5

NETWORK SECURITY ASPECTS

SECURITY BASICS
5.1
5.1.2 TYPES OF
5.1.3
NETWORK SECURITY
BENEFITS OF
NETWORK SECURITY
5.1.4 CONFIDENTIALITY
5.1.5 INTEGRITY
5.1.6 AVAILABILITY
r17 SECURITY SERVICES
5.2 THREATS TO SECURITY
5.2.1 VIRUSES
5.2.2 WORMS
5.2.3 INTRUDERS
5.2.4 INSIDERS

5.2.5 CRIMINAL ORGANIZATIONS

5.2.6 TERRORISTS
5.2.7 INFORMATION WARFARE
5.3 FIREWALLS

5.3.1 HISTORY OF FIREWALL

5.3.2 FIREWALL: HARDWARE OR SOFTWARE
5.3.3 NEED OF FIREWALL
5.3.4 CHARACTERISTICS OF FIREWALL
5.3.5 ADVANTAGES OF FIREWALL

5.3.6 DISADVANTAGES OF FIREWALL

5.3.6 LIMITATIONS OF FIREWALL

5.3.7 REAL- TIME APPLICATIONS OF FIREWALL

5.3.8 WORKING
5.3.9 DESIGN PRINCIPLES
EXERCISE
 106

5.1 SECURITY BASICS

Computer Networkins
Essentialy, network security involves protecting the network. Networks are private, such as a
company network, or public networks. Network security involves preventing
unauthorized access to the network. misuse or
Generally, Network Security refers to how an organization protects its data and
network using both hardware and software. By doing this, the network and data arecomputerto
able
remain confidential and accessible. Almost every organization that uses a lot of data is
with some form of security against cyber threats. equipped
Password protection is an example of Network Security that is selected by the user.
There are various forms of network security, such as access control, virus and anti-virus softwars
application security, network analytics, firewalls, VPN encryption, and many more.
5.1.1 NETWORK SECURITY: WORKING

As a general principle, network security involves securing huge amounts of data and networks
in layers. This ensures the compliance with rules and regulations that have to be acknowiedged
before any action can be taken on the data. These levels are:
1. Physical
2. Technical

3. Administrative
1. Physical Network Security :- This is the most basic level of network securitythat protects data
and network confidentiality by preventing unauthorized personnel from acquiring control over
the network. It may be necessary to use external peripherals and routers for cable connections.
It is possible to achieve the same results by using devices such as biometric systems.
2. Technical Network Security - Its primary focus is on protecting data that is stored in the
network or data that is transported through the network. It serves two purposes. The first is to
protect against unauthorized users, and the second is to protect against malicious activities.
3. Administrative Network Security:- In this level of network security, user behavior is protected,
such as how permissions are granted and how authorization is performed. Moreover, it ensures
the level of sophistication the network might need for protection against all attacks. As a result
of this level, infrastructure amendments are also recommended.
5.1.2 TYPES OF NETWORK SECURITY

The choice of security policies and tools varies from network to networkand changes over time.
The following are some commonly used types of network security tools and software:
1. Access Control :- The purpose of this method is to restrict access to network applications and
systems to a specific group of users and devices. These systems deny access to unconfirmed
users and devices.

2. Antivirus and Anti-malware Software :- The purpose of antivirus and antimalware software is
to detect, remove or prevent viruses and malware infecting a computer or network, such 35
Trojan horses, ransomware and spyware.
 (ibmputer-Networking I07

Cloud Security - Currently, many organizations are using cloud technology to store a large
amount of important data. This is very vulnerable to malpractices committed by a few
unauthorized dealers. The data must be protected and no compromise should be made to this
protection. The cloud provider manages the security of its overall infrastructure and offers tools
for users protect their instances within the overal infrastructure, For exarnple, Amazon
to
cloud
Web Services provides security groups that control the incoming and outgoing tralfic associated
withan application or
resource.
Behaviorallanalytics :- This
4.for abnormal method analyzes network behavior and detects and alerts organizations
activity.

