Learning Objectives:

• Understand the concept of firewalls and their significance in network security.
• Comprehend the various types of firewalls, including packet-filtering firewalls, stateful inspection firewalls, proxy firewalls, and application-layer firewalls.
• Learn about the architecture of firewalls, including the placement of firewalls in network topologies and their functions.

• Firewall is a system or group of systems used to control access between two networks - A trusted network and an untrusted network- using preconfigured rules or filters.
• A firewall is a device that provides secure connectivity between networks (internal/external).
• It is used to implement and enforce a security policy for communication between networks.
• A firewall may be a hardware, software or a combination of both that is used to prevent unauthorized program or internet users from accessing a private network or a single computer.
• All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
• Hardware firewall is a physical device, that is installed between the modem and the computer. It protects entire network. It is more expensive and harder to configure, (Cisco pix, Netscreen, etc
• Software firewall is a software application that is installed onto the computer system to be protected. It protects a single computer. This is usually the computer with modem attached to it. Usually less expensive and easier to configure, such as Norton internet security, McAfee internet security.

Types of Firewall techniques

• Packet filter: It looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules.Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
• Application gateway: In such type of firewall, remote host or network can interact only with proxy server, proxy server is responsible for hiding the details of the internal network i.e. intranet. Users uses TCP/IP application, such as FTP and Telnet servers. It is very effective, but can impose a performance degradation.
• Circuit level gateway: This can be a stand-alone system or can be a specialized functions performed by an application-level gateway for certain applications. It does not permit and end-to-end TCP connection, rather, the gateway sets two TCP connections. A typical use of the circuit- level gateway is a situation in which the system administrator trusts the internal users.
• Bastion host: It is a special purpose computer on a network specifically designed and configured to withstand attacks. it generally hosts a single application provides platform for application gateway and circuit level gateway. It supports limited/specific applications to reduce the threat to computer. Includes application such as Telnet, SMTP, FTP.

Bruno Pedrozo, CC BY-SA 3.0, via Wikimedia Commons

Solved Example: 9982-01

In computing, ________ is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A. Spyware

B. Cookie

C. Spam

D. Firewall

Correct Answer: D

Solved Example: 9982-02

A layer-4 firewall (a device that can look at all protocol headers up to the transport layer) CANNOT:

A. Block entire HTTP traffic during 9:00 PM and 5:00 AM

B. Block all ICMP traffic

C. Stop incoming traffic from a specific IP address but allow outgoing traffic to the same IP address

D. Block TCP traffic from a specific user on a multi-user system during 9:00 PM and 5:00 AM

Correct Answer: D

Solved Example: 9982-03

Firewall is used in communication network/system for protection from:

A. Unauthorized attack

B. Data driven attack

C. Fire attack

D. Virus attack

Correct Answer: A

Solved Example: 9982-04

What is a firewall?

A. A system that scans and removes viruses from a computer

B. A system that prevents unauthorized access to a private network

C. A system that allows users to make secure online money transfer

D. A system in which multiple computers are connected to one another

Correct Answer: B

Learning Objectives:

• Comprehend the various types of endpoints, including computers, mobile devices, IoT devices, and servers, that are part of a network.
• Learn about the security challenges associated with endpoints, including vulnerabilities, malware, and unauthorized access.

• Endpoint security, or endpoint protection, is the cybersecurity approach to defending endpoints – such as desktops, laptops, and mobile devices – from malicious activity. According to Gartner, an endpoint protection platform (EPP) is a solution used to “prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”
• An endpoint security strategy is essential because every remote endpoint can be the entry point for an attack Today’s business world, data is the most valuable asset of a company Rapid Importance Increases after Covid Pandemic Increase of use of Remote Work and BYOD Policies Protecting against endpoint attacks is challenging because endpoints exist where humans and machines intersect.

Learning Objectives:

• Understand the concept of network detection and its significance in identifying and responding to security threats.
• Comprehend various network detection technologies, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), and network monitoring tools.

Network detection refers to the process of identifying and responding to potential security threats and anomalies within a computer network. Network detection plays a critical role in maintaining the security and integrity of networks by identifying unauthorized access, attacks, and abnormal network behavior.

Several technologies and tools are used for network detection, including Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), network monitoring tools, and packet analyzers.