Network

Security
Measures
Group 2
 OBJECTIVES
1 Firewalls, intrusion/ detection
prevention system
2 Encryption and authentication

3 VPNs and tunneling protocols

 Network Security
• Measures
Network security measures are strategies, practices, and
technologies designed to protect the integrity, confidentiality,
and availability of information and resources within a network.
They help safeguard against cyber threats such as
unauthorized access, malware, data breaches, and other
attacks.
 Firewalls
• Firewalls are a fundamental network security measure, acting
as a barrier between a trusted internal network and untrusted
external networks, like the internet. Their primary purpose is
to control the flow of incoming and outgoing network traffic
based on a set of security rules, allowing or blocking specific
types of traffic to protect networked resources from
unauthorized access, threats, and attacks.
 Firewalls
Purpose of Firewalls in Network Security:
•Traffic Filtering and Control:
Firewalls analyze network packets and determine whether they should be allowed to
enter or leave the network. By filtering traffic, firewalls help prevent malicious data from
reaching protected systems and sensitive information from being leaked outside the
network.
•Preventing Unauthorized Access:
Firewalls enforce access controls by allowing only trusted connections to enter the
network. They help prevent unauthorized users from accessing the network, reducing the
risk of data breaches and unauthorized resource usage.
•Blocking Malicious Content:
Firewalls block known threats, such as viruses, malware, or suspicious packets, from
entering the network. They use pre-set rules and, in more advanced firewalls, real-time
threat intelligence to identify and block malicious content before it can cause harm.
 Firewalls
Purpose of Firewalls in Network Security:
•Enforcing Security Policies:
Organizations often have specific rules about who can access different parts of their
network. Firewalls help enforce these security policies by managing which users, devices,
or applications have access to specific network areas.
•Network Segmentation:
Firewalls can be used to segment the network into different zones, each with specific
access levels. This segmentation limits an attacker’s movement within the network if they
gain unauthorized access, containing the threat and protecting sensitive data.
•Logging and Monitoring:
Firewalls log all traffic that passes through them, providing a record of connections,
blocked attempts, and potential security incidents. This logging is useful for detecting and
analyzing unusual activities and can aid in forensic investigations after an incident.
 Intrusion Detection Systems
An Intrusion Detection System (IDS) is a security tool that monitors network or system activities
(IDS)
for suspicious behavior, potential security breaches, or policy violations. It identifies unusual
activities, generates alerts, and can log events to help security teams investigate and respond.
There are two primary types of IDS:
1. Network Intrusion Detection System (NIDS): Monitors network traffic in real time to identify
potential attacks or abnormal behavior within network segments.

2. Host Intrusion Detection System (HIDS): Monitors activities on individual hosts or devices,
such as system logs, file changes, and processes, to detect intrusions at the device level.
 Intrusion Detection Systems
IDS can be further classified by their detection methods:
(IDS)
• Signature-Based Detection: Compares incoming data to a database of known attack patterns or
signatures. This approach is effective for identifying known threats but may miss new, unknown
attacks.

• Anomaly-Based Detection: Uses machine learning or statistical methods to establish a baseline

of normal activity. It flags activities that deviate significantly from this baseline, which can help
detect novel or unknown threats.

IDSs are essential in cybersecurity for providing early warnings about potential threats and
assisting in faster response and remediation.
 Intrusion prevention Systems
(IDS)
An Intrusion Prevention System (IPS) is a security tool designed not only to detect but also to
actively block or mitigate threats in real time. While similar to an Intrusion Detection System (IDS),
an IPS takes a step further by automatically responding to threats to prevent them from causing
harm to the network or system. It’s typically deployed inline with network traffic, so it can
intercept and take immediate action on malicious activities.

The primary functions of an IPS are:

1. Threat Detection: Identifying potential threats using methods similar to IDS, such as signature-
based detection (for known attacks) and anomaly-based detection (for unknown or unusual
behavior).

2. Threat Prevention: Once a threat is detected, an IPS can take automated actions, like
dropping malicious packets, blocking IP addresses, resetting network connections, or
reconfiguring firewall rules to prevent the attack from continuing or spreading.
 Intrusion prevention Systems
Types of IPS include:

•
(IDS)
Network-based IPS (NIPS): Monitors and protects an entire network by analyzing traffic for
suspicious activities.

