Firewall—A firewall is a network security device, either hardware or

software-based, which monitors all incoming and outgoing traffic and

based on a defined set of security rules it accepts, rejects or drops that
specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
A firewall establishes a barrier between secured internal networks and
outside untrusted network, such as the Internet.In order to secure the
internal network from unauthorized traffic, we need a Firewall.Most traffic
which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and
destination address. Also, TCP and UDP have port numbers. ICMP uses
type code instead of port number which identifies purpose of that packet.
Working way——The firewall works on the filtering mechanism. Firewall
match the network traffic against the rule set defined in its table. Once the
rule is matched, associate action is applied to the network traffic. From the
perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the
outgoing traffic, originated from the server itself, allowed to pass. Still,
setting a rule on outgoing traffic is always better in order to achieve more
security and prevent unwanted communication.Incoming traffic is treated
differently. Most traffic which reaches on the firewall is one of these three
major Transport Layer protocols- TCP, UDP or ICMP. All these types have a
source address and destination address. Also, TCP and UDP have port
numbers. ICMP uses type code instead of port number which identifies
purpose of that packet.
Default policy: It is very difficult to explicitly cover every possible rule on
the firewall. For this reason, the firewall must always have a default policy.
Default policy only consists of action (accept, reject or drop).Suppose no
rule is defined about SSH connection to the server on the firewall. So, it
will follow the default policy. If default policy on the firewall is set to
accept, then any computer outside of your office can establish an SSH
connection to the server. Therefore, setting default policy as drop (or
reject) is always a good practice.
Types— 1.Hardware firewall: It is a physical device.It can be installed
between the modem and computer.It can be incorporated into a
broadband router being used to share the internet connection.Ut protects
the entire network.Usually more expensive and harder to configure.
Ex—Cisco pix,Netscreen etc.
2.Software firewall: It is a software application.It is installed onto the
computer system that you wish to protect.It protects a single
computer.This is usually the computer with modem attached to it.Usually
less expensive and easy to configure.
Ex—Norton internet security

Generation of Firewall—
Firewalls can be categorized based on its generation.
First Generation- Packet Filtering Firewall : Packet filtering firewall is used
to control network access by monitoring outgoing and incoming packet
and allowing them to pass or stop based on source and destination IP
address, protocols and ports. It analyses traffic at the transport protocol
layer (but mainly uses first 3 layers).
Packet firewalls treat each packet in isolation. They have no ability to tell
whether a packet is part of an existing stream of traffic. Only It can allow or
deny the packets based on unique packet headers.Packet filtering firewall
maintains a filtering table which decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be
Filtered according to following rules:

Incoming packets from network

192.168.21.0 are blocked.
Incoming packets destined for internal TELNET server (port 23) are
blocked.
Incoming packets destined for host 192.168.21.3 are blocked.
All well-known services to the network 192.168.21.0 are allowed.
Third Generation- Application Layer Firewall : A proxy firewall provides
security by controlling the information going in and out of the network.
Proxy firewall has its own IP (internet protocol) address so that internal
network never makes a direct connection with outside internet. Since it
monitors information at the application level, it is also known as
application firewall.How proxy firewall handles requests from the internal
network :
The proxy firewall acts as intermediary between trusted internal network
and outside internet.
If computers in internal network wish to make a connection with outside
internet, they first communicate with the proxy.Proxy then forwards data
from internal network to the internet and sends data received from
internet to internal network.In this way the proxy firewall shields internal
network from intruders in the outside internet and prevents direct
connections between internal network and internet.
Note: Application layer firewalls can also be used as Network Address
Translator(NAT).
**HTTP(protocol for sending and receiving web pages), SMTP(protocol for
email messages on the internet).

