1.

Web Security Considerations

World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP
intranets. The Web presents new challenges not generally appreciated in the context of computer and
network security:
1.1 Web Security Threats
One way to group these threats is in terms of passive and active attacks. Passive attacks include
eavesdropping on network traffic between browser and server and gaining access to information on a
Web site that is supposed to be restricted. Active attacks include impersonating another user, altering
messages in transit between client and server, and altering information on a Web site. Another way to
classify Web security threats is in terms of the location of the threat: Web server, Web browser, and
network traffic between browser and server. Issues of server and browser security fall into the
category of computer system security.

1.2 Web Traffic Security Approaches

A number of approaches to provide Web security are possible. The various approaches that have
been considered are similar in the services they provide and, to some extent, in the mechanisms that
they use, but they differ with respect to their scope of applicability and their relative location within
the TCP/IP protocol stack.

Figure 1.1 illustrates this difference. One way to provide Web security is to use IP Security. The
advantage of using IPsec is that it is transparent to end users and applications and provides a general-
purpose solution. Further, IPsec includes a filtering capability so that only selected traffic need incur
the overhead of IPsec processing.
 Another relatively general-purpose solution is to implement security just above TCP. The foremost
example of this approach is the Secure Sockets Layer (SSL) and the follow-on Internet standard
known as Transport Layer Security (TLS). At this level, there are two implementation choices. For
full generality, SSL (or TLS) could be provided as part of the underlying protocol suite and therefore
be transparent to applications. Alternatively, SSL can be embedded in specific packages. For
example, Netscape and Microsoft Explorer browsers come equipped with SSL, and most Web servers
have implemented the protocol.

2. Secure Socket Layer (SSL)

Netscape originated SSL. Version 3 of the protocol was designed with public review and input
from industry and was published as an Internet draft document. Subsequently, when a consenses was
reached to submit the protocol for Internet standardization, the TLS working group was formed
within the IETF to develop a common standard.
2.1 SSL Architecture

SSL is designed to make use of TCP to provide a reliable end-to-end secure service. SSL is not a
single protocol but rather two layers of protocol, as shown in Figure 2.1. The SSL Record Protocol
provides basic security services to various higher-layer protocols. In particular, the Hypertext
Transfer Protocol (HTTP), which provides the transfer service for Web client/server interaction, can
operate on top of SSL. Three higher-layer protocols are also defined as part of SSL: the Handshake
Protocol, Change Cipher Spec Protocol, and Alert Protocol. These SSL-specific protocols are used in
the management of SSL exchanges.

Two important SSL concepts are the SSL connection and the SSL session:

• Connection: A connection is a network transport that provides a suitable type of service, such
connections are transient, peer-to-peer relationships, associated with one session.

• Session: An SSL session is an association between a client and a server, created by the
Handshake Protocol. Sessions define a set of cryptographic security parameters, which can be shared
among multiple connections. Sessions are used to avoid the expensive negotiation of new security
parameters for each connection.
2.2 SSL Record Protocol

SSL Record Protocol defines two services for SSL connections:

 Message Integrity: The Handshake Protocol also defines a shared secret key that is used to form a
message authentication code (MAC), which is similar to HMAC.
 Confidentiality: The Handshake Protocol defines a shared secret key that is used for conventional
encryption of SSL payloads. The message is compressed before being concatenated with the MAC
and encrypted, with a range of ciphers being supported. P-515

Figure 2.2 shows the overall operation of the SSL Record Protocol. The Record Protocol takes an
application message to be transmitted, fragments the data into manageable blocks, optionally
compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a
TCP segment. Received data are decrypted, verified, decompressed, and reassembled and then
delivered to higher-level users. Figure 2.3 illustrates the SSL record format. IT consisting of the
following fields:
Content Type (8 bits): The higher layer protocol used to process the enclosed fragment.

Major Version (8 bits): Indicates major version of SSL in use. For SSLv3, the value is 3.

Minor Version (8 bits): Indicates minor version in use. For SSLv3, the value is 0.

