Prepared By:

Y.A.Hathaliya
Lecturer in Computer Engg. Department
A.V.P.T.I, Rajkot
Topics To be Covered
• Security Topologies
▪ Security Zones, DMZ,
▪ Internet, Intranet
▪ VLAN, Security Implication in VLAN
▪ Tunneling.
• Firewalls
▪ Working of Firewall
▪ Need of Firewall
▪ Types of Firewall (Packet Filtering Firewall, Circuit-Level Gateway Firewall,
Application Level Gateway Firewall, Stateful Inspection Firewall, and Next-
Generation Firewall)
• Intrusion detection systems (IDS)
▪ Definition of Intruders
▪ Components of IDS
▪ Types of IDS with Advantages and Disadvantages (HIDS,NIDS)
Security Topologies
• Security Topologies refer to the architectural designs and configurations
used to establish and maintain the security of computer networks and
systems.
• These Topologies are crucial for protecting information, resources, and
infrastructure from unauthorized access, data breaks, and other cyber
threats.
• Different organizations may implement various security topologies based
on their specific requirements, the nature of their operations, and the
sensitivity of the data they handle.
• Example of Security Topologies are.
• DMZ
• Network Segmentation
• VLAN (Virtualization Security)
Security Zones
• Security Zones in network security refer to the concept of dividing a network
into distinct areas, each with its own set of security policies, controls, and
levels of trust.
• This segmentation is designed to enhance overall security by limiting the
scope and impact of security incidents and unauthorized access, each security
zone is treated as a separate entity, and traffic between zones is subject to
specific rules and scrutiny.
• Imagine security zones as rooms in your home, accessible only to specific
family members. For instance, your home office may be restricted, barring
entry for helpers and children, security zones help regulate entry to specific
spaces and ensuring the confidentiality and security of sensitive information.
• Here are some common security zones in network architecture,
▪ DMZ (Demilitarized Zone)
▪ Remote Access Zone
▪ Internal Zone
▪ Guest Network Zone
▪ VPN Zone
DMZ
• Demilitarized Zone (DMZ) is a network security
concept that involves creating a separate,
intermediate network segment between an
organization's internal network (trusted
network) and an external network (untrusted
network), typically the internet.
• The purpose of a DMZ is to provide an
additional layer of security by segregating
public-facing services, such as web servers,
email servers, or FTP servers, from the internal
network where sensitive data is stored.
• In the context of cybersecurity, a DMZ acts as a
buffer zone that helps protect internal
resources from direct exposure to the internet,
It often contains firewalls, intrusion
detection/prevention systems, and other
security appliances to monitor and control
traffic entering and leaving the network.
• The basic figure of DMZ are depicted below,
• Characteristics/Application of DMZ are;
• Segregation of Services
▪ DMZ allows organizations to segregate their public-facing services, such as
web servers, email servers, or FTP servers, from their internal network.
▪ This separation helps in containing potential security breaches and limiting
their impact to only the DMZ.
• Enhanced Security
▪ By placing critical services in the DMZ, organizations can implement stricter
security measures for these services
• Restricted Access
▪ Access controls are typically implemented to restrict traffic flow between the
DMZ and internal networks.
▪ Only specific types of traffic necessary for the operation of public-facing
services are allowed, while all other traffic is blocked or carefully scrutinized.
• Web Servers
▪ Hosting web servers in the DMZ allows external users to access a company's
website without directly connecting to the internal network, safeguarding
sensitive data.
• Email Servers
▪ Placing email servers in the DMZ ensures that external communications,
such as emails from clients or partners, are processed in a secure
environment before reaching the internal network.
• FTP Servers
▪ File Transfer Protocol (FTP) servers in the DMZ facilitate secure file
transfers between internal and external networks.
• DNS Servers
▪ Domain Name System (DNS) servers in the DMZ handle external DNS
requests, separating this critical service from the internal network to
prevent potential attacks.
• Authentication Services
▪ Placing authentication services in the DMZ allows external users to
authenticate without gaining direct access to internal user databases,
enhancing security.
• Virtual Private Network (VPN) Servers
▪ DMZs are commonly employed to host VPN servers, enabling secure
remote access for external users without compromising the internal
network's integrity.
