Briefly define the terms below. For each definition include an example to demonstrate your understanding:
What is a Firewall, a Personal Firewall or a Network Firewall? Is a Proxy server the same or different to a Firewall?
Describe the activities that take place on the OSI layers when a user (for example: you) send/receive an email to/from another user (for example: your friend).
Define a DMZ (demilitarised zone) or a perimet er network.
Compare and contrast: SSL vs SSH, local (LAN) vs wide area network (WAN).
Compare and contrast: WEP, WPA & WPA2.
Optional:
Describe these networking devices: a hub, a switch, a repeater, a bridge, a router?
Define protocols: IP, DHCP, HTTP, FTP, SMTP, etc.
Describe Mac Address Filtering and how to use it to enhance wireless security
Firewall
A firewall is a hardware device or software utility that filters all computer traffic (either for a personal or network computer) through a internet connection. Firewalls act as a security barrier between different computers or networks which use rules, defined in the firewall policy, to decide who can access internet connections, the type of connections allowed to be established and what data can be transmitted.
Network routers are an example of a hardware device firewall which once configured, monitors and controls all traffic providing a robust level of protection and security.
Software firewalls are often found bundled in internet security packages including Norton, McAfee, Avira, etc, and offer strong protection and intrusion detection.
Is a Proxy server the same or different to a Firewall?
Firewalls and proxy servers are similar technologies that serve as gateways for filtering data packets on a network. However these technologies are not identical.
The primary purpose of a firewall is to act as a filter against a malicious connection request from the internet (or another public network) to protect an internal network. from unauthorised access.
In contrast, a proxy server’s main function is as a relay to facilitate the connection between two computers while providing anonymity to internet users. The proxy server contacts the site the user wants to visit, with the user’s IP address and other credentials remaining confidential.
References:
1. http://www. computerhope.com/jargon/f/firewall.htm
2. https://www. microsoft.com/en-us/safety/pc-security/firewalls-whatis.aspx
Describe the activities that take place on the OSI layers when a user (for example: you) send/receive an email to/from another user (for example: your friend).
Layer 1: Physical (lowest layer)
Layer 2: Data Link
Layer 3: Network
Layer 4: Transport
Layer 5: Session
Layer 6: Presentation
Layer 7: Application (highest layer)
Figure: The 7 Layers of the OSI Model.
Source: http://www.webopedia.com/quick_ref/OSI_Layers.asp
The physical layer, conveys bit stream e-mail data through the electrical and mechanical levels of the network. It determines the mode of transmission ( digital or analogue) and defines the mechanical, optical, electrical and other physical device aspects to the hardware necessary to facilitate the data’s movement. The data is hence passed onto Level 2, the Data Link Layer.
The data link layer is comprised of two parts: the Logical Link (LLC) layer and the Media Access Control (MAC) layer. The LLC layer manages flow control, error checking and frame synchronisation allowing the layers above to assume virtually error-free data transmission.
The MAC layer manages computer data access and transmission protocols and permissions.
Apart from framing, data link layers also includes mechanisms to detect and correct transmission errors. Hence the e-mail is checked and verified as suitable for transmission. The data is ready to progress onto Level 3, the Network Layer.
To this point Layers 1 and 2 have dealt with data passing between computer on the same network. The Network layer software initiates, maintains and terminates connections across relay networks in routing the e-mail to its final destination. It controls how the e-mail’s movement is managed over inter-connected networks deciding the physical paths for the data’s transmission based on the network options available.
The Network layer provides the functional and procedural means of transferring variable length data sequences from one node to another connected to the same “network”.Routing, forwarding, error handling, traffic control, packet sequencing and addressing are all functions of this layer.
Layer 4, the Transportation layer, provides the functional and procedural means of transferring variable-length data sequences from a source to a destination host via one or more networks, while maintaining the quality of service functions. The transport layer functions like a post office, which deals with the dispatch and classification of mail sent. It provides transparent data transfer between hosts and is responsible for ensuring complete data transfer, flow control and end-to-end error recovery of the e-mail’s transmission.
The Session Layer establishes and manages secure transmission control processes between computers, called sessions, to allow local and remote network communication. In this fashion the e-mail is given to different networks for delivery until it reaches its final destination.
The Presentation layer, provides independence from different application syntax and encryption protocols used during the e-mail’s transmission. It freely translates between application and network formats to eliminate compatibility issues by performing data conversions and compression, character code translation or the encryption/decryption of data.
OSI Model Layer 7, supports end-user software applications and processes. The OSI application layer and the user interact directly with the software application to facilitate communicating protocols including the identification of communication partners, quality of service, user authentication is confirmed and any constraints on data or access are identified. Once the necessary procedures are successfully completed the e-mail is available for my friend’s receipt.
1. http://www.webopedia.com/quick_ref/OSI_Layers.asp
DMZ (demilitarised zone) or a Perimeter Network
References:
2. https://technet.microsoft.com/en-us/library/cc961351.aspx
Compare and contrast SSL vs SSH.
SSL (Secure Sockets Layer) is a common security protocol for establishing an encrypted link between a web server and browser to ensure that data passed between the computers remains secure.
SSH (Secure Shell) is an encrypted protocol allowing secure network communications over an unsecured network and is commonly used for remote login to computer systems.
Both SSL and SSH are similar technologies, providing protocols to establish a secure communication tunnel for confidential data transmission between remote computers. In comparing security attributes, both SSL and SSH have strong similarities with both providing client and server authentication, data-in-motion encryption and data integrity procedures but these similarities also make both technologies vulnerable to the same type of cyber-attack.