5. email is one of the most vulnerable points. When employees click

Email seecurity:- In a network,
on
emails that include links to
malware attacks. malicious software, they become the victims of phishing and
order to prevent unauthorized network access, incoming and outgoing traffic is
Firewall - In
6.
inspected by software or firmware. Firewalls are some of the most widely used security tools.
They are positioned in multiple areas of the network.
Intrusion detection system (IDS) :- IDSs detect unauthorized access attempts and flag then as
7. intrusion
potentially dangerous, but do not remove them. Intrusion detection systems (IDS) and
prevention systems (PS) are often used in conjunction with firewalls.
threats and
8. Web security i- Organizations use this practice to control employee web use, block
websites, and maintain company website integrity.

51.3 BENEFITS OF NETWORK SECURITY

Network security offers the following benefits:
that businesses and individual users are able to use
1, Functionality:- A network's security ensures
their networks with high levels of performance in the future.
Organizations handling user data must ensure the confidentiality, integrity,
2. Privacy and security:- triad. The security of a network protects
on a network, or the CIA
and availability of data information, prevents the loss of a company's
personal identifiable information and sensitive
reputation and prevents financial loss.
protection:- Companies must maintain their competitive edge by securing
3. Intellectual property their products, services, and business
strategies.
access to intellectual property related to
|5.1.4 CONFIDENTIALITY
authorized individuals or systems can view sensitive or classified
Confidentiality means that only data would be protected from
unauthorized
that the transmitted
information. It is the assurance
access. data
sender and intended recipient should be able to access the
It also means that, only the protection of traffic flow from analysis. This requires
The other aspect of confidentiality is the frequency, lèngth or other
observe the source and destination,
that an attacker not be able to communication facility.
Characteristics of the traffic on a
 108 Computer Netw
tools available
orking
It is possible for attackers to acquire your information using different
Internet. Encryption techniques are a primary way to safeguard your data from this type of
attack. Even if an attacker gains access to your data, he/she will not be able to decrypt it.
Maintaining network confidentiality includes following steps:
1. Strict authentication
2. Use strict access control

3. Ensure encryption of data.

Threats to Confidentiality: There are several ways to compromise confidentiality. Netwel.
confidentiality is commonly threatened by the following:
1. Hackers
2. Trojan Horses
3. Unauthorized users

4. Masquerades
For example, if we say Ihave a password for my Gmail account but someone saw while Iw2s
doing a login into Gmail account. In that case my password has been compromised and
Confidentiality has been breached and compromised.
5.1.5 INTEGRITY

Integrity refers to maintaining accuracy and completeness of data. This means data cannot be
edited in an unauthorized way by any unauthorized party.
It specifies that content of the message must not be altered during transmission from
sender
to receiver and ensures information non-repudiation and authenticity. The data can't be
changed
except by an authorized entity. It ensures that only authorized parties are able to modify
Computer system assets and transmitted information.
Modification includes writing, changing status, deleting, creating and delaying or replaying of
transmitted messages.
Two types of integrity services :
1. Connection oriented integrity service: It provides integrity of all user
data on a
detects any modification, insertion, deletion or reply of any data within entire connection and
data sequence.
It provides protection against message stream modification and
denial of-service.
2. Connection less integrity service: It generally provides
protection against
only. To maintain data integrity, there should be resistance to the changemessage modification
and replacement of
data.

For example if an employee leaves an organization then in that case data for that
all departments like accounts, should be updated to reflect status to JOB
employee in
LEFT so that data is
complete and accurate and in addition to this only authorized person should be allowed to edit
employee data.
 Computer Networking 109
s.1.6 AVAILABILITY
Availability means that the
systems and data. It is the network shouldbe readily avallable to its users. It also applies to
hardware, make
regular upgrades, implement network administrator's
responsibility
fail-over plans, and prevent to maintain
bottlenecks in a network to ensure
availability.
Anetwork may become unavailable as a result of attacks such as DoS or DDoS. Therefore, proper
measures should be taken to prevent such so that asthey do not have a
significant impact on the companies attackswhofrom
and users occurring
rely on the network a business tool.
Information needs to be constantly changpd which means it must be accessible to authorized
entities. The unavailability of information is just as harmful for an organization as the lack of
confidentiality or integrity.
Example: Ihe situation can be difficult for a bank if the custonmer could not access their accounts
for transactions. Interruption puts the
availability of resources in danger.