•Host-based IPS (HIPS): Monitors a specific device, watching for and blocking suspicious activities
at the system level.

IPS is highly valuable for organizations seeking proactive security measures since it can actively
prevent attacks before they affect critical systems or data.
 IDS vs IPS
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) each play vital roles in
modern cybersecurity, and advancements in both technologies have significantly improved their
performance and utility.

Performance Comparison:

•IDS: Since IDS monitors and alerts without actively blocking, it typically operates with lower
latency, making it suitable for networks where uninterrupted flow is essential. However, IDS
requires manual or automated intervention to respond to threats, which can lead to delayed
responses to critical incidents.

•IPS: IPS is designed to actively block malicious traffic, meaning it has a higher impact on network
performance, especially during high traffic loads. IPS requires careful tuning to minimize false
positives, as incorrect blocking can disrupt legitimate network activities.
 Encryption
Encryption is the process of converting data into a coded form (ciphertext) using a cryptographic algorithm. The
primary goal of encryption is to protect the confidentiality of data, ensuring that only authorized parties can
access and understand the information.

How It Works:
•Symmetric encryption: Uses the same key for both encryption and decryption. Examples: AES (Advanced
Encryption Standard), DES (Data Encryption Standard).

•Asymmetric encryption: Uses a pair of keys (public and private). One key encrypts the data, and the other
decrypts it. Examples: RSA, ECC (Elliptic Curve Cryptography).

Purpose in Network Security:

•Ensures that sensitive data transmitted over the network is unreadable to unauthorized users. For instance,
encrypted data on a website (via HTTPS) ensures that even if intercepted, the data cannot be read by attackers.

•It secures communication between clients and servers, such as when making transactions or sending private
 Authentication
Authentication is the process of verifying the identity of a user, device, or system to ensure that only authorized
parties can access certain resources. It is used to confirm that someone or something is who or what it claims to
be.

How It Works:

•Password-based authentication: Verifies the user based on their knowledge (password).

•Two-factor authentication (2FA): Combines something the user knows (password) with something the user has
(e.g., a mobile device or token).
•Biometric authentication: Uses unique physical attributes (fingerprint, facial recognition) for verification.
•Public key infrastructure (PKI): Uses digital certificates to authenticate devices or users.

Purpose in Network Security:

•Ensures that only authorized users can access systems or services. For example, when you log into a website with
a password, the system authenticates you before granting access.
•Protects against unauthorized access to sensitive resources, ensuring the right people or systems are interacting
with the network.
 Encryption and Authentication
In network security, encryption and authentication are two essential techniques that play
different but complementary roles in protecting data and ensuring secure communication.
Aspect Encryption Authentication

Protects the confidentiality Verifies the identity of

Main Goal
of data. users or systems.
Ensures that data remains Ensures that only
Focus private during authorized entities access
transmission. resources.
Converts data into
Confirms identity using
unreadable format and can
Process credentials like passwords,
only be decrypted by
biometrics, or tokens.
authorized parties.

Protecting data, preventing

Verifying who you are
Used For unauthorized access to
before granting access.
content.

HTTPS encrypts website Login systems requiring

Example traffic to protect username and password
information. for access.
 Encryption and Authentication
How They Work Together:

Encryption and authentication are often used together to create a secure communication
channel. For example:

1.Authentication: When you log into a secure website, authentication ensures that you are the
legitimate user (e.g., by verifying your password or using 2FA).

2.Encryption: After authentication, encryption protects the sensitive data exchanged between
you and the website (e.g., credit card numbers or personal details) from being intercepted by
attackers.
 Virtual Private Networks (VPN)
A VPN is a service or network technology that creates a secure, encrypted connection over a
public or untrusted network (like the internet). It allows users to send and receive data as if they
were directly connected to a private network, protecting the integrity and confidentiality of their
communications.

Purpose in Network Security:

•Encryption: VPNs ensure that the data transmitted between the user (e.g., remote worker) and
the destination (e.g., corporate network) is encrypted, making it unreadable to anyone who
intercepts the data.