Compressed Length (16 bits): The length in bytes of the plaintext fragment. The maximum value

is 214 + 2048.
Handshake Protocol

The most complex part of SSL is the Handshake Protocol. This protocol allows the server and
client to authenticate each other and to negotiate an encryption and MAC algorithm and
cryptographic keys to be used to protect data sent in an SSL record. The Handshake Protocol is used
before any application data is transmitted. The Handshake Protocol consists of a series of messages
exchanged by client and server. The format of the Handshake Protocol shown in Figure 2.4c. Each
message has three fields:
 Type (1byte): Indicates one of 10 messages. Table 2.1 lists the defined message types.

Length (3bytes): The length of the message in bytes.

Content (≥ 0 bytes): The parameters associated with this message; these are listed in Table 2.1.

Phase 1. Establish Security Capabilities – This phase is used by the client to initiate a logical
connection and to establish the security capabilities that will be associated with it.

Phase 2. Server Authentication and Key Exchange – The server begins this phase by sending its
certificate if it needs to be authenticated.

Phase 3. Client Authentication and Key Exchange – The client should verify that the server
provided a valid certificate if required and check that the server_hello parameters are acceptable.

Phase 4. Finish – This phase completes the setting up of a secure connection. The client sends a
change_cipher_spec message and copies the pending CipherSpec into the current CipherSpec.
3. Transport Layer Security (TLS)

TLS is an IETF standardization initiative whose goal is to produce an Internet standard version of
SSL. TLS is defined as a Proposed Internet Standard in RFC 2246. RFC 2246 is very similar to
SSLv3. Some of the minor differences in the areas are:

Version Number: The TLS Record Format is the same as that of the SSL Record Format (Figure
2.3), and the fields in the header have the same meanings. The one difference is in the current version
of TLS, the Major Version is 3 and the Minor Version is 1.

Message Authentication Code (MAC): There are two differences between the SSLv3 and TLS
MAC schemes: the actual algorithm and the scope of the MAC calculation. TLS makes use of the
HMAC algorithm defined in RFC 2104.

Pseudo-random Function: TLS makes use of a pseudorandom function referred to as PRF to

expand secrets into blocks of data for purposes of key generation or validation. The objective is to
make use of a relatively small shared secret value but to generate longer blocks of data in a way that
is secure from the kinds of attacks made on hash functions and MACs. In Figure 2.6 illustrate the
PRF is based on the following data expansion function.

Alert Codes: TLS supports all of the alert codes defined in SSLv3 with the exception of
no_certificate.

Cipher Suites: There are several small differences between the cipher suites available under
SSLv3 and under TLS:
 Key Exchange: TLS supports all of the key exchange techniques of SSLv3 with the exception of
Fortezza.
 Symmetric Encryption Algorithms: TLS includes all of the symmetric encryption algorithms found
in SSLv3, with the exception of Fortezza.

Client Certificate Types: TLS defines the following certificate types to be requested in a
certificate_request message: rsa_sign, dss_sign, rsa_fixed_dh, and dss_fixed_dh. These are all
defined in SSLv3. In addition, SSLv3 includes rsa_ephemeral_dh, dss_ephemeral_dh, and
fortezza_kea. TLS does not include the Fortezza scheme.
Certificate_Verify and Finished Messages: In the TLS certificate_verify message, the MD5 and
SHA-1 hashes are calculated only over handshake_messages. Recall that for SSLv3, the hash
calculation also included the master secret and pads.

Cryptographic Computations: The pre_master_secret for TLS is calculated in the same way as in
SSLv3. As in SSLv3, the master_secret in TLS is calculated as a hash function of the
pre_master_secret and the two hello random numbers.