• Intrusion Detection and Prevention
• Scalability and Flexibility
• Monitoring and Logging
• Advantages of DMZ are;
• Enhanced Security
• Provide Controlled Access
• Scalability and Flexibility
• Centralized Management and Monitoring
• Support for Remote Access

• Disadvantages of DMZ are;

• Initial Complex Implementation
• Increased Maintenance Overhead
• Higher Maintenance Cost
• Limited Protection against Insider Threats
• Requires Skilled Personnel
Intranet
• The intranet is typically the network (or networks) that contains most of the
organization's private resources, including computers, users, data, printers, and other
network infrastructure equipment.
• An intranet is a private network within an organization that uses internet
technologies and protocols to securely share information, collaboration tools, and
computing resources among its members.
• It serves as an internal communication and information-sharing platform, fostering
collaboration, knowledge-sharing, and efficient workflows within an organization.
• This is also known as the internal network, private network, local area network
(LAN), trusted network, protected network, and company or organizational network.
• The basic figure are depicted below,
• Applications of Intranet;
• Internal Communication
• Knowledge Sharing
• Employee Directory
• Training and Development
• Remote Work Support
• Feedback and Surveys
• Workflow Automation
Internet
• The internet is a global network of interconnected computers and computer
networks that use standardized communication protocols to exchange information.
• It is a vast and decentralized system that allows for the transfer of data,
communication, and access to various resources across the globe.
• The purpose of an internet is to share information and technology between
members of multiple organizations.
• Web browsers serve as gateways, allowing users to navigate websites hosted on
servers worldwide, and WWW is a significant component of the Internet, providing a
graphical interface for accessing information.
• The Basic Figure of Internet is given below;
• Applications of Internet;
• Communication
• Information Access
• E-commerce
• Education
• Business
• Entertainment
• Social Networking
• Research and Innovation
• Remote Work
VLAN
• VLAN stands for Virtual Local Area Network, It is a networking technology that enables
the logical segmentation of a physical network into multiple virtual networks.
• VLANs enable network administrators to group devices together, even if they are not
physically connected to the same network switch, this grouping is done based on
criteria such as department, team, or function, allowing for better network
management, security, and efficiency.
• For example, in a large organization, different departments such as HR, Marketing,
and IT may be assigned to separate VLANs.
• The basic figure of VLAN is given below, It is implemented using software and
various networking devices.
• Types of VLAN
1. Port Based VLAN
• This is the most common type of VLAN, where ports on a switch are
assigned to different VLANs.
• Devices connected to these ports are part of the same VLAN.
2. MAC Based VLAN
• VLAN membership is determined based on the MAC address of the
device connected to the switch port.
3. Protocol Based VLAN
• VLAN membership is determined based on the protocol used in the
network traffic.
• For example, all IP traffic could be assigned to one VLAN, while all IPX
traffic could be assigned to another.
4. 802.1Q VLAN
• This is a standard VLAN implementation that adds a VLAN tag to
Ethernet frames, indicating the VLAN to which the frame belongs. This
allows multiple VLANs to coexist on the same physical network.
5. Voice VLAN
• This type of VLAN is designed specifically for voice over IP (VoIP)
traffic. It ensures that voice traffic is prioritized and can be easily
segregated from other types of network traffic.
• Advantages of VLAN
• Network Segmentation Facility
• Improved Network Performance
• Improved Security
• Simplified Network Management
• Simplified Network Troubleshooting
• Flexibility and Scalability
• Disadvantages of VLAN
• Setting up and managing VLANs can be complex.
• Security Concern increase
• Higher Cost
• Applications of VLAN
• Departmental Segmentation
• Video Conferencing
• Remote Access
• Guest Networks Creation
• Virtualization Environments
• Gaming Facility
• Security Implications of VLAN
• Security implications refer to the potential consequences and impacts on
the security of a system, network, or information due to certain actions,
decisions, technologies, or vulnerabilities.
• While VLANs provide advantages in terms of network segmentation,
improved performance, and flexibility, it's essential to consider security
implications to ensure the effectiveness of VLAN implementations.
• Here are some security considerations and potential implications
associated with VLANs
▪ Management VLAN Security
▪ Broadcast and Multicast Issues
▪ Security in Shared VLANs
▪ VLAN Infrastructure Security
▪ Guest VLAN Security
▪ Monitoring
▪ Logging
▪ Documentation
▪ Change Control
Tunneling
• Tunneling is a networking concept that involves encapsulating one network protocol
within another, This process allows data from one network to be transported over
another network, effectively creating a “Tunnel" through which the encapsulated
data can travel.
• Tunneling is commonly used in various networking scenarios to enable
communication between networks that may use different protocols or have different
topologies.
