Write short notes on firewalls, proxy servers and intrusion detection systems with diagrams?


■The firewall controls traffic to and from servers and clients, forbidding communications from untrustworthy sources, and allowing other communications from trusted sources to proceed.

■firewall is Hardware or software which filters communications packets and prevents some packets from entering the network based on a security policy

■ Every message that is to be sent or received from the network is processed by the firewall, which determines if the message meets security guidelines established by the business.

■ If it does, it is permitted to be distributed, and if it doesn’t, the message is blocked. Firewalls can filter traffic based on packet attributes such as source IP address, destination port or IP address, type of service (such as WWW or HTTP), the domain name of the source, and many other dimensions.

two major methods firewalls use to validate traffic:

packet filters and application gateways.

■ Packet filters examine data packets to determine whether they are destined for a prohibited port or originate from a prohibited IP address (as specified by the security administrator). The filter specifically looks at the source and destination information, as well as the port and packet type, when determining whether the information may be transmitted.

■ One downside of the packet filtering method is that it is susceptible to spoofing, since authentication is not one of its roles.

Application gateways are a type of firewall that filters communications based on the application being requested, rather than the source or destination of the message.

■ Such firewalls also process requests at the application level, farther away from the client computer than packet filters.

■ By providing a central filtering point, application gateways provide greater security than packet filters but can compromise system performance.

Proxy servers:

■Software servers that handle all communications originating from or being sent to the Internet.

■Proxies act primarily to limit access of internal clients to external Internet servers, although some proxy servers act as firewalls as well.

■ Proxy servers are sometimes called dual-home systems because they have two network interfaces.

■ To internal computers, a proxy server is known as the gateway, while to external computers it is known as a mail server or numeric address.

■ When a user on an internal network requests a Web page, the request is routed first to the proxy server.

■ The proxy server validates the user and the nature of the request, and then sends the request onto the Internet.
■ A Web page sent by an external Internet server first passes to the proxy server. If acceptable, the Web page passes onto the internal network Web server and then to the client desktop.

■ By prohibiting users from communicating directly with the Internet, companies can restrict access to certain types of sites, such as pornographic, auction, or stock-trading sites.

■ Proxy servers also improve Web performance by storing frequently requested Web pages locally, reducing upload times, and hiding the internal network’s address, thus making

■ it more difficult for hackers to monitor.

■ Figure 5.13 illustrates how firewalls and proxy servers protect a local area network from Internet intruders and prevent internal clients from reaching prohibited Web servers.

Intrusion Detection and Prevention Systems

In addition to a firewall and proxy server, an intrusion detection and/or prevention system can be installed.

■ An intrusion detection system (IDS) examines network traffic, watching to see if it matches certain patterns or preconfigured rules indicative of an attack.

■ If it detects suspicious activity, the IDS will set off an alarm alerting administrators and log the event in a database.

■ An IDS is useful for detecting malicious activity that a firewall might miss. ■ An intrusion prevention system (IPS) has all the functionality of an IDS, with the additional ability to take steps to prevent and block suspicious activities.

■ For instance, an IPS can terminate a session and reset a connection, block traffic from a suspicious IP address, or reconfigure firewall or router security controls.

Leave a reply