Information Security
By:
Muhammad Akhter Javed
Lecturer CS, IUB
Bahawalnagar Campus
Lec15&16
� Outlines
• Network security
• Firewall
• Intrusion detection
� Computer Network Security
• Computer network security consists of measures taken by business or some
organizations to monitor and prevent unauthorized access from the outside
attackers.
• Different approaches to computer network security management have different
requirements depending on the size of the computer network. For example, a home
office requires basic network security while large businesses require high
maintenance to prevent the network from malicious attacks.
• Network Administrator controls access to the data and software on the network. A
network administrator assigns the user ID and password to the authorized person.
�Aspects of Network Security
� Privacy
• Privacy means both the sender and the receiver expects confidentiality. The
transmitted message should be sent only to the intended receiver while the
message should be opaque for other users. Only the sender and receiver
should be able to understand the transmitted message as eavesdroppers can
intercept the message. Therefore, there is a requirement to encrypt the
message so that the message cannot be intercepted. This aspect of
confidentiality is commonly used to achieve secure communication.
� Message Integrity
• Data integrity means that the data must arrive at the receiver exactly as it was
sent. There must be no changes in the data content during transmission,
either maliciously or accident, in a transit. As there are more and more
monetary exchanges over the internet, data integrity is more crucial. The data
integrity must be preserved for secure communication.
� Cont.
• End-point authentication: Authentication means that the receiver is sure
of the sender’s identity, i.e., no imposter has sent the message.
• Non-Repudiation: Non-Repudiation means that the receiver must be able
to prove that the received message has come from a specific sender. The
sender must not deny sending a message that he or she send. The burden of
proving the identity comes on the receiver. For example, if a customer sends
a request to transfer the money from one account to another account, then
the bank must have a proof that the customer has requested for the
transaction.
� What is a Firewall?
• A firewall can be defined as a special type of network security device or a
software program that monitors and filters incoming and outgoing network
traffic based on a defined set of security rules. It acts as a barrier between
internal private networks and external sources (such as the public Internet).
• The primary purpose of a firewall is to allow non-threatening traffic and
prevent malicious or unwanted data traffic for protecting the computer from
viruses and attacks. A firewall is a cybersecurity tool that filters network
traffic and helps users block malicious software from accessing
the Internet in infected computers.
�� Firewall: Hardware or Software
• This is one of the most problematic questions whether a firewall is a
hardware or software. As stated above, a firewall can be a network security
device or a software program on a computer. This means that the firewall
comes at both levels, i.e., hardware and software, though it's best to have
both.
• Each format (a firewall implemented as hardware or software) has different
functionality but the same purpose. A hardware firewall is a physical device
that attaches between a computer network and a gateway.
� Cont.
• For example, a broadband router. On the other hand, a software firewall is a
simple program installed on a computer that works through port numbers
and other installed software.
• Apart from that, there are cloud-based firewalls. They are commonly referred
to as FaaS (firewall as a service). A primary advantage of using cloud-based
firewalls is that they can be managed centrally. Like hardware firewalls, cloud-
based firewalls are best known for providing perimeter security.
� Why Firewall
• Firewalls are primarily used to prevent malware and network-based attacks.
Additionally, they can help in blocking application-layer attacks. These
firewalls act as a gatekeeper or a barrier. They monitor every attempt
between our computer and another network. They do not allow data packets
to be transferred through them unless the data is coming or going from a
user-specified trusted source.
� Cont.
• Firewalls are designed in such a way that they can react quickly to detect and
counter-attacks throughout the network. They can work with rules
configured to protect the network and perform quick assessments to find any
suspicious activity. In short, we can point to the firewall as a traffic
controller.
� How does a firewall work?
• A firewall system analyzes network traffic based on pre-defined rules. It then
filters the traffic and prevents any such traffic coming from unreliable or
suspicious sources. It only allows incoming traffic that is configured to
accept.
• Typically, firewalls intercept network traffic at a computer's entry point,
known as a port. Firewalls perform this task by allowing or blocking specific
data packets (units of communication transferred over a digital network)
based on pre-defined security rules. Incoming traffic is allowed only through
trusted IP addresses, or sources.
�� Functions of Firewall
• Generally, most operating systems (for example - Windows OS) and security software come with built-in
firewall support. Therefore, it is a good idea to ensure that those options are turned on. Additionally, we can
configure the security settings of the system to be automatically updated whenever available.
• Firewalls have become so powerful, and include a variety of functions and capabilities with built-in features:
• Network Threat Prevention
• Application and Identity-Based Control
• Hybrid Cloud Support
• Scalable Performance
• Network Traffic Management and Control
• Access Validation
• Record and Report on Events
� Limitations of Firewall
• When it comes to network security, firewalls are considered the first line of
defense. But the question is whether these firewalls are strong enough to
make our devices safe from cyber-attacks. The answer may be "no". The best
practice is to use a firewall system when using the Internet. However, it is
important to use other defense systems to help protect the network and data
stored on the computer. Because cyber threats are continually evolving, a
firewall should not be the only consideration for protecting the home
network.
� Cont.
