LECTURE 05

Computer Security
Mr. Yordanos A. Lecturer
MSC in Computer Science and
Engineering
(Dept. of Computer Science)
yordanos033331@gmail.com
Crhr: 3 ECTS: 5
12/26/2024
1
 Chapter 5: Security Mechanisms
 Security mechanisms are technical tools and techniques that
are used to implement security services.
are tools, protocols, and methods used to protect systems,
networks, and data from unauthorized access, misuse, or
damage.
They are designed to ensure confidentiality, integrity,
availability, and accountability within computing environments.
These mechanisms help to prevent and detect attacks,
ensuring that sensitive information is kept secure and systems
12/26/2024 2
 Here are some key security
mechanisms:
 A firewall is a network security device that monitors incoming
and outgoing network traffic and decides whether to allow or
block specific traffic based on a defined set of security rules.
 firewalls establish a barrier between secured and controlled
internal networks that can be trusted and untrusted outside
networks, such as theKey Internet. A firewall
Functions of acan be hardware,
software, or both. Firewall
 Traffic Filtering: Firewalls inspect network traffic and decide
whether to allow or block it based on security rules. It can
filter traffic by IP address, port, protocol, or application type.
 Access Control: Firewalls enforce rules about which devices
or users can access specific resources within the network.
This helps prevent unauthorized access to internal systems 3
12/26/2024
 Protection Against Attacks: Firewalls protect against various
types of cyber threats, including unauthorized access, viruses,
worms, and denial-of-service (DoS) attacks.
Logging and Monitoring: Firewalls can log network activity,
providing valuable information about attempted security
breaches or suspicious activity, which is essential for auditing
and response.

Types of
 Proxy Firewall(Application Firewalls
Gateway): An early type of
firewall device, a proxy firewall serves as the gate way from
one network to another for a specific application. Proxy
servers can provide additional functionality such as content
caching
12/26/2024 and security by preventing direct connections from 4
 A proxy firewall acts as an intermediary between the user and
the internet. It filters traffic at the application layer (Layer 7)
and provides detailed inspection of data exchanges, often
performing additional security measures, such as content
filtering.
Example:
The Application Layer is responsible for enabling
communication between different applications over the
network. For instance, when you use a web browser (such as
Chrome or Firefox) to access a website, the Application Layer
handles the HTTP or HTTPS requests and responses.
•Web Browsing Example: When you type
"www.example.com" into your browser, the browser sends an
HTTP request to the server where the website is hosted. The
server processes this request and sends back an HTTP
response,
12/26/2024
which your browser interprets to display the 5
 Stateful inspection firewall: a stateful inspection firewall
allows or blocks traffic based on state, port, and protocol. It
monitors all activity from the opening of a connection until it
is closed. Filtering decisions are made based on both
administrator-defined rules as well as context, which refers to
using information from previous connections and packets
belonging to the same connection.
 Next-generation firewall (NGFW): Firewalls have evolved
beyond simple packet filtering and stateful inspection. Most
companies are deploying next-generation firewalls to block
modern threats such as advanced malware and application-
layer attacks.

12/26/2024 6
Web Application Firewall (WAF): Specifically designed to
protect web applications by filtering and monitoring HTTP/HTTPS
traffic, guarding against attacks like SQL injection, cross-site
scripting (XSS), and other web-based threat
Packet-Filtering Firewall:
•The simplest form of a firewall, it inspects packets of data
based on pre-configured rules, such as source and destination IP
addresses, port numbers, and protocols. If the packet matches
the rules, it's allowed; otherwise, it is blocked.

