Chapter Five
Chapter Five
Chapter-Five
Security Mechanisms
1
Outline
Firewall.
Proxy server.
IDS/IPS.
Virtual Private Network.
2
Security Mechanisms
Security mechanisms are technical tools and techniques that are
used to implement security services. A mechanism might operate
by itself, or with others, to provide a particular service.
Firewall:- A firewall is a network security that monitors incoming
and outgoing network traffic and decides whether to allow or block
specific traffic based on a defined set of security rules.
Firewalls establish a barrier between secured and controlled
internal networks that can be trusted and untrusted outside
networks, such as the Internet.
A firewall can be hardware, software, or both.
3
Types of Firewalls
Proxy Firewall:- It serves as the gateway from one network to
another for a specific application. It provide additional
functionality such as content caching and security by
preventing direct connections from outside the network. However,
this also may impact throughput capabilities and the applications
they can support.
Stateful inspection firewall:- It allows or blocks traffic based
on state, port, and protocol.
It monitors all activity from the opening connections until it is
closed.
4
Cont.…
Filtering decisions are made based on both administrator-
defined rules as well as context, which refers to using
information from previous connections and packets belonging to
the same connection.
Unified Threat Management (UTM) Firewall:- It typically
combines, the functions of a stateful inspection firewall with
intrusion prevention and antivirus.
It may also include additional services and often cloud
management. UTMs focus on simplicity and ease of use.
5
Cont.…
Next-Generation Firewall (NGFW):- Firewalls have evolved
beyond simple packet filtering and stateful inspection. Most
companies are deploying next-generation firewalls to block
modern threats such as advanced malware and application-
layer attacks.
According to Gartner, Inc.‘s definition, a next-generation
firewall must include:-
Standard firewall capabilities like stateful inspection.
Integrated intrusion prevention.
Application awareness and control to see and block risky
6
Proxy Server
Proxy Server:- is machine that translates traffic between
networks or protocols. It‘s an intermediary server separating
end-user clients from the destinations that they browse.
Proxy servers provide varying levels of functionality, security,
and privacy depending on your use case, needs, or
company policy.
Some people use proxies for personal purposes, such as
hiding their location while watching movies online.
However, company can use proxy to accomplish several key tasks
such as:-
7
Cont.…
1. Improve Security.
2. Secure employees‘ internet activity from people trying to snoop on
them.
3. Balance internet traffic to prevent crashes.
4. Control the websites employees and staff access in the
office.
5. Save bandwidth by caching files or compressing incoming traffic.
How a proxy server works?:- Because a proxy server has its own
IP address, it acts as a go-between for a computer and the internet.
Your computer knows this address, and when you send a request on
the internet, it is routed to the proxy, which then gets the response 8
How to Get Proxy?
There are hardware and software versions.
Hardware connections sit between your network and the internet,
where they get, send, and forward data from the web.
Software proxies are typically hosted by a provider or reside in
the cloud. You download and install an application on your
computer that facilitates interaction with the proxy.
Often, a software proxy can be obtained for a monthly fee.
Sometimes, they are free. The free versions tend to offer users
fewer addresses and may only cover a few devices, while the paid
proxies can meet the demands of a business with many devices.
9
How is the Server Set Up
To get started with a proxy server, you have to configure it in your
computer, device, or network. Each operating system has its own
setup procedures, so check the steps required for your computer
or
network.
In most cases, however, setup means using an automatic
configuration script. If you want to do it manually, there will be
options to enter the IP address and the appropriate port.
10
How Does the Proxy Protect Computer Privacy and Data?
11
Cont.…
Without your personal IP address, people on the internet do
not have direct access to your personal data, schedules,
apps, or files.
With it in place, web requests go to the proxy, which then
reaches out and gets what you want from the internet.
If the server has encryption capabilities, passwords and
other personal data get an extra tier of protection.
12
Benefits of Proxy Server
13
Cont.…
You can, in effect, make it look like you are in that country
and gain full access to all the content computers in that
country are allowed to interact with.
