Network Security

ITNSA2-B11

Eduvos (Pty) Ltd (formerly Pearson Institute of Higher Education) is registered with the Department of Higher Education and Training as a private higher education institution under the
Higher Education Act, 101, of 1997. Registration Certificate number: 2001/HE07/008
 Network Security
ITNSA2-B11
Firewall Fundamentals, Implementations, Deployment
Considerations and Configuring Firewalls

With

Amakan Elisha Agoni

[email protected]

Lecture 1
Week 4
Learning outcomes
⚫ Define what a firewall is and its types.
⚫ Explain the concept of Ingress and Egress Filtering.
⚫ Analyse the differences between buying and building a firewall.
⚫ Plan and configure a firewall using pfSense.
⚫ Test and troubleshoot a firewall implementation.
⚫ Analyse security strategies for firewall deployments.
⚫ Explain the benefits and purposes of a reverse proxy.
⚫ Describe the role of monitoring and logging in firewall management.
⚫ Create firewall rules for inbound and outbound communications.
⚫ Evaluate limitations of firewalls and methods to improve performance.
⚫ Describe best practices for firewall management and security measures.
⚫ Analyse concerns related to tunneling through or across a firewall.
⚫ Explain the tools for managing and troubleshooting firewalls..
3
Introduction to Firewalls

4
Introduction
What is a firewall?

⚫ A firewall is a network security solution that protects your

network from unwanted traffic.
⚫ Firewalls block incoming malware based on a set of pre-
programmed rules. These rules can also prevent users
within the network from accessing certain sites and
programs.
⚫ Firewalls are based on the simple idea that network traffic
from less secure environments should be authenticated and
inspected before moving to a more secure environment.
⚫ This prevents unauthorized users, devices, and
applications from entering a protected network environment
or segment. Without firewalls, computers and devices in
your network are susceptible to hackers and make you an
easy target for attacks.

5
Introduction
History of a Firewall
⚫ Firewall security has been around since the 1980s. Originally, it only consisted of packet filters and
existed within networks designed to examine the packets of data sent and received between
computers. Since then, firewalls have evolved in response to the growing variety of threats:

6
 Categories of Firewall
⚫ A host-based or computer firewall protect just one
computer, or "host," and are typically deployed on home
or personal devices, often coming packaged with the
operating system.
⚫ Occasionally, though, these firewalls can also be used in • Network Firewall, on the other hand,
corporate settings to provide an added layer of protection. protect all devices and traffic passing a
demarcation point, enabling broad
scalability.
• As the name implies, a network firewall
functions at the network level, OSI
Layers 3 and 4, scanning traffic between
external sources and your local area
network (LAN), or traffic moving between
different segments inside the network.
• They are placed at the perimeter of the
network or network segment as a first
line of defense and monitor traffic by
performing deep packet inspection and
packet filtering.
7
How Does a Firewall Work?
⚫ Firewalls work by inspecting packets of data and checking
them for threats to enhance network security.
⚫ They can check the contents of the data, the ports it uses to
travel, and its origin to see if it poses a danger.
⚫ Further, next-generation firewalls (NGFWs) use machine
learning to detect patterns of data behavior that may signify
anomalous—and dangerous—activity.
⚫ These capabilities can prevent several kinds of attacks
such as:

❖ Backdoors
❖ Denial of Service
❖ Macros
❖ Remote Logins
❖ Spam
❖ Viruses

8
Components of a Firewall
⚫ A firewall consists of hardware and software that combine
to protect a section of a network from unwanted data.
⚫ A hardware firewall runs software installed inside it, and
software firewalls use your computer as the hardware
device on which to run.
⚫ Whether you have your own firewall or a managed firewall
run by a Firewall-as-a-Service (FWaaS) vendor,
components will be similar.