•Privacy: VPNs hide the user's real IP address by routing traffic through a secure server, offering
anonymity and masking the user's location.

•Secure Access: VPNs enable remote access to a private network from anywhere, allowing
Virtual Private Networks (VPN)
Key Benefits of VPNs:

•Data Protection: Encrypts data in transit, preventing eavesdropping and man-in-the-middle

attacks.

•Access Control: Allows users to securely access resources on a remote network.

•Privacy: Hides users' real IP addresses and online activity, providing anonymity.
 Tunneling Protocols
Tunneling protocols are methods used by VPNs to encapsulate (wrap) data packets inside other
packets to create a secure "tunnel" between the sender and receiver. This allows the encrypted
data to travel through the untrusted network without being altered or intercepted.

Tunneling protocols define how the data is encapsulated and transmitted over the internet and are
a key part of how a VPN works. They vary in terms of security, performance, and compatibility.

Common Tunneling Protocols:

1. PPTP (Point-to-Point Tunneling Protocol)

• Overview: One of the oldest tunneling protocols, developed by Microsoft.
• Encryption: Offers weak encryption (MPPE) and is no longer considered secure.
• Use Case: PPTP is rarely used today due to vulnerabilities but may still be found in legacy
systems.
• Pros: Easy to set up, lightweight, and fast.
 Tunneling Protocols
Common Tunneling Protocols:

2. L2TP (Layer 2 Tunneling Protocol)

• Overview: L2TP is often paired with IPsec for encryption (L2TP/IPsec), providing a more
secure alternative than PPTP.

• Encryption: While L2TP itself does not provide encryption, it is commonly combined with
IPsec for strong encryption and secure data transmission.

• Use Case: Widely used in modern VPN solutions for more secure, stable connections.

• Pros: Strong security when paired with IPsec, more modern than PPTP.

• Cons: Slightly slower performance due to the double encapsulation (L2TP + IPsec).
 Tunneling Protocols
Common Tunneling Protocols:

3. IPsec (Internet Protocol Security)

• Overview: A suite of protocols used to secure IP communications by authenticating and
encrypting each IP packet.

• Encryption: Provides high-level security and can be used for site-to-site VPNs or client-to-site
connections.

• Use Case: Often used in conjunction with L2TP or in other VPN types like SSL VPNs.

• Pros: Strong encryption and authentication; widely adopted for secure communications.

• Cons: Requires proper configuration and may be more complex to set up.
 Tunneling Protocols
Common Tunneling Protocols:

4. OpenVPN
• Overview: An open-source tunneling protocol that uses SSL/TLS for secure data transmission.
• Encryption: Supports robust encryption methods, including AES-256.

• Use Case: Very popular in modern VPN services due to its security and flexibility.

• Pros: Strong security, highly customizable, supports various encryption methods, works
across many platforms.

• Cons: Can be more complex to configure, slower setup compared to other protocols.
 Tunneling Protocols
Common Tunneling Protocols:

5. SSL/TLS (Secure Sockets Layer / Transport Layer Security)

• Overview: SSL/TLS is a cryptographic protocol used to secure communication over the
internet, and SSL VPNs use these protocols to provide secure access to applications and
networks.

• Encryption: Provides strong encryption and is used for protecting data in transit.

• Use Case: Often used for remote access VPNs, where users can access a specific application
or network resource through a secure HTTPS connection.

• Pros: Strong encryption and easier to configure for remote access.

• Cons: May not offer the same level of protection for full network access as IPsec or OpenVPN.
 Tunneling Protocols
Common Tunneling Protocols:

6. IKEv2 (Internet Key Exchange version 2)

• Overview: A tunneling protocol that is part of the IPsec suite, offering a faster, more secure
alternative to older protocols.

• Encryption: Uses strong encryption methods and supports mobile devices well due to its ability
to quickly re-establish connections when switching networks.

• Use Case: Often used in modern mobile VPNs for secure, stable connections.

• Pros: Fast, secure, and supports seamless network switching.

• Cons: Slightly more complex to configure than simpler protocols like PPTP.