|Confideotiality Integrity

Availability
Sccure System

Fig. 5.1 CIA Tried

The diagram above explains the balance concept. The right balance of the three goals is needed
tobuild a secure system. If the goals are not balahced then a small hole is created for attackers
to nullify the other objectives of security. Having a highly confidential system but low availability
then the system is not secure.
Understand CIA Triad with the help of ATM example:
In order to better understand how the CIA Triad works in practice, consider the ATM that
enables users to access their bank balance and other information. ATMs incorporate the following
measures to cover the tried's principles:
Before granting access to sensitive data, the two-factor authentication (debit card with
PIN
code) ensures confidentiality.
software
By maintaining all withdrawals and transfers made via the ATM, the ATM and bank
ensure data integrity.
times.
Due to its availability and accessibility, the ATM is available to the general public at all
 110

5.1.7 SECURITY SERVICES Computer Networking

X.800 defines a security service to ensure security of the systems or of data transfers.
are to recover from attack. Security services implement security policies and they
by security mechanisms. In general security service is a
mechanism set up
Services
are implemens
system or network. Different security services are: Authentication, Access control,for protectine 1
Integrity, Non-repudiation (rejection) and Availability.
1. Authentication : Assuring that communication is
Confidentiality,
authentic. Two types of authentic services ar
defined in X.800. 1) Peer entity authentication:This service
ensures that both the communicatine
parties are real and no intruder (opponent) is trying to access the resources or data betweor
them. 2) Data origin authentication: Used for the identify the
source of data unit
It does not provide protection against the duplication or
in email where there are no modification of data units. It is isod
prior interactions between the two interacting users.
2. Access Control : It is prevention of the
who should be able to access what. Thisunauthorized entity to use of resource. It determines
service tries to ensure that only the legal users use
provided information.
Each entity trying to gain access must first be
classified into: Role management and Rule identified authenticated. Access control can be
or
management.
3. Non -repudiation :
Non-repudiation prevents either sender or receiver from denying a transmitted
message. Non-repudiation is a way to guarantee that the sender of a message cannot later deny
having sent the message and that the recipient cannot
deny having received the message.
4. Confidentiality : It means that the
content of a
must remain confidential, i.e. only the intended message when transmitted across a network
the message. The users; therefore, want to receiver and no one else should be able to read
eavesdropper on the network will not be able toencrypt the message they send so that an
read the contents of the message.
5. Integrity : It means the data must
reach the destination without any
it was sent. There must be no adulteration i.e. exactly as
changes during transmission, neither accidentally
Integrity of a message is ensured by attaching a nor maliciously.
checksum to the message.
5.2 THREATS TO SECURITY
A network threat is a threat to
your network and data systems. Any
network and gain access to your data is considered a attempt to breach your
network threat.
There are different kinds of network threats, and each has a
denial-of-service (DDoS) attacks, seek to shut down your different goal. Some, like distributed
network or servers by overloading
them with requests. While others, such as malware or
spyware will enter your organization's network, where credential theft, aim to steal your data,
it will lie in wait and collect data.
A security threat is a malicious act that
corrupts or steals data or disrupts the operations of an
organization.
Categories of Network Security Threats
Network security threats can be categorized into four main
categories:
 Computer
-Neetworking 111
Externalthreats ::A network has an external threat when it is caused by an external entity, a
1.
person, or even a natural disaster that could negatively disrupt the network. It involves exploiting
weakness, or
a vulnerability, or causing aloss of data that significantly affects your business
operations and network
security.
Internal threats :- This type of threat is posed by malicious insiders, such as disgruntled or
2. improperly vetted employees who are working for a competitor. According to a report from
cybersecurity Insiders published in 2022, 57% of organizations believe that insider attacks have
become more frequent in the
recent past.
Structured threats i- The
3. groupsof cybercriminals withterm structured threats refer to attacks conducted by organized
a clear objective or goal in mind, such as state-sponsored attacks.
Unstructured attacks :- who do
4. not have a clear objectiveAttacks that are unstructured usually originate from amateurs
in mind.
5.2.1 VIRUSES