Padding: In SSL, the paddingaddedpriortoencryptionofuserdatais the minimum amount required

so that the total size of the data to be encrypted is a multiple of the cipher’s block length. In TLS, the
padding can be any amount that results in a total that is a multiple of the cipher’s block length, up to a
maximum of 255 bytes.
SSH Meaning| SSH Protocol Definition
SSH stands for Secure Shell or Secure Socket Shell. It is a cryptographic network protocol that
allows two computers to communicate and share the data over an insecure network such as the
internet. It is used to login to a remote server to execute commands and data transfer from one
machine to another machine.

The SSH protocol was developed by SSH communication security Ltd to safely communicate with
the remote machine.

Secure communication provides a strong password authentication and encrypted communication with
a public key over an insecure channel. It is used to replace unprotected remote login protocols such
as Telnet, rlogin, rsh, etc., and insecure file transfer protocol FTP.

Its security features are widely used by network administrators for managing systems and
applications remotely.

The SSH protocol protects the network from various attacks such as DNS spoofing, IP source
routing, and IP spoofing.

A simple example can be understood, such as suppose you want to transfer a package to one of your
friends. Without SSH protocol, it can be opened and read by anyone. But if you will send it using
SSH protocol, it will be encrypted and secured with the public keys, and only the receiver can open it.

Before SSH:

After SSH:
Usages of SSH protocol

The popular usages of SSH protocol are given below:

o It provides secure access to users and automated processes.

o It is an easy and secure way to transfer files from one system to another over an insecure
network.
o It also issues remote commands to the users.
o It helps the users to manage the network infrastructure and other critical system components.
o It is used to log in to shell on a remote system (Host), which replaces Telnet and rlogin and is
used to execute a single command on the host, which replaces rsh.
o It combines with rsync utility to backup, copy, and mirror files with complete security and
efficiency.
o It can be used for forwarding a port.
o By using SSH, we can set up the automatic login to a remote server such as OpenSSH.
o We can securely browse the web through the encrypted proxy connection with the SSH client,
supporting the SOCKS protocol.
The architecture of SSH Protocol

The SSH architecture is made-up of three well-separated layers. These layers are:

1. Transport Layer
2. User-authentication layer
3. Connection Layer

The SSH protocol architecture is an open architecture; hence it provides great flexibility and enables
SSH use for many other purposes instead of only a secure shell. In the architecture, the transport layer
is similar to the transport layer security (TLS). The User-authentication layer can be used with the
custom authentication methods, and the connection layer allows multiplexing different secondary
sessions into a single SSH connection.

Transport Layer
The transport layer is the top layer of the TCP/IP protocol suite. For SSH-2, this layer is responsible
for handling initial key exchange, server authentication, set up encryption, compression, and integrity
verification. It works as an interface for sending and receiving plaintext packets with sizes up to 32,
768bytes.

User authentication Layer

As its name suggests, the user authentication layer is responsible for handling client authentication
and provides various authentication methods. The authentication is done at the client-side; hence
when a prompt occurs for a password, it usually for an SSH client rather than a server, and the server
responds to these authentications.

This layer includes various methods of authentication; these methods are:

o Password: Password authentication is a straightforward way of authentication. It includes the

feature to change the password for easy access. But it is not used by all the applications.
o Public-key: The public-key is a public key-based authentication method, which supports
DSA, ECDSA, or RSA keypairs.
o Keyboard-interactive: It is one of the versatile authentication methods. In this, the server
sends a prompt to enter information & the client sends it back with keyed-in responses by the
user. It is used to provide a one-time password or OTP authentication.
o GSSAPI: In this method, the authentication is performed by external methods such as
Kerberos 5 or NTLM, which provide the single sign-on capability to SSH sessions.
Connection Layer

The connection layer defines various channels through which SSH services are provided. It defines
the concept of channels, channel requests, and global requests. One SSH connection can host
different channels simultaneously and can also transfer data in both directions simultaneously.
Channel requests are used in the connection layer to relay out-of-band channel-specific data, for
example, the altered size of a terminal window or the exit code of a server-side process. The standard
channel types of connection layer are:

o shell: It is used for terminal shells, SFTP, and exec requests.

o direct-tcpip: It is used for the client-to-server forwarded connections.
o forwarded-tcpip: It is used for the server-to-client forwarded connections.

