Network Security: IP Spoofing and Firewall By: Jeremy Taylor

Importance of network security in our generation IOT More devices connected to a network Cybercrime/Cyberterrorism General lack of safety precautions by users

Ip spoofing IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets Involves modifying the packet header with a ‘spoofed’ source IP address, a checksum, and the order value IP spoofing involves solving the algorithm that is used to select the order sent values, and to modify them correctly

Man in the middle When hackers intercept data packets sent from one host to the next Hackers access information sent from one end and alter it before releasing the information to the intended recipient Recipient will receive information different than what was sent Generally used for individuals that are interested in knowing the information shared between the sender and receiver

blinding When a hacker sends an altered sequence of data packets to his target while not sure how data transmission within a network takes place In this attack, the hacker is not aware of how the transmissions takes place on this network so he needs to coax the machine into responding to his own requests so that he can analyze the sequence numbers Now the attacker can inject data into the stream of packets without having authenticated himself when the connection was first established

Non-blinding In this form of attack, the hacker resides in the same network as the target making it easy for him to notice or access transmissions This, as a result, makes it easy for the hacker to tell or understand data sequence After getting access to the data sequence, the cracker can disguise himself and end up hijacking processes that have been established

Service denial This attack is usually done on a large scale denying several systems ability to access services over a network When a DDoS attack is launched, the IP spoofing is used not to identify the exact machines from where the requests are coming This makes the DDoS attack more powerful because, it will be difficult to identify the senders and block them

How to prevent ip spoofing Change authentication procedure: IP spoofing can be prevented by ensuring that there is encryption between hosts or machines that exchange data. Introduce exchange of keys between two systems that will be exchanging information so as to reduce the risk of IP spoofing Introduce Filtering: This filtering should be introduced in a system that plans to prevent IP spoofing especially on outbound and inbound data traffic Switches and router configuration: If your routers allow configuration you should reset them to reject strange data packets that may originate from a source different from the network Deny Private addresses: Configure your system or network to ignore or disallow private IP addresses originating from outside Allow encryption sessions: This should be set in such a way that only authenticated and trusted networks can access and interact with your network. Your router should be set to only allow trusted sources

Firewall A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules Firewalls have been a first line of defense in network security for over 25 years They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet Can be hardware, software, or both

Types of firewalls Proxy Stateful Inspection UTM NGFW Serves as the gateway from one network to another for a specific application Stateful Inspection Allows or blocks traffic based on state, port, and protocol UTM Typically combines, in a loosely coupled way, the functions of a stateful inspection firewall with intrusion prevention and antivirus NGFW Traditional Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks Threat-Focused Include all the capabilities of a Traditional NGFW and also provide advanced threat detection and remediation

Firewall configuration Filters IP Addresses If a certain IP address is found to be making too many connections to a server, the administrator may decide to block traffic from this IP using the firewall Domain Names By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names Ports/Protocols If the services are intended for the public, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections Specific Words/Phrases You may set up a firewall rule to filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network

references https://www.iplocation.net/ip-spoofing https://nakedsecurity.sophos.com/2015/06/11/49-busted-in-europe-for-man- in-the-middle-bank-attacks/ https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a- firewall.html https://www.gohacking.com/how-firewalls-work/ https://www.interserver.net/tips/kb/ip-spoofing-types-ip-spoofing/