Avirusis a software programs or pieces of code that is capable of copying itself and infecting
one
a system without the knowledge of the user. It is a type of malware that spreads from
Computer to another cleaning up its trails as it goes. It can harm other software programs by
modifying them and it is a type of malware.
Generally viruses are attached to the executable (.exe) files and when user runs that program
viruses spread in tne system. They may create mild effects and can cause crash or ddta a
software may cause denial-of-service attack. Viruses may infect memory, a floppy iSK, a nard
drive, a backup tape, or any other type of storage.
ypes of viruses are as under:
1. Parasitic Virus.
2. Memory Resident Virus.
3. Boot sector Virus.
4. Stealth Virus.
5. Metamorphic Virus.
5. Macro Virus.
6. Resident Virus

7. Multipartite Virus
8. Direct Action

9. Browser Hijacker
Ihe following are the harmful effects of viruses:
1. Erase data

2. Can even control your device

3. Track your keystrokes
 112
Computer Networkine
or data
4. Hack passwords
permanently
5. Damage the hard disk
6. Corrupted files
7. Spam your email list
computer from viruses, including :
There are several ways to protect your
1. Scan attachments in emails
downloaded files
2. Using File Sharing Programs, scan your
3. Invest in a Trusted Antivirus

4. Pop-up ads should be avoided

5.2.2 WORMS
Acomputer worm is a subset of the Trojan horse malware that can propagate or self-replict
from one computer to another without human activation after breaching a system. Typically, a
worm spreads across a network through your Internet or LAN (Local Area Network) connection,
It does not requires any host to spread. Worms can be remorselessly destructive.
Types of Worms are as under :
1. P2P-Worm
2. Net-Worm
3. Email-Worm
4. IRC(Internet Relay Chat) - Worm
5. File sharing Worms
6. IM (Instant Messaging) - Worm
The following are the harmful effects of Worms:
1, Performance issues

2. ldentity theft can even be caused by worms

3. Delete or change our files
4. Keep us out of important files
5. Hard drive reformatting
Here are some tips on preventing worms :
1. Keep your files safe
2. Update your passwords
3. Software should be updated regularly
4. Use aVPN for torrenting
5. Open attachments and links with caution
6. While browsing, avoid pop-up ads
 (mputer
/ Networking 113
23INTRUDERS
ntrude" means to put
oneself purposefully unauthorized place where
trying toor access
into a situation one
s not welcome or invited. An intruder is
(intentionally)individual
llegally.The main aim of intruders is to gain access to the system and intrude the privacy of
resources

the network. Intruders may be insiders or may be outsiders. Intruders attacks range from the
gentleto the serious one.
ntrudersare mainly classified into
three categorles :
Masquerade: An individual who is not
access to the
1. computersystem and exploit (misuse authorized to use the computer but he gets
or take advantage of) user data and account.
2. Misfeasor: A legal user who accesses data, programs or resources for which he is not authorized.

Clandestine user: User who gains

administrative
The masquerade is likely to be an outsider, access to
the misfeasor the system.
generally is an insider and clandestine
User can be either insider or outsider.
Thedisk of network intrusion
1. Corruption of Data
Financial Loss for the Organization
3. Theft of Data
4. Loss of Reputation
5. Operational Disruption
Thefollowing methods are used by hackers to
crack passwords :
1 Try all possible short passwords to gain access to the system
2. The default password should unlock the system if no changes have been made by the user.
3. In order to unlock the system, various combinations must be entered, including the user's
name, the names of family members, the user's address, and the user's telephone number.
4. Accessing the user's system with Trojan horses.
5. By using the host's connection gateway, you can access the remote user's connection.
What's the best way to detect network intrusions ?
1. Host Intrusion Detection System (HIDS)
2. Application Protocol-based lntrusion Detection System (APIDS)
3. Protocol-based Intrusion Detection System (PIDS)
4. Network Intrusion Detection System (NIDS)
|5.2.4 INSIDERS
An insider threat is amalicious threat to an organization that comes from people within the
organization.
 114
King
Insider attacks are typically passive attacks that are harder to detect because they are carried
out by employees, former employees, contractors, partners, or business associates who have
inside information about an organization's data, computer systems, and security. Insiders are
more dangerous than outside intruders.
Threats related to Insiders :
1. Fraud
2. Theft of confidential information.

