Assignment Network Security

1. Explain about :
a. Device Hardening
Hardenings goal is to eliminate as many risks and threats to a computer system as necessary.
Hardening activities for a computer system can include:
Keeping security patches and hot fixes updated
Monitoring security bulletins that are applicable to a systems operating system and
applications
Installing a firewall
Closing certain ports such as server ports
Not allowing file sharing among programs
Installing virus and spyware protection, including an anti-adware tool so that malicious
software cannot gain access to the computer on which it is installed
Keeping a backup, such as a hard drive, of the computer system
Disabling cookies
Creating strong passwords
Never opening emails or attachments from unknown senders
Removing unnecessary programs and user accounts from the computer
Using encryption where possible
Hardening security policies, such as local policies relating to how often a password should
be changed and how long and in what format a password must be in
b. Personal Firewall
A personal firewall is an application which controls network traffic to and from a computer,
permitting or denying communications based on a security policy.
Example of personal firewall are ZoneAlarm, Outpost, Comodo and etc.

c. Anti-virus Software
Antivirus software is used to prevent, detect, and remove malware, including computer viruses,
worms, and trojan horses.
Example: Kaspersky, Norton, Panda and etc.




d. Operating System Patches
A patch is a piece of software designed to fix problems with, or update a computer program or
its supporting data.
This includes fixing security vulnerabilities and other bugs, and improving the usability or
performance

e. VPN
Allows two hosts to exchange (swap over) data using a secure channel.
The data stream (flow) is encrypted for security.
A VPN can be configured as a connection between two endpoints or between many endpoints.
We can connect two offices over an Internet connection, or connect several offices to create a
secure private network.
Remote VPN clients are also supported.

f. intrusion Detection and Prevention System
An intrusion detection system (IDS) is software that automates the intrusion detection process.
An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion
detection system and can also attempt to stop possible incidents.
IDPSs are primarily focused on identifying possible incidents .

g. Host-based Intrusion Detection Systems

host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and
analyzes the internals of a computing system as well as (in some cases) the network packets on
its network interfaces









2. Explain the various types of firewalls:
a. Packet filtering firewall
The basic method for protecting the intranet border.
Works at the network layer of the OSI model.
The limitation: cannot distinguish (differentiate) usernames.
Filter data, based on: service type, port number, interface number, source address, and
destination address, among other criteria.
For example, a packet filter can permit or deny service advertisements on an interface.
You can use incoming and outgoing filters to dictate (order) what information passes into or out
of your intranet.

b. Circuit-level Gateways







Works at the session layer in the OSI model, which means that more information is required
before packets are allowed or denied.
It monitor TCP handshaking between packets to determine whether a requested session is
legitimate (genuine/legal).
Access is determined based on: address, DNS domain name, or DNS username.
Special client software must be installed on the workstation.
Circuit-level gateways can bridge different network protocols, for example, IPX to IP.
Our username is checked and granted (decided/approved) access before the connection to the
router is established.




c. Network Level Firewall
Network layer firewalls generally fall into two sub-categories, stateful and stateless. Stateful
firewalls maintain context about active sessions, and use that "state information" to speed
packet processing. Any existing network connection can be described by several properties,
including source and destination IP address, UDP or TCP ports, and the current stage of the
connection's lifetime


d. Application Level Firewall

An Application Level Firewall is a firewall where one application-level (i.e., not kernel) process is
used to forward each session that an internal user makes to a network resource on the public
network.


































3. State 3 Firewall Technologies
a. static packet filtering
Static packet filtering is a firewall and routing capability that provides network packet filtering based
only on packet information in the current packet and administrator rules.
b. dynamic packet filtering
A dynamic packet filter is a firewall facility that can monitor the state of active connections and use this
information to determine which network packets to allow through the firewall.

c. proxy
A client connects to the proxy server, requesting some service, such as a file, connection, web page, or
other resource available from a different server and the proxy server evaluates the request as a way to
simplify and control its complexity.





















4. Explain how static packet filtering works.
a. Explain how dynamic packet filtering works.

Administrator defined rules governing allowed ports and IP addresses at the network and
transport layers of the OSI network model.
Connection state which considers prior packets that have gone through the firewall.
Packet contents including the application layer contents






b. Explain how a proxy passes the network traffic.







termediary between Client and Server.
Request a service such as a file, connection, webpage or other resources available from different
server.
Have a firewall and cache function.



c. Compare between static packet filters, dynamic packet filter and proxy-based firewall, in
relation to security features that each technology provides.
Static Packet Filtering Dynamic Packet
Filtering
Proxy Based Firewall
Administrator defined
rules governing allowed
ports and IP addresses
at the network
Administrator defined
rules governing allowed
ports and IP addresses
at the network
Proxy firewalls provide
comprehensive,
protocol-aware security
analysis for the
protocols they support
Packet contents
including the network
Connection state which
considers prior packets
that have gone through
the firewall.
inspects each packet's
header information and
blocks or allows
flexible Packet contents
including
the application
layer contents

Transparent to the user Faster from static
packet filtering