Partido State University

Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

AUTHENTICATION PROTOCOL

What is a Firewall?
 Sometimes called a network firewall.
 Is a cybersecurity tool that is used to filter traffic on a network.
 Can be used to separate network nodes from external traffic sources, internal traffic
sources, or even specific applications.
 Firewalls can be software, hardware, or cloud−based, with each type of firewall having
its own unique pros and cons.
 The primary goal of a firewall is to block malicious traffic requests and data packets
while allowing legitimate traffic through.

https://computer.howstuf fworks.com/firewall.htm

Access Control
 Security technique that regulates who or what can view or
use resources in a computing environment.
 A fundamental concept in security that minimizes risk to the business or
organization.
 Perform identification authentication and authorization of users and entities
by evaluating required login credentials that can include passwords, personal
identification numbers (PINs), biometric scans, security tokens or other
authentication factors.
o Multifactor authentication (MFA), which requires two or more
authentication factors, is often an important part of a layered defense
to protect access control systems.

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

Two types of access control:

1. Physical access − Physical access control limits access to campuses, buildings,
rooms and physical IT assets.
2. Logical access − control limits connections to computer networks, system files
and data.

Why is access control important?

 Minimize the security risk of unauthorized access to physical and logical

systems.
 Access control is a fundamental component of security compliance programs
that ensures security technology and access control policies are in place to
protect confidential information, such as customer data.
 Access control systems are complex and can be challenging to manage in
dynamic IT environments that involve on−premises systems and cloud
services.
 After some high−profile breaches, technology vendors have shifted away from
single sign−on (SSO) systems to unified access management, which offers
access controls for on−premises and cloud environments.

The main models of access control are the following:

 Mandatory access control (MAC). This is a security model in which access

rights are regulated by a central authority based on multiple levels of security.
Often used in government and military environments, classifications are
assigned to system resources and the operating system (OS) or security
kernel. For example, Security Enhanced Linux (SELinux) is an implementation
of MAC on the Linux OS.

 Discretionary access control (DAC). This is an access control method in which

owners or administrators of the protected system, data or resource set the
policies defining who or what is authorized to access the resource. Many of
these systems enable administrators to limit the propagation of access rights.

 Role-based access control (RBAC). This is a widely used access control

mechanism that restricts access to computer resources based on individuals
or groups with defined business functions −− e.g., executive level, engineer
level 1, etc. −− rather than the identities of individual users.
o Rule-based access control. This is a security model in which the
system administrator defines the rules that govern access to resource

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

objects. Often, these rules are based on conditions, such as time of

day or location.
o Attribute-based access control (ABAC). This is a methodology that
manages access rights by evaluating a set of rules, policies and
relationships using the attributes of users, systems and environmental
conditions.

Implementing access control

Access control is a process that is integrated into an organization's IT environment. It

can involve identity management and access management systems. When a user is
added to an access management system, system administrators use an automated
provisioning system to set up permissions based on access control frameworks, job
responsibilities and workflows.

Challenges of access control

 dynamically managing distributed IT environments;
 password fatigue;
 compliance visibility through consistent reporting;
 centralizing user directories and avoiding application−specific silos; and
 data governance and visibility through consistent reporting.

Note: To ensure data security, organizations must verify individuals' identities

because the assets they use are more transient and distributed. The asset itself says
less about the individual user than it used to.

What is an Authentication Factor?

An authentication factor is a special category of security credential that is used to

verify the identity and authorization of a user attempting to gain access, send
communications, or request data from a secured network, system or application.

Five Authentication Factor Categories and How They Work Knowledge Factors

 Require the user to provide some data or information before they can access
a secured system. a password or personal identification number (PIN) is the
most common type of knowledge−based authentication factor used to restrict
access to a system.

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

 Username or e−mail address on its own is not considered an authentication

factor − this is how the user claims their identity to the system.
 A password or PIN number is used to authenticate that the username or
e−mail address is being provided by the correct person.

Possession Factors

Possession factors require the user to possess a specific piece of information or device
before they can be granted access to the system. Possession factors are typically
controlled through a device that is known to belong to the correct user.

Here's how a typical process flow works for a possession−based authentication

factor:
 The user registers an account with a password and their phone number
recorded at the time of registration.
 The user logs in to their account with the username and password.
 When the user requests to access the system, a one−time password is
generated and sent to the user's mobile phone number.
 The user enters the newly generated one−time password and gains access to
the system.

Inherence Factors

Inherence factors authenticate access credentials based on factors that are unique to
the user. These include fingerprints, thumbprints, and palm or handprints. Voice and
facial recognition and retina or iris scans are also types of inherent authentication
factors.