3. Theft of inteligent property.

4. Damage of computer system.
5. Corruption, including participation in transnational organized crime
Damages caused by Insiders:
1. Loss of critical data
2. Financial Impact
3. Legal Impact
4, Loss of Reputation
5. Loss of Competitive Edge
6. Intellectual Property Theft
7. Market Value Reduction
8. Increased Expenses
The folowing steps will help reduce the risk of insider threats:
1. Protect critical assets
2. Enforce policies
3. Increase visibility
4. Promote culture changes
5. Encryption of data
5.2.5 CRIMINAL ORGANIZATIONS
Due to increasing the computer networks and internet uses, criminal organizations turn into the
electronic world to misuse.
One difference between criminal group and the "average" hacker is the level of organization is
much higher than a simple hacker. They have more money and financial supports compare with
hackers. They are done by great amount of planning, a longer period of time to conduct the
activity, more financial banking to complete it.
Activities done by Criminal Organizations :
1. Theft of user accounts
2. Blackmail

3. Faking
4. Theft of i9ortant credentials
 ComputerNetworking
115
5. Financial fraud
What can be done to prevent cyber crimes
Back up all data and committed by criminal organizations?
2. Updating and enforcingconsiconcrete
3. Keep your personal
derations
security
innformation
4. Anti-cybercrime settings private
5. Using antivirus software
6 Keep your
intormation secure when visiting unauthorized sites
1. Use virtual pr0vate networks
o Keeping your most
valuable data secure
5.2.6 TERRORISTS
Acyber terrorist uses Internet networks to conduct vinlent incidents. such as loss of life
to gain political advantage by giving threats to the community. To accomplish their goals,orhackers
data,
use computer viruses, spyware, málware, ransomware, phishing, and
scripts. programming language
cyber terrorists might have ethical or religious reasons for wanting to terrorize and others do
it for personal reason. Cyber terrorism is sometimes referred to as electronic
terrorism or
information war.
The following are the Harm caused by Terrorists :
1. Violence
2. Service disruptions
3. Physical damages
4. Psychosocial impacts
5. Economic damages
6. Data breaches.
How to prevent Cyber Terrorism :
1. Ensure all devices are protected with Antivirus
2. Set up multi-factor authentication
3. Choose strong passwords
4. Avoid Phishing scams
5. Shop at safe web_ites
6. Check website URL
|5.2.7 INFORMATION WARFARE
Information warfare is the use and management of information and communication technology
war against
(ICT) in order to obtain a competitive advantage over a competitor. It's actually a
equipment.
the enemy's information and informatjon processing
and cyberattack.
Information warfare is also known as cyberwarfare, electronic warfare,
 116
electricity, oil and gas refineries and
Computer Networking
distribution,
Information warfare targets water,
finance, and telecommunications. banking and
attack :
Following are seven types of Information Warfare
1. Espionage
2. Sabotage
3. Denial-of-service (DoS) Attacks
4. Electrical Power Grid
5. Propaganda Attacks
6. Economic Disruption
7. Surprise Attacks
How to prevent Information Warfare :
1. Mailfence.
2. Digitally sign your emails with OpenPGP signatures to further secure your messages.
3. Use of avirtual machine.
5.3 FIREWALLS

Nowadays, it is a big challenge to protect our sensitive data from unwanted and
sources. In order to keep our private information safe and secure, we can use a unauthorized
and devices. One such tool is a firewall', which provides variety of tools
our data and computers from unauthorized access.
various levels of security and protects
A firewall is a network security device or
software
and outgoing network traffic based on adefined setprogram that monitors and filters incoming
of security rules. Basically, a firewall acts
as a barrier between a private internal
network and the public Internet.
Firewalls are designed primarily to allow
unwanted traffic for- protecting computers fromnon-threatening traffic and prevent malicious or
network traffic and prevents malicious software from viruses. It is a cybersecurity tool that filters
is infected. accessing the Internet on a computer that

Firewall

LAN WAN

Fig. S.2 Firewa!