4. Prevent Employees From Browsing Inappropriate or
Distracting sites:- You can use it to block access to websites that
run contrary to your organization‘s principles. Also, you can block
sites that typically end up distracting employees from important
tasks.
Some organizations block social media sites like Facebook and
others to remove time-wasting temptations.
14
Types of Proxy Server
15
Cont.…
Reverse Proxies:- In this the requests are forwarded to one or
more proxy servers and the response from the proxy server is
retrieved as if it came directly from the original Server.
16
Architecture
Architecture:- The proxy server
architecture is divided into several
modules as shown in the following
diagram:-
18
IDS/IPS
An Intrusion Detection System (IDS):- monitors traffic on
your network, analyzes that traffic for signatures matching
known attacks, and when something suspicious happens, you're
alerted. In the meantime, the traffic keeps flowing.
19
Cont.…
20
Cont.…
What Is an IDS?:- You want to protect the assets on your
server. But you don't want to slow down the traffic, even if a
problem occurs.
An intrusion detection system (IDS) could be the solution you've
been
looking for.
Five main types of IDS exist.
Network:- Choose a point on your network and examine all
traffic on all devices from that point.
Host:- Examine traffic to and from independent devices
21
Cont.…
Protocol-based:- Place protection between a device and the
server, and monitor all traffic that goes between them.
Application protocol-based:- Place protection within a group
of servers and watch how they communicate with one another.
Hybrid:- Combine some of the approaches listed above into a
system made just for you.
22
What Is IPS?
You want to stop an attack as soon as it's discovered, IPS
could be just right for you. The goal of an IPS is to prevent
damage. While you're kept in the loop about the attack, the
system is already working to keep things safe.
IPS can protect against exterior intruders. But people within
your organization can also take steps that harm your security.
An IPS can protect against these actions too, so it can help train
your employees about what is allowed and what is not.
23
Cont.…
Four main types of IPS:-
Network:- Analyze and protect traffic on your network.
Wireless:- Observe anything happening within a wireless
network and defend against an attack launched from there.
Network behavior:- Spot attacks that involve unusual traffic
on your network.
Host-based:- Scan events that occur within a host you specify.
24
Virtual Private Network (VPN)
VPN:- is an encrypted connection over the Internet from a device
to a network. The encrypted connection helps ensure that
sensitive data is safely transmitted. It prevents
unauthorized people from eavesdropping on the traffic and
allows the user to conduct work remotely.
VPN technology is widely used in corporate environments.
25
Cont.…
Because the traffic is encrypted between the device and
the network, traffic remains private as it travels.
An employee can work outside the office and still securely connect
to the corporate network. Even smartphones and tablets can
connect through a VPN.
What is Secure Remote Access?:-Secure remote access
provides a safe, secure way to connect users and devices remotely
to a
corporate network.
It includes VPN technology that uses strong ways to authenticate
26
Cont.…
VPN technology is available to check whether a device meets
certain requirements, also called a device‘s posture, before it
is allowed to connect remotely.
Is VPN Traffic Encrypted? Yes, traffic on the virtual network is
sent securely by establishing an encrypted connection across the
Internet known as a tunnel. VPN traffic from a device such as a
computer, tablet, or smartphone is encrypted as it travels through
this tunnel. Offsite employees can then use the virtual network to
access the corporate network.
27
Types of VPN
Remote Access:- A remote access VPN securely connects a
device outside the corporate office.
These devices are known as endpoints and may be laptops,
tablets, or smartphones. Advances in VPN technology have
allowed security checks to be conducted on endpoints to make
sure they meet a certain posture before connecting.
Think of remote access as computer to network.
28
Cont.…
Site-to-Site A site-to-site VPN connects the corporate office
to branch offices over the Internet. Site-to-site VPNs are used
when distance makes it impractical to have direct network
connections between these offices.
Dedicated equipment is used to establish and maintain a
connection.
Think of site to-site access as network to network.
29
End.
30