Department of Computer Science

Chapter 6

Security Policies and Mechanisms

Instructor: Shambel Ts.

5/25/2023 Computer Security 1

 Network Security-IDS, Firewall &ACL
 Under this Chapter We Discuss about~~~
Basic Concept of Intrusion Detection System (IDS/IPS)

Understand about Network Firewall Security

Detail on the Access Control List

 Computer Network Port Numbers (Logical)

Consideration IPv6 Security

Introduction to the TCP/IP Stack
TCP/IP Protocol Stack
5/25/2023 Computer Security 2
 Security Policies and Mechanisms
Security Policies
What is Security Policies?
 A security policy is a document that states in writing
how a company plans to protect its physical and
(digital) logical assets.

 Security policies are a formal set of rules and

guidelines related to value of asset security issued by an
organization to ensure only authorized user access
company resources.

5/25/2023 Computer Security 3

 Security Policies and Mechanisms
Security Policies
 Security policies are living documents that are
continuously updated and changing as
technologies, vulnerabilities and security
requirements change.
 Security policies also known as an Information
Security (IS ) Policy

5/25/2023 Computer Security 4

 Security Policies and Mechanisms

Security Policies
 There are some important recommended computer
security policies:
Virus and Spyware Protection Policy
 It helps to detect threads in files, to detect
applications that exhibits suspicious behavior.

 Removes, and repairs the side effects of viruses

and security risks by using signatures.

5/25/2023 Computer Security 5

 Security Policies and Mechanisms

Important recommended computer security policies:

Firewall Policy
 It blocks the unauthorized users from accessing the
systems and networks that connect to the Internet and
it detects the attacks by cybercriminals and removes
the unwanted sources of network traffic.

5/25/2023 Computer Security 6

 Security Policies and Mechanisms

Application and Device Control

 This policy protects a system's resources from
applications and manages the peripheral devices that
can attach to a system.

 The device control policy applies to both Windows

and Mac(Macintosh-Apple) computers whereas
application control policy can be applied only to
Windows clients.

5/25/2023 Computer Security 7

 Security Policies and Mechanisms
Security Mechanism
 A process that is designed to detect, prevent, or recover
from a security attack.

 On the other hand is security mechanisms are technical

tools and techniques that are used to implement security
services.
 Security mechanisms it is a method, tool, or procedure for
enforcing a security policy.

5/25/2023 Computer Security 8

 Security Policies and Mechanisms
Security Mechanism
 Some example of security mechanism are
 Encryption and Decipherment
 Digital signature
 Authentication exchange
 Access control
 Security recovery
 Security audit track and event detection

5/25/2023 Computer Security 9

 Security Policies and Mechanisms
Security Mechanism
 A successful value of assets should have the following
multiple layers of security mechanism to ensure the security
asset.
 Physical security
 Operations security
 Personal security
 Communications security
 Network Security

5/25/2023 Computer Security 10

 Security Policies and Mechanisms
Physical Security Mechanism
 Physical security protects physical computer
facility( building, computer room, computer, disks
and other media) [Chuck Easttom]
 It is affordable (inexpensive) to spend on physical
security for them
 Management was willing to spend money
 Everybody understands and accepts that there is
restriction

5/25/2023 Computer Security 11

 Security Policies and Mechanisms

Three basic Components of Physical Security Mechanism

 The first component of physical security involves making a
physical location less tempting as a target.
 The second component of physical security involves
detecting a penetration or theft. You want to know what
was broken into, what is missing, and how the loss occurred.
 The third component of physical security involves
recovering from a theft or loss of critical information or
systems.

5/25/2023 Computer Security 12

 Security Policies and Mechanisms

Three Components of Physical Security.

 Operations Security: - to protect the details of a particular
operation or series of activities.
 Operational security covers a large area, as a security
professional, you’ll be primarily involved here more than
any other area security mechanisms, include network access
control (NAC), authentication, and security topologies after
the network installation is complete. passwords every 30 or
60 days.