9
The hardware of a firewall
⚫ The hardware of a firewall has its own processor or device that runs the software capabilities of the
firewall. The software of a firewall consists of various technologies that apply security controls to the
data trying to go through the firewall. Some of these technologies include:

⚫ Real-time monitoring, which checks the traffic as it enters the firewall

⚫ Internet Protocol (IP) packet filters, which examine data packets to see if they have the potential to
contain threats
⚫ Proxy servers, which serve as a barrier between your computer or network and the internet. Requests
you send go to the proxy server first, which forwards your web request on. A proxy server can control
which websites users interact with, refusing to forward requests to sites that may pose a threat.
⚫ VPN, which is a type of proxy server that encrypts data sent from someone behind the firewall and
forward it to someone else
⚫ Network Address Translation (NAT) changes the destination or source addresses of IP packets as
they pass through the firewall. This way, multiple hosts can connect to the internet using the same IP
address.
10
The hardware of a firewall

⚫ Socket Secure (SOCKS) server that routes traffic to the server on the client’s behalf. This enables the
inspection of the client’s traffic.
⚫ Mail relay services, which takes email from one server and delivers it to another server. This makes it
possible to inspect email messages for threats.
⚫ Split Domain Name System (DNS), which allows you to dedicate internal usage of your network to
one DNS and external usage to another. The firewall can then monitor the traffic going to each server
individually
⚫ Logging, which keeps an ongoing log of activity. This can be reviewed later to ascertain when and how
threats tried to access the network or malicious data within the network attempted to get out.

11
Types of Firewalls
Here are some of the different
firewall types:

⚫ Packet layer
⚫ Circuit level
⚫ Application layer
⚫ Proxy server
⚫ Software firewalls

12
Types of Firewalls
Packet layer:
⚫ A packet layer analyzes traffic in the transport
protocol layer.
⚫ At the transport protocol layer, applications can
communicate with each other using specific
protocols: Transmission Control Protocol (TCP)
and User Datagram Protocol (UDP).
⚫ The firewall examines the data packets at this
layer, looking for malicious code that can infect
your network or device. If a data packet is
identified as a potential threat, the firewall gets
rid of it.

13
Types of Firewalls
Circuit level:
⚫ A firewall at the circuit level is positioned as a layer
between the transport layer and the application layer
of the TCP/Internet Protocol (TCP/IP) stack.
⚫ Thus, they work at the session layer of the Open
Systems Interconnection (OSI) model. In the TCP
model, before information can be passed from one
cyber entity to another, there needs to be a
handshake.
⚫ A circuit level firewall examines the data that passes
during this handshake.
⚫ The information in the data packets can alert a
firewall to potentially harmful data, and the firewall
can then discard it before it infects another computer
or system.

14
Types of Firewalls
Application layer:
⚫ An application layer firewall
makes sure that only valid data
exists at the application level
before allowing it to pass
through.
⚫ This is accomplished through a
set of application-specific
policies that allow or block
communications being sent to
the application or those the
application sends out.

15
Types of Firewalls
Proxy server:
⚫ A proxy server captures and examines
all information going into or coming out
of a network.
⚫ A proxy server acts like a separate
computer between your device and the
internet.
⚫ It has its own IP address that your
computer connects to.
⚫ As information comes in or goes out of
the proxy server, it is filtered, and
harmful data is caught and discarded.

16
Types of Firewalls
Software firewalls:
⚫ The most common kind of software
firewall can be found on most personal
computers.
⚫ It works by inspecting data packets that
flow to and from your device.
⚫ The information in the data packets is
compared against a list of threat
signatures.
⚫ If a data packet matches the profile of a
known threat, it is discarded.

17
Firewall Best Practices
What is firewall configuration? To ensure you get the most from your firewall, follow these
best practices. They will enable you to block more threats and better guard your system.

1. Block Traffic by Default

2. Specify Source IP Address, Destination IP Address, and Destination Port
3. Update Your Firewall Software Regularly
4. Conduct Regular Firewall Software Audits
5. Have a Centralized Management Tool for Multi-vendor Firewalls

18
Firewall vs. Antivirus
What is a firewall compared to antivirus software? While both firewalls and antivirus software
protect you from threats, the ways they go about doing so are different.

A firewall filters traffic that Antivirus software works by

enters and exits your network. scanning devices and storage
systems on your network looking
for threats that have already
penetrated your defenses. It then
gets rid of this malicious software.

