VPN: Virtual Private Network

VPN stands for Virtual Private Network. It refers to a safe and encrypted network that
allows you to use network resources in a remote manner. Using VPN, you can create a
safe connection over a less secure network, e.g. internet. It is a secure network as it is
completely isolated from rest of the internet. The government, businesses, military can
use this network to use network resources securely.

VPN is free to use and it uses site-to-site and remote access methods to work. It uses an
arrangement of encryption services to establish a secure connection. It is an ideal tool
for encryption; it provides you strong AES256 encryption with an 8192bit key.

How VPN Works?

VPN works by creating a secure tunnel using powerful VPN protocols. It hides your IP
address behind its own IP address that encrypts all your communication. Thus, your
communication passes through a secure tunnel that allows you use network resources
freely and secretly.

VPN protocols
There are several different VPN protocols that are used to create secure networks. Some
of such protocols are given below;

o IP security (IPsec)
o Point to Point Tunneling Protocol (PPTP)
 o Layer 2 Tunneling Protocol (L2TP)
o Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

Secure Electronic Transaction (SET) Protocol

Secure Electronic Transaction or SET is a system that ensures the security and integrity
of electronic transactions done using credit cards in a scenario. SET is not some system
that enables payment but it is a security protocol applied to those payments. It uses
different encryption and hashing techniques to secure payments over the internet done
through credit cards. The SET protocol was supported in development by major
organizations like Visa, Mastercard, Microsoft which provided its Secure Transaction
Technology (STT), and Netscape which provided the technology of Secure Socket Layer
(SSL).
SET protocol restricts the revealing of credit card details to merchants thus keeping
hackers and thieves at bay. The SET protocol includes Certification Authorities for
making use of standard Digital Certificates like X.509 Certificate.
Before discussing SET further, let’s see a general scenario of electronic transactions,
which includes client, payment gateway, client financial institution, merchant, and
merchant financial institution.

Requirements in SET :
The SET protocol has some requirements to meet, some of the important requirements
are :

 It has to provide mutual authentication i.e., customer (or cardholder) authentication by

confirming if the customer is an intended user or not, and merchant authentication.
 It has to keep the PI (Payment Information) and OI (Order Information) confidential
by appropriate encryptions.
 It has to be resistive against message modifications i.e., no changes should be allowed
in the content being transmitted.
 SET also needs to provide interoperability and make use of the best security
mechanisms.
Participants in SET :
In the general scenario of online transactions, SET includes similar participants:

1. Cardholder – customer
2. Issuer – customer financial institution
3. Merchant
4. Acquirer – Merchant financial
5. Certificate authority – Authority that follows certain standards and issues
certificates(like X.509V3) to all other participants.
SET functionalities :
 Provide Authentication
 Merchant Authentication – To prevent theft, SET allows customers to
check previous relationships between merchants and financial institutions.
Standard X.509V3 certificates are used for this verification.
 Customer / Cardholder Authentication – SET checks if the use of a
credit card is done by an authorized user or not using X.509V3 certificates.
 Provide Message Confidentiality: Confidentiality refers to preventing unintended
people from reading the message being transferred. SET implements confidentiality
by using encryption techniques. Traditionally DES is used for encryption purposes.
 Provide Message Integrity: SET doesn’t allow message modification with the help
of signatures. Messages are protected against unauthorized modification using RSA
digital signatures with SHA-1 and some using HMAC with SHA-1,
Dual Signature :
The dual signature is a concept introduced with SET, which aims at connecting two
information pieces meant for two different receivers :
Order Information (OI) for merchant
Payment Information (PI) for bank
You might think sending them separately is an easy and more secure way, but sending
them in a connected form resolves any future dispute possible. Here is the generation of
dual signature:

Where,

PI stands for payment information

OI stands for order information
PIMD stands for Payment Information Message Digest
OIMD stands for Order Information Message Digest
POMD stands for Payment Order Message Digest
H stands for Hashing
E stands for public key encryption
KPc is customer's private key
 || stands for append operation
Dual signature, DS= E(KPc, [H(H(PI)||H(OI))])
Purchase Request Generation :
The process of purchase request generation requires three inputs:
 Payment Information (PI)
 Dual Signature
 Order Information Message Digest (OIMD)
The purchase request is generated as follows:

Here,
PI, OIMD, OI all have the same meanings as before.
The new things are :
EP which is symmetric key encryption
Ks is a temporary symmetric key
KUbank is public key of bank
CA is Cardholder or customer Certificate
Digital Envelope = E(KUbank, Ks)
Purchase Request Validation on Merchant Side :
The Merchant verifies by comparing POMD generated through PIMD hashing with
POMD generated through decryption of Dual Signature as follows:
Since we used Customer’s private key in encryption here we use KUC which is the
public key of the customer or cardholder for decryption ‘D’.

