Perimeter Security

Preventing network attacks

• In preventing network attacks, there are three sets of available options:

• General network management — keeping systems up-to-date and configured as well
as enforcing operational procedures that will minimize the attack surface.
• Filtering — the use of firewalls to stop threats likeTrojans and network exploits,
getting through a network;
• Encryption— protocols such asTransport Layer Security (TLS) and SSH that enable to
protect specific parts of the network against particular attacks.
 General Network Management

• Network Management involve the deployment, integration and

coordination of devices to monitor, test, poll, configure, analyze, evaluate,
and control the network and its components.
• The objective of network management is to meet the requirements of a
network which including availability, real-time, operational performance,
and Quality of Service at a reasonable cost.
 General Network Management
• General Network Management also ensures that systems need to be patched
whenever vulnerabilities are discovered.
• Network Configurations are maintained and any changes to be made are
authorized.
• Network configuration management involves collecting different information
about hardware devices, software programs and other elements of the
network in order to support administration and troubleshooting.
• All sorts of networks, including local area networks, wireless networks and
virtual networks all need elements of maintenance, modification, repair and
general monitoring.
 Operational security

• Operational security is about training staff to not expose systems by

careless actions.
• Prevent social engineering attacks such as through educating people
not to fall for click baits.
• Prevent unauthorized staff from gaining administrator access to their
machines.
• Enforcing a strong password policy.
 Filtering

• Filtering involves examining streams of network traffic and performing

operations that denies traffic and allows particular traffic based on set /
configured rules
 Packet filtering
• Packet filtering is controlling access to a network by inspecting the incoming
and outgoing packets and letting them move or halting them depends on the IP
address of the source and destination.
• Packet filtering is one technique for implementing security firewalls and is
fundamental in implementing network security
• Firewalls are just one example of systems that perform filtering operations.
• A firewall is defined as perimeter device that permits or denies traffic based on
a set of rules configured by the administrator.
 Packet filtering

Firewall
• Firewalls are a fundamental component of any perimeter defense
• It is actually a collection of components.
• A firewall is usually placed between two networks to act as a gateway.
 Packet filtering
• Packet filtering protects a local network from undesired invasion depending
upon the predefined rules.
• The information passes through a network in the form of small pieces called
packets, which travel independently across IP networks.
• In a packet filtering firewall, the firewall check five packet traits are as follows
• Source IP address
• Source port
• Destination IP address
• Destination port
• IP protocol (TCP or UDP)
 Filtering and Firewalls

• Filtering is mainly implemented in firewalls

• Packet Filtering and Stateful inspection is a type of firewall technique that
implements filtering in a network in order to prevent unauthorized packets
and data gaining access into a network.
• In addition to these two types of firewalls, there are other firewall
techniques including circuit gateway firewall, Next generation firewall and
application /proxy firewall.
 Packet Filtering Firewall

• Packet Filtering is the simplest, and in some situations, the most effective type
of firewall.
• It is also referred to as stateless filtering
• A packet filtering firewall controls access to packets on the basis of packet
address (source or destination) or specific transport protocol type (such as HTTP
web traffic).
 Packet filtering firewall
• Packet filtering controls (allows or drops) packet or data transfer based on the
following standards:
• The address the packet is coming from.
• The address the packet is going to.
• The application protocols or rules set to transfer the data.
• The packets filtering firewall shows how filtration is executed on the firewall.
• The packet filtering firewall checks access control lists (ACLs) to separate
packets depending upon the upper-layer protocol ID, source and destination
port numbers, source and destination IP addresses, and packet transmission
route.
 EXAMPLES

• example 1: block incoming and outgoing datagrams with IP protocol field =

17 and with either source or dest port= 23.
• all incoming, outgoing UDP flows and telnet connections are blocked.
• example 2: Block inboundTCP segments with ACK=0.
– prevents external clients from makingTCP connections with internal clients, but allows
internal clients to connect to outside.
 Stateful Firewalls

• A stateful firewall collects data regarding every connection made through it.
All of these data points form profiles of “safe” connections.
• When a subsequent connection is attempted, it is checked against the list of
attributes collected by the stateful firewall.
• If it has the qualities of a safe connection, it is allowed to occur. If not, the
data packets are discarded.
• Stateful inspection not only verifies IP addresses but actually inspects
incoming packets for hidden threats.
 Stateful Inspection Firewalls
• Stateful packet inspection is a technology used by stateful firewalls to
determine which packets to allow through the firewall.
• It works by examining the contents of a data packet and then comparing
them against data pertaining to packets that have previously passed through
the firewall.
• This type of firewall is used as additional security. It enforces more checks
and is safer compared to stateless filters.
• However, unlike stateless/packet filtering, stateful firewalls inspect the actual
data transmitted across multiple packets instead of just the headers Because
of this, they also require more system resources.
 Other Firewall Techniques

