UNIT-6

NETWORK SECURITY

WHAT IS A COMPUTER VIRUS?

A computer virus is a program which can harm our device and files and infect
them for no further use. When a virus program is executed, it replicates itself by
modifying other computer programs and instead enters its own coding. This
code infects a file or program and if it spreads massively, it may ultimately
result in crashing of the device.
Across the world, Computer viruses are a great issue of concern as they can
cause billions of dollars’ worth harm to the economy each year.

Since the computer virus only hits the programming of the device, it is not
visible. But there are certain indications which can help you analyse that a
device is virus-hit. Given below are such signs which may help you identify
computer viruses:

• Speed of the System – In case a virus is completely executed into your

device, the time taken to open applications may become longer and the
entire system processing may start working slowly
• Pop-up Windows – One may start getting too many pop up windows on
their screen which may be virus affected and harm the device even more
• Self Execution of Programs – Files or applications may start opening in
the background of the system by themselves and you may not even know
about them
• Log out from Accounts – In case of a virus attack, the probability of
accounts getting hacked increase and password protected sites may also
get hacked and you might get logged out from all of them
• Crashing of the Device – In most cases, if the virus spreads in maximum
files and programs, there are chances that the entire device may crash and
stop working

The first thing which you might notice in case of virus attack is the speed with
which your system shall process. And then gradually other changes can also be
observed.

TYPES OF COMPUTER VIRUS

Discussed below are the different types of computer viruses:

• Boot Sector Virus – It is a type of virus that infects the boot sector of
floppy disks or the Master Boot Record (MBR) of hard disks. The Boot
sector comprises all the files which are required to start the Operating
system of the computer. The virus either overwrites the existing program
or copies itself to another part of the disk.
 • Direct Action Virus – When a virus attaches itself directly to a .exe or
.com file and enters the device while its execution is called a Direct
Action Virus. If it gets installed in the memory, it keeps itself hidden. It is
also known as Non-Resident Virus.
• Resident Virus – A virus which saves itself in the memory of the
computer and then infects other files and programs when its originating
program is no longer working. This virus can easily infect other files
because it is hidden in the memory and is hard to be removed from the
system.
• Multipartite Virus – A virus which can attack both, the boot sector and
the executable files of an already infected computer is called a
multipartite virus. If a multipartite virus attacks your system, you are at
risk of cyber threat.
• Overwrite Virus – One of the most harmful viruses, the overwrite virus
can completely remove the existing program and replace it with the
malicious code by overwriting it. Gradually it can completely replace the
host’s programming code with the harmful code.
• Polymorphic Virus – Spread through spam and infected websites, the
polymorphic virus are file infectors which are complex and are tough to
detect. They create a modified or morphed version of the existing
program and infect the system and retain the original code.
• File Infector Virus – As the name suggests, it first infects a single file
and then later spreads itself to other executable files and programs. The
main source of this virus are games and word processors.
• Spacefiller Virus – It is a rare type of virus which fills in the empty
spaces of a file with viruses. It is known as cavity virus. It will neither
affect the size of the file nor can be detected easily.
• Macro Virus – A virus written in the same macro language as used in the
software program and infects the computer if a word processor file is
opened. Mainly the source of such viruses is via emails.

How To Protect Your Computer from Virus?

The most suitable way of making your computer virus-free is by installing an
Anti-virus software. Such software help in removing the viruses from the device
and can be installed in a computer via two means:
• Online download
• Buying an Anti-virus software and installing it

Further below, we bring to you details as to what anti-virus is and what are its
different types along with a few examples.
WHAT IS AN ANTI-VIRUS?

An anti-virus is a software which comprises programs or set of programs which

can detect and remove all the harmful and malicious software from your device.
This anti-virus software is designed in a manner that they can search through
the files in a computer and determine the files which are heavy or mildly
infected by a virus.

HOW DOES ANTIVIRUS WORK?

Antivirus software begins operating by checking your computer programs and

files against a database of known types of malware. Since new viruses are
constantly created and distributed by hackers, it will also scan computers for the
possibility of new or unknown types of malware threats.