5/25/2023 Computer Security 13

 Security Policies and Mechanisms

Three Components of Physical Security.

 Personal Security : to protect the individual or group of
individuals who are authorized to access the organization
assets and its operations.
 Communications Security: to protect an organization’s
communications media, technology, and content.
 Network Security: to protect networking components,
connections, and contents.

5/25/2023 Computer Security 14

 Intrusion Detection System(IDS)
Intrusion Detection System(IDS)

What is Intrusion Detection System?

 Intrusion Detection System (IDS) is a security
system that detects unsuitable or malicious activity
on a computer or network.

 IPS can be software or hardware system that has all

the capabilities of intrusion detection and can react
effectively in case of possible intrusions.

5/25/2023 Computer Security 15

 Intrusion Detection Vs. Intrusion Prevention Systems

Intrusion Detection System(IDS)

IDS Vs. IPS

 IDS is a passive system that scans incoming traffic.

 Once the IDS identified dangerous or suspicious traffic it

can send alert to the system or administrator but leaves
other action to IPS.

 IPS is able to actively block or prevent intrusion.

 Once unwelcome packets are identified the IPS would

either put them in isolation or simple drop intrusion.

5/25/2023 Computer Security 16

 Intrusion Detection System(IDPS)

Intrusion Detection System(IDS)

 The main purpose of an IDS is to identify

suspicious or malicious activity, notify activity
that differs activity or action from normal
behavior, catalog and classify the activity, and, if
possible, respond to the activity.

5/25/2023 Computer Security 17

 Intrusion Detection System(IDS)

Intrusion Detection System(IDS)

Types of Intrusion Detection Systems
 IDSs are typically divided into two main categories,
depending on how they monitor activity into
 Network-based and
 Host-based IDSs

5/25/2023 Computer Security 18

 Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 Network based IDS investigate traffic from the network
and sees only activity that occurs on the network.

 This examines activity on the Network-based IDS

(NIDS) network itself.

 It has visibility only into the traffic crossing the

network link.

 Typically has no idea of what is happening on individual

systems.
5/25/2023 Computer Security 19
 Intrusion Detection System(IDS)
Intrusion Detection System(IDS)

 A host-based IDS runs on a individual /specific system

(mail server, web server, or individual PC,
workstation) and looks at all the activity on that host.

 It is concerned only with an individual system and

usually has no visibility into the activity on the
network.

5/25/2023 Computer Security 20

 Intrusion Detection System(IDS)
Intrusion Detection System(IDS)

Distinguished by Detection Method

 There are two Distinguished by detection method such

as Signature-based IDS and Anomaly-based IDS.

 Signature-based IDS: It looking for events or sets of

events that match a predefined pattern of events that
describe a known attack.

5/25/2023 Computer Security 21

 Intrusion Detection System(IDPS)
Intrusion Detection System(IDS)

 If a new attack comes in that the signature-based

IDS has never seen before, it won ‘t be able to
identify it as suspicious or malicious.

 This is considered to be one of the primary

weaknesses of the signature-based systems IDS.

5/25/2023 Computer Security 22

 Intrusion Detection System(IDS)
Intrusion Detection System(IDS)

 Anomaly-based IDS must be able to learn what is

normal traffic and activity patterns and create its own
rule sets based on those normal traffic and activity
patterns.
 This method of IDS considers to be normal system
operations, but the assumption is that attacks are
different from “normal” (legitimate) activity.

