Table 1 - uploaded by Sonali Chandel
Content may be subject to copyright.
Source publication
With the tremendous amount of increase in cyber threats on the Internet, the security of data traveling over a network has become a significant concern for all the netizens. As a result, a large number of Internet users have started using firewalls and VPN (Virtual Private Network) to ensure more protection for their data on the go. Though mostly c...
Context in source publication
Context 1
... firewall usually is the first step to intercept an external attack to accomplish the adequate protection for computer network security [2]. Figure 1 [3] introduce the connection schematic of Firewall, Intranet, and the Internet. The essential features and primary functions of Firewalls are shown in Table 1 [3]. ...
Similar publications
A firewall as a network security perimeter device examines the incoming packets and compares them against a set of predefined rules. These rules that form the basis of the firewall"s policy is maintained in a list of permissions called the Access Control List (ACL). These access control lists are usually stored in some data structure and dictate wh...
Computer networks bring us not only the benefits, such as more computing power and better performance for a given price, but also some challenges and risks, especially in the field of system security. During the past two decades, significant effort has been put into network security research and several techniques have been developed for building s...
In order to have a complete network security system, besides firewall and anti-hack applications and devices, we need an intrusion detection system (IDS) to detect any attack passing through the firewall, antivirus, and other security devices. First, we review a few fundamental concepts of intrusion detection systems. In order to compare, we use a...
Citations
... • Sensitive data exposure: The user likely uses a VPN to protect his private Internet suring activities. However, most free and paid VPNs are equipped with third-party trackers who collect online activities and breach the privacy of users [44]. • Limitations of data usage: Top free VPNs limit the amount of data for their free accounts. ...
The use of Virtual Private Networks (VPNs) has witnessed an outstanding rise as they aim to provide confidentiality and anonymity to communication. Despite this enormous and ubiquitous usage, VPNs come with various security, misconfiguration
and performance related issues thereby hindering the users to take maximum advantage of this revolutionary technology. To address this concern, VPN users must choose the most secure and perfect VPN solution for the smooth functioning of daily life activities. Generally, no clear set of directions is available for assisting a common VPN user thereby accentuating the need to develop an elucidated and coherent checklist that thoroughly helps in evaluating any VPN based on its security, performance, auditing, and management function. This research comprehensively surveys VPN Technologies, its features, working principles, and compliance principles that evolved over the last two decades. Based on it, this research presents a new methodology in the form of a feature-enriched template to comprehensively analyze a VPN solution. Each VPN feature is given its score against the potential damage it may cause in case of failure and the probability of occurrence of that failure. In this way, the corporate sector and individual users can quantitatively and qualitatively grade available options while choosing a VPN and use it effectively.
... The exponential growth of security risks and dangers that exists outside of a network in the present times can strictly confirm the necessity for people to use and study different methods to prevent Distributed Denial of Service (DDoS). Several techniques to avoid or mitigate spoofing-based attacks, such as firewalls and Virtual Private Networks (VPN), protect computational resources from getting damaged, especially during high-volume flooding attacks [2]. A firewall is a hardware, software, or hybrid-based security mechanism that monitors and controls the flow of traffic between a trusted network and outside of it [3] [4]. ...
... Many security technologies in this architecture, focus on the transition between the external and internal network, by using firewall and VPN solutions. Howevern these security measures are not suitable to defend against the current threat landscape [8]. With the rise of ransomware [2] as a major threat to modern organisations, this conventional security architecture approach is no longer effective. ...
Common IT infrastructures are built with a perimeter firewall, that separates the internal from the external network environment. Systems within the internal network are considered as trusted by conventional security architectures, while everything outside is considered hostile. However, the IT Security threats within our modern IT environments are often targeting end devices, with attack vectors such as phishing. The consequences from this mismatch between security architecture and threat landscape, become apparent with the increasing number of infrastructures that are getting completely devastated by low level malware such as common ransomware. Modern security requirements demand an IT architecture, that mitigates the risk from compromised end devices. The zero trust architecture is an approach to solve this problem and relieve the conventional perimeter security architecture. This paper will present an approach for a new security architecture that uses modern zero trust solutions to mitigate the risks from common security threats and increase the usability at the same time by replacing passwords as authentication method with the FIDO2 Web Authentication standard.
... To protect network security, many network security protection methods are available, such as firewalls [3,4], vulnerability scanning [5,6], data encryption [7], and user authentication [8]. Although these methods can achieve security protection in traditional network environments, they are not perfectly suited for IoT network environments. ...
With the rapid development of information technology, the internet of things (IoT) technology has been integrated into most people’s daily life and work. However, the IoT must confront many new security challenges. Specifically, the increase in the variety of IoT-connected devices has diversified the network. Meanwhile, the high data rates and spectral efficiency offered by 5G cellular networks facilitates the increasing capacity of IoT network traffic. Therefore, network traffic data are characterized by an expanded large scale, wide diversity, and high dimensions, which greatly affects the functionality and efficiency of intrusion detection methods. Although the existing neural network-based intrusion detection methods partially resolve the above problems, they need to execute a lot of nonlinear transformations when learning and characterizing data, resulting in a large loss of feature information. To address this problem, in this paper, we first design a new neural network model based on the gate recurrent unit (GRU), namely, the supplement gate recurrent unit (SGRU). Compared with a traditional GRU, through loss compensation, a SGRU can reduce the loss of feature information caused by nonlinear transformations when learning and characterizing network traffic data. Then, we adopt the SGRU to propose a novel intrusion detection method to monitor the security of the network. Finally, we developed the corresponding prototype system and verified its performance. The experimental results demonstrate that our proposed intrusion detection method is more accurate than previous intrusion detection methods.