IPS(Intrusion Prevention System)—An intrusion prevention system

(IPS) is a network security and threat prevention tool.
An IPS is used to identify malicious activity, record detected threats, report
detected threats and take preventative action to stop a threat from doing
damage. An IPS tool can be used to continually monitor a network in real
time.There are a number of different threats that an IPS is designed to
prevent, including Denial of Service (DoS) attack,Distributed Denial of
Service (DDoS) attack,Various types of exploits,Worms,Viruses.
How it works: An intrusion prevention system is placed inline, in the flow
of network traffic between the source and destination, and usually sits just
behind the firewall.
The following are three common approaches for an IPS tool to protect
networks:
1.Signature-based detection-in which the IPS tool uses previously defined
attack signatures of known network threats. When an attack is initiated
that matches one of these signatures or patterns, the system takes
necessary action.
2.Anomaly-based detection-in which the IPS searches for unexpected
network behavior and blocks access to the host if an anomaly is detected;
and
3.Policy-based detection- in which the IPS first requires administrators to
make security policies -- when an event occurs that breaks a defined
security policy, an alert is sent to system administrators.
Intrusion Prevention System (IPS) is classified into 4 types:
1.Network-based intrusion prevention system (NIPS): It monitors the entire
network for suspicious traffic by analyzing protocol activity.
2.Wireless intrusion prevention system (WIPS): It monitors a wireless
network for suspicious traffic by analyzing wireless networking protocols.
3.Network behavior analysis (NBA): It examines network traffic to identify
threats that generate unusual traffic flows, such as distributed denial of
service attacks, specific forms of malware and policy violations.
4.Host-based intrusion prevention system (HIPS): It is an inbuilt software
package which operates a single host for doubtful activity by scanning
events that occur within that host.
Proxy server: A proxy server is a dedicated computer or a software
system running on a computer that accepts the incoming requests from
the client and forwards those requests to the destination server. It works
as a gateway between the end-user and the internet. It has its own IP
address.In other words, we can say that the proxy server allows us to
access any websites with a different IP address.The most important point
about a proxy server is that it does not encrypt traffic.
How proxy servers work: When a proxy server receives a request for an
Internet resource (such as a Web page), it looks in its local cache of
previously pages. If it finds the page, it returns it to the user without
needing to forward the request to the Internet. If the page is not in the
cache, the proxy server, acting as a client on behalf of the user, uses one of
its own IP addresses to request the page from the server out on the
Internet. When the page is returned, the proxy server relates it to the
original request and forwards it on to the user. **The most popular
reverse proxies are Varnish and Squid.
Advantages: 1. It improves the security and enhances the privacy of the
user. 2. It hides the identity (IP address) of the user. 3.It controls the traffic
and prevents crashes. 4.Protect our network from malware. 5.Allows
access to the restricted content.

Network redundancy—Network redundancy is a process for

implementing alternative devices, pathways and other components to a
business's network. Some professionals call network redundancy a disaster
recovery plan because it helps them strengthen various aspects of the
network to minimize the chances of errors, damage or shutdowns.
Benefits: 1. Improves business continuity— Implementing a network
redundancy plan allows businesses to protect their data from network
failures. Network redundancy plan provides alternate network device or
connection that helps when the network failure occurs to keep the
business online.These backup mechanisms ensure businesses can continue
serving customers.
2.Optimizes time and money— Unforeseen network failures can cost
businesses directly and indirectly by increasing the time and financial
resources they spend fixing the network failure. Network redundancy help
not to spend extra money and time.
3.Raises network uptime— Network uptime refers to how long a business's
network remains running.Network redundancy has backup mechanisms
that allow to run business for a long time
4. Improves company security—Network redundancy helps protect a
company against physical damage to a network.You also can better protect
an organization from cybersecurity threats with network redundancy
because they allow businesses to store data in secure clouds.

Network Load Balancer—The Network Load Balancing (NLB) feature

distributes traffic across several servers by using the TCP/IP networking
protocol.The load balancer ensures that servers are not overworked, and
redirects traffic to healthy servers when a single server goes
down.Network Load Balancers use variables such as destination ports and
IP addresses to distribute traffic. They function on OSI Layer 4.Each second
a Network Load Balancer handles up to millions of requests.
**NLB does not support Dynamic Host Configuration Protocol (DHCP). NLB
disables DHCP on each interface that it configures.
RED: It is a congestion avoidance mechanism.When router notices
that the queue is getting backlogged and then randomly drops
packets to avoid congestion.
The main three goals of RED are
1.avoidance of congestion
2. avoidance of global synchronization
3.avoidance of lockout