5/25/2023 Computer Security 23

 Intrusion Detection System(IDS)
Intrusion Detection System Approaches
Preemptive Blocking
 This approach seeks to prevent intrusions before they
occur and is done by noting any danger signs of
impending threats and then blocking the user or IP
address from which these signs originate.
 But there is a risk of blocking out legitimate users.
 It is better if a human administrator makes the decision
whether or not to block the suspicion.
5/25/2023 Computer Security 24
 Intrusion Detection System(IDS)
Intrusion Detection System Approaches
Intrusion Deflection
 Intrusion Deflection is an attempt is made subsystem
that attract the intruder for the purpose of observing
her/him actions.
 This is done by tricking the intruder into believing that
s/he has succeeded in accessing system resources when,
in fact, s/he has been directed to a specially designed
environment (honey pot).
5/25/2023 Computer Security 25
 Intrusion Detection System(IDS)
Intrusion Detection System Approaches
Intrusion Deflection
 A honey pot assumes that an attacker is able to (break)
breach a network security.
 Create a server that has fake but attractive data such as
account numbers or research and just a little less secure
than a real server.
 Then, since none of the actual users ever access this
server, monitoring software is installed to alert when
someone does access this server.
5/25/2023 Computer Security 26
 Network Firewall Security

Firewall in Computer Security

 Firewall is network security device which can be
software or hardware that checks information coming
from the Internet and then either blocks it or allows
that information to pass to your network, depending
on your firewall settings.

5/25/2023 Computer Security 27

 Network Firewall Security
Firewall Computer Security
 Simply firewall is a security device that filters
all the traffic between a protected
network and a less trustworthy network.

5/25/2023 Computer Security 28

 Network Firewall Security

DMZ “Demilitarized Zone”

 DMZ is a sub network that contains an

organization’s external facing services like Web
services, Mail services, FTP Services, etc.

5/25/2023 Computer Security 29

 Network Firewall Security

5/25/2023 Computer Security 30

 Network Firewall Security

5/25/2023 Computer Security 31

 Network Firewall Security

Firewalls Design policy

 Firewalls design policy is a firewall implements a
security policy, that is, a set of rules that determine
what traffic can or cannot pass through the firewall,
thus, can be categorized depending on methodology
into two:
 Packet Filtering Firewall
 Application Proxies Gateways Firewall

5/25/2023 Computer Security 32

 How Do Firewalls Work?
 Basic Packet contain heading (Source &destination
IPad dress, protocol (port) & payload).

 Packet Filtering Examine only the headers of packets

(Source &destination IP address, protocol (port) but
not the content of the traffic (payload).
 It rejects TCP/IP packets from unauthorized hosts and
rejects connection attempts to unauthorized services

 Application Proxies Gateways Firewall: - examine the

content of the traffic as well as the ports and IP
addresses.

5/25/2023 Computer Security 33

 Packet Filtering

5/25/2023 Computer Security 34

 Application layer Proxies(Proxies Firewall)

5/25/2023 Computer Security 35

Application or proxy Firewall

5/25/2023 Computer Security 36

 How Do Firewalls Work?
Firewall Location
 A firewall can be internal or external.
 An external firewall is placed at the edge of a local or
enterprise network, just inside the boundary router that
connects to the Internet.

 More internal firewalls protect the main part of the

enterprise network.

5/25/2023 Computer Security 37

 How Do Firewalls Work?
Firewall Location
 External Firewall provides a measure of access
control and protection for the DMZ systems
consistent with their need for external
connectivity.

 A basic level of protection for the remainder of the

enterprise network.

5/25/2023 Computer Security 38

 How Do Firewalls Work?

5/25/2023 Computer Security 39

 How Do Firewalls Work?
Virtual Private Networks
 AVPN consists of a set of computers that are
interconnect by means of a relatively unsecured network
and that make use of encryption and special protocols to
provide security. At each corporate site, workstations,
servers, and databases are linked by one or more LANs.
There are three different protocols that are used to create
VPNs: Point-to-Point Tunneling Protocol (PPTP),
Layer 2 Tunneling Protocol (L2TP), and IP Security
(IPsec).

5/25/2023 Computer Security 40

 How Do Firewalls Work?

5/25/2023 Computer Security 41

5/25/2023 Computer Security