Fire walls
A firewall is a term used for a network security system that protects unauthorized access to or from a
network. A set of security rules are defined, and following this set, it tracks incoming and outgoing
traffic and then allows or blocks communication packets. The firewall just works like a barrier in
between the incoming traffic and external sources. It secures mischievous traffic that includes
unauthorized access from hackers and viruses. A firewall is often suitable for obtaining virtual access
to a private network via secure authentication credentials and certificates to restrict access to clients’
devices and networks.

Firewall Working
Firewalls are full of pre-set rules that carefully look after the incoming traffic. Firewalls filter the
traffic that approaches from unsecured sources. Firewalls also block the specific traffic coming from
suspicious sources. The firewall functioning aims to prevent the system attached with the network
from attacks.

Figure 2: Firewall
Working
The firewall guards are residing at the computer’s entry point known as “ports,” which are the points
where data communication occurs with the other devices. In computer networking, internet protocol
(IP) is just like a house number in an address, and a port number can be considered a room number in
the house’s address. With this example, we can clear that we allow only trusted people in the house
(destination address) and only allowed people to visit the room (destination ports). However, the
owner has access to visit any room of the house (any port) while guests and children can access a
defined list of rooms (specific ports).

Types of Firewall:
Firewalls are categorized into eight main types concerning their general Firewalls are categorized into
eight main types concerning their general structure and operation behavior. All the types are listed
and briefly described below.

1. Packet Filtering
2. Circuit Level Gateways
3. Stateful Inspection
4. Application Level Firewalls
5. Next Generation
6. Software Firewalls
7. Hardware Firewalls
8. Cloud Firewalls
1. Packet Filtering:
As the “simple” and “earliest” firewall architecture type, packet-filtering gateways essentially create a
barrier at a communication router or switch. The gateway performs a fast analysis of the data packets
passing through the router without manipulating the packet to determine its structure, evaluating data
such as the destination and source IP address, packet sorting, port number, and other surface-level
information. If the data packet does not fulfil the requirements it will be dropped in that case.With
these gateways, what’s odd is that they are not a much stronger cause. This means they do not have
an overwhelming influence on the performance of the system and are relatively required. However
they are also relatively simple to bypass, like firewalls with more efficient inspection characteristics.
2. Circuit Level Gateways:
Circuit-level gateways serve as a key gateway group by testing the consensus of the transmission
control protocol (TCP) that is designed to allow or deny data easily and effectively without needing
considerable computational power. This quest for TCP contact is intended to guarantee that the
packet is from a valid link.

Though extremely resource-efficient, these gateways don’t test the data packet itself. So if a packet is
harmful, but had the correct TCP arrangement, it must pass through it positively. Therefore, circuit-
level firewalls are not adequate to secure the entity alone.

3.Stateful Inspection:
The above two firewall categories and TCP protection are combined to create a degree of protection
stronger than both of the previous two kinds. However, these defence technologies also place a great
deal of pressure on processing resources. This will slow down the distribution of legitimate packets,
in comparison to the other alternatives.

4. Application Level Firewall:

The type of filter is present between the clients’ network and the source where incoming traffic will
be filtered. The firewall operates at the application layer. That is why the type of firewall is known as
an application-level gateway. The functionality of such kinds of firewalls can be achieved through
clouds or proxy devices. Proxies develop a connection with the traffic source and evaluate the data
packets, then dispatch each packet after verification to the destination. Stateful inspection firewall
evaluates the packets in the same manner that monitors both the data packets along with TCP
protocol.

5. Next Generation Gateway:

The recent or advanced products related to gateways are declared as next-generation products.
However, no parameters exist to evaluate whether a firewall belongs to the next-gen or not. The next
generation prominent features are given below.

1. Deep Data Packet Inspection

2. TCP Handshake Evaluation
3. Surface-Level Packet Inspection
The next generation’s firewalls may also involve other innovations such as IPSs, which automatically
protect threats against your network. It is necessary to learn about next-generation firewalls’
capabilities as there is no unique definition of such firewalls.