• The best example of this concept VPN (virtual Private Network), VPN is a
technology that enables secure and encrypted communication over the internet,
allowing users to establish a private network connection over a public network.
• Why Needed: Assume that a company has a multiple branches and decides to
use public internet to connect various branches.
• The basic figure is given below;
• Tunneling Protocols
• Various protocols are used for tunneling, each with its own
characteristics.
• Some common tunneling protocols include:
▪ Point-to-Point Tunneling Protocol (PPTP)
▪ Layer 2 Tunneling Protocol (L2TP)
▪ IPsec (Internet Protocol Security) Protocol
• Advantages of Tunneling
• Provide Secure Connections
• Helps to Implement VPN
• Network Segmentation
• Traffic Encapsulation
• Disadvantages of Tunneling
• Performance Overhead
• Complexity
• Dependence on Protocols
• Potential for Misuse
• Resource Consumption
Firewall
• Firewall is a network security device or software that monitors and controls
incoming and outgoing network traffic based on predetermined security rules.
• The primary purpose of a firewall is to establish a barrier between a trusted
internal network and untrusted external networks, such as the internet.
• Firewalls help prevent unauthorized access, monitor and control network
communication, and enhance the overall security of a computer network.
• All messages entering or leaving the internet pass through the firewall, Which
examines each message and blocks those that do not meet the specified security
criteria.
• The basic place of firewall are depicted below;
• Limitations of Firewall
• The firewall cannot protect against attacks that bypass the firewall.
• The firewall does not protect against internal threats.
• A firewall does not prevent users from accessing malicious websites,
which makes it vulnerable to internal threats and attacks.
• The firewall cannot protect against the transfer of virus-infected
programs or files.
• The firewall is Expensive device.
• Design Goal of Firewall
• All traffic from or to the internal network must pass through the
firewall.
• Only authorized traffic, as defined by the local security policy, will be
allowed to pass.
• The firewall itself is immune to penetration.
• Characteristics of Firewall
• Service Control
✓ Determines the types of Internet services that can be accessed.
• Direction Control
✓ Determines the direction in which particular service requests are
allowed to flow through the firewall.
• User Control
✓ Controls access to a service according to which user is attempting to
access it
• Behavior Control
✓ Controls how particular services are used.

• Need of Firewall (Advantages) (Application)

▪ Access Control
▪ Network Security
▪ Prevention of Unauthorized Access
▪ Protection Against Cyber Attacks
▪ Confidentiality and Privacy
▪ Monitoring and Logging
▪ Network Segmentation
▪ Virtual Private Network (VPN) Support
Packet Filtering Firewall
• A Packet-filtering firewall applies a set of rules to each incoming and
outgoing IP packet and then forwards or discards the packet.
• Filtering rules are based on information contained in a network packet like
Source IP address, Destination IP address, Source port, Destination port etc.
• As each packet passes through the firewall, it is examined and information
contained in the header is compared to a pre-configured set of rules or
filters.
• An allow or deny decision is made based on the results of the comparison.
• Operate at the Network Layer of the OSI model.
• The basic figure is given below;
• Advantages of Packet Filtering Firewall
• Highly Efficient
• Simple Architecture and Working
• Higher Working Speed
• Cost Effective
• Disadvantages of Packet Filtering Firewall
• Less Effective due to Statelessness nature
• Complex ACL (Access control lists) Management
• Applications of Packet Filtering Firewall
• Access Control
• Network Security
• Prevention of Unauthorized Access
• Protection Against Cyber Attacks
• Confidentiality and Privacy
• Monitoring and Logging
• Network Segmentation
• Virtual Private Network (VPN) Support
Circuit-Level Gateway Firewall
• Unlike a Packet filtering firewall, a circuit-level gateway does not examine
individual packets. Instead, circuit-level gateways monitor TCP or UDP
sessions.
• A Circuit level gateway firewall applies a set of rules to each incoming and
outgoing TCP and UDP sessions and then forwards or discard it based on that
rules.
• Operate at the Transport Layer of the OSI model.
• The basic figure is given below;
• Advantages of Circuit-Level Gateway Firewall
• Ease of Setup and Management
• Simple Design and Working
• Cost Effective
• Provide Effective Session Management
• Disadvantages of Circuit-Level Gateway Firewall
• Absence of Application Layer Monitoring
• Limited Content Inspection
• Security Limitations
• Applications of Circuit-Level Gateway Firewall
• Access Control
• Network Security
• Prevention of Unauthorized Access
• Protection Against Cyber Attacks
• Confidentiality and Privacy
• Monitoring and Logging
• Network Segmentation
• Virtual Private Network (VPN) Support
Application-Level Gateway Firewall
• An Application-level gateway firewall also known as a Proxy Server
• When a client issues a request from the untrusted network, a connection is
established with the application gateway/proxy. The proxy determines if the
request is valid (by comparing it to any rules or filters) and then sends a new
request on behalf of the client to the destination.