Payment Authorization and Payment Capture :

Payment authorization as the name suggests is the authorization of payment
information by the merchant which ensures payment will be received by the
merchant. Payment capture is the process by which a merchant receives payment
which includes again generating some request blocks to gateway and payment
gateway in turn issues payment to the merchant.
Secure Socket Layer (SSL)
Secure Socket Layer (SSL) provides security to the data that is transferred between web
browser and server. SSL encrypts the link between a web server and a browser which
ensures that all data passed between them remain private and free from attack.
Secure Socket Layer Protocols:
 SSL record protocol
 Handshake protocol
 Change-cipher spec protocol
 Alert protocol

SSL Protocol Stack:

SSL Record Protocol:
SSL Record provides two services to SSL connection.
 Confidentiality
 Message Integrity
In the SSL Record Protocol application data is divided into fragments. The
fragment is compressed and then encrypted MAC (Message Authentication
Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended. After that encryption of the data is done and in
last SSL header is appended to the data.

Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the
client and server to authenticate each other by sending a series of messages to
each other. Handshake protocol uses four phases to complete its cycle.
 Phase-1: In Phase-1 both Client and Server send hello-packets to each
other. In this IP session, cipher suite and protocol version are exchanged for
security purposes.
 Phase-2: Server sends his certificate and Server-key-exchange. The server
end phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending his certificate
and Client-exchange-key.
 Phase-4: In Phase-4 Change-cipher suite occurred and after this
Handshake Protocol ends.

SSH(Secure Shell) is access credential that is used in the SSH Protocol. In other words,
it is a cryptographic network protocol that is used for transferring encrypted data over
network. It allows you to connect to a server, or multiple servers, without having you to
remember or enter your password for each system that is to login remotely from one
system into another.
It always comes in key pair:

1. Public key – Everyone can see it, no need to protect it. (for encryption function)
2. Private key – Stays in computer, must be protected. (for decryption function)
Key pairs can be of the following types:

1. User Key – If public key and private key remain with the user.
2. Host Key – If public key and private key are on a remote system.
3. Session key – Used when large amount of data is to be transmitted.
How SSH Works ?
It uses asymmetric cipher for performing encryption and decryption. There are many
encryption methods:

rsa, dsa, ed25519 etc.

General procedure is :-

 Public keys from the local computers (system) are passed to the server which is to be
accessed.
 Server then identifies if the public key is registered.
 If so, the server then creates a new secret key and encrypts it with the public key
which was send to it via local computer.
 This encrypted code is send to the local computer.
 This data is unlocked by the private key of the system and is send to the server.
 Server after receiving this data verifies the local computer.
 SSH creates a route and all the encrypted data are transferred through it with no
security issues.
SSH is key based authentication that is not prone to brute-force attack.
It is more convenient and secure than login ids and passwords (which can be stolen in
middle). There is no exposure of valid credentials, if a server has been compromised.
Generating an SSH key pair:

Open your command prompt

type : ssh-keygen
Press enter
It will ask you for a location. Press Enter for default location.
If its already there, press 'y' to overwrite.
You may enter passphrase as you like, press enter.
Example of generating an SSH Key pair in latest version of Windows 10 is given below:

Generating SSH keys on Windows, Linux and Mac:

OMAC OsX and Linux : terminal (build in)

OWindows :- PuTTY
What is a Firewall?
A firewall can be defined as a special type of network security device or a software
program that monitors and filters incoming and outgoing network traffic based on a
defined set of security rules. It acts as a barrier between internal private networks and
external sources (such as the public Internet).

The primary purpose of a firewall is to allow non-threatening traffic and prevent

malicious or unwanted data traffic for protecting the computer from viruses and attacks.
A firewall is a cybersecurity tool that filters network traffic and helps users block
malicious software from accessing the Internet in infected computers.

Firewall: Hardware or Software

This is one of the most problematic questions whether a firewall is a hardware or
software. As stated above, a firewall can be a network security device or a software
program on a computer. This means that the firewall comes at both levels,
i.e., hardware and software, though it's best to have both.

Each format (a firewall implemented as hardware or software) has different functionality

but the same purpose. A hardware firewall is a physical device that attaches between
a computer network and a gateway. For example, a broadband router. On the other
hand, a software firewall is a simple program installed on a computer that works
through port numbers and other installed software.

Apart from that, there are cloud-based firewalls. They are commonly referred to as FaaS
(firewall as a service). A primary advantage of using cloud-based firewalls is that they
can be managed centrally. Like hardware firewalls, cloud-based firewalls are best known
for providing perimeter security.