• Apart from packet filtering and Stateful firewall, other types of firewall
include:
• Circuit level gateway
• Next generation firewall
 Circuit-Level Gateways firewall
• A circuit-level gateway monitorsTCP handshaking between packets from
trusted clients or servers to untrusted hosts and vice versa to determine
whether a requested session is legitimate.
• To filter packets in this way, a circuit-level gateway relies on data contained in
the packet headers for the Internet'sTCP session-layer protocol.
• Circuit-level gateway filters packets at the session layer of the OSI model,
• Circuit-level gateways are another simplified type of firewall that can be easily
configured to allow or block traffic without consuming significant computi6ng
resources.
• Circuit-level gateways are designed to ensure that the established sessions are
protected.
 Circuit-Level Gateways firewall

• Like packet-filtering firewalls, these firewalls do not check for actual data, although they inspect
information about transactions.
• Therefore, if a data contains malware, but follows the correctTCP connection, it will pass
through the gateway.
• That is why circuit-level gateways are not considered safe enough to protect our systems.
• Additionally, circuit-level gateways are practical, simple to set up, and don’t require a separate
proxy server.
 Next-Generation Firewalls (NGFW)
• The next-generation firewall is a security device that combines a number of
functions of other firewalls.
• It incorporates packet, stateful, and deep packet inspection.
• Simply put, NGFW checks the actual payload of the packet instead of focusing solely
on header information.
• Unlike traditional firewalls, the next-gen firewall inspects the entire transaction of
data, including theTCP handshakes, surface-level, and deep packet inspection.
• Using NGFW is adequate protection from malware attacks, external threats, and
intrusion.
• These devices are quite flexible, and there is no clear-cut definition of the
functionalities they offer.Therefore, make sure to explore what each specific option
provides.
 Next Generation Firewall (NGFW’s)
• NGFWs build upon traditional firewalls' features and add other critical
security functions like intrusion prevention, VPN, anti-malware, and even
encrypted traffic inspection.
• NGFW’s ability to handle deep packet inspection means that the firewall can unpack
the packet's data to prevent any packets with malicious data from moving forward.
• Free Firewalls: Comondo firewall,Glasswire,AVS firewall.
 Ingress filtering

• Ingress filtering is a method used by enterprises and internet service

providers (ISPs) to prevent suspicious traffic from entering a network.
• When configured on an edge device such as a router or firewall, ingress
filtering examines all inbound packets and then permits or denies entry to
the network based on information in the packet
 Ingress filtering

• At its simplest, ingress filtering involves establishing an access control

list that contains the Internet Protocol addresses (IP addresses) of permitted
source addresses.
• Conversely, the access control list may also be used to block prohibited
source addresses.
• Ingress traffic filtering is one of the first lines of defense in a network
security strategy. It is intended to prevent cyberattacks, particularly denial
of service (DoS) attacks that use IP address spoofing
 Egress filtering

• Egress filtering, which is used to examine outbound traffic and only allows
packets to leave the network if they meet predetermined policies set by an
administrator.
• Egress filtering is used to prevent malicious activity, such as infected
machines attempting to leak data to remote hosts, or to block legitimate
users from accessing prohibited services, such as online gaming sites.
 Ingress Filtering Vs Egress filtering

• Most firewalls look outwards and try to keep bad things out (ingress filtering), but a
growing number look inwards and try to stop bad things leaving (egress filtering).
• The pioneers of egress filtering were military mail systems that monitor outgoing
traffic to ensure that nothing classified goes out in the clear.
• Some ISPs started looking at outgoing mail traffic to try to detect spam.
Egress Vs ingress
 Firewall Architecture

• A firewall architecture describes various ways firewall components can be put together.
• The bastion host is the system that any outsiders - friends or possible foes - must ordinarily
connect with to access a system or a service that's inside your firewall.
• By design, a bastion host is highly exposed, because its existence is known to the Internet.
• For this reason, firewall builders and managers need to concentrate security efforts on the
bastion host.
• One should pay special attention to the host's security during initial construction and
ongoing operation.
• Because the bastion host is the most exposed host, it also needs to be the most fortified
host.
 Firewall Architecture

• There are many different ways to deploy the components that comprise a firewall.
• There is little difference whether the approach employed uses packet filtering or proxies. Many
organizations use a combination of packet filtering and proxies in their firewall configuration.
• The most widely implemented architectures are listed as follows:
• Screening routers;
• Bastion hosts;
• Dual-homed hosts;
• Screened hosts;
• Screened subnets.
 Advantages of firewalls

• Firewalls are general good at keeping unwanted and unauthorized traffic

from passing (in or out).
• They are also an efficient method of providing Internet access to internal
users.
 Disadvantages

• The drawbacks of a firewall is that it represents a single point of failure –

once the firewall fail the whole network is prone to attacks.
• It takes knowledge, experience, and skill to configure a firewall. In addition,
if the firewall goes down, your connection to the outside network is down.
• A firewall by itself does not assure a secure network.