12/26/2024 7
 Firewall Deployment Types:
1. Hardware Firewall: A physical device placed between a
network and its internet connection. It provides a dedicated
level of security for the network.
Example : Cisco Firepower 2100 Series, Fortinet FortiGate 60F,
SonicWall TZ570, Palo Alto Networks PA-220, WatchGuard
Firebox T15, Netgate
2. Software SG-3100
Firewall: pfSense…
A software program installed on a
computer or server that controls inbound and outbound
network traffic. This type is commonly used on individual
devices
Example: or Windows
endpoints.Defender Firewall - Built into Microsoft
Windows, Windows Defender Firewall is a free, integrated
software firewall that helps protect against unauthorized
accesslike
Others to :the system.
Zone Alarm Free Firewall, Comodo Firewall, Norton
360 with Smart Firewall, Bitdefender Premium VPN & Firewall …
12/26/2024 8
3 Cloud Firewall:
•A firewall service hosted in the cloud, typically used by
businesses to secure their cloud infrastructure and applications.
It can scale dynamically and provide centralized management
for multiple locations.
12/26/2024 9
 Example: AWS (Amazon Web Services) WAF (Web
Application Firewall): AWS WAF is a managed cloud-based
firewall designed to protect web applications from common web
exploits such as SQL injection, cross-site scripting (XSS), and
more.
Advantages of Using a Firewall:
Others like: Azure Firewall, Google Cloud Armor, Cloudflare WAF
•Prevent Unauthorized Access: By filtering traffic and
…
enforcing access controls, firewalls block unauthorized users or
devices from accessing the network.
•Monitor Network Traffic: Firewalls log and monitor all network
traffic, helping detect suspicious activity and allowing for quick
responses to potential threats.
•Reduce Risk of Malware: By blocking suspicious traffic and
preventing harmful programs from reaching internal systems,
firewalls
12/26/2024 reduce the risk of malware infections. 10
 Proxy
A proxy server is an server
intermediary server that sits between a
user's device (such as a computer or smartphone) and the
internet. It acts as a gateway, forwarding requests from clients
to the destination server and then relaying the responses back
to the client. Proxy servers are commonly used for various
Some people
reasons, use proxies
including for personal
security, purposes,
privacy, and such as hiding
performance
their location while watching movies online, for example. For a
improvements.
company, however, they can be used to accomplish several key
tasks such as:
1. Improve security
2. Secure employees’ internet activity from people trying to
snoop on them
3. Balance
12/26/2024
internet traffic to prevent crashes 11
Key Functions of a Proxy Server:

Anonymity and Privacy:

•A proxy server hides the real IP address of the client (user),
making the client's identity and location harder to trace. This
helps maintain privacy and is often used for browsing the web
Access
anonymously. Control and Filtering:
•Proxy servers can block access to certain websites or filter
content based on specified rules. This is useful in organizational
or educational environments where access to certain sites is
Caching:
restricted.
•Proxy servers can cache (store) frequently accessed content,
such as web pages or images, to reduce load times and
improve user experience. This helps to speed up access to
commonly requested resources by serving cached copies
12/26/2024 12
instead of requesting them from the original server each time.
Load Balancing:
•Proxy servers can distribute client requests across multiple
servers to balance the load, ensuring that no single server
becomes overwhelmed with traffic. This enhances
performance and availability.
Security and Threat Prevention:
•Proxy servers can act as a barrier between internal systems
and the external internet, helping to block malicious traffic,
such as malware or hacking attempts, before it reaches internal
systems.

12/26/2024 13
Types of Proxy Servers:

Forward Proxy:
•A forward proxy is positioned between the client and the
internet. It forwards client requests to the internet and can
perform functions such as hiding the client's IP address,
filtering content, or caching data.
•It is commonly used for security, privacy, and to control
internet usage within a network.
Forward Proxies: In this the client requests its internal
network server to forward to the internet.

12/26/2024 14
 Reverse Proxy:
•A reverse proxy sits between the internet and one or more
web servers, receiving client requests and forwarding them
to the appropriate server. It can provide load balancing,
security (by hiding the identity of the backend servers), and
caching for websites or web applications.
In•Reverse
this the requests are typically
proxies are forwarded to one
used or more and
to protect proxy servers
optimize
and
the the response from
performance theservers.
of web proxy server is retrieved as if it came
directly from the original Server.

