Name: Mark Edwin Diesta
Section: 3201
Week 7
Router for Packet Filtering
A router capable of packet filtering typically refers to a network router that includes firewall capabilities.
These routers are designed to inspect packets of data as they pass through the network and make
decisions based on predefined rules about whether to allow or block the packets.
Some common features of routers used for packet filtering include
Access Control Lists (ACLs): ACLs are sets of rules that specify which types of traffic are allowed to pass
through the router and which are denied. These rules can be based on various criteria such as source IP
address, destination IP address, port numbers, and protocols.
Stateful Packet Inspection (SPI): SPI is a firewall technology that monitors the state of active
connections and makes decisions based on the context of the traffic flow. This allows the router to make
more intelligent filtering decisions, such as allowing incoming packets that are part of an established
connection while blocking unauthorized or suspicious traffic.
Intrusion Detection and Prevention Systems (IDPS): Some advanced routers may include IDPS features
to detect and block network attacks in real-time, such as denial-of-service (DoS) attacks, port scanning,
and malware communication.
Logging and Reporting: Packet filtering routers often include logging and reporting capabilities to track
network activity, record security events, and generate reports for analysis and audit purposes.
Examples of routers commonly used for packet filtering include enterprise-grade routers from
manufacturers like Cisco, Juniper Networks, Palo Alto Networks, and Fortinet. Additionally, there are
open-source firewall/router distributions such as pfSense and OPNsense that provide robust packet
filtering capabilities for smaller-scale deployments or home networks.
Name: Mark Edwin Diesta
Section: 3201
�Week 8
Snort-Inline (IP Tables)
Snort-Inline is an open-source intrusion detection and prevention system (IDPS) that integrates with
IPTables, which is a user-space utility program that allows a system administrator to configure the IP
packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules.
When Snort-Inline is used with IPTables, it operates in inline mode, meaning that it sits directly in the
network traffic path and can take immediate action on suspicious or malicious packets based on
predefined rules. This integration allows Snort-Inline to actively block or modify traffic in real-time,
providing an additional layer of security to a network.
Here's how Snort-Inline with IPTables typically works:
Packet Inspection: Snort-Inline inspects incoming and outgoing network packets for signs of malicious
activity, intrusion attempts, or policy violations. It analyzes packet headers and payloads using pre-
configured rules and detection mechanisms.
Rule Matching: Snort-Inline compares the contents of each packet against its rule set, which includes
signatures, patterns, and behavioral patterns indicative of known threats or suspicious behavior. If a
packet matches a rule, it triggers a response action.
Response Actions: When Snort-Inline detects a matching rule, it can take various response actions
depending on the configured policy. These actions may include dropping the packet, logging the event,
alerting the administrator, or modifying the packet contents.
Integration with IPTables: Snort-Inline interacts with IPTables to implement response actions such as
dropping or modifying packets. IPTables provides the framework for managing firewall rules and packet
filtering in the Linux kernel, allowing Snort-Inline to enforce security policies at the network level.
Overall, Snort-Inline with IPTables offers a powerful combination of intrusion detection and prevention
capabilities, enabling network administrators to proactively defend against a wide range of threats and
attacks in real-time.
Name: Mark Edwin Diesta
Section: 3201
Week 9
�Proxy Filtering
Proxy filtering, also known as content filtering or web filtering, is a technique used to control and
monitor internet traffic by filtering the content accessed through a proxy server. This method allows
organizations to enforce acceptable use policies, protect against security threats, and manage network
bandwidth more effectively.
Here's how proxy filtering typically works:
Proxy Server Setup: Organizations deploy a proxy server within their network infrastructure. This server
acts as an intermediary between users and the internet, intercepting requests for web content from
client devices (e.g., computers, smartphones) and forwarding those requests to the appropriate web
servers.
Content Inspection: The proxy server inspects incoming and outgoing web traffic, including HTTP and
HTTPS requests and responses. It examines the content of web pages, files, and other resources
requested by users to determine whether they comply with predefined filtering policies.
Filtering Policies: Administrators configure filtering policies based on the organization's requirements
and priorities. These policies define what types of content are allowed, blocked, or restricted for access.