19
Limitations of a Firewall
Firewalls can stop a wide range of threats, but they also
have the following limitations:

⚫ They can’t stop users from accessing information on

malicious websites after the user has already connected
to the website.
⚫ They don’t protect organizations from social
engineering.
⚫ If your system has already been infected, the firewall
cannot find the threat unless it tries to spread by
crossing through the firewall.
⚫ A firewall cannot prevent hackers from using stolen
passwords to access sensitive areas of your network.

20
Introduction to Filtering

21
Introduction to Filtering

⚫ A packet filtering firewall is the most basic type of

firewall that controls data flow to and from a network.
⚫ It is a network security solution that allows network
packets to move across between networks and controls
their flow using a set of user-defined rules, IP
addresses, ports, and protocols.
⚫ Packets are routed through the packet filtering firewall
only if they match predefined filtering rules; otherwise,
they are declined.

22
How Does Packet Filtering Firewall Work?
⚫ On packet-switched networks, packets are structured data units.
⚫ Because these networks break down communications into little bits, or packets, and transport them
independently across the network, they can be fault-tolerant.
⚫ Packages are reordered when they pass through the firewall and arrive at their destination in order to
show their information accurately.
⚫ Packet switching, when done effectively, maximizes network channel capacity, reduces transmission
latency and improves communication efficacy. Two significant components can be found in packets:

⚫ Headers: Packet headers are used to send data to the correct destination. They contain elements of
the internet protocol (IP), addressing, and any other information needed to deliver the packets to their
destination.
⚫ Payloads: Within the packet, the payload is the user data. This is the data that is attempting to reach
its destination.

23
How Does Packet Filtering Firewall Work?
Packet filtering firewall permits or denies network packets based on the following specifications:

⚫ Source IP Address: The address from which the packet is being sent.
⚫ Destination IP address: The destination address of the packet.
⚫ Protocol: The session and application protocols that are used to transfer data(TCP, UDP, ICMP).
⚫ Ports: Source and destination ports, ICMP types, and codes.
⚫ Flags: Flags in the TCP header, such as whether the packet is a connect request.
⚫ Direction: Incoming or outgoing.
⚫ Interface: Which physical interface(NIC) the packet is traversing.

24
How Does Packet Filtering Firewall Work?
⚫ It examines access control lists (ACLs) to separate packets based on upper-layer protocol ID, source
and destination port numbers, source and destination IP addresses, and packet transmission route.
⚫ The firewall looks for information in the IP, TCP, or UDP headers and then decides whether to allow
or block the packet based on the ACL.
⚫ Also, after comparing the information with the ACL, the firewall can allow fragment-type packets.

⚫ The packets' passing is totally dependent on the packet filtering firewall's choice.
⚫ It filters packets based on the security rules configured into the firewall.
⚫ Firewall administrators create packet filtering firewall rules to prevent packet transmission and only
allow packets that match specific IP addresses or ports.
⚫ They can create rules that allow just packets intended for their IT services to pass through while
rejecting all others.

25
What is Packet Filtering Used For?
⚫ Controlling and monitoring network data to
assure its validity and compliance is a key role
of packet filtering firewalls.
⚫ The performance of your systems may be
improved, valuable assets can be protected,
and operations can flow smoothly if you have
functional network security.
⚫ In most cases, packet filtering is an effective
defense against attacks from computers
outside of an internal network (LAN).
⚫ Packet filtering is considered a conventional
and cost-effective method of security because
most routing devices have incorporated filtering
capabilities.

26
Types of Filtering
There are four types of packet filtering listed below:

Dynamic packet filtering firewall:

⚫ This form of firewall is smarter because rules can be adjusted dynamically depending on the situation,
and ports are only open for a limited time before closing.

Static packet filtering firewall:

⚫ This form of firewall requires human configuration, with the connection between the external and
internal networks remaining open or closed at all times unless manually modified.

Stateless packet filtering firewall:

⚫ Stateless packet filtering firewalls are mostly for home internet users or service providers who deploy
low-power customer-premises equipment (CPE).