 (omputer,Networking I17
HISTORY OF FIREWALL.
631
years, network firewals have evolved to threats. We'll look at
over thehistory of several security
firewalls to see why address
important to organizations
and society as a
a brief they're so
whole.
1988- Packet-Filter Firewall
1989 - AT&T Bell Labs- Stateful Firewall
1991 - DEC- Application Layer Firewall
1994 - First of
the stateful firewalls appear
2004 - IDC coins the term Unified Threat (UTM)
Management
2009 - Next Gartner defines
Next-Generation FireWall (NGFW)
53.2 FIREWALL: HARDWARE OR SOFTWARE
hardware or
It is
one of the most challenging questions whether a firewall is a
to determine a software
software product. As stated above, a firewall can be a network security device or software
program on a computer. In other words, the firewall is available in both hardware
and
formats, and it is best to have both.
gateway,
Ahardware firewall is a physical device that sits between a computer network and a installed
broadband router. On the other hand, a software firewall is a simple program
SUch as a
on the computer that checks port numbers and controls other applications.
FIREWALL
53.3 NEED OF
network attacks. They can also assist
The main purpose of firewalls is to prevent malware and
act as a gatekeeper. In order to maintain
in preventing application-layer attacks. These firewalls computer to communicate with another
security, they monitor each attempt made by our
transferred between two networks unless the
network. They do not allow data packets to be
the user as a trusted source.
source of the data packet has been specified by
such away that it can detect and counter-attacks throughout a network
Afirewall is designed in
controller by implementing rules configured to
quickly. We can use the firewall as a traffic
assessments to detect suspicious activity.
protect the network and conducting quick
Types of Firewalls
analyzed and distributed in accordance with the standard of the
Packet filtering:- Data is
filter.
security system that protects and filters messages at the application
Proxy sevice:- Network
layer.
dynamic packet filtering, the firewall determines which packets
Stateful inspection:- With the status of active connections.
through based on
should be allowed
(NGFW):- Deep packet inspection Firewall with application-level
Next Generation Firewall
inspection.
 118
Computer Networking
The firewall can be categorized according to its ability to filter communications between a
node and the network, or between two or more networks : singie
Personal firewall
Network firewall
Firewalls can be classified according to whether they keep track of the status of netwO-l.
connections or not;
Stateful firewall
Stateless firewall

5.3.4 CHARACTERISTICS OF FIREWALL

All traffic from or to the internal network must pass through the firewal. This is achieved
by physically blocking all access to the local network except via the firewall.
Only authorized traffic, as defined by the local security policy, will be allowed to pass. This
can be achieved by using the suitable firewall type.
Firewall can filter packets based on their source and destination addresS and port numbers.
This is known as packet filtering.
Firewalls serve many purposes besides security. They configure domain names and Internet
Protocol (IP) addresses. They can translate network addresses. They can monitor internet
usage.

It is possible to change the security policies of a firewall according to the

requirements of
aparticular user in order to implement different types of security policies for
different local
systems or networks.
Afirewall determines-which traffic needs to flow first, based on
be configured to allow or block specific action requests prioritization. It may also
according to the priority of the
network or system.
5.3.5 ADVANTAGES OF FIREWALL

Provides enhanced security and privacy against vulnerable services. In addition, it

unauthorized access to a private network that is connected to the Internet. prevents
Firewalls are capable of handling a greater volume of traffic and can provide faster
times. response
A firewall makes it easy to update security protocols using a
single authorized device.
It safeguards your network from phishing
attacks.
5.3.6 DISADVANTAGES OF FIREWALL
Difficulty:Maintaining afirewall can be time-consuming and difficult, especially for large
networks or companies with a wide variety of users.
The lack of Visibility : Due to their limited ability to observe and manage traffic at the
 Computer-Networking
119
network level,
firewallsmay not be able to
Lack of adaptability :Since identify security risks operating at other levels.
to new threats. firewalls are primarily rule-based, they may be unable to respond
Performance
impact : Firewalls can network performance, particularly if
they are negatively
configured to analyze or manage impact
large volumes of traffic.
Lack of scalability :
networks must deployFirewalls can only secure one network, so businesses with multiple
numerous firewalls, which can be costly.
Limited support for VPN:
tunneling, which could restrictFirewalls
the
may not allow complex VPN features such as split
experience of remote workers.
price : Businesses may find it costly to purchase
multinle firewall devices or add-on Tedtuc
5.3.6 LIMITATIONS OF FIREWALL