• The importance of using firewalls as a security system is obvious; however, firewalls have some
limitations:
• Firewalls cannot stop users from accessing malicious websites, making it vulnerable to internal threats or
attacks.
• Firewalls cannot protect against the transfer of virus-infected files or software.
• Firewalls cannot prevent misuse of passwords.
• Firewalls cannot protect if security rules are misconfigured.
• Firewalls cannot protect against non-technical security risks, such as social engineering.
• Firewalls cannot stop or prevent attackers with modems from dialing in to or out of the internal network.
• Firewalls cannot secure the system which is already infected.
� Types of Firewall
• Depending on their structure and functionality, there are different types of firewalls.
The following is a list of some common types of firewalls:
• Proxy Firewall
• Packet-filtering firewalls
• Stateful Multi-layer Inspection (SMLI) Firewall
• Unified threat management (UTM) firewall
• Next-generation firewall (NGFW)
• Network address translation (NAT) firewalls
� Intrusion Detection System (IDS)
• A system called an intrusion detection system (IDS) observes network traffic for
malicious transactions and sends immediate alerts when it is observed. It is software
that checks a network or system for malicious activities or policy violations. Each
illegal activity or violation is often recorded either centrally using a SIEM system or
notified to an administration. IDS monitors a network or system for malicious
activity and protects a computer network from unauthorized access from users,
including perhaps insiders. The intrusion detector learning task is to build a
predictive model (i.e. a classifier) capable of distinguishing between ‘bad
connections’ (intrusion/attacks) and ‘good (normal) connections’.
�� How does an IDS work?
• An IDS (Intrusion Detection System) monitors the traffic on a computer network to detect
any suspicious activity.
• It analyzes the data flowing through the network to look for patterns and signs of abnormal
behavior.
• The IDS compares the network activity to a set of predefined rules and patterns to identify
any activity that might indicate an attack or intrusion.
• If the IDS detects something that matches one of these rules or patterns, it sends an alert to
the system administrator.
• The system administrator can then investigate the alert and take action to prevent any
damage or further intrusion.
� Classification of Intrusion Detection
System
• Network Intrusion Detection System (NIDS): Network intrusion
detection systems (NIDS) are set up at a planned point within the network to
examine traffic from all devices on the network. It performs an observation
of passing traffic on the entire subnet and matches the traffic that is passed
on the subnets to the collection of known attacks. Once an attack is
identified or abnormal behavior is observed, the alert can be sent to the
administrator. An example of a NIDS is installing it on the subnet where
firewalls are located in order to see if someone is trying to crack the firewall.
�� Cont.
• Host Intrusion Detection System (HIDS): Host intrusion detection
systems (HIDS) run on independent hosts or devices on the network. A
HIDS monitors the incoming and outgoing packets from the device only and
will alert the administrator if suspicious or malicious activity is detected. It
takes a snapshot of existing system files and compares it with the previous
snapshot. If the analytical system files were edited or deleted, an alert is sent
to the administrator to investigate. An example of HIDS usage can be seen
on mission-critical machines, which are not expected to change their layout.
�� Cont.
• Protocol-based Intrusion Detection System (PIDS): Protocol-based
intrusion detection system (PIDS) comprises a system or agent that would
consistently reside at the front end of a server, controlling and interpreting
the protocol between a user/device and the server. It is trying to secure the
web server by regularly monitoring the HTTPS protocol stream and
accepting the related HTTP protocol. As HTTPS is unencrypted and before
instantly entering its web presentation layer then this system would need to
reside in this interface, between to use the HTTPS.
� Cont.
• Application Protocol-based Intrusion Detection System (APIDS): An
application Protocol-based Intrusion Detection System (APIDS) is a system
or agent that generally resides within a group of servers. It identifies the
intrusions by monitoring and interpreting the communication on application-
specific protocols. For example, this would monitor the SQL protocol
explicitly to the middleware as it transacts with the database in the web
server.
� Cont.
• Hybrid Intrusion Detection System: Hybrid intrusion detection system is
made by the combination of two or more approaches to the intrusion
detection system. In the hybrid intrusion detection system, the host agent or
system data is combined with network information to develop a complete
view of the network system. The hybrid intrusion detection system is more
effective in comparison to the other intrusion detection system. Prelude is an
example of Hybrid IDS.
� Benefits of IDS
• Detects malicious activity: IDS can detect any suspicious activities and
alert the system administrator before any significant damage is done.
• Improves network performance: IDS can identify any performance issues
on the network, which can be addressed to improve network performance.
• Compliance requirements: IDS can help in meeting compliance
requirements by monitoring network activity and generating reports.
• Provides insights: IDS generates valuable insights into network traffic,
which can be used to identify any weaknesses and improve network security.
� Homework Assignment
• Difference between a Firewall and Anti-virus
• Comparison of IDS with Firewalls
� Reference Material
• https://www.javatpoint.com/computer-network-security
• https://www.javatpoint.com/firewall
• https://www.geeksforgeeks.org/intrusion-detection-system-ids/
• Computer Security: Principles and Practice, 3rd edition by William Stallings.
�THANKS