Why Firewall
Firewalls are primarily used to prevent malware and network-based attacks. Additionally,
they can help in blocking application-layer attacks. These firewalls act as a gatekeeper or
a barrier. They monitor every attempt between our computer and another network. They
do not allow data packets to be transferred through them unless the data is coming or
going from a user-specified trusted source.

Firewalls are designed in such a way that they can react quickly to detect and counter-
attacks throughout the network. They can work with rules configured to protect the
network and perform quick assessments to find any suspicious activity. In short, we can
point to the firewall as a traffic controller.

Some of the important risks of not having a firewall are:

Open Access
If a computer is running without a firewall, it is giving open access to other networks.
This means that it is accepting every kind of connection that comes through someone.
In this case, it is not possible to detect threats or attacks coming through our network.
Without a firewall, we make our devices vulnerable to malicious users and other
unwanted sources.

Lost or Comprised Data

Without a firewall, we are leaving our devices accessible to everyone. This means that
anyone can access our device and have complete control over it, including the network.
In this case, cybercriminals can easily delete our data or use our personal information for
their benefit.

Network Crashes
In the absence of a firewall, anyone could access our network and shut it down. It may
lead us to invest our valuable time and money to get our network working again.

Therefore, it is essential to use firewalls and keep our network, computer, and data safe
and secure from unwanted sources.
Brief History of Firewall
Firewalls have been the first and most reliable component of defense in network security
for over 30 years. Firewalls first came into existence in the late 1980s. They were initially
designed as packet filters. These packet filters were nothing but a setup of networks
between computers. The primary function of these packet filtering firewalls was to check
for packets or bytes transferred between different computers.

Firewalls have become more advanced due to continuous development, although such
packet filtering firewalls are still in use in legacy systems.

As the technology emerged, Gil Shwed from Check Point Technologies introduced the
first stateful inspection firewall in 1993. It was named as FireWall-1. Back in
2000, Netscreen came up with its purpose-built firewall 'Appliance'. It gained
popularity and fast adoption within enterprises because of increased internet speed, less
latency, and high throughput at a lower cost.

The turn of the century saw a new approach to firewall implementation during the mid-
2010. The 'Next-Generation Firewalls' were introduced by the Palo Alto Networks.
These firewalls came up with a variety of built-in functions and capabilities, such as
Hybrid Cloud Support, Network Threat Prevention, Application and Identity-Based
Control, and Scalable Performance, etc. Firewalls are still getting new features as part of
continuous development. They are considered the first line of defense when it comes to
network security.

How does a firewall work?

A firewall system analyzes network traffic based on pre-defined rules. It then filters the
traffic and prevents any such traffic coming from unreliable or suspicious sources. It only
allows incoming traffic that is configured to accept.

Typically, firewalls intercept network traffic at a computer's entry point, known as a port.
Firewalls perform this task by allowing or blocking specific data packets (units of
communication transferred over a digital network) based on pre-defined security rules.
Incoming traffic is allowed only through trusted IP addresses, or sources.
Functions of Firewall
As stated above, the firewall works as a gatekeeper. It analyzes every attempt coming to
gain access to our operating system and prevents traffic from unwanted or non-
recognized sources.

Since the firewall acts as a barrier or filter between the computer system and other
networks (i.e., the public Internet), we can consider it as a traffic controller. Therefore, a
firewall's primary function is to secure our network and information by controlling
network traffic, preventing unwanted incoming network traffic, and validating access by
assessing network traffic for malicious things such as hackers and malware.

Generally, most operating systems (for example - Windows OS) and security software
come with built-in firewall support. Therefore, it is a good idea to ensure that those
options are turned on. Additionally, we can configure the security settings of the system
to be automatically updated whenever available.

Firewalls have become so powerful, and include a variety of functions and capabilities
with built-in features:

o Network Threat Prevention

o Application and Identity-Based Control
o Hybrid Cloud Support
 o Scalable Performance
o Network Traffic Management and Control
o Access Validation
o Record and Report on Events

Limitations of Firewall
When it comes to network security, firewalls are considered the first line of defense. But
the question is whether these firewalls are strong enough to make our devices safe from
cyber-attacks. The answer may be "no". The best practice is to use a firewall system
when using the Internet. However, it is important to use other defense systems to help
protect the network and data stored on the computer. Because cyber threats are
continually evolving, a firewall should not be the only consideration for protecting the
home network.

The importance of using firewalls as a security system is obvious; however, firewalls have
some limitations:

o Firewalls cannot stop users from accessing malicious websites, making it

vulnerable to internal threats or attacks.
o Firewalls cannot protect against the transfer of virus-infected files or software.
o Firewalls cannot prevent misuse of passwords.
o Firewalls cannot protect if security rules are misconfigured.
o Firewalls cannot protect against non-technical security risks, such as social
engineering.
o Firewalls cannot stop or prevent attackers with modems from dialing in to or out
of the internal network.
o Firewalls cannot secure the system which is already infected.

