Basic Security Terms

& Definitions

Sopan Goel

Unrestricted
 Terms and Definitions –
DMZ
What is a DMZ?
A De-Militarized Zone (DMZ) is a subnetwork added between an external
and an internal network, in order to provide an additional layer of security.

DMZ
Internet

Internal Network

Packet Filtering
2
 Terms and Definitions –
Proxy
What is a Proxy?
A proxy is a program that deals with external servers on behalf of internal clients
Proxies relay approved client requests to real servers and also relay the servers answers back to the clients

DMZ
Internet

HTTP HTTP
Requests Proxy
Request Filtering
Black

Internal Network
list

3
 Terms and Definitions –
Firewall
What is a firewall?

A firewall is a network security component that allows or forbids network traffic depending on a defined
set of rules.

Internal Network External Network

4
 Terms and Definitions –
Firewall
❑ A firewall is functionality that is installed on a hardware component (e.g. a router); could also be
a software component.
❑ The firewall is aimed at safeguarding data traffic between network segments with different levels
of trust. A typical application is to check the transition between a local area network (LAN) (highly
trusted) and the Internet (no trust).

❑ A firewall can log traffic

❑ A firewall can’t fully protect against viruses, worms, etc.
❑ A firewall can’t set itself up correctly

To configure a firewall, the network administrator must have a sound knowledge of

network protocols, routing and network and information security.
Even minor mistakes can negate the protective effect of a firewall!

5
 Terms and Definitions –
Intrusion Detection
What is Intrusion Detection?

Intrusion Detection is the process of identifying and responding to malicious activity targeted at computing
and networking resources
Network-based IDS: network traffic is monitored for attacks
Host-based IDS: monitors system internals (e.g. which processes try to access the password file)

Anomaly detection: assumes that all intrusive activities are necessarily anomalous and tries to detect
deviations from normal behavior

Signature detection: the gathered information is compared with a database containing known attacks,
e.g.
alert tcp $EXTERNAL_NET any <> $HOME_NET 0 (…)

6
 Terms and Definitions –
Internet Protocol Security (IPsec)
What is IPsec?

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by
authentication and encrypting each IP packet of a data stream.

IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the
session and negotiation of cryptographic keys to be used during the session

IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or serves), between a
pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host.

IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer (OSI model Layer3) of the
(Internet Protocol Suite. IPsec can be used for protecting any application traffic across the Internet.

7
 Terms and Definitions –
Internet Protocol Security (IPsec)
Internet key exchange to set up a security association by handling negotiation of protocols and algorithms
and to generate the encryption and authentication keys to be used by IPsec.

Authentication Header to provide connectionless integrity and data origin authentication for IP datagrams
and to provide protection against replay attacks.

Encapsulation Security Payload to provide confidentiality, data origin authentication, connectionless

integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality

8
 Terms and Definitions –
Port
What is a port?

A port is a virtual/logical data connection that is used by programs to exchange data directly.The
most common of these are TCP and UDP ports, used to exchange data between computers on the
Internet.

9
 Terms and Definitions –
Router, Gateway
What is a router (= gateway)?

A router is a network component that couples several networks to one another.

To do this, the router requires one separate interface for each self-contained network.

Arriving data packets are forwarded, i.e. routed, to the intended target network. When data arrives, the
router must determine the right path to the destination and thus the suitable interface through which the
data must be forwarded.

To this end, the router uses a locally existing table, the routing table. It specifies which network can be
reached through which interfaces (= IP addresses of the distant routers).

10
 Terms and Definitions –
Switch
What is a switch?

A switch is a network component that couples several hosts together.

To do this, the switch requires one separate interface for each self-contained host.

Arriving data packets are forwarded to the intended host. When data arrives, the switch must determine
the right network port to the destination.

To this end, the switch uses a locally existing table, the switching table. It specifies which host can be
reached through which interface (= MAC addresses of the host).

11
 Terms and Definitions –
Terminal Server
What is a terminal server?

A terminal server is a computer that emulates several terminals (e.g. PCs or desktops) or the software
that enables emulation.

Like on any normal PC, several different programs can run on any emulated terminal.

These emulated terminals are displayed on the screens of mostly remote PCs.

12
 Terms and Definitions –
VPN Tunnel
What is a VPN tunnel?

A VPN tunnel (Virtual Private Network) is a technology for operating an encrypted point-to-point
connection between two network stations through a public network (e.g. the Internet).

The tunnel ensures that data traffic between a source and a destination is isolated from the general data
traffic of the transit network and is kept private. We speak of a secure connection in this context.

The features of a secure connection are mutual, clear identification of the communication partners
(authentication) and protection of data against loss and modification (integrity).

13
 Terms and Definitions –
VPN Tunnel
IP VPN tunnel realized by IPSec
DATA
Header

A B
Internet
VPN Tunnel

A RA RB B

IP IPSec IP ESP ESP

Header Header Header Header Protected Data
Trailer
RA RB A B
A packet has been send by the entity which is referenced by the source address of the packet.

A packet contains the original content the sender placed into it, so that it has not been modified during
transport.
The receiving entity is in fact the entity to which the sender wanted to send the packet.

The data transmitted has not been eavesdropped.

14
 Terms and Definitions –
Whitelist and Blacklist
What is a whitelist and a blacklist?

A whitelist (or white list) is a list or register of entities that, for one reason or another, are being provided a
particular privilege, service, or access. Conversely, a blacklist is a list or compilation that identifies entities
that are denied.

Local area network (LAN) security is a use for a whitelist. Many network admins setup MAC address
whitelists or a MAC address filter to control who is on their networks. This is used when encryption is not a
practical solution or in tandem with encryption. However, it's sometimes ineffective because a MAC address
can be faked.

Application whitelist is another use for a whitelist. The Application whitelist is an emerging approach in
combating viruses and malware to whitelist software which is considered safe to run, blocking all others.

15
 Terms and Definitions –
Whitelist and Blacklist
Whitelist Blacklist

Allow A → B Deny B → A

Allow A → C Deny C → A

Allow B → C Deny C → B

Deny everything else Allow everything else

16
 Sopan Goel

Thank you
Networking Basics 2022 17