Ising firewalls as a Security system is obviously beneficial: however. firewalls have some limitationS.
Afirewalldoes notprevent users from accessing malicious websites,which makes it vulnerable
to internal threats and attacks.
Afirewall cannot prevent the transmission of files or software infected with viruses.
It is not possible to prevent the misuse of passwords by firewalls.
Afirewall cannot protect an organization if the security rules are incorrectly configured.
Firewalls cannot provide protection against non-technical security threats, such as social
engineering.
Systems that are already infected cannot be protected by firewalls.
5.3.7 REAL- TIME APPLICATIONS OF FIREWALL
Corporate networks: Firewalls allow authorized users to access particular resources or services
and block traffic from specific IP addresses or networks.
Government organizations: It is possible that they will make use of cutting-edge firewalls
such as Next-generation firewalls (NGFW), which are capable of detecting and stopping
intrusions, as well as managing access to specific apps and data.
Service providers: ISPs, cloud service providers, and hosting companies use firewalls to
safeguard their'networks and the data of their customers.
Small eterprises: These firms may use firewalis to separate their internal networks, restrict
access to specific applications and resources, and protect their networks against external
threats.
Industrial Control Systems (ICS): In power plants, water treatment facilities, and transportation
systems, firewalls protect control systems against unauthorized access and cyber-attacks.
120
Computer Networking
5.3.8 WORKING
The firewall system analyzes network traffic according to pre-defined rules. It then fiters the
traffic and prevents any unreliable or suspicious traffic. It only lets in traffic selected as acceptahie
by the user.
As a securitymeasure, firewalls can allow or block data packets based on predefined securh
rules. Incoming traffic is allowed only via trusted IP addresses, or sources.
It distinguishes between positive and malicious traffic and either allows or blocks specific data
packets according to pre-established security rules.
Several aspects of packet data are taken into account when deciding these rules, such as the
source, destination, and content of the packet. They block traffic coming from suspicious sources
to prevent cyberattacks.
For example, figure 5.3 shows how a firewall allows good traffic to pass to the user's
network.
private

B Good
Allowed
Good
Traffic Traffic

Internet Firewall Private Network

Fig. 5.3 Firewall allowing Good Traffic
As shown below, the firewall prevents
user's network from being hacked.
malicious traffic from entering the firewall, preventing the

Bad
Traffic Firewall
blocked
bad
traffic

Internet
Firewal! Private Network

Fig. 5.4 Firewall blocking Bad Traffic

 ComputerNetworking
121
It is possible to use different types of firewalls to read data packets at different levels of the
network. This helps detect malware
and other suspicious activity quickly.
s3.9 DESIGN PRINCIPLES
In the design of a firewall, there are several key factors to consider. By considering these factors,
youcan prevent many firewall design problems. The following firewall design principles will help
you create a secure defense system:
Designing Security Policy:- In firewall desien, security policies play a crucial role in identifying
what tratc can pass through the firewall. Security policies are created in accordance wrth
the company's or client's requirements., When asecurity policy is developed properiy, t
includes instructions for what to do in the event of a security breach. Without it, there is
an increase in risk, as security solutions will not be implemented propery.
Design of simple solutions: - It is dificult to implement a complex solution. If the soluon
is easy to implement, it is easier to maintain. it is possible to make upgrades to the simpe
design in response to the new possible threats. The problem with complex designssuiat
they can lead to configuration errors which can open the door to external attackS.
Choose the location of the firewalls: - It is important to determine the location or your
firewall in astrategic manner. In order to secure vour internal network from your web server,
you can use a packet filter firewall at the edge of your network.
the wrong device tor
Selecting the Right Device:- The network becomes vulnerable if we use
device is used for creating a firewall, the
the wrong problem. For example, if an outdated
network becomes vulnerable.

throughput: - Filters and processing information can significantly reduce throughput,

Adequate throughput, which
so if you opt for NGFWS, choose those that offer at least one gigabit of
is sufficient for most organizations.
philosophy: - All firewall design principles in cybersecurity depend on the
Choose a firewall services thatyou wish to protect.
identification of applications, resources, and
protected from
internal threats: The security of anetwork or device is well
Be aware of attacks are carried out intérnally as it is
security is weak when
external attacks. However,
poorly designed.
easy to gain access to and
your preferences: - A security policy specifiea which people,
Communicate according to organization's web services and use
allowed to access your
devices, and applications are
your network.
EXERCISE

security.
1. Write benefits of network
security.
2. List out types of network
confidentiality, Integrity and Availability.
3. Define the term
detail.
4. Explain confidentiality in
 122

