Chapter Three

Network Firewall Security

1
 Host security
• A host is any computer including work stations, network
servers, laptops, wirelessly networked devices.
• Securing host involves :-
– Protecting the physical devices
– Securing an operating system software
– Using software based software application
– Monitoring logs
• Three important elements to secure Host (network server or client),
Applications and Data.
2
 Securing Devices

• Prevent unauthorized users from gaining physical access to

equipment
• Aspects of securing devices
 Physical access security
 Host hardware security
 Mobile device security
 Physical access security
– Restricting access to equipment areas
– Hardware locks
– Standard keyed entry lock provides minimal security
– Deadbolt locks provide additional security 3
 Securing Devices
 Hardware security
– Physical security protecting host system hardware
– Portable devices have steel bracket security slot
• Cable lock inserted into slot and secured to device
• Cable connected to lock secured to desk or immobile object
• Laptops may be placed in a safe locking cabinets
– Can be prewired for power and network connections
– Allow devices to charge while stored

4
 Securing Devices
Mobile device security
– Many security provisions that apply to laptops apply to mobile devices
• Mobile devices’ unique security features
– Remote wipe / sanitation
• Data can be remotely erased if device is stolen
– GPS tracking
• Can pinpoint location to within 100 meters
– Voice encryption
• Used to mask content of voice communication over a smartphone

5
 Authentication

• Authentication is the process of validating the identity of someone or

something.
• Authentication requires the presentation of credentials or items of value
to really prove the claim of who you are.
• The process of verifying the identity of a user or computer
• Questions: Who are you? How you prove it?
• Authentication provides a way of identifying users, typically by having
them enter a valid password before granting access

6
 Con…
• The process of identifying user based on username and password,
authentication controls, and access by requiring valid user credentials.
• Authentication credentials include :-
– A user name and password
– Digital certificates
– Token(visa cards)

7
 Con…
• There are three types of authentication method
Authenticating user by what he has
– This may be any form of issued or acquired self identification such as:
SecurID, CryptoCard, Activcard, SafeWord, badges and many other forms of
cards and tags.
Authenticating user by what he is (unique characteristics)
– This being a naturally acquired physical characteristic such as voice,
fingerprint, iris pattern and other biometrics
• Authenticating user based on what a user knows
– This may be something you mentally possess. This could be a password, user
ID, PINs a secret word known by the user and the authenticator.
8
 Authentication credentials
• Passwords are most common form of authentication credentials
(based on what user knows) for computer users there are several
other types.
• Different type of authentication credentials can use one or more of
authentication methods
• This include :-
–
one-time passwords
– standard biometrics
– behavioral biometrics
– Cognitive biometrics
9
 Con…
one-time passwords
– System using one time password generate a unique password on demand
that is not reusable.
Standard biometrics
– Uses a person’s unique characteristics for authentication (what he is)
Has used finger prints, face recognitions, hands, irises, and retinas.
Behavioral biometrics
– To address the weaknesses in standard biometrics, new types of
biometrics is known as behavioral biometrics have been developed.

10
 Behavioral biometrics
• Instead of examining a specific body characteristic, behavioral biometrics
authenticates by normal actions that the user performs.
• Three behavioral biometrics are:-
Key stroke dynamics
– Attempt to recognize a user’s unique typing rhythm and patterns in how a user types. Each person
has a distinct typing speed, pressure, and timing between keystrokes, making it possible to
recognize users based on their individual typing characteristics.
Voice recognition
– Because all users voices are different voice recognition can likewise be used to
authenticate users based on the unique characteristics of person’s voice.
Computer foot printings: based on their interactions, which can be used for authentication.
– When and from where does a user normally access his bank’s online website.
11
 Behavioral biometrics
Cognitive biometrics
• authentication based on a user's perception, thought processes, and
understanding, drawing from their life experiences.
• Cognitive biometrics is considered to be much easier for the user to
remember because it is based on the user’s life experience.
• E.g memorable events such as special vacation, celebrating a personal
achievement etc.

12
 Needs of biometrics
• Enhance security.
• Provide user authentication.
• Detect hackers and ID frauders.
• Maximizing network security.

13
 Definitions
• The automated use of physiological or behavioral characteristics to
determine or verify identity
– Physiological biometrics are based on measurements and data derived
from direct measurement of a part of human body
– Finger print, iris scan, hand geometry, facial recognition are leading
physiological biometrics
• Behavioral characteristics are based on an action taken by a person
– Behavioral biometrics, in turn based on measurements and data derived
from an action, and indirectly measures characteristics of human body

14
 Definitions
• Voice recognition, keystroke scan and signature scan are leading
behavioral biometric technologies
• Biometric system – the integrated biometric hardware and software
used to conduct biometric identification and verification.
• Leading biometric technologies
– Finger print iris recognition signature scan
– Facial recognition retina scan keystroke scan
– Voice recognition hand geometry palm scan (forensic use
only)
15
 Types of Authentication
• There are two basic types of authentication. non-repudiable and repudiable. Other
types of authentication include user, client, and session authentication.
• Non-repudiable Authentication - This type of authentication ensures that an
individual cannot deny the authenticity of their actions. It provides definitive proof
of origin and integrity.
• Such characteristics include biometrics like:
 Iris Patterns: Unique patterns in the iris of the eye.
 Retinal Images: Patterns of blood vessels in the retina.
 Hand Geometry: The shape and size of the hand, including finger lengths and widths.

• and they positively verify the identity of the individual.