One of the most noticeable differences between SSL and SSH is that SSL normally uses X.509 digital certificates for client/server authentication, SSH does not. As SSL uses digital certificates, it requires the presence of a public key infrastructure (PKI) and the involvement of a certificate authority. However if SSL used self-signed certificates then once again the two technologies become very similar as the requirement of a certificate authority is no longer necessary.
Another difference is that SSH has more functionality. For example, SSH provides independent user login to a server and remote command execution. SSL cannot provide this capability unless paired with other protocols such as FTP or WebDAV.
Also, SSH comes with a set of protocols for procedures occurring inside the tunnel readily supporting multiplexing transfers, password authentication, terminal management, etc. When such protocols are implemented in SSL they are not considered to be part of SSL but rather a part of a third party technology. For example password-based HTTP authentication in a SSL tunnel, is considered part of “HTTPS”, although in practice it works in a similar manner to SSH.
Subsequently, SSL and SSH are used to accomplish different tasks, due to what tools historically came with the different technologies for implementing protocol rather than security related differences.
References:
1. http://info.ssl.com/article.aspx?id=10241
2. http://www.webopedia.com/TERM/C/cryptography.html
3. http://www.differencebetween.net/technology/difference-between-ssh-and-ssl/
Compare and contrast local (LAN) vs wide area network (WAN).
LAN (Local Area Network) and WAN (Wide Area Network) are network paradigms that facilitate connectivity between computers. LANs are for small scale, local networking requirements as would be found in homes, small businesses and within smaller institutions. WANs are for large scale networking requirements as would be necessary for cities, rural areas, states or nations.
A comparison and contrast between LANs and WANs is provided in the table below.
(Source: http://www.diffen.com/difference/LAN_vs_WAN).
|
LAN verses WAN Comparison Table |
||
|
LAN |
WAN |
|
| Data Transmission Errors | Experiences fewer data transmission errors | Experiences more data transmission errors as compared to LAN |
| Ownership | Typically owned, controlled, and managed by a single person or organization. | WANs (like the Internet) are not owned by any one organization but exist under collective ownership and management over long distances. |
| Establishment Costs | If there is a need to set-up a couple of extra devices on the network, it is not very expensive to do that. | For WANs since networks in remote areas have to be connected the set-up costs are higher. However WANs using public networks can be setup very cheaply using just VPN software. |
| Geographical Spread | Have a small geographical range and do not need any leased telecommunication lines | Have a large geographical range generally spreading across boundaries and need leased telecommunication lines |
| Maintenance Costs | Because it covers a relatively small geographical area, LAN is easier to maintain at relatively low costs. | Maintaining WAN is difficult because of its wider geographical coverage and higher maintenance costs. |
| Bandwidth | High bandwidth is available for transmission. | Low bandwidth is available for transmission. |
| Congestion | Less congestion | More congestion |
| Covers | Local areas only (e.g., homes, offices, schools) | Large geographic areas (e.g., cities, states, nations) |
| Speed | High speed (1000 mbps) | Less speed (150 mbps) |
| Data transfer Rates | LANs have a high data transfer rate. | WANs have a lower data transfer rate compared to LANs. |
| Technology | Tend to use certain connectivity technologies, primarily Ethernet and Token Ring | WANs tend to use technologies like MPLS, ATM, Frame Relay and X.25 for connectivity over longer distances |
| Connection | A LAN can be connected to other LANs over any distance via telephone lines and radio waves. | Computers connected to a wide-area network are often connected through public networks, such as the telephone system or satellites. |
| Components | Layer 1 devices like hubs and repeaters. Layer 2 devices like switches and bridges. | Layers 3 devices Routers, Multi-layer Switches and Technology specific devices like ATM. |
| Fault Tolerance | LANs tend to be more robust to faults as they consist of small numbers of systems. | WANs tend to be less robust to faults as they consist of large numbers of systems. |
References:
1. http://www.diffen.com/difference/LAN_vs_WAN
2. http://www.omnisecu.com/basic-networking/lan-and-wan-local-area-network-and-wide-area-network.php
Compare and contrast WEP, WPA & WPA2.
WEP, WPA, and WPA2 are acronyms that refer to different wireless encryption protocols intended to secure data transmitted over a wireless network.
WEP (Wired Equivalent Privacy), launched in the late 1990s, was the first protocol intended to secure data transmitted over a wireless network. Due to serious security vulnerabilities WEP was superseded by WPA (WiFi Protected Access) in 2003.
Significant changes implemented with WPA included the Temporal Key Integrity Protocol (TKIP) and data integrity checks (determining if data packets had been altered in transit). WPA used 256-bit keys, which were a significant improvement over the 64-bit and 128-bit keys used in the WEP system.
In 2006 WPA2 replaced WPA as the latest security protocol, implementing the stronger AES encryption algorithm and introduced AES-CCMP Protocol (Counter Cipher Mode with Block Chaining Message Authentication Code) as a replacement for TKIP.
Unfortunately, the same vulnerability that affected the WPA protocol, the attack vector through the WiFi Protected Setup (WPS), remains in modern WPA2-capable access points. Although breaking into a WPA/WPA2 secured network using this vulnerability requires physical device access and up to 14 hours of sustained effort using a modern computer.
References:
dsjboiancertiv2017technicaljournal.wordpress.com 