Typically, most programs will use three different detection devices: specific
detection, which identifies known malware; generic detection, which looks for
known parts or types of malware or patterns that are related by a common
codebase; and heuristic detection, which scans for unknown viruses by
identifying known suspicious file structures. When the program finds a file that
contains a virus, it will usually quarantine it and/or mark it for deletion, making
it inaccessible and removing the risk to your device.
Given below is a list of few of the major antivirus software which is most
commonly used:
• Norton Antivirus
• F-Secure Antivirus
• Kaspersky Antivirus
• AVAST Antivirus
• Comodo Antivirus
• McAfee Antivirus

These are few of the many anti-virus software widely used to remove viruses
from a device.

WHAT IS FIREWALL?

Firewalls prevent unauthorized access to networks through software or

firmware. By utilizing a set of rules, the firewall examines and blocks incoming
and outgoing traffic.
Fencing your property protects your house and keeps trespassers at bay;
similarly, firewalls are used to secure a computer network. Firewalls
are network security systems that prevent unauthorized access to a network. It
can be a hardware or software unit that filters the incoming and outgoing traffic
within a private network, according to a set of rules to spot and
prevent cyberattacks.

Firewalls are used in enterprise and personal settings. They are a vital
component of network security. Most operating systems have a basic built-in
firewall. However, using a third-party firewall application provides better
protection.

HISTORY OF FIREWALL

Network firewalls have evolved over the years to address several threats in the
security landscape. Firewalls will remain crucial to organizations and society.
So, let’s look at a brief history of firewalls.
• 1989 - Birth of packet filtering firewalls
• 1992 - First commercial firewall DEC SEAL
• 1994 - First of the stateful firewalls appear
• 2004 - IDC coins the term UTM (unified threat management)
• 2009 - Next Generation Firewall (NGFW) was introduced by Gartner

WHY ARE FIREWALLS IMPORTANT?

Firewalls are designed with modern security techniques that are used in a wide
range of applications. In the early days of the internet, networks needed to be
built with new security techniques, especially in the client-server model, a
central architecture of modern computing. That's where firewalls have started to
build the security for networks with varying complexities. Firewalls are known
to inspect traffic and mitigate threats to the devices.

KEY USES OF FIREWALLS

• Firewalls can be used in corporate as well as consumer settings.
• Firewalls can incorporate a security information and event
management strategy (SIEM) into cybersecurity devices concerning
modern organizations and are installed at the network perimeter of
organizations to guard against external threats as well as insider
threats.
• Firewalls can perform logging and audit functions by identifying
patterns and improving rules by updating them to defend the
immediate threats.
• Firewalls can be used for a home network, Digital Subscriber Line
(DSL), or cable modem having static IP addresses. Firewalls can easily
filter traffic and can signal the user about intrusions.
• They are also used for antivirus applications.
• When vendors discover new threats or patches, the firewalls update the
rule sets to resolve the vendor issues.
 • In-home devices, we can set the restrictions using Hardware/firmware

FUNCTIONS OF FIREWALL

• The most important function of a firewall is that it creates a border

between an external network and the guarded network where the
firewall inspects all packets (pieces of data for internet transfer)
entering and leaving the guarded network. Once the inspection is
completed, a firewall can differentiate between benign and malicious
packets with the help of a set of pre-configured rules.
• The firewall abides such packets, whether they come in a rule set or
not, so that they should not enter into the guarded network.
• This packet form information includes the information source, its
destination, and the content. These might differ at every level of the
network, and so do the rule sets. Firewalls read these packets and
reform them concerning rules to tell the protocol where to send them.

HOW DOES A FIREWALL WORK?

As mentioned previously, firewalls filter the network traffic within a private

network. It analyses which traffic should be allowed or restricted based on a set
of rules. Think of the firewall like a gatekeeper at your computer’s entry point
which only allows trusted sources, or IP addresses, to enter your network.
A firewall welcomes only those incoming traffic that has been configured to
accept. It distinguishes between good and malicious traffic and either allows or
blocks specific data packets on pre-established security rules.
These rules are based on several aspects indicated by the packet data, like their
source, destination, content, and so on. They block traffic coming from
suspicious sources to prevent cyberattacks.