Therefore, it is recommended to keep all Internet-enabled devices updated. This

includes the latest operating systems, web browsers, applications, and other security
software (such as anti-virus). Besides, the security of wireless routers should be another
practice. The process of protecting a router may include options such as repeatedly
changing the router's name and password, reviewing security settings, and creating a
guest network for visitors.
Types of Firewall
Depending on their structure and functionality, there are different types of firewalls. The
following is a list of some common types of firewalls:

o Proxy Firewall
o Packet-filtering firewalls
o Stateful Multi-layer Inspection (SMLI) Firewall
o Unified threat management (UTM) firewall
o Next-generation firewall (NGFW)
o Network address translation (NAT) firewalls

Difference between a Firewall and Anti-virus

Firewalls and anti-viruses are systems to protect devices from viruses and other types of
Trojans, but there are significant differences between them. Based on the vulnerabilities,
the main differences between firewalls and anti-viruses are tabulated below:

Attributes Firewall Anti-virus

Definition A firewall is defined as the Anti-virus is defined as the

system which analyzes and special type of software that
filters incoming or outgoing acts as a cyber-security
data packets based on pre- mechanism. The primary
defined rules. function of Anti-virus is to
monitor, detect, and remove
any apprehensive or distrustful
file or software from the
device.

Structure Firewalls can be hardware Anti-virus can only be used as

and software both. The software. Anti-virus is a
router is an example of a program that is installed on
physical firewall, and a the device, just like the other
simple firewall program on programs.
the system is an example of
a software firewall.
Implementation Because firewalls come in Because Anti-virus comes in
the form of hardware and the form of software,
software, a firewall can be therefore, Anti-virus can be
implemented either way. implemented only at the
software level. There is no
possibility of implementing
Anti-virus at the hardware
level.

Responsibility A firewall is usually defined Anti-viruses are primarily

as a network controlling responsible for detecting and
system. It means that removing viruses from
firewalls are primarily computer systems or other
responsible for monitoring devices. These viruses can be
and filtering network traffic. in the form of infected files or
software.

Scalability Because the firewall Anti-viruses are generally

supports both types of considered less-scalable than
implementations, hardware, firewalls. This is because anti-
and software, therefore, it is virus can only be implemented
more scalable than anti- at the software level. They
virus. don't support hardware-level
implementation.

Threats A firewall is mainly used to Anti-virus is mainly used to

prevent network related scan, find, and remove viruses,
attacks. It mainly includes malware, and Trojans, which
external network threats?for can harm system files and
example- Routing attacks software and share personal
and IP Spoofing. information (such as login
credentials, credit card details,
etc.) with hackers.

What is a packet filtering firewall?

A packet filtering firewall is a network security feature that controls the flow of incoming
and outgoing network data. The firewall examines each packet, which comprises user
data and control information, and tests them according to a set of pre-established rules.
If the packet completes the test successfully, the firewall allows it to pass through to its
destination. It rejects those that don't pass the test. Firewalls test packets by examining
sets of rules, protocols, ports and destination addresses.

In system networking, packets are formatted units of data carried on packet-switched

networks. These networks can be fault tolerant because they disassemble messages into
small pieces, or packets, and send them separately across the network. When packages
pass the firewall and arrive at their destination, they're reordered to display their
information correctly. Done correctly, packet switching optimizes networks' channel
capacity, minimizes transmission latency and increases the effectiveness of
communications. Packets contain two important components:

 Headers: Packet headers direct the data to its desired destination. They contain
portions of internet protocol (IP), addressing and any other data required to get
the packets where they're meant to go.
 Payloads: The payload is the user data within the packet. This is the information
that's trying to get to its destination.

4 types of packet filtering

There are four primary types of packet filtering:

1. Static packet filtering firewall

A static packet filtering firewall requires you to establish firewall rules manually.
Similarly, internal and external network connections remain either open or closed unless
otherwise adjusted by an administrator. These firewall types allow users to define rules
and manage ports, access control lists (ACLs) and IP addresses. They're often simple and
practical, making them an apt choice for smaller applications or users without a lot of
criteria.

Related: Top 5 Security Certifications for IT Professionals

2. Dynamic packet filtering firewall

Dynamic firewalls allow users to adjust rules dynamically to reflect certain conditions.
You can set ports to remain open for specified periods of time and to close
automatically outside those established time frames. Dynamic packet filtering firewalls
offer more flexibility than static firewalls because you can set adjustable parameters and
automate certain processes.
3. Stateless packet filtering firewall

Stateless packet filtering firewalls are perhaps the oldest and most established firewall
option. While they're less common today, they do still provide functionality for
residential internet users or service providers who distribute low-power customer-
premises equipment (CPE). They protect users against malware, non-application-specific
traffic and harmful applications. If users host servers for multi-player video games, email
or live-streamed videos, for example, they often must manually configure firewalls if
they plan to deviate from default security policies. Manual configurations allow different
ports and applications through the packet filter.

