Injibara University

College of Engineering and Technology

Department of Information Technology

Computer Security (CoSc 4035)

Chapter Five: Security mechanisms

1/18/2023 1
 Introduction
TCP IP Stack Revision
▪ Physical Layer: to move the individual bits within the frame from one node to the next
▪ Link Layer: provide reliable delivery for network layer.
✓To move entire frames from one network element to an adjacent network element and
desicion is based on MAC Address.
▪ Network Layer: from one host to another (IP) - Packets (datagrams).
✓ Routes a datagram through a series of routers between the source and destination.
▪ Transport Layer: application end to end communication.
✓ Breaks up the data from the sending host and then reassembles it in the receiver.
(TCP,UDP) - segments
❑ Application Layer : network applications FTP, SMTP, HTTP.

1/18/2023 2
 OSI Model Analogy Application Layer - Source Host

After riding your new bicycle a few times in New York, you decide that you
want to give it to a friend who lives in Addis Ababa, Ethiopia.

1/18/2023 3
 Presentation Layer - Source Host

Make sure you have the proper directions to disassemble and

reassemble the bicycle.

1/18/2023 4
 Session Layer - Source Host

Call your friend and make sure you have his correct address.

1/18/2023 5
 Transport Layer - Source Host

Disassemble the bicycle and put different pieces in different boxes.

The boxes are labeled.
“1 of 3”, “2 of 3”, and “3 of 3”.

1/18/2023 6
 Network Layer - Source Host

❑ Put your friend's complete mailing address (and yours) on each box.
❑ Since the packages are too big for your you determine that you need to
go to the post office.

1/18/2023 7
 Data Link Layer – Source Host

NewYork post office takes possession of the boxes.

1/18/2023 8
 Physical Layer - Media

The boxes are flown from USA to ETHIOPIA.

1/18/2023 9
 Data Link Layer - Destination
Ethiopia

Addis Ababa post office receives your boxes.

1/18/2023 10
 Network Layer - Destination

Upon examining the destination address, Adis Ababa post office determines
that your boxes should be delivered to your written home address.

1/18/2023 11
 Transport Layer - Destination

Your friend calls you and tells you he got all 3 boxes and he is
having another friend named BOB reassemble the bicycle.

1/18/2023 12
 Session Layer - Destination

Your friend hangs up because he is done talking to you.

1/18/2023 13
 Presentation Layer - Destination

BOB is finished and “presents” the bicycle to your friend.

Another way to say it is that your friend is finally getting him “present”.

1/18/2023 14
 Application Layer - Destination

Your friend enjoys riding his new bicycle in Addis Ababa.

1/18/2023 15
 Host Layers
16

7 Application
6 Presentation These layers only exist in the source
and destination host computers.
5 Session
4 Transport
3 Network
2 Data Link
1 Physical

1/18/2023 16
 Media Layers
17

7 Application
6 Presentation
5 Session
4 Transport
These layers manage the information
3 Network out in the LAN or WAN between the
source and destination hosts.
2 Data Link
1 Physical

1/18/2023 17
 Data Flow Through a Network

1/18/2023 18
 Firewalls
▪ Firewalls are essential tools in managing and controlling network traffic.

▪ In the network layer, firewalls can be installed to keep good packets and bad packets out.

▪ IP security also functions in this layer.

▪ A firewall is a network device used to filter traffic and is typically deployed between a
private network and a link to the Internet, but it can be deployed between departments
within an organization.

▪ Without firewalls, it would not be possible to restrict malicious traffic from the internet
from entering into your private network.

1/18/2023 19
 Cont …
▪ Firewalls filter traffic based on a defined set of rules, also called filters or access control lists.

▪ They are basically a set of instructions that are used to distinguish authorized traffic from
unauthorized and/or malicious traffic.

▪ Only authorized traffic is allowed to cross the security barrier provided by the firewall.

1/18/2023 20
 Cont …
▪ Firewalls are useful for blocking or filtering traffic.

▪ Firewalls are used for blocking known malicious data, messages, or packets based on
content, application, protocol, port, or source address.

▪ They are capable of hiding the structure and addressing scheme of a private network from
the public.

▪ Most firewalls offer extensive logging, auditing, and monitoring capabilities, as well as
alarms and basic intrusion detection system (IDS) functions.

1/18/2023 21
 Cont …
▪ Firewalls prevent unauthorized but accidental or intended disclosure of information by users.

▪ Prevent attacks by malicious users already behind the firewall.

▪ It protects data after it passes out of or into the private network.

▪ Firewalls are only one part of an overall security solution.

1/18/2023 22
 Types of firewall
Static Packet-Filtering Firewall

▪ A static packet-filtering firewall filters traffic by examining data from a message header.

▪ Usually, the rules are concerned with source, destination, and port addresses.

▪ Using static filtering, a firewall is unable to provide user authentication or to tell

whether a packet originated from inside or outside the private network, and it is easily
fooled with spoofed packets.

▪ Static packet-filtering firewalls are known as first-generation firewalls;

▪ They operate at layer 3 (the Network layer) of the OSI model.

