Personal Assignment 4

Session 8

1. What is the firewall? And why firewall is needed?

2. Please explain the network protection on each layer as explained in lecture note.
3. What are the different between intrusion detection system and intrusion prevention
system?
4. What is DeMilitarized Zone (DMZ)? And explain what is port scanning?

Nama : Togi Josua Hutapea

NIM

: 1412407991

1. A firewall is software or hardware that checks information coming from the Internet or a
network, and then either blocks it or allows it to pass through to your computer,
depending on your firewall settings.
Need of Firewall:
-

Prevent attacks from entrusted networks

Protect data integrity of critical information

Preserve customer and partner confidence

Can help to stop your computer from sending malicious software to other computers.

2. The network protection:

-

Layer 2
The most basic stage is to maintain the access point that can be used by someone to
connect to the network.
The mechanism used is:
o 802.1x protocols is a protocol that can authenticate users of the equipment
which shall be to connect to an access point.
o Mac Address Authentication is a mechanism in which pieces of equipment
that will do the access to an access point are listed first.
In addition to authenticating the use of point-access computer networks, the Data
Link serves to protect the data that is sent to the computer network.
Method that serves to protect the security of data transmitted is by encrypting data
transmitted.
WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) are the
protocols that encrypt the data transmission.

Layer 3
In this layer, computer network protection methods will be based on the IP address
and port.
At each data packet sent by a computer networking equipment to other equipment
will contain the IP address and port used by the sender as well as the IP address and
port of the packet destination.
A security system is usually known as a firewall can do filtering based on both.

Layer 4 and 5
At this layer, the method of securing more focused on securing the data transmitted.
Security method that is widely used is:
o VPN
Basically, a VPN is the development of a network tunneling. With tunneling,
the two groups separate computer networks by one or more groups of
computer networks which can be put together, so as if the two groups are not

separate computer networks. This can be done by performing the

encapsulation of network packets sent.
-

Layer 7
At this layer, the method of securing more focused on securing the application.
The methods used in security applications are:
o SSL
Secure Socket Layer (SSL) is a protocol that works just below computer
network applications. These protocols ensure the security of data transmitted
to a host of other hosts and also provide authentication method, especially for
authenticating server contacted. For data security, SSL ensures that the
transmitted data cannot be stolen and altered by other parties.
o Application Firewall
In addition to the security issues of data transactions, which need to be
considered at this layer is the application itself. An application of computer
network that is open to accept connections from the other party may have
weaknesses that can be used by irresponsible parties. A weakness in an
application can threaten the security of the host running the application also
other hosts residing on the same computer network system.
To protect applications existing computer network, it is necessary to ensure
that all data received by the application of the other party is valid data and
harmless.
An Application Firewall is a system that will check all the data that will be
received by a computer network application.

3.
intrusion detection system (IDS)

intrusion prevention system (IPS)

An intrusion detection system (IDS) is

designed to monitor all inbound and
outbound network activity and identify any
suspicious patterns that may indicate a
network or system attack from someone
attempting to break into or compromise a
system.

IPS or intrusion prevention system is

definitely the next level of security
technology with its capability to provide
security at all system levels from the
operating system kernel to network data
packets.

A Passive Security Solution

An Active Security Solution

IDS is best used in situations where there is a need to explain what happened in an attack,
whereas IPS stops attacks.
An IDS system collects a lot of information that is not actionable from an IPS
perspective, such as port scans and other reconnaissance.

4.

Demilitarized Zone (DMZ)

Demilitarized Zone (DMZ) is a physical or logical sub network that contains and exposes
an organization's external-facing services to a larger and entrusted network, usually the
Internet. The purpose of a DMZ is to add an additional layer of security to an
organization's local area network (LAN); an external attacker only has direct access to
equipment in the DMZ, rather than any other part of the network.

Port scanning

Port Scanning is an activity or activities or processes to look and see and examine the
port on a computer or other network equipment. The goal of port scanning activity is
researching the possibilities of the weaknesses of a system installed on a computer
or equipment and tools through an open port.