Related: Network Protocols: Definitions and Examples

4. Stateful packet filtering firewall

Unlike stateless packet filtering options, stateful firewalls use modern extensions to track
active connections, like transmission control protocol (TCP) and user datagram protocol
(UDP) streams. By recognizing incoming traffic and data packets' context, stateful
firewalls can better identify the difference between legitimate and malicious traffic or
packages. Typically, new connections must introduce themselves to the firewall before
they gain access to the approved list of allowed connections.

Benefits of packet filtering firewalls

There are many benefits to using packet filtering firewalls including:

Efficiency

One of the primary advantages of packet filtering firewalls is their efficiency. Routers
typically operate at high speeds, accepting and rejecting packets quickly based on their
destinations, source ports and addresses. Inbound and outbound packets are often only
held for a few milliseconds while the filter determines its destination and legitimacy.
Most other firewall techniques have performance overheads that exceed those of packet
filtering firewalls.

Transparency

Another benefit is transparency. While users are aware of firewalls when they reject a
packet, packet filters typically operate quickly and discreetly without interfering with
user functionality. Some other techniques require users to configure firewalls for specific
clients or servers manually. In this way, packet filtering firewalls are user-friendly and
easy to incorporate.

Affordability

Many routers offer built-in packet filtering, making them inexpensive. By providing built-
in functionality, software routing products and other widely used hardware offer cheap
and affordable security options. Many websites use packet filtering techniques in their
routers too. Packet filtering firewalls' ubiquitous use makes them one of the most
affordable security options.

Accessibility

Besides its affordability, the ease of its use makes packet filtering an appealing option.
With this security technique, you can protect an entire network with a single screening
router. Users don't need extensive knowledge, training or support to operate firewalls
because they won't be aware of packet transmission unless there's a rejection.

Drawbacks of packet filtering firewalls

There are several potential drawbacks of packet filtering to be aware of, including:

Reduced security

One potential drawback of packet filtering firewalls is their reduced security. Because
they're so accessible and commonly used, hackers have exploited rules and invaded
systems. Stateless packet filtering firewalls can be vulnerable because they test each
packet on its own, creating more opportunities for hacks. Hackers can use fake IP
addresses in packets to intrude networks because most packet filters don't provide
safety from address spoofing. However, stateful options remove some of these risks.
And, in some applications, security isn't a top priority or concern.

Related: What Is Network Segmentation (With Tips and Examples)

Inflexibility

Another potential drawback to packet filtering firewalls is their inflexibility. The

technique uses IP address authentications and port numbers rather than contextual
clues to identify and restrict packets. Many programs don't remember previously filtered
packets or past invasions, meaning they don't learn and improve. Where users manually
configure rules, taking extra care to create guidelines that produce desired functionality
can remove any issues this may cause.

Inconsistent applicability

In wide-scale applications, the predictable and standardized requirements of packet

filters can be a benefit. For more specific applications requiring heightened security or
functionality, consider exploring more advanced options. Packet filtering firewalls aren't
the best option for all networks. Implementing firewalls with desirable filters can be
time-consuming, as can configuring ACLs. Be sure to research your exact specifications
and needs when deciding on a security option that works best for you.

Application Layer
The application layer in the OSI model is the closest layer to the end user which means
that the application layer and end user can interact directly with the software
application. The application layer programs are based on client and servers.

The Application layer includes the following functions:

o Identifying communication partners: The application layer identifies the availability of

communication partners for an application with data to transmit.
o Determining resource availability: The application layer determines whether sufficient
network resources are available for the requested communication.
o Synchronizing communication: All the communications occur between the applications
requires cooperation which is managed by an application layer.

Services of Application Layers

o Network Virtual terminal: An application layer allows a user to log on to a remote host.
To do so, the application creates a software emulation of a terminal at the remote host.
The user's computer talks to the software terminal, which in turn, talks to the host. The
 remote host thinks that it is communicating with one of its own terminals, so it allows
the user to log on.
o File Transfer, Access, and Management (FTAM): An application allows a user to access
files in a remote computer, to retrieve files from a computer and to manage files in a
remote computer. FTAM defines a hierarchical virtual file in terms of file structure, file
attributes and the kind of operations performed on the files and their attributes.
o Addressing: To obtain communication between client and server, there is a need for
addressing. When a client made a request to the server, the request contains the server
address and its own address. The server response to the client request, the request
contains the destination address, i.e., client address. To achieve this kind of addressing,
DNS is used.
o Mail Services: An application layer provides Email forwarding and storage.
o Directory Services: An application contains a distributed database that provides access
for global information about various objects and services.