12/26/2024 15
An open proxy is a type of proxy server that is accessible by
any internet user, not restricted to a particular group or
network. This means that anyone can use the open proxy to
route their internet traffic through it. Open proxies can be
found on the internet and often do not require authentication
to access, making them attractive to users seeking
Open Proxy: bypassing
anonymity, Open Proxies helps the clients
geo-restrictions, or to conceal/hide
engaging in other
their IP address
activities while a
that require browsing
proxy. the web

12/26/2024 16
Advantages of Open Proxies:
1.Bypass Geo-Restrictions: Users can access content that is
restricted based on geographic location by masking their IP
address with one from a different country or region.
2.Anonymity: Open proxies can provide a certain degree of
anonymity for users, which may be appealing to those who wish
to mask their identity online.
3.Free Access: Open proxies are typically free to use, making
them an attractive option for users who need proxy services but
don’t want to pay for them.

12/26/2024 17
Disadvantages and Risks of Open Proxies:
1.Security Risks: Since open proxies are accessible by anyone,
they are often exploited by hackers or cybercriminals. The data
sent through an open proxy may be intercepted, leading to
potential privacy violations or security breaches.
2.Malicious Activity: Open proxies can be used for malicious
activities such as spamming, scraping, or launching cyberattacks
(e.g., DDoS). As a result, using an open proxy can expose users
to legal and security risks.
3.Unreliable Performance: Open proxies can be slow and
unreliable due to heavy traffic, as they are often overloaded with
users. Additionally, they might not offer the same stability and
uptime as private proxies.
4.Privacy Concerns: Because anyone can access an open
proxy, the proxy server operator may log and monitor the traffic
12/26/2024 18
 Architecture

The proxy server architecture is divided into several modules

as shown in the following diagram:
Key Components of Proxy
Server Architecture:
Client (Requestor):
•This is the device or application (such as a web browser, email
client, or any network-enabled software) that sends requests to
the proxy server. The client does not directly communicate with
the destination server; instead, it interacts with the proxy
This module controls and manages the user interface and
server.
provides an easy-to-use graphical interface, window and a
menu to the end user. This menu offers the following
functionalities:
12/26/2024 19
 Start proxy  Stop proxy  Exit  Blocking URL  Blocking
client 61 Manage log  Manage cache  Modify configuration

Proxy Server:
•The proxy server is the middle entity that receives the client's
requests, processes them, and either forwards them to the
destination server or responds with cached content. It acts as
an intermediary between the client and the external network (or
the internet).

12/26/2024 20
Key responsibilities of the proxy server:
•Forwarding Requests: Receives client requests and forwards
them to the destination server (web server, email server, etc.).
•Response Handling: Receives the responses from the
destination server and sends them back to the client.
•Caching: Caches frequently requested content to improve
performance and reduce the load on the destination server.
•Filtering/Blocking: Inspects and enforces rules to filter
content, block malicious traffic, or prevent access to certain
websites.
•Security: Can provide security measures like hiding the
client’s IP address (anonymity), scanning for malware, or
implementing encryption.
12/26/2024 21
Destination Server (Backend Server):
•This is the server that hosts the website, service, or resource
the client is trying to access. The proxy server forwards the
client's request to the destination server and receives the data
to send it back to the client.
Cache (optional):
•Cache is an optional component where the proxy stores copies
of frequently accessed content (such as web pages, images,
etc.). When a client requests the same content, the proxy can
serve it from the cache instead of requesting it from the
destination server, improving speed and reducing the load on
the origin server.

12/26/2024 22
Logging and Monitoring (optional):
•Many proxy servers include logging and monitoring systems
that track requests and responses, recording information such
as IP addresses, request types, and the content that was
accessed. This is useful for auditing, security analysis, or
performance
Authenticationmonitoring.
System (optional):
•Some proxy servers require authentication to allow access,
especially in corporate or secure environments.
Authentication can involve checking usernames, passwords,
or even more advanced forms of authentication, such as two-
factor authentication (2FA).

