Computer security 2023

Virtual private network (VPN)

A VPN, which stands for virtual private network, is a service that establishes a
secure and private connection to the internet. A VPN creates an encrypted tunnel to
protect your personal data and communications, hide your IP address, and let you
safely use public Wi-Fi networks.

VPN services also help you bypass censorship, get around content blocks, and
unlock website restrictions. By encrypting your internet traffic, VPNs hide your IP
address and physical location, so that no one can tell who you are, where you are,
or what you’re doing online. That’s why VPN means virtual private network —
it’s an on-demand, private tunnel through the internet.

 A VPN is virtual because it creates a digital tunnel — there isn’t a physical

cable that reaches from your device directly to the VPN server.

 A VPN is private because it encrypts your data and hides your IP address.

 A VPN is a network because it creates a connection between multiple

computers — your device and the VPN server.

What does a VPN do?

VPNs hide your IP address behind a different IP address (often in another part of
the world) provided by the VPN server. VPNs work by adding a layer of
encryption to the data that passes through your internet connection. There are many
benefits of using a VPN — VPNs let you:
 Avoid internet censorship

 Encrypt your internet connection.

 Secure your data over public Wi-Fi networks.

 Stream freely and get around location-based content blocks.

Prepared by Amanuel Gezahegn Page 1

 Computer security 2023

Intrusion Prevention System (IPS)

In short, an Intrusion Prevention System (IPS), also known as intrusion detection
prevention system (IDPS), is a technology that keeps an eye on a network for any
malicious activities attempting to exploit a known vulnerability.

An Intrusion Prevention System’s main function is to identify any suspicious

activity and either detect and allow (IDS) or prevent (IPS) the threat. The attempt
is logged and reported to the network managers or Security Operations Center
(SOC) staff.

How do Intrusion Prevention Systems work?

IPS technologies have access to packets where they are deployed, either as
Network intrusion detection systems (NIDS), or as Host intrusion detection
systems (HIDS). Network IPS has a larger view of the entire network and can
either deployed inline in the network or offline to the network as a passive sensor
that receives packets from a network TAP or SPAN port.

The detection method employed may be signature or anomaly-based. Predefined

signatures are patterns of well-known network attacks. The IPS compares packet
flows with the signature to see if there is a pattern match. Anomaly-based intrusion
detection systems uses heuristics to identify threats, for instance comparing a
sample of traffic against a known baseline.

Prepared by Amanuel Gezahegn Page 2

 Computer security 2023

Firewall
A Firewall is a network security device that monitors and filters incoming and
outgoing network traffic based on an organization’s previously established security
policies. At its most basic, a firewall is essentially the barrier that sits between a
private internal network and the public Internet. A firewall’s main purpose is to
allow non-threatening traffic in and to keep dangerous traffic out.

What Firewalls Do?

A Firewall is a necessary part of any security architecture and takes the guesswork
out of host level protections and entrusts them to your network security device.
Firewalls, and especially Next Generation Firewalls, focus on blocking malware
and application-layer attacks, along with an integrated intrusion prevention system
(IPS), these Next Generation Firewalls can react quickly and seamlessly to detect
and react to outside attacks across the whole network. They can set policies to
better defend your network and carry out quick assessments to detect invasive or
suspicious activity, like malware, and shut it down.

Intrusion Detection System (IDS)

Prepared by Amanuel Gezahegn Page 3
 Computer security 2023

An Intrusion Detection System (IDS) is a monitoring system that detects

suspicious activities and generates alerts when they are detected. Based upon these
alerts, a security operations center (SOC) analyst or incident responder can
investigate the issue and take the appropriate actions to remediate the threat.

What is an Intrusion Detection System (IDS)?

Intrusion detection systems are designed to be deployed in different environments.

And like many cybersecurity solutions, an IDS can either be host-based or
network-based.

 Host-Based IDS (HIDS): A host-based IDS is deployed on a particular

endpoint and designed to protect it against internal and external threats. Such
an IDS may have the ability to monitor network traffic to and from the
machine, observe running processes, and inspect the system’s logs. A host-
based IDS’s visibility is limited to its host machine, decreasing the available
context for decision-making, but has deep visibility into the host computer’s
internals.

 Network-Based IDS (NIDS): A network-based IDS solution is

designed to monitor an entire protected network. It has visibility into all
traffic flowing through the network and makes determinations based upon
packet metadata and contents. This wider viewpoint provides more context
and the ability to detect widespread threats; however, these systems lack
visibility into the internals of the endpoints that they protect.

Due to the different levels of visibility, deploying a HIDS or NIDS in isolation

provides incomplete protection to an organization’s system. A unified threat
management solution, which integrates multiple technologies in one system, can
provide more comprehensive security.

Detection Method of IDS Deployment

Prepared by Amanuel Gezahegn Page 4

 Computer security 2023

Beyond their deployment location, IDS solutions also differ in how they identify
potential intrusions:

1. Signature Detection: Signature-based IDS solutions use fingerprints of

known threats to identify them. Once malware or other malicious content
has been identified, a signature is generated and added to the list used by the
IDS solution to test incoming content. This enables an IDS to achieve a high
threat detection rate with no false positives because all alerts are generated
based upon detection of known-malicious content. However, a signature-
based IDS is limited to detecting known threats and is blind to zero-day
vulnerabilities.

2. Anomaly Detection: Anomaly-based IDS solutions build a model of the

“normal” behavior of the protected system. All future behavior is compared
to this model, and any anomalies are labeled as potential threats and generate
alerts. While this approach can detect novel or zero-day threats, the
difficulty of building an accurate model of “normal” behavior means that
these systems must balance false positives (incorrect alerts) with false
negatives (missed detections).