6. Software Firewalls:
On a clients’ system, a software firewall is configured that prevents the specific unit. This facilitates
coordination with internal security. It may be customized, giving clients more flexibility about its
functionality and security characteristics, including restricting links to some network websites. Since
software firewalls are simpler to mount, many homes and SMB clients prefer them. Whereas
application layer gateways perform analysis in deep layers to evaluate that the data is real, there is
nothing like malware.

7. Hardware Firewalls:
A unique physical device is used to secure the whole network from an unsecured environment.
Although it is possible to buy a stand-alone tool, hardware firewall systems are often placed between
the computer network and the internet. This system detects data packets as they are exchanged and
then blocks or exchanges the data according to pre-set guidelines. To mount and commit maintenance
and control; subsequently, hardware firewalls need specialized IT expertise. Because of this
hardware, more prominent organizations usually employ firewalls where privacy is a significant
concern.

8. Cloud Firewalls:
In the advanced era of technology, the cloud provides services for firewall functionality. Such
firewalls have similar patterns as compared with the application or proxy firewalls in many aspects.
Cloud servicing is mostly used in application-level gateways. Moreover, the cloud-based gateways
are easy to implement on the organizational level. The requirement of cloud servicing gateways can
be enhanced as the traffic load increases. Just like hardware gateways, cloud firewalls provide
security at the perimeter level.

Firewall, a tool, is also a part of operating systems (OS). All the OS of Microsoft advanced than XP
contains Windows Firewall, a freeware that monitors suspicious activities. Moreover, it has the power
to detect and block viruses and hackers that perform unauthorized activities.

Firewall Characteristics:
Major characteristics related to firewall protection are described below.

1. Various protection levels

2. Wireless network (Wi-fi) Protection
3. Internet and network access
4. Blockage against unauthorized access
5. Protection against malware
6. Provide access only to valid data packets
7. Provision of different configurations
8. Provision of numerous security policies
9. Allowing to pass authorized traffic that fulfils a set of rules
10. Firewall functions like an immune system for malware and unauthorized access; therefore, it
ensures a secure system and an OS.
Firewall Security Techniques:
The firewall employs four different techniques for controlling access and ensuring the security policy
for web clients. A brief detail of the related security policy is given below.

1. Service Control
2. Direction Control
3. User Control
4. Behaviour Control
1. Service Control:
Service control shall specify the form of internet services available, inbound, or outbound. It is
enabled to funnel data using IP address and TCP port, have a proxy application that collects and
translates each service request before transmitting it or host the web server itself, like web or mail.

2. Direction Control:
The control defines the path in which a complex service request can be launched and passed across
the firewall.

3. User Control:
It regulates access to a program that the customer attempts to enter.

4. Behaviour Control:
It regulates how specific services need to be employed.

Firewall Capabilities:
A firewall uniquely identifies the level of congestion, which prevents unwanted clients off the secure
network, forbids the entry or leave of possibly compromised services, and defends them from
different forms of IP spoofing and networking assaults.

A firewall includes a space for the protection of events related to security. Assessments and warnings
on the firewall framework may be introduced. A firewall is a suitable interface for many operations
not relevant to security. A firewall will act as an IPsec framework.

Firewall Categories:
Firewalls are classified into eight different categories. A list of all the categories and their
functionality is described below.

1. Stateless Firewall
2. Stateful Firewall
3. Packet-filtering Firewall
4. Proxy Firewall
5. Address Translation Firewall
6. Host-based Firewall
7. Transparent Firewall
8. Hybrid Firewall
1. Stateless Firewall:
Early firewalls are developed to examine packets to confirm if they are fulfilling standards declared
in the firewall, with the ability to move forward or block packets. This method of packet filtering is
referred to as stateless filtering. Each packet is screened based on specific characteristics in this kind
of firewall, like ACLs screen packages.