5. Explain Integrity ih detail.

Computer Networking
6. Explain Availability in detail.
7. Write a short note on Virus.
8. Explain worms in detail.
9 Describe intruders in detail.
10. Explain Insiders in detail.
11. Explain Cyber Terrorist and harm caused by cyber terrorist.
12. Explain information warfare. List out types of information warfare
and steps to
information warfare attack. prevent
13. Define firewall.
14. Explain firewall with its types and
characteristics.
15. List out advantages and disadvantages of
Firewall.
16. Explain limitations of firewall.
17. Write a short on real-time application of
firewal.
18. Explain
working of Firewall.
19. Write a short note on design
principles of firewall.
 123
Computer Networking
Enrolment No.

GUJARAT TECHNOLOGICAL UNIVERSITY

COMPUTER ENGINEERING DEPARTMENT
CLASS MIDTEST-1 Date : DD/MM/YYYY
Semester:4th

Course Name : Computer Networking

Course Code : 4340703 : 20
Total Marks
HH:MM to HH:MM PM
Time :
Instructions:
1. Attempt ALL questions.
2 Make suitable assumptions wherever necessary.
considered as an authentic version.
3. The Engish version of question paper should beMathematical aid is strictly prohibited.
4. Use of Programmable Calculator or anv similar
s Mobile Phone is strictly prohibited in Examination Premises.
CO No.
COURSE OUTCOME
construction, usage and SCope.
CO1 Classity various types of networks base on their
CO2 Differentiate OSI and TCP/P models.
based on network requirements.
CO3 Select proper transmission media and devices Marks
07
Q1 Answer following questions.
advantages and disadvantages of Computer
(a) Define Computer Network. Write down 03
Network. 04
topology details.
(b) Define Network Topology. Explain any one network
OR
04
their geography.
(b) Classify computer network according to 05
Q.2 Answer following questions. 02
model.
(a) Draw OSI model and list layers of OSl 03
Model.
(b) Compare OSI Model and TCP/IP
OR
03
model in details.
(b) Explain transport layer of TCP/IP 08
Q3 Answer following questions. 02
out types of transmission media.
(a) Define Transmission media. List 03
Communication.
(b) Explain in brief: Satellite OR
03
in brief.
(b) Explain fastest guided media
down the difference between Layer 2 and Layer 3 switches. 03
(c) Write
OR
03
() Explain Bridge in details.
 124 Computer Networking
Enrolment No.
GUJARAT TECHNOLOGICAL UNIVERSITY
COMPUTER ENGINEERING DEPARTMENT
CLASS MID TEST-2

Semester : 4th Date : 0D/MMfrere

Course Name : Computer Networking
Course Code : 4340703

Time : HH: MM to HH: MM PM Total Marks

Instructions:
1. Attempt AlL questions.
2. Make suitable assumptions wherever necessary.
3. The Engish version of question paper should be considered as an authentic version.
4. Use of Programmable Calculator or any similar Mathematical aid is strictly prohibited
5. Mobile Phone is strictly prohibited in Examination Premises.
Co No. COURSE OUTCOME

CO4 Compare IPy4 and IPV6 addressing scheme.

CO5 ldentify various types of network security threats.

Q.1 Answer following questions.

Marks
12
(a) Define IP address and MAC address. 02
(b) Write IPv6 address size and address space. 02
(c) Explain IPy4 classes in details. 04
OR
(c) Define Datagram. Explain IP datagram with diagram. 04
(d) Differentiate IPv4 and IPv6 addressing scheme. 04
OR
(d) Write a short note on characteristics of IPv6.
04
Q.2 Answer following qustions.
08
(a) Define firewall. List out types of firewall.
02
(b) Explain CIA tried in details. 03
OR
(b) Explain working of Firewall. 03
(c) Write a short note on design
principles of firewall. 03
OR
(c) Write a short note on Virus.
03