• By using this method, a direct connection is never made from the trusted
network to the untrusted network and the request appears to have
originated from the application gateway/proxy.
• The response is sent back to the application gateway/proxy, which
determines if it is valid and then sends it on to the client.
• Operate at the Application Layer of the OSI model.
• The basic figure is given below;
• Advantages of Application-Level Gateway Firewall
• User Anonymity Protection
• Enables Content Filtering
• Enhanced Security Measures
• Disadvantages of Application-Level Gateway Firewall
• Complex Configuration
• Protocol Limitations
• Higher Cost
• Security Limitations
• Applications of Application-Level Gateway Firewall
• Access Control
• Network Security
• Prevention of Unauthorized Access
• Protection Against Cyber Attacks
• Confidentiality and Privacy
• Monitoring and Logging
• Network Segmentation
• Virtual Private Network (VPN) Support
Stateful Inspection Firewall
• Stateful Inspection Firewall also known as Dynamic Packet Filtering Firewall,
is a firewall technology that goes beyond the basic capabilities of traditional
packet filtering firewalls.
• Stateful Inspection Firewalls operate at the Network Layer of the OSI model
and provide a more advanced and context-aware approach to examining
network traffic.
• These firewalls keep track of the state of active connections and make
decisions based on the context of the entire communication session, offering
improved security and awareness compared to stateless packet filtering.
• Features of it:
▪ Connection Tracking
▪ Context Awareness
▪ Dynamic Rule Adjustment
▪ Improved Security
▪ Connection Logging
▪ Application Layer Support
• Advantages of Stateful Inspection Firewall
• Provide Stateful Tracking
• Provide Adaptive Rule Management
• Enhanced Security Measures
• Simplicity in Rule Configuration
• Disadvantages of Stateful Inspection Firewall
• Lower Speed
• Higher Cost
• Applications of Stateful Inspection Firewall
• Access Control
• Network Security
• Prevention of Unauthorized Access
• Protection Against Cyber Attacks
• Confidentiality and Privacy
• Monitoring and Logging
• Network Segmentation
• Virtual Private Network (VPN) Support
Next Generation Firewall
• Next Generation Firewall (NGFW) is a sophisticated network security device
that combines traditional firewall capabilities with advanced security
features such as intrusion prevention, application awareness and control,
and user identity management.
• NGFWs are designed to provide enhanced security and granular control over
network traffic, going beyond the capabilities of traditional firewalls.
• They operate at multiple layers of the OSI model, including the Network
Layer and the Application Layer.
• Features of it:
▪ Deep Packet Inspection
▪ Application Awareness and Control
▪ Intrusion Prevention System (IPS) Support
▪ User Identity Management
▪ SSL/TLS Support
▪ Advanced Threat Protection
▪ Cloud Integration
▪ Integration with Security Services
▪ Centralized Management and Reporting
▪ Virtualization Support
• Advantages of Next Generation Firewall
• Provide Proactive Threat Defense
• Provide Adaptive Rule Management
• Enhanced Security Measures
• User Centric Application
• Disadvantages Next Generation Firewall
• Integration Challenges
• Complex Configuration
• Higher Cost
• Applications Next Generation Firewall
• Access Control
• Network Security
• Prevention of Unauthorized Access
• Protection Against Cyber Attacks
• Confidentiality and Privacy
• Monitoring and Logging
• Network Segmentation
• Virtual Private Network (VPN) Support
Intruders
• The most common threat to security is an attack by an Intruder.
• Intruders are often referred to as hackers and are the most harmful factors
contributing to the vulnerability of security, they have immense knowledge and
an in-depth understanding of technology and security.
• Intruders crack the privacy of users and aim to steal the confidential information
of the users, the stolen information is then sold to third parties, which aim at
misusing the information for their own personal or professional gains.
• Three Classes of Intruders:
1. Masquerader
• An individual who is not authorized to use the computer and who
penetrates a system’s access controls to exploit a legitimate user’s
account.
