DEBRE MARKOS UNIVERSITY

BURIE CAMPUS
DEPARTMENT OF COMPUTER SCIENCE
Computer Security
By:
Amare W.

1
 2

Chapter 5: Security Mechanisms

5.1 Firewall
♥ A firewall is a set of related hardware and software programs,
deployed strategically between a company’s private network and
one or more unsecured network.
♥ A firewall functions to protect the resources of the private network
from users on the outside (external) networks.
♥ The firewall separates the protected, private network (the inside)
from the unsecured networks (the outside) and makes sure that any
malicious or unintentional harm will not be done to internal
resources by external forces.
 3 01/27/2025

♥ A firewall is considered essential in the following areas of

network applications:
 Access from one or more external unsecured networks (e.g.,
the Internet) to applications within the private network
 Access by users within the private network to one or more
external unsecured networks (including the Internet)
 Communication with business partners through an extranet
 Remote access to the intranet
3/2/2018
 4 01/27/2025

5.1.1 Classification of Firewalls

♥ Firewalls can usefully be classified into the following four
basic types:
1. Packet filters — The first line of defense in firewall
protection, and the most basic, is the packet filter firewall.
Packet filters examine incoming and outgoing packets and apply
a fixed set of rules to the packets to determine whether they will
be allowed to pass.
♥ It simply examines the type of the packet along with the
source and destination addresses, including URLs,3/2/2018
domain
names, etc., as well as the port combinations, and then it
 5 01/27/2025

2. Circuit-level gateways — This type of firewall has also been

called a “stateful inspection” firewall because packets are
handled on a circuit or connection basis.
♥ In a circuit-level firewall, all connections are monitored, and
only those connections that are found to be valid are allowed
to pass through the firewall.
♥ This generally means that a client behind the firewall can
initiate any type of session, but clients outside the firewall
cannot see or connect to a machine protected by the firewall.
3/2/2018
 6 01/27/2025

3. Application layer gateways (ALGs) — The ALG firewall

forces all client applications on workstations protected by the
firewall to use the firewall itself as a gateway. The firewall then
handles packets for each protocol differently.
♥ Every client program needs to be set up to use a proxy, and not
all can do so. Also, the firewall must have an ALG for each type
of protocol that can be used.
♥ The distinct advantage is obviously that application proxy
firewalls are considered to be very secure. 3/2/2018
 7 01/27/2025

4. Network address translation (NAT) — Firewalls using NAT

and/or port address translation (PAT) completely hide the network
protected by the firewall by translating the outgoing packets to
use different addresses.
♥ In most implementations there is a single, public IP address
used for the entire network. PAT needs to be added to NAT to
handle port conflicts.
♥ A disadvantage of NAT is that it cannot properly pass protocols
3/2/2018
containing IP address information in the data portion of the
 8 01/27/2025

5.2 Proxy server

♥ A proxy server is a server that acts as an intermediary between a
remote user and the servers that run the desired applications
within the protected enterprise network.
♥ User authorization, if not done in the authentication server,
might be done in the proxy server.
♥ A proxy server receives a request for an Internet service (such
as a Web page request) from a user.
♥ If the request passes filtering requirements, the proxy server,
3/2/2018
assuming it is also a cache server, looks in its local cache of
previously downloaded Web pages.
 9 01/27/2025

♥ If it finds the page, it returns it to the user without needing to

forward the request to the Internet.
♥ If the page is not in the cache, the proxy server, acting as a client
on behalf of the user, uses one of its own IP addresses to request
the page from the server out on the Internet.
♥ When the page is returned, the proxy server relates it to the
original request and forwards it to the user.
♥ An advantage of a proxy server is that its cache can serve all
users. If one or more Internet sites are frequently requested,
3/2/2018these

are likely to be in the proxy’s cache, which will improve user

 10 01/27/2025

5.3 IDS/IPS
♥ Intrusion detection is the process of monitoring the events
occurring in a computer system or network and analyzing them for
signs of possible incidents, which are violations or imminent
threats of violation of computer security policies, acceptable use
policies, or standard security practices.
♥ Incidents have many causes, such as malware (e.g., worms,
spyware), attackers gaining unauthorized access to systems from
the Internet, and authorized users of systems who misuse their
privileges or attempt to gain additional privileges for which they
3/2/2018
are not authorized.
 11 01/27/2025

♥ Although many incidents are malicious in nature, many others

are not; for example, a person might mistype the address of a
computer and accidentally attempt to connect to a different
system without authorization.
♥ An intrusion detection system (IDS) is software that automates
the intrusion detection process.
♥ An intrusion prevention system (IPS) is software that has all
the capabilities of an intrusion detection system and can also
3/2/2018
attempt to stop possible incidents.
 12 01/27/2025

Key Functions of IDPS Technologies

♥ There are many types of IDPS technologies, which are

differentiated primarily by the types of events that they can
recognize and the methodologies that they use to identify
incidents.
♥ In addition to monitoring and analyzing events to identify
undesirable activity, all types of IDPS technologies typically
perform the following functions:
 Recording information related to observed events.
3/2/2018
 Notifying security administrators of important observed events.

 13 01/27/2025

♥ IPS technologies are differentiated from IDS technologies by

one characteristic: IPS technologies can respond to a detected
threat by attempting to prevent it from succeeding.
♥ They use several response techniques, which can be divided
into the following groups:
 The IPS stops the attack itself.
 The IPS changes the security environment.
 The IPS changes the attack’s content.

3/2/2018
 14 01/27/2025

Common Detection Methodologies

♥ IDPS technologies use many methodologies to detect
incidents. signature-based, anomaly-based, and stateful
protocol analysis.
♥ Most IDPS technologies use multiple detection
methodologies, either separately or integrated, to provide more
broad and accurate detection.

3/2/2018
 15 01/27/2025

5.4 Virtual Private network

♥ VPN stands for Virtual Private Network (VPN), that allows a

user to connect to a private network over the Internet securely
and privately.
♥ VPN creates an encrypted connection that is called VPN tunnel,
and all Internet traffic and communication is passed through
this secure tunnel.
♥ Virtual Private Network (VPN) is basically of 2 types:

3/2/2018
 16 01/27/2025

♥ 1.Remote Access VPN: Remote Access VPN permits a user to

connect to a private network and access all its services and
resources remotely.
♥ The connection between the user and the private network
occurs through the Internet and the connection is secure and
private.
♥ Remote Access VPN is useful for home users and business
users both.
3/2/2018
 17 01/27/2025

♥ 2. Site to Site VPN: A Site-to-Site VPN is also called as Router-to-

Router VPN and is commonly used in the large companies.
Companies or organizations, with branch offices in different
locations, use Site-to-site VPN to connect the network of one office
location to the network at another office location.
♥ • Intranet based VPN: When several offices of the same
company are connected using Site-to-Site VPN type, it is called as
Intranet based VPN.
♥ • Extranet based VPN: When companies use Site-to-site VPN
3/2/2018
type to connect to the office of another company, it is called as
 18

Thank you