12/26/2024 23
 IDS/IPS
IDS (Intrusion Detection System) and IPS (Intrusion
Prevention System)
Both IDS and IPS are crucial security mechanisms designed to
monitor and protect networks from potential threats and
attacks. Although they share similar functions, the key
difference
1. Intrusion lies in their System
Detection response(IDS)
to suspicious or malicious
activities.
An Intrusion Detection System (IDS) is a security tool used
to monitor and analyze network traffic for signs of potential
security threats, attacks, or malicious activity. Its primary
function is to detect suspicious behavior or known attack
patterns (signatures) and alert administrators when a threat is
detected.
12/26/2024 24
Key Features of IDS:
•Monitoring: Continuously monitors network traffic or system
activities for abnormal behavior or signatures of known threats.
•Detection: Uses various detection methods such as
signature-based detection (detecting known attack
patterns), anomaly-based detection (detecting deviations
from normal behavior), and stateful protocol analysis
(understanding the context of network protocols).
•Alerting: When a potential threat is detected, the IDS sends
an alert to the network administrator, notifying them of the
issue. However, it does not take any action to block or
mitigate the threat.
•Traffic Flow: IDS operates passively, meaning traffic is
allowed to continue flowing while alerts are triggered. It does
12/26/2024 25
not interfere with network operations.
Intrusion Prevention System (IPS)
An Intrusion Prevention System (IPS) is similar to an IDS
but with a key difference: an IPS actively blocks malicious or
suspicious traffic in addition to detecting it. The IPS is designed
to stop attacks in real-time, preventing malicious activity from
progressing further into the network or system.
Key Features of IPS:
•Real-time Monitoring: Like IDS, IPS continuously monitors
network traffic and system activity.
•Active Blocking: When the IPS detects malicious activity or
an attack, it takes immediate action to block the traffic or
session. This might involve dropping packets, blocking an IP
address, or terminating a malicious connection.
•Prevention: IPS does not just alert administrators about
threats;
12/26/2024
it actively stops the attack before it can affect the 26
 Virtual Private
network
A Virtual Private Network (VPN) is a technology that creates
a secure and encrypted connection over a less secure network,
such as the internet. It allows users to send and receive data
across shared or public networks as if their devices were directly
connected to a private network. VPNs are commonly used for
enhancing privacy, securing communications, and bypassing
Key Features
geographic of a VPN:
restrictions.
1.Encryption: VPNs encrypt the data traffic between the user's
device and the VPN server, ensuring that the information
remains private and protected from third parties (such as
hackers or government agencies) who may be attempting to
intercept or eavesdrop.
2.Anonymity: VPNs hide the user’s IP address, replacing it with
the 12/26/2024
IP address of the VPN server. This helps anonymize the 27
3. Secure Communication: By creating a secure tunnel
between the user and the VPN server, VPNs protect sensitive
data, such as passwords, credit card details, or personal
communications, from being exposed over unsecured networks.
4. Bypass Geo-Restrictions: VPNs allow users to access
content or services that are geographically restricted or
censored in certain regions. By connecting to a server in
another country, users can access websites or services that may
otherwise be blocked in their location.
5. Remote Access: VPNs provide remote access to private
networks, enabling users to securely connect to their company’s
internal network or other secure networks from anywhere in the
world.
12/26/2024 28
How a VPN Works:
1.User Connection:
The user initiates a connection by using a VPN client
(software or app) on their device (computer, smartphone,
etc.). The client will connect to a VPN server.
2.Encryption:
The VPN client encrypts the user’s data (such as internet
traffic) before sending it to the VPN server. The encryption
3. ensures
Tunneling:that any intercepted data is unreadable to
•The encrypted data
unauthorized travels through a “tunnel,” which is a
parties.
secure, virtual path across the internet. The tunnel ensures
that even if someone intercepts the data, they cannot read it.