Location Factors
Network administrators can implement services that use geolocation security checks
to verify the location of a user before granting access to an application, network or
system.

Behavior Factors

A behavior−based authentication factor is based on actions undertaken by the user

to gain access to the system. Systems that support behavior−based authentication
factors may allow users to pre−configure a password by performing behaviors within
a defined interface and repeating them later as a method of identity verification.

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

Question: Why Use More Than One Authentication Factor?

Individual authentication factors on their own may present security vulnerabilities,
sometimes due to user behavior patterns and habits and other times because of the
limitations of technology.

A knowledge-based authentication factor requires users to memorize passwords and

pin numbers. This can lead to users who use overly simplistic passwords and change
them too infrequently, making them easy to guess or hack.

A location-based authentication factor can be foiled by technologies that make it

difficult to accurately authenticate the origin of network traffic.

A behavior-based authentication factor could be observed and replicated by a

malicious actor.

Biometric and possession-based authentication factors may be the strongest means

of securing a network or application against unauthorized access. Combining these
methods into a multi−factor authentication process decreases the likelihood that a
hacker could gain unauthorized access to the secured network.

What is a Firewall?
 Sometimes called a network
firewall.
 Is a cybersecurity tool that is used
to filter traffic on a network.
 Can be used to separate network
nodes from external traffic sources,
internal traffic sources, or even
specific applications.
 Firewalls can be software,
hardware, or cloud−based, with
each type of firewall having its own unique pros and cons.
 The primary goal of a firewall is to block malicious traffic requests and data
packets while allowing legitimate traffic through.

8 Types of Firewalls based on their

general structure and method of
operation.

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

 Packet−filtering firewalls
 Circuit−level gateways
 Stateful inspection firewalls
 Application−level gateways (a.k.a. proxy firewalls)
 Next−gen firewalls
 Software firewalls
 Hardware firewalls
 Cloud firewalls

Note: The last three bullets list methods of delivering firewall functionality,
rather than being types of firewall architectures in and of themselves.

Packet-Filtering Firewalls - This is the oldest firewall type out there. They are
designed to create checkpoints at individual routers or switches. The packet−filtering
firewalls will check the data packets that try to come through, without inspecting the
contents. If the information trying to come through looks suspicious, it cannot get
through the network. This is a simple
firewall that does not impact network performance too much.

Circuit-Level Gateways –

Circuit−level gateways are much like

packet−filtering firewalls in that they
quickly and easily check and approve
or deny traffic. They do it without
being heavy on resources, too.
Circuit−level gateways work by
verifying the transmission control
protocol handshake. It doesn9t
check the packet directly, so there is
a risk of malware getting through.
These are not the best ones to
protect your business.

Stateful Inspection Firewalls − A combination of the two firewalls above, the stateful
inspection firewalls offer a higher level of protection for your business. The problem
with these is that they take up more resources, which can slow down the legitimate
packet transfer.

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

Proxy Firewalls (Application-Level Gateways/Cloud Firewalls) − If you want firewalls

that operate at the application layer to filter traffic, proxy firewalls do the job. These
are cloud−based most of the time, and they establish traffic connections and examine
data packets coming through. The difference between these and the stateful
inspection firewalls is that the proxy firewalls can also do a more in−depth inspection
to check the packet contents. The drawback to these is that they can create a
network slowdown because of all the extra steps – but it9s all in the name of the
security for your business.

Next-Generation Firewalls − There9s no real insight into what makes a firewall today
<next−generation= besides the time it was created. There are commonalities
between these firewalls and the originals, and those include TCP handshakes and
packet inspections. Next−generation firewalls also use IPS – intrusion prevention
systems – to stop network attacks.

Software Firewalls − These are any firewalls installed on local devices. The biggest
draw for these in that they can create a useful, in−depth defense path.

Hardware Firewalls − Hardware firewalls use physical appliances, and they act like a
traffic router. The intercept data packets before they are connected to a network
server. The weakness here is that they can be easily bypassed, which goes against
your need for a firewall.

Maintaining these on more than one device is not easy, though, so you may
need more than one for each asset.

Cloud Firewalls − Cloud solutions are also called FaaS – firewalls as a service. They
often go hand in hand with proxy firewalls, and the most significant benefit to these is
that they grow with your business. They work to filter large amounts of traffic away
from your company, where it9s malicious.

Which Firewall Is Best for Your Business Needs?

Reading all of the different types of firewalls

can be confusing – especially as you have to
choose which to use for your business. The
real question you must ask yourself, though,
is why you would only select one type of
firewall. There is no such thing as a
protected business with only one level of

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

defense. You need to have more than one

of these types of you want your business to
remain intact.