2. Misfeasor
• A legitimate user who accesses data, programs, or resources for which
such access is not authorized, or who is authorized for such access but
misuses his or her privileges.
3. Clandestine User
• An individual who seizes supervisory control of the system and uses this
control to escape auditing and access controls.
Intrusion Detection System (IDS)
• IDS is a device or software application designed to monitor and analyze
network and system activities for signs of malicious behavior or security
policy violations, after that it produces reports to a management station.
• IDS is often part of a broader security strategy, complementing other
security measures such as firewalls, antivirus software, and access controls.
• Intrusion
• A set of actions aimed to compromise the security services and
principals.
• Intrusion Detection
• The process of identifying and responding to intrusion activities.
• There are two main types of IDS:
• Network-Based IDS (NIDS)
• Host-Based IDS (HIDS).
• The Key Functions of IDS are listed below;
• Monitoring
• IDS continuously monitors and analyzes network and system activities.
• Alerting
• When suspicious or potentially malicious activity is detected, the IDS
generates alerts to notify security administrators.
• Logging
• IDS systems maintain logs of detected events.
• Response
• While IDS itself doesn't prevent intrusions, it can trigger automated
responses or alert security personnel to take appropriate actions.
• Signature-Based Detection
• Involves comparing observed activities against a database of known
attack patterns or signatures.
• Anomaly-Based Detection
• Establishes a baseline of normal behavior and raises alerts when
deviations from this baseline occur.
• Heuristic-Based Detection
• Utilizes rules and algorithms to identify new, previously unknown
threats based on certain characteristics or behaviors.
Network Based IDS (NIDS)
• NIDS monitors and analyzes
network traffic to identify and
respond to suspicious or malicious
activities.
• NIDS is designed to operate at the
network level, examining packets
and traffic patterns to detect
potential security threats.
• When threats are discovered,
based on its severity, the system
can take action such as notifying
administrators, or barring the
source IP address from accessing
the network.
• The Basic Figure of NIDS are given
below;
• Advantages of NIDS
▪ Comprehensive Network Visibility
▪ Centralized Monitoring
▪ Early Threat Detection
▪ Detects Known Attack Signatures
▪ Scalability
▪ Real Time Monitoring
▪ Cost-Effective
• Disadvantages of NIDS
▪ Difficulty in Analyzing Encrypted Traffic
▪ Inability to Monitor Host-Level Activities
▪ Additional Network Overhead
▪ Limited Protection against Insider Threats
▪ Complexity of Rule Configuration
▪ Limited Response Capabilities
▪ Dependency on Regular Updates
Host Based IDS (HIDS)
• HIDS monitors and analyzes the
internals of a computing system, such
as servers, workstations, or individual
devices, for signs of malicious activity
or security policy violations.
• Unlike Network-based IDS (NIDS),
which focuses on monitoring network
traffic, HIDS operates at the host
level, examining activities on a
specific device.
• If the critical system files were
modified or deleted, the alert is sent
to the administrator to investigate.
• The Basic Figure of HIDS are given
below;
• Advantages of HIDS
▪ Individual Host Protection
▪ Insider Threat Detection
▪ Customization for Specific Hosts
▪ Detects Unauthorized Access
▪ File Integrity Monitoring
▪ Detects attacks that a network based IDS fail to detect.
▪ Lower Cost
• Disadvantages of HIDS
▪ Resource Consumption
▪ Complexity in Managing Alerts
▪ High Deployment and Maintenance Overhead
▪ Dependency on Host Integrity
▪ Difficulty in Scalability
▪ Limited Network-Level Visibility
▪ Inability to Monitor Encrypted Traffic
Important Questions
Unit-4 (CO-4)
Sr No. Question
1 Explain DMZ with Suitable Diagram.
2 Explain Internet with Suitable Diagram.
3 Explain Intranet with Suitable Diagram.
4 Explain VLAN with Suitable Diagram,Also Explain any Three Types of It.
5 Explain Tunneling with Suitable Diagram.
6 Define Firewall, List Needs (Application) of Firewall.
7 Explain Packet Filtering Firewall.
8 Explain Circuit-Level Gateway Firewall.
9 Explain Application-Level Gateway Firewall.
10 Explain Stateful Inspection Firewall.
11 Explain Next Generation Firewall.
12 Define Intruders,Explain its Types.
13 Define IDS,List Key Functions of IDS.
14 Explain NIDS with Suitable Diagram, Also List Advantages and Disadvantages.
15 Explain HIDS with Suitable Diagram, Also List Advantages and Disadvantages.