3. Hybrid Detection: A hybrid IDS uses both signature-based and anomaly-

based detection. This enables it to detect more potential attacks with a lower
error rate than using either system in isolation.

Proxy server
Prepared by Amanuel Gezahegn Page 5
 Computer security 2023

A proxy server is a system or router that provides a gateway between users and the
internet. Therefore, it helps prevent cyber attackers from entering a private
network. It is a server, referred to as an “intermediary” because it goes between
end-users and the web pages they visit online.

When a computer connects to the internet, it uses an IP address. This is similar to

your home’s street address, telling incoming data where to go and marking
outgoing data with a return address for other devices to authenticate. A proxy
server is essentially a computer on the internet that has an IP address of its own.

Proxy Servers and Network Security

Proxies provide a valuable layer of security for your computer. They can be set up
as web filters or firewalls, protecting your computer from internet threats like
malware.

This extra security is also valuable when coupled with a secure web gateway or
other email security products. This way, you can filter traffic according to its level
of safety or how much traffic your network—or individual computers—can handle.

How to use a proxy?

Some people use proxies for personal purposes, such as hiding their location while
watching movies online, for example. For a company, however, they can be used
to accomplish several key tasks such as:

1. Improve security

2. Secure employees’ internet activity from people trying to snoop on them

3. Balance internet traffic to prevent crashes

4. Control the websites employees and staff access in the office

Prepared by Amanuel Gezahegn Page 6

 Computer security 2023

5. Save bandwidth by caching files or compressing incoming traffic

Benefits of a Proxy Server

1. Enhanced security: Can act like a firewall between your systems and the
internet. Without them, hackers have easy access to your IP address, which
they can use to infiltrate your computer or network.

2. 2Private browsing, watching, listening, and shopping: Use different

proxies to help you avoid getting inundated with unwanted ads or the
collection of IP-specific data. With a proxy, site browsing is well-protected
and impossible to track.

3. Access to location-specific content: You can designate a proxy server with

an address associated with another country. You can, in effect, make it look
like you are in that country and gain full access to all the content computers
in that country are allowed to interact with. For example, the technology can
allow you to open location-restricted websites by using local IP addresses of
the location you want to appear to be in.

4. Prevent employees from browsing inappropriate or distracting sites:

You can use it to block access to websites that run contrary to your
organization’s principles. Also, you can block sites that typically end up
distracting employees from important tasks. Some organizations block social
media sites like Facebook and others to remove time-wasting temptations.

Types of proxy server

Residential Proxy
A residential proxy gives you an IP address that belongs to a specific, physical
device. All requests are then channeled through that device.

Prepared by Amanuel Gezahegn Page 7

 Computer security 2023

Residential proxies are well-suited for users who need to verify the ads that go on
their website, so you can block cookies, suspicious or unwanted ads from
competitors or bad actors. Residential proxies are more trustworthy than other
proxy options. However, they often cost more money to use, so users should
carefully analyze whether the benefits are worth the extra investment.

Public Proxy
A public proxy is accessible by anyone free of charge. It works by giving users
access to its IP address, hiding their identity as they visit sites.

Public proxies are best suited for users for whom cost is a major concern and
security and speed are not. Although they are free and easily accessible, they are
often slow because they get bogged down with free users. When you use a public
proxy, you also run an increased risk of having your information accessed by
others on the internet.

Shared Proxy
Shared proxies are used by more than one user at once. They give you access to an
IP address that may be shared by other people, and then you can surf the internet
while appearing to browse from a location of your choice.

Shared proxies are a solid option for people who do not have a lot of money to
spend and do not necessarily need a fast connection. The main advantage of a
shared proxy is its low cost. Because they are shared by others, you may get
blamed for someone else’s bad decisions, which could get you banned from a site.

SSL Proxy

Prepared by Amanuel Gezahegn Page 8

 Computer security 2023

A secure sockets layer (SSL) proxy provides decryption between the client and the
server. As the data is encrypted in both directions, the proxy hides its existence
from both the client and the server.

These proxies are best suited for organizations that need enhanced protection
against threats that the SSL protocol reveals and stops. Because Google prefers
servers that use SSL, an SSL proxy, when used in connection with a website, may
help its search engine ranking. On the downside, content encrypted on an SSL
proxy cannot be cached, so when visiting websites multiple times, you may
experience slower performance than you would otherwise.

Rotating Proxy
A rotating proxy assigns a different IP address to each user that connects to it. As
users connect, they are given an address that is unique from the device that
connected before it.

Rotating proxies are ideal for users who need to do a lot of high-volume,
continuous web scraping. They allow you to return to the same website again and
again anonymously. However, you have to be careful when choosing rotating
proxy services. Some of them contain public or shared proxies that could expose
your data.

Reverse Proxy
Unlike a forward proxy, which sits in front of clients, a reverse proxy is positioned
in front of web servers and forwards requests from a browser to the web servers. It
works by intercepting requests from the user at the network edge of the web server.
It then sends the requests to and receives replies from the origin server.

Prepared by Amanuel Gezahegn Page 9

 Computer security 2023

Reverse proxies are a strong option for popular websites that need to balance the
load of many incoming requests. They can help an organization reduce bandwidth
load because they act like another web server managing incoming requests. The
downside is reverse proxies can potentially expose the HTTP server architecture if
an attacker is able to penetrate it. This means network administrators may have to
beef up or reposition their firewall if they are using a reverse proxy.

Prepared by Amanuel Gezahegn Page 10