Authentication: It authenticates the sender or receiver's message or both.

o In Client-server architecture, clients do not directly communicate with each other. For
example, in a web application, two browsers do not directly communicate with each
other.
o A server is fixed, well-known address known as IP address because the server is always
on while the client can always contact the server by sending a packet to the sender's IP
address.

Disadvantage Of Client-server architecture:

It is a single-server based architecture which is incapable of holding all the requests

from the clients. For example, a social networking site can become overwhelmed when
there is only one server exists.

o P2P (peer-to-peer) architecture: It has no dedicated server in a data center. The peers
are the computers which are not owned by the service provider. Most of the peers reside
in the homes, offices, schools, and universities. The peers communicate with each other
without passing the information through a dedicated server, this architecture is known as
 peer-to-peer architecture. The applications based on P2P architecture includes file
sharing and internet telephony.

Features of P2P architecture

o Self scalability: In a file sharing system, although each peer generates a workload by
requesting the files, each peer also adds a service capacity by distributing the files to the
peer.
o Cost-effective: It is cost-effective as it does not require significant server infrastructure
and server bandwidth.

Client and Server processes

o A network application consists of a pair of processes that send the messages to each
other over a network.
o In P2P file-sharing system, a file is transferred from a process in one peer to a process in
another peer. We label one of the two processes as the client and another process as the
server.
o With P2P file sharing, the peer which is downloading the file is known as a client, and the
peer which is uploading the file is known as a server. However, we have observed in
some applications such as P2P file sharing; a process can be both as a client and server.
Therefore, we can say that a process can both download and upload the files.

What is a proxy server and how does it work?

Every computer that is connected to the network has an IP (Internet Protocol) address
that identifies the device uniquely. Similarly, the proxy server is a computer on the
network that has its own IP address. But sometimes, we want to access those websites
or servers that are restricted and we do not want to show our identity (IP address). In
such a scenario, the proxy server comes into existence. We can achieve the same by
using the proxy server. It provides varying levels of functionality, security, and privacy
that depend on the use case, needs, or policies of the company. In this section, we will
discuss what is a proxy server, its types, advantages, need, and working of proxy
servers.
Proxy Server
The proxy server is a computer on the internet that accepts the incoming requests from
the client and forwards those requests to the destination server. It works as a gateway
between the end-user and the internet. It has its own IP address. It separates the client
system and web server from the global network.

In other words, we can say that the proxy server allows us to access any websites with a
different IP address. It plays an intermediary role between users and targeted websites
or servers. It collects and provides information related to user requests. The most
important point about a proxy server is that it does not encrypt traffic.

There are two main purposes of proxy server:

o To keep the system behind it anonymous.

o To speed up access to a resource through caching.

Mechanism of Proxy Server

The following figure depicts the mechanism of the proxy server.
The proxy server accepts the request from the client and produces a response based on
the following conditions:

1. If the requested data or page already exists in the local cache, the proxy server itself
provides the required retrieval to the client.
2. If the requested data or page does not exist in the local cache, the proxy server forwards
that request to the destination server.
3. The proxy servers transfer the replies to the client and also being cached to them.

Therefore, it can be said that the proxy server acts as a client as well as the server.

Types of Proxy Servers

There are many types of proxy servers available. The two most common types of proxy
servers are forward and reverse proxy servers. The other proxy server has its own
feature and advantages. Let's discuss each in detail.

1. Open or Forward Proxy Server: It is the most widely recognized type of intermediary
worker that is gotten to by the customer. An open or forward proxy server refers to
those sorts of intermediaries that get demands from web clients and afterward peruse
 destinations to gather the mentioned information. After collecting the data from the
sites, it forwards the data to the internet users directly. It bypasses the firewall made by
authorities. The following image shows forward proxy configuration.

2. Reverse Proxy Server: It is a proxy server that is installed in the neighborhood of

multiple other internal resources. It validated and processes a transaction in such a way
that the clients do not communicate directly. The most popular reverse proxies
are Varnish and Squid. The following image shows the reverse proxy configuration.