Stateful packet filtering firewall:

⚫ It employs a presettable to keep a secure connection, and packets pass through in the order that the
filter rules allow.
27
Advantages and Disadvantages of Packet Filtering
Firewall
Advantages
⚫ Highly effective and quick

⚫ Transparency

⚫ Cost-efficient

⚫ Easy-to-use

Disadvantages
⚫ Less Secure

⚫ Lack of Logging

⚫ Vulnerable to Address Spoofing

⚫ Difficult to Manage

⚫ Some protocols are incompatible with packet filtering

⚫ Some policies are difficult to enforce with standard packet filtering firewalls

28
Firewall Implementation and Firewall Deployment
Considerations

29
Firewall Implementation
what is network security assessment?

⚫ A network security assessment focuses on examining

the security aspect of a network. It is an audit or
examination of a network to find its weaknesses or
vulnerabilities.
⚫ It identifies network components that need immediate
security solution.
⚫ It is a process of identifying network components that
pose a security risk.. Another term for network security
assessment is vulnerability scanning.
⚫ A vulnerability scanner likewise is the same with a
network assessment tool.

30
Firewall Implementation Procedure
The National Institute of Standards and Technology (NIST) recommends a five-stage approach
that enterprises can adopt for robust firewall design and implementation:

⚫ Planning firewall design and implementation to meet security needs

⚫ Configuring firewalls in alignment with a firewall policy
⚫ Testing firewalls to optimize configurations
⚫ Deploying firewalls per enterprise security policies
⚫ Managing firewalls to maintain firewall effectiveness.

A managed security services provider (MSSP) will help you optimize firewall implementation to
meet your security needs and increase your ROI on cybersecurity.

31
Firewall Planning
This involves:

⚫ Proper device use – Firewall construction should account for firewall capabilities, ensuring
the right firewalls are used to filter network traffic through TCP/IP layers.

⚫ Security layers – Planning firewalls should create defense-in-depth via multiple security
layers.

⚫ Internal threat assessment – Firewall implementation for external threats can leave
organizations exposed to internal threats. All critical systems should be secured with internal
firewalls to minimize security risks such as malware.

⚫ Documentation of planning - All aspects of firewall planning should be documented

32
Firewall Configuration
The next phase of firewall design and implementation is configuring firewalls and integrating them into your
organization’s security architecture.

Installation of Firewall Hardware and Software

Once purchased, the installation of firewall components depends on whether the firewall is either software-
based, hardware-based, or both.

⚫ Installation of a software-based firewall requires the following components:

❖ Hardware housing the firewall
❖ Operating system supporting the firewall
❖ Firewall software

⚫ Installation of the software and hardware for firewalls should ensure:

❖ Management of firewalls is restricted to designated system administrators
❖ Network firewalls are installed in facilities that provide appropriate:
❖ Environmental requirements (e.g., humidity, power, space)
❖ Physical security to mitigate unauthorized access to firewalls
❖ Firewall clocks are synchronized with internal time sources for efficient log management
33
Firewall Testing
Testing should be conducted on a test network before releasing the firewall into live environments

Evaluation of firewalls during testing should address:

⚫ Connectivity – Firewalls should enable users to create and maintain network connections.
⚫ Ruleset alignment – Firewalls should align with the defined ruleset, ensuring:
⚫ Traffic prohibited by the firewall policy is not permitted through the firewalls
⚫ Traffic allowed by the firewall policy is permitted through the firewalls
⚫ Validation of the ruleset with the established rules working as expected
⚫ Compatibility – Firewalls should not interfere with or disrupt functionalities within existing applications
Management – Firewalls are easily and securely configured and managed by system administrators.
⚫ Logging – Event logging and data management align with the firewall policy.
⚫ Performance – Firewalls function optimally during normal and peak user demand.
⚫ Security – Firewalls should be tested to identify any vulnerabilities and gaps that can be exploited by
cybercriminals. Strategies for security evaluation include:
⚫ Threat and vulnerability assessment of the firewall technologies
⚫ Penetration testing to identify unknown security gaps
⚫ Interoperability – Firewall components function optimally when integrated, especially if acquired from
different vendors 34
Firewall Deployment
⚫ Deployment should align with the firewall policy and broader organization-wide security and change
management policies.
⚫ System users must be notified of planned deployment, with a reporting mechanism in place for any
firewall issues.
⚫ Changes to other system components connected to firewalls should be planned along with firewall
deployment.
⚫ Where multiple firewalls are deployed, gradual deployment can help identify and address any issues
before a large-scale, enterprise-wide installation.
⚫ Piloting firewall deployment can also help identify conflicts between firewall and security policies that
could affect overall implementation.
⚫ Integrating a firewall into the flow of network traffic should account for:
⚫ Other network elements interacting within the firewall
⚫ Modifications to router placements, if the firewall is acting as a router