For example, the image depicted below shows how a firewall allows good
traffic to pass to the user’s private network.

Fig: Firewall allowing Good Traffic

However, in the example below, the firewall blocks malicious traffic from
entering the private network, thereby protecting the user’s network from being
susceptible to a cyberattack.

Fig: Firewall blocking Bad Traffic

This way, a firewall carries out quick assessments to detect malware and other
suspicious activities.
There are different types of firewalls to read data packets at different network
levels. Now, you will move on to the next section of this tutorial and understand
the different types of firewalls.

TYPES OF FIREWALLS

A firewall can either be software or hardware. Software firewalls are programs

installed on each computer, and they regulate network traffic through
applications and port numbers. Meanwhile, hardware firewalls are the
equipment established between the gateway and your network. Additionally,
you call a firewall delivered by a cloud solution as a cloud firewall.
There are multiple types of firewalls based on their traffic filtering methods,
structure, and functionality. A few of the types of firewalls are:

• Packet Filtering
A packet filtering firewall controls data flow to and from a network. It allows or
blocks the data transfer based on the packet's source address, the destination
address of the packet, the application protocols to transfer the data, and so on.

• Proxy Service Firewall

This type of firewall protects the network by filtering messages at the
application layer. For a specific application, a proxy firewall serves as the
gateway from one network to another.
 • Stateful Inspection
Such a firewall permits or blocks network traffic based on state, port, and
protocol. Here, it decides filtering based on administrator-defined rules and
context.

• Next-Generation Firewall
According to Gartner, Inc.’s definition, the next-generation firewall is a deep-
packet inspection firewall that adds application-level inspection, intrusion
prevention, and information from outside the firewall to go beyond
port/protocol inspection and blocking.

• Unified Threat Management (UTM) Firewall

A UTM device generally integrates the capabilities of a stateful inspection
firewall, intrusion prevention, and antivirus in a loosely linked manner. It may
include additional services and, in many cases, cloud management. UTMs are
designed to be simple and easy to use.

• Threat-Focused NGFW
These firewalls provide advanced threat detection and mitigation. With network
and endpoint event correlation, they may detect evasive or suspicious behavior.

ADVANTAGES OF USING FIREWALLS

Now that you have understood the types of firewalls, let us look at the
advantages of using firewalls.
• Firewalls play an important role in the companies for security
management. Below are some of the important advantages of using
firewalls.
• It provides enhanced security and privacy from vulnerable services. It
prevents unauthorized users from accessing a private network that is
connected to the internet.
• Firewalls provide faster response time and can handle more traffic
loads.
• A firewall allows you to easily handle and update the security
protocols from a single authorized device.
• It safeguards your network from phishing attacks.

HOW TO USE FIREWALL PROTECTION?

To keep your network and devices safe, make sure your firewall is set up and
maintained correctly. Here are some tips to help you improve your firewall
security:
 • Constantly update your firewalls as soon as possible: Firmware patches
keep your firewall updated against any newly discovered
vulnerabilities.
• Use antivirus protection: In addition to firewalls, you need to use
antivirus software to protect your system from viruses and other
infections.
• Limit accessible ports and host: Limit inbound and outbound
connections to a strict whitelist of trusted IP addresses.
• Have active network: To avoid downtime, have active network
redundancies. Data backups for network hosts and other critical
systems can help you avoid data loss and lost productivity in the case
of a disaster.

APPLICATION LAYER AND PROXY FIREWALLS

Proxy firewalls can protect the application layer by filtering and examining the
payload of a packet to distinguish valid requests from malicious code disguised
as valid requests for data. Proxy firewalls prevent attacks against web servers
from becoming more common at the application layer. Besides, proxy firewalls
give security engineers more control over network traffic with a granular
approach.
On the other hand, application layer filtering by proxy firewalls enables us to
block malware, and recognize the misused amongst various protocols such as
Hypertext Transfer Protocol(HTTP), File Transfer Protocol (FTP), certain
applications, and domain name system(DNS).