3. Split Proxy Server: It is implemented as two programs installed on two different

computers.
4. Transparent Proxy: It is a proxy server that does not modify the request or response
beyond what is required for proxy authentication and identification. It works on port 80.
5. Non-Transparent Proxy: It is an intermediary that alters the solicitation reaction to offer
some extra types of assistance to the client. Web demands are straightforwardly shipped
off the intermediary paying little mind to the worker from where they started.
6. Hostile Proxy: It is used to eavesdrop upon the data flow between the client machine
and the web.
7. Intercepting Proxy Server: It combines the proxy server with a gateway. It is commonly
used in businesses to prevent avoidance of acceptable use policy and ease of
administration.
8. Forced Proxy Server: It is a combination of Intercepting and non-intercepting policies.
9. Caching Proxy Server: Caching is servicing the request of clients with the help of saved
contents from previous requests, without communicating with the specified server.
10. Web Proxy Server: The proxy that is targeted to the world wide web is known as a web
proxy server.
11. Anonymous Proxy: The server tries to anonymizing the web surfing.
12. Socks Proxy: It is an ITEF (Internet Engineering Task Force) standard. It is just like a proxy
system that supports proxy-aware applications. It does not allow the external network
components to collects the information of the client that had generated the request. It
consists of the following components:
o A dient library for the SOCK.
o A dient program such as FTP, telnet, or internet browser.
o A SOCK server for the specified operating system.
13. High Anonymity Proxy: The proxy server that doesn't contain the proxy server type and
the client IP address in a request header. Clients using the proxy can't be tracked.
14. Rotating Proxy: It assigns a unique IP address to each client who is connected to it. It is
ideal for users who do a lot of continuous web scrapping. It allows us to return the same
website again and again. So, using the rotating proxy requires more attention.
15. SSL Proxy Server: It decrypts the data between the client and the server. It means data
is encrypted in both directions. Since proxy hides its existence from both the client and
the server. It is best suited for organizations that enhance protection against threats. In
SSL proxy, the content encrypted is not cached.
16. Shared Proxy: A shared proxy server is used by more than one user at a time. It provides
an IP address to the client that can be shared with other clients. It also allows users to
select the location from where the user wants to search. It is ideal for users who do not
want to spend a lot of money on a fast connection. Low cost is an advantage of it. The
disadvantage of it is that a user can be get blamed for someone else's mischievous
activity. For this reason, the user can be blocked from the site.
17. Public Proxy: A public proxy is available free of cost. It is perfect for the user for whom
cost is a major concern while security and speed are not. Its speed is usually slow. Using
a public proxy puts the user at high risk because information can be accessed by others
on the internet.
 18. Residential Proxy: It assigns an IP address to a specific device. All requests made by the
client channeled through that device. It is ideal for the users who want to verify ads that
display on their websites. Using the residential proxy server, we can block unwanted and
suspicious ads from competitors. In comparison to other proxy servers, the residential
proxy server is more reliable.
19. Distorting Proxy: It is different from others because it identifies itself as a proxy to a
website but hides its own identity. The actual IP address is changed by providing an
incorrect one. It is perfect for clients who do not want to disclose their location during
surfing.
20. Data Center Proxy: It is a special type of proxy that is not affiliated with the ISP. It is
provided by other corporations through a data center. These servers can be found in
physical data centers. It is ideal for clients who want quick responses. It does not provide
high-level anonymity. For this reason, it can put client information at high risk.
21. HTTP Proxy: HTTP proxies are those proxy servers that are used to save cache files of
the browsed websites. It saves time and enhances the speed because cached files reside
in the local memory. If the user again wants to access the same file proxy itself provides
the same file without actually browsing the pages.

Advantages of Proxy Server

There are the following benefits of using the proxy server:

o It improves the security and enhances the privacy of the user.

o It hides the identity (IP address) of the user.
o It controls the traffic and prevents crashes.
o Also, saves bandwidth by caching files and compressing incoming traffic.
o Protect our network from malware.
o Allows access to the restricted content.

Need of Proxy Server

o It reduces the chances of data breaches.
o It adds a subsidiary layer of security between server and outside traffic.
o It also protects from hackers.
 o It filters the requests.

Working of Proxy Server

As we have discussed above, the proxy server has its own IP address and it works as a
gateway between the client and the internet. The client's computer knows the IP address
of the proxy server. When the client sends a request on the internet, the request is re-
routed to the proxy. After that, the proxy server gets the response from the destination
or targeted server/site and forwards the data from the page to the client's browser
(Chrome, Safari, etc.).

What is a packet filtering firewall?

A packet filtering firewall is a network security feature that controls the flow of
incoming and outgoing network data. The firewall examines each packet,
which comprises user data and control information, and tests them according
to a set of pre-established rules. If the packet completes the test successfully,
the firewall allows it to pass through to its destination. It rejects those that
don't pass the test. Firewalls test packets by examining sets of rules,
protocols, ports and destination addresses.
In system networking, packets are formatted units of data carried on packet-
switched networks. These networks can be fault tolerant because they
disassemble messages into small pieces, or packets, and send them
separately across the network. When packages pass the firewall and arrive at
their destination, they're reordered to display their information correctly. Done
correctly, packet switching optimizes networks' channel capacity, minimizes
transmission latency and increases the effectiveness of communications.
Packets contain two important components:

 Headers: Packet headers direct the data to its desired destination. They
contain portions of internet protocol (IP), addressing and any other data
required to get the packets where they're meant to go.
 Payloads: The payload is the user data within the packet. This is the
information that's trying to get to its destination.