35
Firewall Management
Lastly, firewall implementation requires management processes to keep firewalls running effectively.
For robust firewall performance, you can implement firewall management processes, including:

⚫ Routine testing and patch management of firewalls

⚫ Updating firewall policies following: Identification of new threats and Changes to security requirements
(e.g., the addition of hosts within networks)
⚫ Reviewing firewall policies to ensure compliance with organization-wide security policies
⚫ Monitoring of firewall performance to identify resource issues and minimize firewall disruptions
⚫ Ongoing monitoring of logs and alerts to identify threats and develop internal threat intelligence
capabilities
⚫ Backing up firewall rulesets and testing firewall rules where necessary to validate functionality
⚫ Logging all firewall policy decision-making, including changes to rulesets

36
Firewall Implementation with pfSense

37
Firewall Implementation with pfSense
⚫ Let's connect to the pfSense server via a browser:

⚫ Enter the credentials to log in to the pfSense server. Here, the admin user has logged in successfully.
⚫ We allocated an additional network interface to the virtual machine, but have not configured it yet. So,
let's take care of that now.

⚫ Click Interfaces on the top toolbar, and select LAN2. There you can configure the LAN2 with a static IP
address as you did for earlier LAN interface we configured previously.
⚫ After setting the configurations for LAN2, let's click the Apply Changes button to save the configuration.
You can see that the changes have been successfully saved. Let's go back to the main pfSense
Dashboard:

38
Firewall Implementation with pfSense

39
Setting up firewall rules
⚫ In the previous section, we enabled the firewall functionality within pfSense. Now it is time to configure
firewall rules:

⚫ Back in the pfSense WebGUI console, to set up rules for the firewall go to the Firewall menu and then
click Rules. Firewall rules are configured for each network interface. The following screenshot shows
the WAN tab:

40
Firewall Implementation with pfSense
Point to notice:
⚫ pfSense is flexible enough to allow for firewall rules for each individual network, rather than enforcing
these rules globally.
⚫ The rules follow a specific order.
⚫ The rules on these tabs process traffic in an inbound direction and are processed from the top down,
stopping at the first match.
⚫ Where no user-configured firewall rules match, the traffic is denied.

⚫ The firewall rules on the LAN interface, allowing the LAN subnet to access any destination, are
implemented by pfSense by default.

41
Firewall Deployment Considerations

42
Common Security Strategies for Firewall Deployments
⚫ Network firewalls provide an essential aspect of network security by monitoring traffic and preventing
unauthorized traffic from accessing systems.
⚫ Reliable network firewall security doesn’t automatically happen when an organization adds a firewall to
its IT ecosystem.
⚫ Here are six best practices for firewall configuration to improve network security and protect
organizations from malware and other types of attacks.

1. Configure Network Firewalls to Block Traffic by Default

⚫ Even when IT teams do their best to follow firewall configuration best practices, they risk missing
vulnerabilities that malicious actors can exploit.
⚫ Setting firewall security to block traffic by default helps address this problem.
⚫ When IT teams block all unknown traffic trying to access the network, they make it much more
challenging for unethical hackers to infiltrate the system.
43
Firewall Deployment Considerations
2. Follow the Principle of Least Privilege

⚫ Of course, some people will legitimately need access to an organization’s

network.
⚫ Organizations can configure their network firewall security to allow authorized
users, but that doesn’t mean that cybersecurity teams need to give them
unlimited access.
⚫ Each account should only have access to the files and tools necessary to do the
user’s job.