▪ They can also be called screening routers or common routers.

1/18/2023 23
 Application-Level Gateway Firewall
An application-level gateway firewall
▪ is also called a proxy firewall.
▪ A proxy is a mechanism that copies packets from one network into another.
▪ An application-level gate-way firewall filters traffic based on the Internet service (i.e.,
application) used to transmit or receive the data.
▪ Each type of application must have its own unique proxy server.
▪ Thus, an application-level gateway firewall comprises numerous individual proxy servers.
▪ This type of firewall negatively affects network performance because each packet must be
examined and processed as it passes through the firewall.
▪ Application-level gateways are known as second generation firewalls, and they operate at
the Application layer (layer 7) of the OSI model.

1/18/2023 24
 Circuit-Level Gateway Firewalls
Circuit-level gateway firewalls

▪ are used to establish communication sessions between trusted partners.

▪ They operate at the Session layer (layer 5) of the OSI model.

 SOCKS(SOCKetS, as in TCP/IP ports) is a common implementation of a circuit-level

gateway firewall.

1/18/2023 25
 State full Inspection Firewalls
State full inspection firewalls
▪ Evaluate the state or the context of network traffic.
▪ How?
▪ By examining source and destination addresses, application usage, source of origin, and
the relationship between current packets and the previous packets of the same session.
▪ State full inspection firewalls are able to grant a broader range of access for authorized
users and activities and actively watch for and block unauthorized users and activities.
▪ It generally operate more efficiently than application-level gateway firewalls.
 They are known as third-generation firewalls, and they operate at Network and

Transport layers (layers 3 and 4) of the OSI model.

1/18/2023 26
 Firewall Deployment Architectures
▪ There are three commonly recognized firewall deployment architectures: single-tier, two-
tier, and three-tier (also known as multitier).

▪ In a single-tier deployment places the private network behind a firewall, which is then
connected through a router to the Internet (or some other untrusted network).

▪ Single-tier deployments are useful against generic attacks only.

▪ This architecture offers only minimal protection.

1/18/2023 27
 Cont …
▪ A two-tier deployment architecture uses a firewall with three or more interfaces.

▪ This allows for a DMZ or a publicly accessible extranet.

 The DMZ is used to host information server systems to which external users should
have access.

 The firewall routes traffic to the DMZ or the trusted network according to its strict filtering
rules.

 This architecture introduces a moderate level of routing and filtering complexity.

1/18/2023 28
 Cont …
▪ A three-tier deployment architecture is the deployment of multiple subnets between the
private network and the Internet separated by firewalls.
▪ Each subsequent firewall has more stringent filtering rules to restrict traffic to only
trusted sources.
▪ The outermost subnet is usually a DMZ.
▪ A middle subnet can serve as a transaction subnet where systems needed to support
complex web applications in the DMZ reside.
▪ The third or back-end subnet can support the private network.
▪ This architecture is the most secure; however, it is also the most complex to design,
implement, and manage.

1/18/2023 29
 Cont …

1/18/2023 30
 Remote Access Security Management
▪ Telecommuting, or remote connectivity, has become a common feature of business
computing.

▪ Remote access is the ability of a distant client to establish a communication session

with a net-work.

▪ This can take the form of using a modem to dial up directly to a remote access server,
connecting to a network over the Internet through a VPN, or even connecting to a
terminal server system through a thin-client connection.

1/18/2023 31
 Cont …
A virtual private network (VPN)

▪ Extends a private network and the resources contained in the network across public networks like
the internet.

▪ It enables a host computer to send and receive data across shared or public networks as if it were a
private network with all the functionality, security and management policies of the private network.

▪ This is done by establishing a virtual point-to-point connection through the use of dedicated
connections, encryption, or a combination of the two.

▪ The VPN connection across the internet is technically a wide area network (WAN) link between the
sites but appears to the user as a private network link hence the name "virtual private network“.

1/18/2023 32
 Cont …
▪ When remote access capabilities are deployed in any environment, security must be
considered and implemented to provide protection for your private network against remote
access complications.

▪ Remote access users should be strongly authenticated before being granted access.

▪ Only those users who specifically need remote access for their assigned work tasks should
be granted permission to establish remote connections.

▪ All remote communications should be protected from interception and eavesdropping.

▪ This usually requires an encryption solution that provides strong protection for both the
authentication traffic as well as all data transmission.
1/18/2023 33
 Cont …

1/18/2023 34
 Cont …
▪ When outlining your remote access security management strategy, be sure to address the
following issues:

Remote connectivity technology:

✓ Each type of connection has its own unique security issues.

✓ Fully examine every aspect of your connection options.

✓ This can include modems, DSL, ISDN, wireless networking, and cable modems.

1/18/2023 35
 Cont …
Transmission protection:

▪ There are several forms of encrypted protocols, encrypted connection systems, and
encrypted network services or applications.

▪ Use the appropriate combination of secured services for your remote connectivity needs.

▪ This can include VPNs, SSL, TLS, Secure Shell (SSH), IPSec, and L2TP.

1/18/2023 36