Assignment for Fundamental Computer Security

Target Group: CS 3rd year W students

Assignment Instruction

As per your already formed Group

Prepare a written document based on the given title, clearly describing all the major topics and
subtopics related to the title. Each topic should be explained briefly and organized in a logical
manner.

The document should not exceed ten (5-10) pages and must be neat, well-structured, and clearly
written. Proper organization with headings and subheadings is expected.

Evaluation Criteria
The assignment will be evaluated based on the following criteria:

1. Neatness and overall presentation

2. Clarity of explanation
3. Coverage of relevant content
4. Relevance to the given title
5. Organization of topics and subtopics

Ensure that your work is concise, well-organized, and directly related to the given topic.

NB: Submission mode is via soft copy

Due date:10/05/2026

Chapter 5: Security Mechanisms

5.1 Firewall
5.2 Proxy server
5.3 IDS/IPS
5.4 Virtual Private network
Here is a comprehensive, well-structured draft for your Chapter 5 assignment. It is organized
logically with clear headings and subheadings, focusing on high information density to help
your group secure maximum points for presentation, clarity, and coverage.
------------------------------
## Chapter 5: Security Mechanisms
Network security mechanisms are protocols, techniques, and tools designed to protect data,
systems, and networks from unauthorized access, cyberattacks, and data breaches. As
organizations rely heavily on interconnected systems, deploying robust security mechanisms at
different layers of the network infrastructure is essential to guarantee confidentiality,
integrity, and availability.
------------------------------
## 5.1 Firewall
A firewall is a foundational security mechanism that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. It acts as a barrier between a
trusted internal network and an untrusted external network (such as the Internet).

[ External Internet ]
│
▼
=============[ FIREWALL ]=============
(Inspects packets based on ACL rules)
│
▼
[ Internal Trusted Network ]

## Types of Firewalls

* Packet Filtering Firewalls: Inspects packets individually. Checks source IP, destination IP,
protocol, and port numbers. Operates at the Network and Transport layers. It is fast but lacks
deep inspection capabilities.
* Stateful Inspection Firewalls: Tracks the state of active network connections. Monitors the
context of traffic (e.g., whether a packet belongs to an existing, legitimate session). Provides
superior security compared to basic packet filtering.
* Next-Generation Firewalls (NGFW): Combines traditional firewall capabilities with
advanced features. Includes deep packet inspection (DPI), integrated intrusion prevention,
application awareness, and cloud-delivered threat intelligence.

## Deployment Architectures

* Hardware Firewalls: Standalone physical appliances deployed at the network perimeter.

Ideal for protecting entire organizations.
* Software Firewalls: Installed directly on individual host devices. Protects the specific
endpoint from local and network threats.

------------------------------
## 5.2 Proxy Server
A proxy server acts as an intermediary gateway between an end-user device and the internet.
Instead of communicating directly with a destination website, the user sends the request to the
proxy server, which evaluates and forwards the request on the user's behalf.

[ User Device ] <---> [ Proxy Server ] <---> [ Target Website ]

(Hides User IP)
(Caches Content)
(Filters Traffic)

## Core Functions

* Anonymity: Hides the internal client’s true IP address from external servers, reducing the
risk of targeted attacks.
* Content Caching: Stores copies of frequently accessed web pages locally. This reduces
bandwidth consumption and accelerates loading times for internal users.
* Content Filtering: Allows organizations to block access to specific websites, inappropriate
content, or malicious URLs based on corporate policies.

## Types of Proxies

* Forward Proxy: Positioned in front of clients. Used to manage, filter, and secure internal
users' outbound internet traffic.
* Reverse Proxy: Positioned in front of web servers. Directs inbound client requests to the
appropriate backend server. Balances network load and protects servers from direct external
exposure.

------------------------------
## 5.3 IDS/IPS (Intrusion Detection & Prevention Systems)
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are advanced
security mechanisms that monitor network traffic for signs of malicious activity, policy
violations, or known cyber threats.
## IDS vs. IPS

* Intrusion Detection System (IDS): A passive system that monitors and analyzes network
traffic. It flags suspicious activities and generates alerts for system administrators. It does not
actively block threats.
* Intrusion Prevention System (IPS): An active system placed directly in the line of traffic
(inline). It detects threats and automatically executes countermeasures to block, drop, or
contain the malicious traffic in real-time.

Passive (IDS): [ Traffic ] ------> [ Switch / TAP ] ------> [ IDS (Alerts Only) ]

Active (IPS): [ Traffic ] ------> [ IPS (Inspects & Blocks) ] ------> [ Internal Network ]
## Detection Methods

* Signature-Based Detection: Compares network traffic data against a database of known

attack signatures (patterns). Highly effective for known threats but fails to detect new,
unknown attacks.
* Anomaly-Based Detection: Establishes a baseline of normal network behavior. Flags any
activity that deviates significantly from this baseline. Excellent for identifying "zero-day"
attacks, but prone to false positives.

------------------------------
## 5.4 Virtual Private Network (VPN)
A Virtual Private Network (VPN) extends a private network across a public network
infrastructure (like the Internet). It creates a secure, encrypted connection—often referred to
as a "tunnel"—to ensure data travels securely between the user and the network.

[ Remote User ] ======( Encrypted VPN Tunnel )======> [ Corporate Network ]

(Data is unreadable to ISPs)

## Core Security Features

* Encryption: Scrambles data into unreadable ciphertext during transit, preventing

eavesdropping by hackers or internet service providers.
* Authentication: Verifies the identity of the user or device attempting to connect before
granting access to network resources.
* Data Integrity: Employs hashing algorithms to guarantee that data is not altered or
tampered with while traveling across the tunnel.

## VPN Types
* Remote Access VPN: Connects individual teleworkers or remote users securely to a central
corporate network from any internet-connected location.
* Site-to-Site VPN: Connects entire networks in different physical locations (e.g., a corporate
headquarters and a remote branch office) together over the internet.

------------------------------
## Proposing Next Steps for Your Group
I can help your group expand this draft into your final submission. Let me know if you would
like me to:

* Add real-world examples or specific industry protocols (like IPsec, SSL/TLS for VPNs) to
increase your content coverage grade.
* Provide a Conclusion section to tie all four security mechanisms together logically.
* Generate a Table of Contents and a References section to maximize your neatness and
presentation points.