⚫ For example, an account belonging to a third-party vendor that fulfills orders only
needs access to information about purchased products and where to send them.
⚫ The vendor does not need any information about business processes, customer
payment records, or other sensitive data.
⚫ Following the principle of least privilege will ensure that all types of firewalls are
able to secure the network more effectively.

44
Firewall Deployment Considerations

3. Specify Source IP Addresses Unless Everyone

Needs Access

⚫ In rare cases, IT teams might want to give everyone

access to a part of the network.
⚫ In these cases, they can configure their source IP
addresses as ANY—for example, to let anyone visit a
business’s website.

⚫ If you don’t want everyone on the internet to have

access to a part of the network, however, specify the
source IP addresses.
⚫ Taking this step will limit the IP addresses to which
traffic can connect.

45
Firewall Deployment Considerations
4. Designate Specific Destination Ports

⚫ Always make sure that your

organization’s firewall network
configuration designates specific
destination ports for connected
services.
⚫ Perhaps a business has a destination
port that lets authorized users access
client contact information.
⚫ In that case, establish that destination
port as the source of that data and
only let authorized accounts connect
to it.

46
Firewall Deployment Considerations

5. Open the Firewall Ports That Users Expect

⚫ Take the time to learn which ports users expect

to find open when they try to access networks.
⚫ The ports that IT teams open will depend on a
few factors, such as the services and data that
users tend to access and the types of servers
and databases that the organization uses.
⚫ You can find more information about Microsoft
server ports here (Czechowski et al., 2022) and
Linux server ports here (Kumar, 2021).

47
Firewall Deployment Considerations
6. Designate Specific IP Address Destinations

⚫ Designating specific IP address destinations serves a

similar purpose as designating destination ports.
⚫ Organizations want to limit access to IP addresses to
prevent unauthorized traffic from entering their networks.

⚫ Additionally, this type of firewall network protection can

help prevent distributed Denial-of-Service (DDoS)
attacks.
⚫ DDoS attacks have become increasingly common,
especially in the United States, the United Kingdom, and
China (Sava, 2022).
⚫ Implementing defenses against this type of attack is key
to ensuring that customers, vendors, and employees can
maintain access to the network.
48
Reverse Proxy

49
Reverse Proxy
What is reverse proxy?

⚫ A reverse proxy is a server that sits in front of one or more web servers, intercepting requests from
clients.
⚫ This is different from a forward proxy, where the proxy sits in front of the clients.
⚫ With a reverse proxy, when clients send requests to the origin server of a website, those requests are
intercepted at the network edge by the reverse proxy server.
⚫ The reverse proxy server will then send requests to and receive responses from the origin server.

⚫ The difference between a forward and reverse proxy is subtle but important.
⚫ A simplified way to sum it up would be to say that a forward proxy sits in front of a client and ensures
that no origin server ever communicates directly with that specific client.
⚫ On the other hand, a reverse proxy sits in front of an origin server and ensures that no client ever
communicates directly with that origin server.

50
Reverse Proxy
Let’s illustrate by naming the
computers involved:

⚫ D: Any number of users’

home computers
⚫ E: This is a reverse proxy
server
⚫ F: One or more origin
servers

• Reverse proxy flow: traffic flows from user's device (D) to Internet to reverse proxy (E) to origin
server (F)

• Typically all requests from D would go directly to F, and F would send responses directly to D.
• With a reverse proxy, all requests from D will go directly to E, and E will send its requests to and
receive responses from F.
• E will then pass along the appropriate responses to D.
51
Reverse Proxy
Some of the benefits of a reverse proxy:

⚫ Load balancing
⚫ Protection from attacks
⚫ Global server load balancing (GSLB)
⚫ Caching
⚫ SSL encryption

52
Port Forwarding

53
Port Forwarding
What is Port Forwarding?

⚫ Port forwarding is a technique that allows external devices access to computers or other devices on a
private network.
⚫ By forwarding ports, you can direct incoming traffic from the Internet to specific devices on your
networks, such as a web server, email server, or gaming console.
⚫ Port forwarding can be used to improve the performance of certain applications by ensuring that traffic
is directed to the correct application server.
⚫ It can also be used to troubleshoot connection issues.