2. Stateful Firewall:
The idea of a stateful firewall was proposed in 1989 by AT&T Bell Labs. Data flows through the
firewall as the information is stored in it. This category of firewall decides if a packet is part of an
ongoing data flow. The support minimizes DoS attacks utilizing secure connections across a
networking system. This firewall facilitates the features for dynamic packet filtering. The stateful
firewall performs functionality on the OSI model layers. They tend to monitor the networking traffic
on OSI layers 4 & 5.

3. Packet Filtering Firewall:

Packet filtering firewalls can filter the data packets at OSI layers 3 & 4. The firewall category
employs an access control list (ACL) for monitoring the traffic; either it should be permitted or
denied based on the IP address of sender and receiver, their port number, and kind of packet. These
firewalls are commonly composed of a router firewall.

4. Proxy Firewall:
The proxy or application firewall monitors and filters the data at OSI layers 3-7. Mostly a software
program is used to manage and filter this category of the firewall.

5. Address-Translation Firewall:
A firewall form that exceeds the number of accessible IP and disguises a developed address network.

6. Host-based Firewall:
In this category of firewall, devices have a firewall program and operationally performing
functionality on the device.

7. Transparent Firewall:
Transparent firewalls monitor the traffic at layer two and do not perform router hop for the connected
systems. It performs the filtering of IP traffic among network interfaces.

8. Hybrid Firewall:
The hybrid firewalls are formed by combining different categories of the firewall.

Firewall Advantages:
Firewalls perform initial protection against potential attacks, ransomware, and hackers attempting to
reach the details and networks. The ordinary benefits of the firewalls are as given below.

1. Keeps a close look on network traffic:

All the advantages of firewall protection commence with network traffic monitoring. Information
from and in clients’ applications provides ways to disrupt the activities. Firewalls use pre-set
guidelines and filters to retain the networks secure by tracking and evaluating network traffic. Users
should control the security rate with a skilled IT team depending on the details of the data in and out
from the firewall.

2. Significant obstacle against viruses:

Nobody will close the digital activities quicker and more resonantly than an intrusion by viruses.
Thousands of potential attacks are developed daily; web users must maintain and protect their
systems from such attacks. The potential to monitor the access points on the device and avoid
malware attacks is one of the most apparent advantages of firewalls. Depending on the type of
malware, the risk to the devices can be enormously considerable.

3. Secures from Hacking:

With the evolution of technology, firms’ patterns are shifting further into digital activities, but
criminals and spammers are also moving towards digital trends to perform harmful jobs. Firewalls
have become ever more relevant with increasing computer fraud and offenders retaining
rehabilitation systems because they prohibit hackers from obtaining unwanted access.

4. Prevents from Spywares:

Quite an advantage in a data-driven environment is to avoid spyware from having access and coming
through the networks. When networks get increasingly sophisticated and robust, hackers often utilize
entrances to achieve greater access to the systems. Unneeded individuals have access to spyware and
malware—programs to hack the networks, manipulate the machines, and steal the data—is one of the
most popular methods. Firewalls act as a significant barrier to these harmful systems.

5. Promotion of Privacy:
The promotion of privacy is an overall advantage. Acting efficiently and effectively to maintain the
data and consumers’ information secure, we create a privacy framework that the users will trust.
Nobody prefers to steal their private details, mainly if this evidence should have been taken to avoid
intrusion. In comparison, improved data security technologies will give enterprises and consumers a
strategic edge and sales point. The profit improves the sensitivity of the businesses’ data.

Firewall Disadvantages:
Orthodox solutions, nevertheless, have weaknesses and disadvantages. These disadvantages can not
only risk the defense but also place an unnecessary burden on the assets. A few of the common
disadvantages of firewalls are discussed below.

1. Limitation related to awareness about the application:

Traditional firewalls are not as deep as NGFWs that permit the consumer to monitor which programs
are employed in the network and empower the opportunity. The capability to monitor connectivity
to this depth is not possible with a conventional firewall.