• Provides a high level of security and accountability.
• Minimizes the risk of identity theft and fraud.
16
 Types of Authentication
• Repudiable Authentication : involves methods that rely on "what you know"
(knowledge-based) and "what you have" (possession-based) factors. This type of
authentication allows users to deny having performed a specific action due to the lack
of strong proof.
• Characteristics
• Knowledge-Based Factors:
– Examples include passwords, PINs, or answers to security questions.
– Users are required to remember and provide this information to authenticate.
• Possession-Based Factors:
– Examples include security tokens, smart cards, or mobile devices.
– Users must possess a physical item to authenticate.
17
 Authentication models
• The authentication model includes
– Single and multifactor authentication
– Single sign-on
• Using only one authentication credentials such as requiring a user to
enter a password (what a person knows) is known as one factor
authentication.
• Two factor authentication includes such as using user name and
password.

18
 Authorization
• Authorization in system security is the process of giving the user permission to access a specific
resource or function.
 Specific applications
 Files
 Data or any information
• In secure environments, authorization must always follow authentication.

19
 Con…
• Approval to carrying out specific tasks such as accessing server
or using a printer reading or writing to a file deleting a file.
• Before authorization takes place the user must be identified and
authenticated

20
Architecture of the Internet

21
 FIREWALLS
• A firewall is a device or set of devices designed to permit or deny network
transmissions based on a set of rules and is frequently used to protect networks
from unauthorized access while permitting legitimate communications to pass.
• a network security device that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. Its primary purpose is
to establish a barrier between a trusted internal network and untrusted external
networks, such as the internet.
• Many personal computer operating systems include software-based firewalls to
protect against threats from the public Internet.
• Many routers that pass data between networks contain firewall components and,
conversely, many firewalls can perform basic routing functions
22
Con…

23
 Cont…
• Firewalls can be designed to operate at any of the following layers in the
OSI reference model:
- The application layer (eg: HTTP proxy)
- The network and transport layer (eg: packet filtering)
- The layer b/n the application layer and the transport layer
(eg: SOCKS proxy)

24
 Firewall features
• General Firewall Features
- Port Control
- Network Address Translation
- Application Monitoring
- Packet Filtering
- Access control
- reporting/logging

• It protects from
- Remote logins
- IP spoofing
- Source addressing
- Spam
25
 Firewall Characteristics
1. Physical Barrier: A firewall does not allow any external traffic to enter a
system or a network without its allowance.
2. Multi-Purpose: It also acts as a network address translator. It can act as a meter
for internet usage.
3. Flexible Security Policies: Different local systems or networks need different
security policies. A firewall can be modified according to the requirement of the
user by changing its security policies.
4. Access Handler: Determines which traffic needs to flow first according to
priority or can change for a particular network or system.

26
 Firewall Characteristics
• Direction control: Determines the direction in which particular service requests
may be initiated and allowed to flow through the firewall.
• User control: Controls access to a service according to which user is attempting to
access it. This feature is typically applied to users inside the firewall perimeter (local
users).
• Behavior control: Controls how particular services are used. For example, the
firewall may filter e-mail to eliminate spam, or it may enable external access to only
a portion of the information on a local Web server.
• Service control: Determines the types of Internet services that can be accessed,
inbound or outbound. The firewall may filter traffic on the basis of IP address,
protocol, or port number.
27
 Con…

Types of Firewalls based implementation

• Packet Filtering Firewalls
• Proxy Server Firewalls
• Hybrid Firewall
• Host-based firewall
• Network-based firewall

28
 Packet filtering firewall (network and transport layer
firewall)
• It is a network security feature that controls the flow of incoming and
outgoing network data.
• The packet filtering firewall filters IP packets based on source and
destination IP address, and source and destination port.
• If you are downloading the data, packet filtering firewall will check the sender
and the receiver IP and port number present in the data packet and Access
control list (ACL) verified every thing then data will downloaded.
• The only limitation is in the packet filtering firewall is data portion (payload)
will not be checked, so at that time virus may download together.
• It provides also low security.

29
 2. Application / Proxy Firewall-
application level layer
• This firewall is protecting us from unauthorized or malicious activates.
• Proxy firewall is doesn’t tell to server which user send the request, proxy firewall is
hide us from attackers.
• This more secured than packet filtering because in this case payload also will be
check.

30
 3. Hybrid Firewall
• This is the combination of packet filtering and proxy firewall to enhance
the security of risk.

31
Con…

32
 Host-based firewall
• Host-based firewall: The firewall installed in a computer and that protects
particular computer only nothing else.
• In latest version of Microsoft operating system has a complete package of host
based firewall.
• Zone alarm is one of most popular host-based firewall.

33
 Network-based firewall
• Network-based firewall: It is a combination of hardware and software
firewall.
• It operates on the network layer it is place between the private network
and the public internet.
• It does it through management rows that are applied to entire network.
• So any harmful activity stopped before it reaches the computer.
• Network based firewall is a standalone product which is mainly used in
large organization

34
 Con…
• Network-base firewall more secured than host-based because host-based
used to protect the particular host or node but network-based used to
protect the whole network and hosts.

35
 Advantages and Disadvantages of Firewall
Advantages Disadvantages
• Monitors Network Traffic • User Restrictions
• Stop unwanted visitors/stop virus attacks. • Effective Cost.
• Prevents Hacking • System Performance
• Stops Spyware. • Complex Operations
• Better Privacy • Limited Protection Against Advanced
Threats

36
 Assignment
1. Define key terminology related to firewalls, including terms such as firewall,
policy, packet, protocol (TCP, UDP), port, exploit, attack, threat, and
vulnerability.
2. How do firewalls integrate into a broader internet security architecture?
3. Discuss the role of firewalls within a comprehensive internet security
framework, focusing on their main functions.
4. What are the security considerations for firewalls in the context of IPv6, and
how do these compare to IPv4?

37