⚫ When configuring port forwarding, you will need to enter the IP address of the device to which you want
to forward traffic and the port to which you want to forward traffic.
⚫ You will also need to specify the protocol you want to use (usually TCP or UDP). Sometimes, you may
also need to specify the port range on which you want to forward traffic.
54
Port Forwarding
⚫ Port forwarding is typically used for applications that require high levels of security or performance,
such as email servers and gaming consoles.
⚫ It can also be used to bypass firewalls or other network security measures.
⚫ You should only use port forwarding if you are sure the application or device you are forwarding traffic
to can be trusted.

55
Pros of Port Forwarding
1. You can open access to certain services
⚫ For example, if you want to run a website or a gaming server, you will need to port forward. Without
port forwarding, the traffic would be blocked by your router's NAT firewall.

2. Increase in internet speed is one of the main pros of port forwarding

⚫ If you are using P2P applications like BitTorrent or uTorrent, then port forwarding can help increase
your download speeds. Opening specific ports allows your computer to communicate with other
devices more efficiently.

3. Improved online gaming performance

⚫ Similar to how port forwarding can increase your internet speed, it can also improve your online gaming
experience. You can reduce lag and enjoy a smoother gaming experience by opening up the correct
ports.

4. You can run a VPN server

⚫ If you want to connect to your home network from outside, you can do so by setting up a VPN server.
By port forwarding, you can enable incoming connections to your VPN server and enjoy a secure
connection.
56
Cons of Port Forwarding
1. You are opening up your network to attack
⚫ By opening up ports on your router, you are essentially creating holes in your NAT firewall. This means
that people outside your network can attempt to connect to those ports and potentially gain access to
your network.

2. Poor internet speed is among the rare cons of port forwarding

⚫ If you port forward too many ports or forward the wrong ports, you can decrease your internet speed.
This is because your router will have to process more data, leading to bottlenecks.

3. Port forwarding can be complex

⚫ Depending on your router, port forwarding can be a complex process. If you are unfamiliar with
networking, you may have difficulty setting up port forwarding on your router.

4. You may need to change your port forwarding settings frequently

⚫ If you use P2P applications or play online games regularly, you may need to change your port
forwarding settings frequently.
57
Security Event and Information Management
SEIM

58
Security Event and Information Management
⚫ Security information and event management, or SIEM, is
a security solution that helps organizations recognize
and address potential security threats and vulnerabilities
before they have a chance to disrupt business
operations.
⚫ SIEM systems help enterprise security teams detect user
behaviour anomalies and use artificial intelligence (AI) to
automate many of the manual processes associated with
threat detection and incident response.

⚫ The original SIEM platforms were log management tools,

combining security information management (SIM) and
security event management (SEM) to enable real-time
monitoring and analysis of security-related events, as
well as tracking and logging of security data for
compliance or auditing purposes.

59
Security Event and Information Management

How does SIEM work?

⚫ At the most basic level, all SIEM solutions perform some level of data aggregation, consolidation and
sorting functions in order to identify threats and adhere to data compliance requirements. While some
solutions vary in capability, most offer the same core set of functionality:

Log Management
⚫ SIEM ingests event data from a wide range of sources across an organization’s entire IT infrastructure,
including on-premises and cloud environments.

Event Correlation and Analytics

⚫ Utilizing advanced analytics to identify and understand intricate data patterns, event correlation
provides insights to quickly locate and mitigate potential threats to business security.

Incident Monitoring and Security Alerts

⚫ SIEM consolidates its analysis into a single, central dashboard where security teams monitor activity,
triage alerts, identify threats and initiate response or remediation.
60
 Week 4.

End of Week 4. Do Your Activity ASAP. Any Questions?.