, such as:
 ○ Network Address Translation (NAT): Hides the internal IP addresses
of devices on the trusted network, making them less visible to
external attacks.
○ Virtual Private Networks (VPNs): Enables secure remote access to
the internal network.
○ Intrusion Detection Systems (IDS): Monitors network traffic for
signs of malicious activity.

Advantages of Dual-Homed Firewall Architecture:

● Simplicity: Relatively easy to configure and manage.

● Cost-Effective: Typically less expensive than more complex firewall
architectures.
● Basic Security: Provides a basic level of security by filtering traffic.

Disadvantages of Dual-Homed Firewall Architecture:

● Single Point of Failure: If the firewall fails, it can disrupt network

connectivity.
● Limited Security: Offers less robust security compared to more advanced
firewall architectures.
● Vulnerability to Attacks: A compromised firewall can expose the entire
network to attacks.

Screened Host Architecture

A screened host architecture is a network security configuration where a

server is placed on a network segment that is isolated from the external

network. This isolation is achieved by using a firewall or router to filter traffic

between the server's network segment and the external network.

Diagram:

Explanation:

1. Screened Host: The server that provides services to the external

network.

2. Screening Router: A firewall or router that controls traffic flow

between the screened host's network segment and the external

network.

The screening router filters all incoming and outgoing traffic to and from the

screened host. Only authorized traffic is allowed to reach the screened host.

By isolating the screened host, the risk of attack is reduced.

Screened Subnet Architecture

A screened subnet architecture is a more advanced network security

configuration that involves creating a separate network segment (DMZ) for

servers that need to be exposed to the internet. This DMZ is protected by

two firewalls, one on the external network side and one on the internal

network side.

Diagram:

Explanation:

1. DMZ (Demilitarized Zone): A separate network segment for servers

exposed to the internet.

2. External Firewall: Filters traffic between the internet and the DMZ.
 3. Internal Firewall: Filters traffic between the DMZ and the internal

network.

Both firewalls filter traffic, providing multiple layers of defense. Only

authorized traffic is allowed to pass through the firewalls. The DMZ is

isolated from both the internet and the internal network, enhancing security.

Bastion Host

A bastion host is a hardened server that is placed in a DMZ to provide

specific services to external users. It is typically configured with minimal

services and strong security measures to reduce the risk of attack.

Diagram:

The bastion host is a single point of entry for external users. It is configured

with strong security measures, such as:

 ● Minimal services

● Strong passwords

● Regular security updates

● Intrusion detection systems (IDS)

By limiting the number of services exposed to the internet and implementing

strong security measures, the bastion host reduces the risk of attack.