This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The objective of this project is to study the role of firewalls and Virtual Private Networks in providing security to shared public networks such as the Internet.
Computer networks are typically a shared resource used by many applications for many different purposes. Sometimes the data transmitted between application processes is confidential, and the application users would prefer that others not be able to read it.
A firewall is a specially programmed router that sits between a site and the rest of the network. It is a router in the sense that it is connected to two or more physical networks and it forwards packets from one network to another, but it also filters the packets that flow through it. A firewall allows the system administrator to implement a security policy in one centralized place. Filter-based firewalls are the simplest and most widely deployed type of firewall. They are configured with a table of addresses that characterize the packets they will and will not forward.
A VPN is an example of providing a controlled connectivity over a public network such as the Internet. VPNs utilize a concept called an IP tunnel-a virtual point-topoint link between a pair of nodes that are actually separated by an arbitrary number of networks. The virtual link is created within the router at the entrance to the tunnel by providing it with the IP address of the router at the far end of the tunnel. Whenever the router at the entrance of the tunnel wants to send a packet over this virtual link, it encapsulates the packet inside an IP datagram. The destination address in the IP header is the address of the router at the far end of the tunnel, while the source address is that of the encapsulating router.
In this lab you will set up a network where servers are accessed over the Internet by customers who have different privileges. You will study how firewalls and VPNs can provide security to the information in the servers while maintaining access for customers with the appropriate privilege.
Creating a New Project
A new project was created by choosing New from the File menu.
Project was selected and given the name as S_VPN, and No Firewall name for scenario and OK was clicked.
Quit was clicked on the setup wizard.
To remove the world background map, the View menu >> _ Background_ Set Border Map _was selected. And then selected NONE from the drop-down menu _
Creating and Configuring the Network
Initializing the Network
From the internet_toolbox object palette, following objects were added to the project workspace - Application Config, Profile Config, ip32_cloud, ppp_server, three ethernet4_slip8_gtwy routers, and two ppp_wkstn hosts.
Then the objects were renamed and connected using PPP_DS1 links as shown below.
After then the project was saved.
Configuring the Nodes
Following steps were followed for configuring the nodes.
Right-clicked on the Applications node >> Edit Attributes>> Assigned Default to the Application Definitions attribute >> and then OK was clicked.
Right-clicked on the Profiles node>> Edit Attributes >> Assign Sample Profiles to the Profile Configuration attribute >> Clicked OK.
Right-click on the Server node >> Edit Attributes >> Assign All to the Application: Supported Services attribute and then Click OK.
Right-click on the Sales A node>> Select Similar Nodes (make sure that both Sales A and Sales B are selected).
Right-click on the Sales A node >> Edit Attributes >> Check the Apply Changes to Selected Objects check-box.
Expand the Application: Supported Profiles attribute >> Set rows to 1 >> Expand the row 0 hierarchy >> Profile Name = Sales Person (this is one of the "sample profiles" we configured in the Profiles node).
The project was then resaved.
Choosing the Statistics
Right clicking anywhere in the project workspace and then selecting Choose Individual Statistics from the pop-up menu.
In the Choose Results dialog, following statistics were checked:
Global Statistics :: DB Wuery >> Response Time (sefc)
Globas Statistics >> HTTP >> Page Response Time (sec)
Ok was clicked
Right clicked on the Sales A node and then Choose Individual Staatistics was selected from the pop-up menu.
The following statistics were checked in the choose results dialog.
Client DB >> Traffic Received (bytes/sec)
Client HTTP >> Traffic Received (bytes/sec)
Sales B node right clicked and selected Choose Individual Statistics from the pop-up menu.
Following statistics was checked in the choose results dialog.
Client DB >> Traffic Received (bytes/sec)
Client HTTP >> Traffic Received (bytes/sec)
OK clicked and saved the project.
The Firewall Scenario
In the network we just created, the Sales Person profile allows both sales sites to access applications such as Database Access, Email, and Web Browsing from the server (check the Profile Configuration of the Profiles node). Assume that we need to protect the database in the server from external access, including the salespeople. One way to do that is to replace Router C with a firewall as follows:
Duplicate scenario was selected from the scenarios menu and named it Firewall >> OK
In the new scenario, right clicked on router c >> edit attributes.
Ethernet2_slip8_firewall to the model attribute.
The hierarchy of the proxy server information attributes was expanded >> expanded row 1, which is for the database application, hierarchy >> assign NO to the proxy server cdeployed as shown in the figure brlow.
The project is then saved after clicking OK .
Our Firewall configuration does not allow database-related traffic to pass through the firewall (it filters such packets out). This way, the databases in the server are protected from external access.At this stage our Firewall scenario should look like the following figure.
The Firewall_VPN Scenario
In the Firewall scenario, I protected the databases in the server from "any" external access using a firewall router. Assume that we want to allow the people in the Sales A site to have access to the databases in the server. Since the firewall filters all database-related traffic regardless of the source of the traffic, we need to consider the VPN solution. A virtual tunnel can be used by Sales A to send database requests to the server. The firewall will not filter the traffic created by Sales A because the IP packets in the tunnel will be encapsulated inside an IP datagram.
While in the Firewall scenario, select Duplicate Scenario from the Scenarios menu and give it the name Firewall_VPN _ Click OK.
Remove the link between Router C and the Server.
Open the Object Palette dialog box by clicking . Make sure that the internet_toolbox is selected from the pull-down menu on the object palette.
Add to the project workspace one ethernet4_slip8_gtwy and one IP VPN Config (see the figure below for placement).
From the Object Palette, use two PPP_DS1 links to connect the new router to Router C (the firewall) and to the Server
Close the Object Palette dialog box.
Rename the IP VPN Config object to VPN.
Rename the new router to Router D as shown:
Configure the VPN
Right clicked on the VPN node >> edit attributes
VPN configuration hierarchy is expanded. Rows set to 1. Row 0 hierarchy expanded and edit the value of tunned source name and enter router A. and the edit the value of tunned dfestination name and entered Router D.
And then expanded the remote client list hierarchy >> set rows to 1 and expanded row0 hierarchy >> edited the value of client node name and enter Sales A.
Ok and then save3d my project.
Run the Simulation
To run the simulation for the three scenarios simultaneously:
Go to the Scenarios menu >> Selected Manage Scenarios.
Change the values under the Results column to <collect> (or <recollect>) for the three scenarios. Keep the default value of the Sim Duration (1 hour). Compare to the following figure.
Click OK to run the three simulations. Depending on the speed of the processor, this may take several minutes to complete.
After the three simulation runs complete, one for each scenario, click Close _ Save your project.
View the Results
To view and analyze the results:
Select Compare Results from the Results menu.
Expand the Sales A hierarchy >> Expand the Client DB hierarchy >> Select the Traffic Received statistic.
Change the drop-down menu in the middle-lower part of the Compare Results dialog box from As Is to time_average as shown.
Press Show and the resulting graph should look similar to the following figure.
Create a graph similar to the previous one, but for Sales B:
Create two graphs similar to the previous ones to depict the Traffic Received by the Client Http for Sales A and Sales B.
In the Firewall_VPN scenario we configured the VPN node so that no traffic from Sales A is blocked by the firewall.