Common filtering categories include:
URL Filtering: Blocking or allowing access to specific websites or web categories based on their URLs or
domain names.
Content Categories: Filtering web content based on categories such as adult content, gambling, social
media, streaming media, and malware.
File Types: Restricting downloads of certain file types (e.g., executable files, compressed archives) to
prevent malware infections.
Protocol Filtering: Controlling access to specific internet protocols (e.g., FTP, BitTorrent) based on
security or compliance concerns.
Action Enforcement: When the proxy server detects web content that violates the filtering policies, it
takes predefined actions to enforce those policies. This may include:
Allowing access to permitted content.
Blocking access to prohibited content and displaying a blocking page or error message to the
Name: Mark Edwin Diesta
Section: 3201
WEEK 10-11
�Computer Forensics
Computer forensics is a branch of digital forensic science that focuses on the investigation and analysis
of digital devices and data for legal purposes. It involves the systematic examination of computers,
storage devices, networks, and digital media to uncover evidence of illegal activities, security breaches,
or misconduct.
Key aspects of computer forensics include:
Evidence Collection: Computer forensic investigators collect digital evidence from various sources, such
as computers, mobile devices, servers, and cloud services. This may involve seizing hardware, making
forensic copies of storage media, or capturing network traffic.
Evidence Preservation: It's crucial to preserve the integrity of digital evidence to ensure its admissibility
in legal proceedings. Investigators use specialized tools and techniques to create forensic images of
storage devices without altering the original data. Chain of custody procedures are followed to track the
handling of evidence and maintain its integrity.
Data Analysis: Forensic analysts examine digital evidence to extract relevant information and
reconstruct digital activities. This may include recovering deleted files, analyzing file metadata,
examining internet browsing history, and identifying traces of malware or unauthorized access.
Forensic Tools and Techniques: Investigators use a variety of forensic tools and techniques to analyze
digital evidence, including:
Data carving tools for recovering deleted files
Disk imaging software for creating forensic copies of storage devices
Network forensic tools for analyzing network traffic
Memory forensics tools for examining volatile memory
Mobile device forensics tools for analyzing smartphones and tablets
Legal Considerations: Computer forensic investigations must adhere to legal and procedural guidelines
to ensure the admissibility of evidence in court. Investigators must obtain proper authorization for data
collection, follow chain of custody procedures, and document their findings and methodologies to
support the validity of evidence.
Name: Mark Edwin Diesta
Section: 3201
Week 5
�Firewall
A firewall is a network security device or software application that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. Its primary purpose is to establish a
barrier between a trusted internal network and untrusted external networks, such as the internet, to
prevent unauthorized access, data breaches, and cyber attacks.
Key functions of a firewall include:
Packet Filtering: The firewall examines individual packets of data as they travel between networks and
applies predefined rules to determine whether to allow, block, or route the packets based on criteria
such as source and destination IP addresses, port numbers, and protocols.
Stateful Inspection: In addition to packet filtering, modern firewalls use stateful inspection to track the
state of active network connections and make more informed decisions about whether to allow or deny
traffic based on the context of the connection. This helps prevent unauthorized access and ensures that
only legitimate traffic is allowed into the network.
Application Layer Filtering: Some firewalls can inspect the contents of network packets at the
application layer (Layer 7 of the OSI model) to identify and block specific types of traffic, such as
malicious payloads or unauthorized applications. This deep packet inspection helps enhance security
and enforce organizational policies.
Proxy Services: Firewalls can act as proxies for certain types of traffic, intercepting requests from clients
and forwarding them to destination servers on behalf of the clients. This allows the firewall to inspect
and filter traffic more effectively, as well as provide additional security features such as content filtering
and caching.
Logging and Reporting: Firewalls often include logging and reporting capabilities to record details about
network traffic, security events, and policy violations. Administrators can use these logs to analyze
network activity, troubleshoot issues, and generate reports for compliance purposes.
Firewalls are essential components of network security architectures, providing a critical line of defense
against various cyber threats, including unauthorized access, malware infections, denial-of-service
attacks, and data exfiltration. They are deployed at network perimeter, internal network segments, and
individual devices to protect assets and enforce security policies.
