Modern Network Security and Cloud Infrastructure

Posted on Apr 24, 2026 in Mathematics and Computer Science

Types of Network Firewalls

  • Packet Filtering Firewall: Filters packets using IP, port, and protocol rules at the network layer, providing fast but basic stateless security.
  • Circuit-Level Gateway: Verifies session establishment, such as the TCP handshake at the session layer, without checking actual data content.
  • Stateful Inspection Firewall: Tracks active connections and uses context-based decisions, offering better security than packet filtering.
  • Application-Level Gateway: Works as a proxy and inspects application data at Layer 7, ensuring high-level content filtering.
  • Next-Generation Firewall (NGFW): An advanced firewall with deep packet inspection, intrusion prevention, and application awareness for strong security.

Network Address Translation (NAT)

  • NAT Definition: NAT converts a private IP address (inside network) into a public IP address (internet) and vice versa.
  • Working Process: When a device in a private network sends an outgoing request, it changes the private IP to a public IP; when a device in an outer network sends an incoming response, it converts back to the original private IP.
  • Purpose of NAT: Helps solve the IPv4 address shortage by allowing multiple devices to share one public IP address.
  • Types of NAT:
    • Static NAT: A single private IP address is mapped to a single public IP (one-to-one fixed mapping).
    • Dynamic NAT: Uses a pool of public IPs.
    • PAT (Port Address Translation): Many-to-one mapping using unique port numbers assigned to each session.
  • Auditing and Logging: Keeps records of IP addresses, ports, and protocols to monitor and track network activity.

Understanding Network Intruders

  • Intruder Definition: An intruder is a person who tries to gain unauthorized access to a system or network with harmful intentions, such as stealing or damaging data.
  • Outside Intruder (Masquerader): A person with no access rights who uses illegal methods like password cracking or stolen credentials to enter the system.
  • Inside Intruder (Misfeasor): An authorized user who misuses their access for illegal activities; these are often more dangerous and harder to detect.
  • Intrusion Meaning: Intrusion is the act of unauthorized access or misuse of system resources by an intruder.

Intrusion Detection Systems (IDS)

An IDS acts as a monitoring tool that continuously scans network traffic and data packets for malicious activity or policy violations. It operates in the background and follows specific rules to identify suspicious patterns. Upon detecting a threat, it immediately alerts the network administrator to take action before any significant damage is done.

Signature-Based IDS

  • Definition: Signature-Based IDS detects intrusions by matching network traffic with known attack patterns or signatures.
  • Working: It uses a database of known threat signatures and compares incoming data packets with this database.
  • Detection: If a match is found between traffic and a stored signature, it identifies it as an intrusion and raises an alert.
  • Strengths: Highly accurate and effective in detecting known and previously identified attacks.
  • Weaknesses: Cannot detect new or unknown attacks and requires regular database updates.

Anomaly-Based IDS

  • Definition: Anomaly-Based IDS detects intrusions by identifying deviations from normal network or user behavior.
  • Working: It first creates a baseline of normal activities for users and systems, then monitors for unusual changes.
  • Example: If a developer performs admin-level tasks like changing permissions, it is flagged as abnormal behavior.
  • Detection: Any significant deviation from the baseline is treated as a potential intrusion and generates an alert.
  • Strengths: Can detect new and unknown attacks (zero-day) since it focuses on behavior rather than known signatures.

Network-Based IDS (NIDS)

NIDS focuses on monitoring and analyzing the traffic across the entire network.

  • How it Works: It captures and analyzes all incoming and outgoing network traffic. It compares these data packets against a library of known attacks to find a match.
  • Detection: If a packet matches a signature in its database, it is flagged as malicious.
  • Limitation: Analyzing traffic can become very difficult and less efficient in a busy or high-traffic network, as the volume of data can overwhelm the system.

Host-Based IDS (HIDS)

HIDS is focused on protecting a specific individual device or “host” rather than the whole network.

  • How it Works: It is installed directly on an individual host (like a server or workstation) and monitors data packets only for that specific device.
  • Snapshot Method: It takes a “snapshot” of the system in its clean, idle state and continuously compares the current state to this baseline.
  • Detection: It specifically looks for unauthorized changes, such as files being deleted or modified. If any suspicious activity is detected on that host, it alerts the administrator.

Security Information and Event Management (SIEM)

  • Definition: SIEM is a system that collects, analyzes, and manages security data from multiple sources in real time.
  • Data Collection: It gathers logs and events from servers, firewalls, applications, and network devices into a central system.
  • Analysis: SIEM correlates and analyzes data to identify suspicious activities, threats, or security policy violations.
  • Alerting: It generates real-time alerts to notify administrators about potential security incidents.
  • Benefits: Helps in threat detection, incident response, compliance reporting, and overall improvement of network security.

Hypervisor Management and Security

  • Resource Allocation: The hypervisor allocates CPU, memory, storage, and network resources to each guest OS, ensuring efficient use and isolation.
  • Isolation and Security: It isolates each guest OS so a failure or attack in one VM does not affect others.
  • Lifecycle Management: The hypervisor manages the creation, execution, suspension, migration, and deletion of VMs for easy control.
  • Hardware Abstraction: It provides virtual hardware so the guest OS can run without direct interaction with physical hardware.
  • Single Point of Control: The hypervisor controls all VMs; if compromised, an attacker can access all guest OS and data.
  • Data Security Risk: Multiple VM data resides on the same host, making it a high-value target for attacks.
  • Prevent VM Escape Attacks: Protection is needed to stop a malicious VM from breaking isolation and accessing the host or other VMs.
  • Maintain Availability: A failure or attack on the hypervisor can crash all VMs, so protection ensures continuous availability.

Cloud Computing Fundamentals

  • Definition: Cloud computing delivers resources like servers, storage, databases, and software over the internet on-demand instead of local systems.
  • On-Demand Access: Users can access cloud resources anytime, anywhere without physical infrastructure, making it flexible.
  • Cost Efficiency: It follows a pay-as-you-go model where users pay only for usage, reducing hardware and maintenance costs.
  • Scalability and Elasticity: Cloud systems automatically scale resources based on workload for efficient performance.
  • Infrastructure as a Service (IaaS): Provides virtualized resources like servers, storage, and networking, allowing users to manage OS and apps without physical hardware.
  • Platform as a Service (PaaS): Offers a development platform to build, test, and deploy applications without managing infrastructure.
  • Software as a Service (SaaS): Delivers applications over the internet on a subscription basis without installation or maintenance.