... The IEEE 802. 16 has two fundamental levels: MAC and the physical (PHY) layers [2]. With the significant progress in technology and because of WiMAX's characteristics, the security issue for WiMAX was very important for this network. ...
... This technology completely integrates the capabilities of both software and hardware in a computer network, allowing for active filtering and monitoring of possible network risks and attacks. The firewall is typically the first line of defence against an external attack, ensuring sufficient computer network security [16]. ...
WiMAX technology with up to 30 miles of coverage compared to other technologies is more vulnerable to jamming attacks, and therefore, the security issue was a major concern. The jamming attack affected the network by reducing throughput and increasing delay in different applications, several solutions and protocols were introduced for this issue. One of these solutions is a VPN that uses encryption algorithms for securing data transmission. Moreover, the network is integrated with the firewall to protect the server from any unauthorized access. Thus, the paper investigates the impact of VPN with the firewall for securing WiMAX using OPNET Modeler (v14.5) which was chosen as a suitable tool for simulating WiMAX networks. A VoIP application was applied with other applications in terms of sent/received traffic, delay and throughput. After running the OPNET simulation, the collected results showed that the existence of VPN with firewall increased throughput and decreased the delay which was caused by the jamming attack. The inclusion of the firewall will prevent any access to a specific application from the server but the VPN would allow access from a specific source (Base Station1) to access the server. The benefit of integrating VPN in the system is that the unauthorized client cannot access the server from any base station. This will provide more security for the system.
... Five kinds of firewalls and their weaknesses[20] ...
Internet technology has brought about significant improvement in economical drive thereby making automated processes the new norm. With this new technological drive comes the upsurge in criminal activities as technology has proved to be a densely crime-perpetrated territory. Operating Systems (OS) have had their fair share of this debacle with significant updates being pushed out regularly to mitigate threats. Particularly, the windows OS has the firewall feature which has been a huge success in Intrusion Prevention and Detection systems. The Windows 10 version of the OS will always have significant patches and updates regularly to mitigate security threats. However, there have been several techniques and experiments that proves that firewalls are not sufficient enough for system protection. Advanced techniques in firewall evasions are new generation firewall mechanisms with a combination of techniques usually used to bypass standard security tools, such as intrusion detection and prevention systems, which might detect a protection mechanism. This singular fact that the use of multiple combinations of simpler components is possible, hundreds of thousands of potential Advanced Evasion Techniques exists. This paper therefore takes an overview two of the most significant techniques when it comes to bypassing firewalls - HTTP Tunneling and Nmap Evasion. A comparative study of both techniques helps us look at their similarities and differences and future works.
... To reduce the attack surface of these services, network based restrictions are an important part of the architecture [54]. The effectiveness of network restriction measures are however not only difficult to measure and enforce [55], the increasingly dynamic applications environment of modern IT infrastructures also make it difficult to implement the required security policies reliably [56]. ...
... While a simple, internet facing application with minimal attack vectors may face a significant exposure, more complex systems that are shielded by additional measures to reduce the exposed attack vectors also introduce new attack vectors presented by the additional security measures [61]. The exact exposure presented by more complex remote network based applications, is hard to measure [62] and to enforce reliably [55], while additional restrictions to limit this exposure can also add additional attack vectors and complexity to the overall system, thus increasing the overall attack surface [61]. ...
... Using well established security boundaries, is therefore an important aspect of secure system design, as they affect the attack surface of a software system [76]. Common security boundaries in software systems include the previously discussed application based authentication [72] [48], network based authentication [55] and kernel based authentication [69] [18]. ...
The Linux kernel is one of the dominating operating systems used today. Like any complex system, the Linux kernel has a large attack surface that can include vulnerabilities. When adversaries exploit vulnerabilities in common software systems like the Linux kernel, the consequences can be severe. It is therefore crucial for the improvement of digital infrastructure security, to identify and mitigate software areas which are prone to be attacked. While there are already different approaches to assess and mitigate the attack surface of Linux, this research project aims to identify the risks associated with different Linux kernel components, by using software complexity metrics. The resulting measures can help identify highly complex kernel features to create secure kernel configurations.
... Security managers had to teach users how to use and deploy virtual private networks. Jingyao et al. (2019) observed that virtual private networks connected users separated by either geography or site remotely to their home or organization's network. Users should be proficient in how to deploy and use a virtual private network. ...
The goal of network defense mechanisms is to enable systems to actively detect and withstand attacks, reduce reliance on external security measures, and quickly recover and repair. This paper elaborates on relevant works from both passive defense and proactive defense perspectives. Our first contribution is to introduce strategies and technologies related to passive defense, discussing in detail access control strategies, identity authentication technologies, and firewall technologies. These technologies play a significant role in protecting computer systems and networks from unauthorized access and malicious activities. Addressing the limitations of passive defense, such as: difficult to resolve uncertainty attacks and passive self-defense, our second contribution is to introduce strategies and technologies related to proactive defense. Firstly, we provide a comparative introduction to moving target strategies, intrusion tolerance strategies, and mimic defense strategies. Secondly, based on the mimic defense strategy, we provide a detailed introduction to mimic routers and mimic server technologies, which simulate normal network traffic and service behavior to enhance system security. Moreover, we provide future prospects and suggest potential directions. These approaches can help protect computer systems and networks from various security threats and provide valuable insights for researchers and security professionals on how to address evolving threats.