THE IMPORTANCE OF NAT AND VPN

NAT and VPN are both basic network translation functions in firewalls.
• Nat (Network Address Translation)
• It hides or translates internal client or server IP addresses that are
usually in a “private address range”. It is defined in RFC 1918 as a
public IP address.
• NAT preserves the limited number of IPv4 addresses and also defends
against network reconnaissance as the IP address from the Internet is
hidden.
• VPN (Virtual Private Network)
• VPN is used to extend a private network across a public network inside
a tunnel that can be often encrypted. However, the contents inside the
packets are protected especially when they are traversing the Internet.
• VPN enables users to safely send and receive data across shared or
public networks.
NEXT GENERATION FIREWALLS (NGFW)

Next-Generation Firewalls are used to inspect packets at the application level of

the TCP/IP stack, enabling them to identify applications such as Skype, or
Facebook and enforce security policies concerning the type of application.
Next-Generation Firewalls also include sandboxing technologies, and threat
prevention technologies such as intrusion prevention systems (IPS), or antivirus
to detect and prevent malware and threats in the files.
Vulnerabilities

• Insider Attacks
Insider attacks involve activities such as the transmission of sensitive data in
plain text, resource access outside of business hours, sensitive resource access
failure by the user, third-party users' network resource access, etc.

• Distributed Denial of Service (DDoS) Attacks

Distributed denial of service (DDoS) attack is a malicious attempt to disrupt
normal traffic of a targeted network by overwhelming the target or its
surrounding infrastructure with a flood of traffic. The DDoS attack is used to
mitigate the difference between an attack and normal traffic. Nevertheless, the
traffic in this attack type can come from seemingly legitimate sources that
require cross-checking and auditing from several security components.

• Malware
Malware threats are usually difficult due to their varied, complex, and
constantly evolving nature. These days, with the rise of IoT, networks are
becoming more complex and dynamic so that sometimes it becomes difficult for
firewalls to defend against malware.

• Patching/Configuration
Patching/Configuration is a firewall with a poor configuration or a missed
update from the vendor that may damage network security. Thus, IT admins
need to be very proactive concerning their maintenance of security components.
The Future of Network Security
In the last few years, virtualization and trends in converged infrastructure
created more east-west traffic and the largest volume of traffic in a data center is
moving from server to server. Some enterprise organizations have migrated
from the traditional three-layer data center architectures to various forms of
leaf-spine architectures in order to with this change. This change in architecture
made some security experts warn that firewalls have an important role to play to
keep the network secure in a risk-free environment. Thus, the importance and
future of firewalls have no end. However, there may be many advanced
alternatives to firewalls in the future.
DIFFERENCE BETWEEN A FIREWALL AND ANTIVIRUS
Firewall
• A firewall is essential software or firmware in network security that is
used to prevent unauthorized access to a network.
• It is used to inspect the incoming and outgoing traffic with the help of
a set of rules to identify and block threats by implementing it in
software or hardware form.
• Firewalls can be used in both personal and enterprise settings, and
many devices come with one built-in, including Mac, Windows, and
Linux computers.
Antivirus
• Antivirus is also an essential component of network security. It is
basically an application or software used to provide security from
malicious software coming from the internet.
• An antivirus working is based upon 3 main actions, Detection,
Identification, and Removal of threats.
• Antivirus can deal with external threats as well as internal threats by
implementing only through software.

LIMITATIONS OF A FIREWALL
• Firewalls are not able to stop the users from accessing the data or
information from malicious websites, making them vulnerable to
internal threats or attacks.
• It is not able to protect against the transfer of virus-infected files or
software if security rules are misconfigured, against non-technical
security risks (social engineering)
• It does not prevent misuse of passwords and attackers with modems
from dialing in to or out of the internal network.
• Already infected systems are not secured by Firewalls.