Cloud and hardware, individual software firewalls – it all works to cover your
network. Once you identify your business needs, you can decide which firewalls will
be best.

Why Does Every Business Need a Firewall?

Many small businesses think that they won9t need firewalls – after all, they are only
tiny outfits. The thing is, firewalls are not just created for larger companies. Every
single business needs to protect itself from outside attacks. 60% of smaller
businesses do not survive a cyberattack – which is why you need one.

Why Secure Firewalls Are Vital for All Businesses?

Without a firewall, you put your business at risk of being hacked and having data
stolen. If you do not want to take that risk, you need to do your research on the best
firewalls for your business.

What is Content Filtering?

 Is the use of a program to screen and/or exclude access to web pages or
email deemed objectionable. It send by corporations as part of their firewalls,
and also by home computer owners. Content filtering works by specifying
content patterns such as text strings or objects within images that, if
matched, indicate undesirable content that is to be screened out. A content
filter will then block access to this content.
 Content filters are often part of Internet firewalls, but can be implemented as
either hardware or software
 Content filtering is serving a security purpose but content filtering is also used
to implement company policies related to information system usage.
For example, it's common to filter social−networking sites unrelated to
work.

Why is Content Filtering Important?

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

Objectionable, inappropriate, or illegal content creates risk for organizations.

For example:
 Allowing pornographic content into the workplace can put a company at risk
for sexual harassment claims, or otherwise create a hostile or demeaning
work environment.
 Spam sites can lead to malware or other malicious software being installed
onto work computers.

 Hate sites or sites with violent content can compromise employee safety and
also reflect poorly on the company as a whole.
 Social networking sites can reduce productivity and distract employees from
routine tasks.

Content filtering helps to mitigate these risks by making such content difficult to
access in the workplace, and by demonstrating the company9s intolerance for
inappropriate, illegal, or objectionable content in general.

To be effective, content filtering has to be deployed across all content channels. The
most common channels include:
 Web: The screening of Web sites or pages, as well bookmarks and other web
traffic.
 Email: Screening of email for a variety of spam, malware and other undesired
or malicious content. This is usually done by scanning the subject line of the
emails forwarded through the filtering system. When a message is received
that fills the relevant criteria, the message will be placed in the recipient9s
junk folder. In some cases, it will even be sent back to the sender as
undeliverable.
 Executables: The screening of executable files that may install malicious
software without warning.

What Is a VPN?
Virtual Private Network - Is an encrypted
connection over the Internet from a device to
a network. The encrypted connection helps
ensure that sensitive data is safely
transmitted. It prevents unauthorized people
from eavesdropping on the traffic and allows
the user to conduct work remotely. VPN
technology is widely used in corporate

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

environments.

How does a virtual private network (VPN) work?

A VPN extends a corporate network through encrypted connections made over the
Internet. Because the traffic is encrypted between the device and the network, traffic
remains private as it travels. An employee can work outside the office and still
securely connect to the corporate network. Even smartphones and tablets can
connect through a VPN.

Secure remote access − provides a safe, secure way to connect users and devices
remotely to a corporate network. It includes VPN technology that uses strong ways
to authenticate the user or device. VPN technology is available to check whether a
device meets certain requirements, also called a device9s posture, before it is allowed
to connect remotely.

Is VPN traffic encrypted?

Yes, traffic on the virtual network is sent securely by establishing an encrypted

connection across the Internet known as a tunnel. VPN traffic from a device such as a
computer, tablet, or smartphone is encrypted as it travels through this tunnel. Offsite
employees can then use the virtual network to access the corporate network.

Types of VPNs

Remote access - A remote access VPN securely connects a device outside the
corporate office. These devices are known as endpoints and may be laptops, tablets,
or smartphones. Advances in VPN technology have allowed security checks to be
conducted on endpoints to make sure they meet a certain posture before
connecting. Think of remote access as computer to network.

Site-to-site - A site−to−site VPN connects the corporate office to branch offices over
the Internet. Site−to− site VPNs are used when distance makes it impractical to have
direct network connections between these offices. Dedicated equipment is used to
establish and maintain a connection. Think of site−to−site access as network to
network.

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

Learning Activities:

Instruction: Make a research and explain the question below.

1. Which Firewall Is Best for Your Business Needs and why Business
Need a Firewall? (20 pts.)

Jonathan B. Paga, MIT

Instructor
Partido State University
Camarines Sur

Computational Science Department

IAS1 – Information Assurance and Security 1

2. How do these firewalls work? And, which ones are the best for
your business’ cybersecurity needs?? (20 pts.)

Jonathan B. Paga, MIT

Instructor