12/26/2024 29
4. VPN Server:
•The VPN server receives the encrypted data, decrypts it, and
sends it to the destination server (e.g., a website or online
service). The server then receives the response, which is
encrypted again before being sent back to the user via the VPN
tunnel.
5. IP Address Masking:
•The VPN server assigns the user an IP address from the server’s
location. This process masks the user’s original IP address,
6. End-to-End
effectively Communication:
hiding their real-world location and making their
•The process
browsing continues,
activity ensuring that data exchanged
more anonymous.
between the user and the destination server is kept secure
and private throughout the session.

12/26/2024 30
12/26/2024 31
 Difference Between Proxy Server and VPN
Both Proxy Servers and VPNs (Virtual Private Networks)
serve as intermediaries between a user’s device and the
internet, but they differ in terms of their functionality, security,
and privacy levels. Below is a detailed comparison:
Security and Privacy
•Proxy Server:
• Minimal Security: A proxy does not encrypt your internet
traffic. It simply forwards requests and responses.
• Privacy Limitations: A proxy hides your IP address
from the destination server, but it does not offer full
anonymity. Some proxies may log your browsing activities,
meaning your privacy is not fully guaranteed.
• No Encryption: Without encryption, data transmitted
through a proxy is potentially vulnerable to interception by
12/26/2024 32
•VPN (Virtual Private Network):
• High Security: VPNs encrypt your entire internet
connection, which means that all traffic passing through the
VPN server is secure from eavesdropping.
• Enhanced Privacy: A VPN hides your IP address and
encrypts your data, providing stronger anonymity and
privacy. It prevents third parties, including your ISP or
government agencies, from tracking your online activities.
• Encryption: VPNs use advanced encryption protocols to
protect data, ensuring that sensitive information like
passwords, personal data, or credit card information is
secure.

12/26/2024 33
Scope of Protection
•Proxy Server:
• Application-Specific: Proxies typically work for specific
applications like web browsers, email clients, or torrenting
software. It can only route the traffic of the application it's
configured for.
• No System-Wide Protection: Proxies don’t protect other
applications on your device (e.g., messaging apps, games,
or other software).
•VPN (Virtual Private Network):
• System-Wide Protection: VPNs protect all traffic that
leaves your device, including web browsing, messaging,
streaming, email, and more.
• Full Tunnel: Whether you’re using a browser, app, or even
just downloading files, a VPN ensures that all your data is
12/26/2024 34
Speed and Performance
•Proxy Server:
• Potential Speed Boost: Since proxies don’t encrypt your
traffic, they generally cause less latency than VPNs.
However, they also don’t offer the same level of security
or protection.
• No Encryption Overhead: With no encryption overhead,
the connection is faster, but the lack of protection may
expose you to risks.
•VPN (Virtual Private Network):
• Potential Speed Reduction: VPNs can slightly reduce
internet speeds due to encryption and the routing of traffic
through remote servers. The degree of slowdown depends
on factors like encryption strength, the server’s distance,
and the VPN provider’s infrastructure.
12/26/2024 35
Cost
•Proxy Server:
• Usually Cheaper: Proxy services are typically less
expensive than VPNs because they don’t offer encryption or
the level of protection that a VPN provides.
• Free Proxies: There are many free proxies available, but
they may log your data, contain ads, or offer less security.
•VPN (Virtual Private Network):
• More Expensive: VPN services are generally pricier,
especially those that offer robust encryption, fast servers,
and high-quality privacy features. However, many
reputable VPN providers offer competitive pricing with a
range of features.
• Premium Service: Due to encryption and the level of
protection, VPNs are usually a paid service, though some36
12/26/2024
Next, Chapter 6: Authentication
and Access control

12/26/2024 37