2. Speed is a challenge:
Often conventional firewalls establish a data inspection model, which may consume the users’
resources, including speed, time, and budget. This is not suitable with activities that plan to grow,
incorporate new regulations, procedures, and safety protocols.

3. Logistical Matters:
Most conventional firewalls cannot be tailored to the changing element of enterprise applications and
activities. They can be glitchy, need extensive supervision and servicing, and have trouble adjusting
to cloud context.

4. Deficiency of Evolution Capabilities:

The security threat ecosystem is continually evolving, and regular new threats emerge. It is almost
difficult to keep up to date to facilitate successful assistance and security without seriously restricting
the teams or company capability. Rebooting new implementations for all platforms is disruptive,
time-consuming, and introduces vulnerability possibilities that are out of date.

Firewall Placement for Different Network Segments

These guidelines cover the main types of network segments; most networks will include multiple
instances of each of these network connection types.

External Networks (The Internet) and Internal Networks

It is highly important to place strong controls on firewalls protecting the internal network from
external connections. Not only can malicious attacks occur from outside sources, but data leakage is a
 significant concern. As a general rule, net connections should not be allowed from external to internal
networks — servers for external servers should reside in DMZs.

External Networks (The Internet) And DMZ Networks

DMZs, or “perimeter networks,” are isolated from other network endpoints and typically contain
servers that offer services primarily for external access. Here, firewalls control traffic in and out of
each DMZ from both external and internal networks (typically, only a few, specified services must be
allowed).Servers in DMZs are frequently targeted for attacks, so connections between DMZs and
internal networks must be strictly managed.

Between Internal Networks

While internal networks do handle confidential data, connections between these networks can be
more permissive than network connections between internal and external traffic. Still, there are
unique network threats to consider because sensitive data needs to be transmitted between users
frequently. In each network segment, security teams can create a variety of boundaries with varying
degrees of security protection.

Multi-Layer Firewall Placement

As the cyber threat landscape has become more complex, it’s important for organizations to take a
multi-layer firewall approach. This proactive, layered security strategy helps to bridge gaps between
network segments to catch threats like malware as they are delivered versus a reactive approach in
response to already-deployed attacks. Multilayer firewalls can add protection from attacks launched
through email attachments, adware, links, apps, and file attachments, including malware that
frequently changes identifiable characteristics like file name and type. Multilayer firewalls also
typically include DNS-level security that protects against network level threats.

Multilayer firewalls rely on dynamic packet filtering to examine incoming data across a network’s
active connections. This is a step up from simple packet-scanning firewall protection — note that
some firewalls within a multilayer firewall structure may be simple packet-scanning firewalls, but the
multilayer firewall is focused on dynamic packet filtering. A multilayer firewall approach is a
convenient, efficient approach that brings multiple firewall technologies together.

Firewall Placement Best Practices

Within a segmented network structure, SOCs identify various security zones, groups of servers and
systems with similar security requirements. Organizations typically have a secure internal network
zone and an external (untrusted) network zone and intermediate security zones in between. Firewalls
control traffic to and from hosts and these security zones at the IP, port, or application levels. As all
organizations require their own unique network architecture, there is no single configuration that
would apply to all businesses and networks, but there are best practices that can be applied generally
to help guide firewall placement within a segmented network:

 Keep internet-facing servers in separate zones (for example, web servers and email servers) – this
can help minimize damage if an internet-facing server is compromised.
 Maintain only one-way traffic between internal zones and demilitarized zones (DMZ) (for
example, DMZs used for proxy, email, and web servers).
 Keep web servers and database servers on separate machines – ideally, these should be kept
separate and placed in different DMZs.
 Enable direct internet access for users on the internal network through an HTTP proxy server
located in the primary DMZ.
 Disallow direct traffic to the internal zone from the internet.
Bottom Line: Firewall Placement

Network segmentation is a fundamental security approach to network infrastructure design that adds
layered protection throughout large enterprise network environments. Most organizations will install
firewalls throughout these segments to handle various connection types (internal communications,
internal-to-external traffic, and DMZ traffic).This comprehensive multi-layered approach adds
system-wide protection against a wide range of network threats, including external cyber threats.