4 types of packet filtering

There are four primary types of packet filtering:

1. Static packet filtering firewall

A static packet filtering firewall requires you to establish firewall rules

manually. Similarly, internal and external network connections remain either
open or closed unless otherwise adjusted by an administrator. These firewall
types allow users to define rules and manage ports, access control lists
(ACLs) and IP addresses. They're often simple and practical, making them an
apt choice for smaller applications or users without a lot of criteria.

2. Dynamic packet filtering firewall

Dynamic firewalls allow users to adjust rules dynamically to reflect certain

conditions. You can set ports to remain open for specified periods of time and
to close automatically outside those established time frames. Dynamic packet
filtering firewalls offer more flexibility than static firewalls because you can set
adjustable parameters and automate certain processes.

3. Stateless packet filtering firewall

Stateless packet filtering firewalls are perhaps the oldest and most
established firewall option. While they're less common today, they do still
provide functionality for residential internet users or service providers who
distribute low-power customer-premises equipment (CPE). They protect users
against malware, non-application-specific traffic and harmful applications. If
users host servers for multi-player video games, email or live-streamed
videos, for example, they often must manually configure firewalls if they plan
to deviate from default security policies. Manual configurations allow different
ports and applications through the packet filter.

Related: Network Protocols: Definitions and Examples

4. Stateful packet filtering firewall

Unlike stateless packet filtering options, stateful firewalls use modern

extensions to track active connections, like transmission control protocol
(TCP) and user datagram protocol (UDP) streams. By recognizing incoming
traffic and data packets' context, stateful firewalls can better identify the
difference between legitimate and malicious traffic or packages. Typically,
new connections must introduce themselves to the firewall before they gain
access to the approved list of allowed connections.

Benefits of packet filtering firewalls

There are many benefits to using packet filtering firewalls including:

Efficiency

One of the primary advantages of packet filtering firewalls is their efficiency.

Routers typically operate at high speeds, accepting and rejecting packets
quickly based on their destinations, source ports and addresses. Inbound and
outbound packets are often only held for a few milliseconds while the filter
determines its destination and legitimacy. Most other firewall techniques have
performance overheads that exceed those of packet filtering firewalls.

Transparency

Another benefit is transparency. While users are aware of firewalls when they
reject a packet, packet filters typically operate quickly and discreetly without
interfering with user functionality. Some other techniques require users to
configure firewalls for specific clients or servers manually. In this way, packet
filtering firewalls are user-friendly and easy to incorporate.

Related: The Top 20 Networking Certifications for Your IT Career

Affordability
Many routers offer built-in packet filtering, making them inexpensive. By
providing built-in functionality, software routing products and other widely used
hardware offer cheap and affordable security options. Many websites use
packet filtering techniques in their routers too. Packet filtering firewalls'
ubiquitous use makes them one of the most affordable security options.

Accessibility

Besides its affordability, the ease of its use makes packet filtering an
appealing option. With this security technique, you can protect an entire
network with a single screening router. Users don't need extensive
knowledge, training or support to operate firewalls because they won't be
aware of packet transmission unless there's a rejection.

Upload your resume on Indeed

Let employers find you when you create an Indeed Resume

Drawbacks of packet filtering firewalls

There are several potential drawbacks of packet filtering to be aware of,
including:

Reduced security

One potential drawback of packet filtering firewalls is their reduced security.

Because they're so accessible and commonly used, hackers have exploited
rules and invaded systems. Stateless packet filtering firewalls can be
vulnerable because they test each packet on its own, creating more
opportunities for hacks. Hackers can use fake IP addresses in packets to
intrude networks because most packet filters don't provide safety from
address spoofing. However, stateful options remove some of these risks. And,
in some applications, security isn't a top priority or concern.

Related: What Is Network Segmentation (With Tips and Examples)

Inflexibility

Another potential drawback to packet filtering firewalls is their inflexibility. The

technique uses IP address authentications and port numbers rather than
contextual clues to identify and restrict packets. Many programs don't
remember previously filtered packets or past invasions, meaning they don't
learn and improve. Where users manually configure rules, taking extra care to
create guidelines that produce desired functionality can remove any issues
this may cause.

Inconsistent applicability

In wide-scale applications, the predictable and standardized requirements of

packet filters can be a benefit. For more specific applications requiring
heightened security or functionality, consider exploring more advanced
options. Packet filtering firewalls aren't the best option for all networks.
Implementing firewalls with desirable filters can be time-consuming, as can
configuring ACLs. Be sure to research your exact specifications and needs
when deciding on a security option that works best for you.