As firewalls are placed throughout a segmented network, security teams should follow a standard set
of best practices to ensure uniformity throughout. While these practices will vary by organization, it’s
best practice that standards focused on how each firewall is part of the overall security architecture
should be applied.

Firewalls are one tool in the network security toolbox, and in some ways, these are relatively simple,
fundamental elements of a larger network security approach. They are, however, integral and have
outsized roles to play even within network security environments that include advanced tech features
like AI and network traffic monitoring services. A large percentage of network security
vulnerabilities can be stopped at the firewall level.

Trusted Systems in Network Security

In network systems, a trusted system is a computer system or network that has been designed,
implemented, and tested to meet specific security requirements. Trusted systems are used to protect
sensitive information, prevent unauthorized access, and ensure the integrity and availability of data
and systems.

A trusted system is typically designed with a set of security features, such as access controls,
authentication mechanisms, and encryption algorithms, that are carefully integrated to provide a
comprehensive security solution. These security features are often implemented using hardware,
software, or a combination of both, and are rigorously tested to ensure they meet the security
requirements of the system.

Trusted systems are often used in government, military, financial, and other high-security
environments where the protection of sensitive information is critical. They are also used in
commercial settings where the protection of intellectual property, trade secrets, and other confidential
information is important.

Overall, a trusted system is one that can be relied upon to provide a high level of security and
protection against various types of cyber threats, including malware, hacking, and other forms of
cyber attacks.
In today's digital age, the security of computer systems and networks is more important than ever.
Cyber threats are becoming increasingly sophisticated, and the consequences of a security breach can
be severe, ranging from financial losses to reputational damage and legal liabilities. To address these
challenges, many organizations are turning to trusted systems as a way to protect their information
and assets from unauthorized access and cyber attacks.

A trusted system is a computer system or network that has been designed, implemented, and tested to
meet specific security requirements. These requirements are often driven by the need to protect
sensitive information, prevent unauthorized access, and ensure the integrity and availability of data
and systems.

Trusted systems are designed with a set of security principles and practices that are used to build a
system that can be trusted to operate securely. These principles include the following:

1. Least Privilege: Trusted systems are designed to provide users with the minimum level of
access necessary to perform their tasks. This principle ensures that users cannot accidentally or
intentionally access information or resources they are not authorized to use.
2. Defense in Depth: Trusted systems implement multiple layers of security controls to protect
against threats. This principle involves using a combination of physical, technical, and
administrative controls to create a comprehensive security solution.
3. Integrity: Trusted systems ensure that data and systems are not modified or altered in an
unauthorized manner. This principle ensures that data remains accurate and trustworthy over
time.
4. Confidentiality: Trusted systems protect sensitive information from unauthorized access. This
principle ensures that sensitive data remains private and confidential.
5. Availability: Trusted systems ensure that systems and data are available to authorized users
when needed. This principle ensures that critical information and systems are accessible and
operational at all times.

Trusted systems are built with a variety of technologies and techniques to ensure their security. These
include:

1. Hardware-based security: Trusted systems often rely on specialized hardware, such as

secure processors, to provide a secure environment for critical operations. These hardware-
based solutions can provide a high level of security and are often used in environments where
security is paramount.
2. Virtualization: Virtualization is a technique that is often used in trusted systems to create
multiple virtual machines running on a single physical machine. Each virtual machine can be
isolated from the others, providing an additional layer of security.
3. Multi-factor authentication: Trusted systems often use multi-factor authentication to verify
the identity of users. This involves requiring users to provide more than one form of
identification, such as a password and a smart card, before granting access.
4. Encryption: Trusted systems often use encryption to protect sensitive data. Encryption
involves converting data into a coded format that can only be decoded using a specific key.
5. Auditing: Trusted systems often use auditing to track and monitor system activity. Auditing
can help detect and prevent security breaches by identifying unusual or suspicious behavior.