The Importance Of Firewalls Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Firewall is as important to a networked computer as the data in computer itself. Without a firewall, a computer system stands to be attached by scores of malware trying to steal the information. This research project aims to examining ways and means to improve firewall security

Firewalls are the main hold of the activity security and of broadly adopted technology for defensive the private network. A small error in firewall policies will create security holes that allow malicious act into the private networks, cause of these malicious acts the normal business process could be lead to irreparable. The bulk firewall policies on the internet are badly intended and having a lot of error. Therefore how one can design firewall policies correctly is an important issue. In my proposals here am going to create a new firewall policy which is act effectively by comparing with other firewall policies. Here one middle ware is using to create the new policy, but the middle ware does not know the policies of existing firewalls are using here. In my proposals am going to give a specific requirement to, two type firewalls which are contains different policies, the firewalls will act depends upon them policies so the output of the firewalls will be different. That means one firewall may be accept the requirement and another firewall may be rejecting. Because of these inconsistencies unauthorized person can enter to our system or authorized person may be rejected. Therefore how one can design firewall policies correctly is an important issue. In my project the middle ware will analyze the output of those two firewalls and learn about those outputs from the databases which contain policies, then create a policy which are overcoming the inconsistencies of two firewall policies. That policy will be an effective one for the, networks evolve, and new threats emerge. Then finally system can be used directly to compute the impact of firewall policy changes by computing the inconsistencies between the policy before changes and the policy after changes.

Acknowledgement:

I would like to express my appreciation to Mr. Kanti Chabadiya my project supervisor for his kind support, important tips, and share his explicit suggestion on firewall throughout my project and also during my course. And also I am thankful to the other support staffs that were patient and providing support where ever I need it.

Last but not the least my humble thanks to my entire lecturer for providing me great practical knowledge, exposure to the subject and confidence to enhance in my project path

1.1 Firewall concepts:

The aim of this project is to propose a new firewall with new policies by comparing with existing firewalls and its policies, for improve the security of protecting private networks. And also the main theme is to configure and analyses and improvement security system.

With emerge of large number of computers in the corporate organization. Every computer in the intranet is connected to the internet, which means connecting the private network to the public network i.e. (internet). Only authorized user must have the access to the computers but with the emergence of internet it became easy for the unauthorized user to penetrate into the private network. This introduces the possible security breach to the private network. For this reason Firewalls are implemented. A firewall protects the private network from unauthorized users over a public network.

Firewalls are usually a combination of software and hardware. The software inside the firewall examines the incoming and outgoing packets, rejecting any suspicious packets thereby protecting the private network. In general, firewall work by allowing only packet which passes the security restriction policies. A hardware firewall is typically a dedicated piece of hardware (usually called as a black box) that contains two network adaptor cards, one connecting to the public network and the other connected the private network.

1.2 Motivation

Before starting my M Sc I was working as a System Administrator in Engineering College where we had different department and I was working in computer science and IT Department. As there was no firewall implemented in our department, unauthorized users were able to access our network and they were able to break through our Windows Server 2003. One day our server was crashed because some files were made corrupted by some users from the public network. And we could recover neither the server nor the data from it. After couple of weeks un-legitimate user left a note on computer says "I have visited this computer". From this incident we came to know that server was not crashed but it was made to crash by some unauthorized users from the public network.

This incident motivated me to make the private network secure. Though not must importance was given to the security of the data in our engineering college but now I feel that how important is the confidentiality and integrity of the data is. This was my sole concept to learn, implemented and analyzes the different ways of implementing the firewall in my M Sc Project.

1.3 Aims and Objectives:

This project aimed to stress upon the need for improving firewall technologies. Through research study of current and under-development methodologies and technologies for improving firewall technology is made, it also talks about many aspects of firewall technologies. It importance, benefits, advantages, amongst other things.

it mainly focus on that a firewall is correct if and only if its policy is correct and a firewall policy is correct if and only if it satisfies it's given requirement specification, which is usually written in a natural language. We are going to propose the following methods, that is well-known principle of diverse design to firewalls, and then we present compare two given firewalls and output all functional discrepancies between them, then present a method to compute firewall change impacts by computing all inconsistencies between the firewall before changes and the firewall after changes, then last we have to, implemented our middle ware technique and evaluated their performance on both real-life and synthetic firewalls of large sizes. Make sure our middle ware does not know the policies of existing firewall which we are using here. Experimental results demonstrate that our techniques are efficient in comparing two firewalls of large sizes. Then system will show the output of two firewalls before and after updating of policies which are created by the middle ware.

The main objective of the project is to investigating the firewalls in various different types of operating systems.

I will be designing, analyzing and implementing different protocol to stop any kind of unauthorized data entering the private network.

1.4 What is Firewall?

Firewall comes from the brick and mortar architecture world. Walls which are made of brick and mortar are resistant to fire. In the computer network world firewall can be software or a hardware or combination of both to protect the private network from unauthorized user. In other words firewall inspects the traffic passing through it, permits or denies the packets based on set of policies.

Figure .1: Basic Firewall

1.5 What are the possible things firewall does?

The following are the few important tasks a firewall does and they are as follows:

1.5.1 Interchange of IP Address and traffic forwarding:

Many firewall acts as a router so that they can communicate with different network like (192.168.100.0/24 communicates with 10.10.10.0/24 network). This feature is available as one of the firewall element and this feature is accomplished using either Iptable or Ipchains. [1]

1.5.2 Protection against Dos (denial of service) and sniffing attacks:

A firewall act as a single choke point which monitors incoming and outgoing packets. It is also possible to limit the traffic flow. [1]

1.5.3 IP and port filtering:

The ability to reject or accept the packets based on IP Address or Port. Generally this kind of filtering is accomplished by packet filtering like in Linux machines which uses Iptables. It would be quite complex since the filtering should be done by examining the destination IP address and the source IP address. [1]

1.5.4 Content filtering:

Content filtering usually work by matching certain character string, if matched the content or URL is blocked. Contents are typically filtered for emails spam, pornography, violent or hated oriented content. [1]

1.5.5 Packet redirection:

Firewall sent incoming traffic or port to another host. A Squid proxy server is just design for this. Squid proxy server is a separate host than firewall and all the traffic which is generated on port 80 and 443 (i.e. HTTP and HTTPS) is directed to squid proxy server for further inspection. [1]

1.5.6 Enhanced authentication and encryption:

A firewall has the ability to authenticate the user and encrypt the data between itself and the firewall of other network. [1]

1.6 Types of Firewalls

Stateful inspection is also applied to UDP protocol in a pseudo fashion, which basically does not have the concept of state. In the connection table the firewall keep the entry of the first UDP packet which is generated by less secure network. The corresponding packets will be accepted only if entries are found in the connection table. [8]the data connection back. This concept is also applicable for new multimedia applications like RealAudio and NetMeeting. [5]

Though stateful inspection packet filters are less secure when concerned to application layer protocol but they remain the speed kings of firewall in packet filtering. The best examples of this type of firewalls are Check Point FireWall-1 and Cisco PIX. [1]

1.6.3 Application Proxies:

An application proxy firewalls or application proxy server accepts the packet intended for another server. The packets can be from internal host or from external host. For example if an internal host sends a request to the external host (internet). The request first sent to a proxy server, where it is examined, broken down, and handled by an application. This application then creates a new packet requesting information from external server. [6] the most common type of proxy is HTTP Proxy. The characteristics of Application Proxy server as a follows:

IP address of all the machines on the internal networks is hidden.

It breaks the TCP/IP connection between the client and server model.

Act as Cache information, Proxy cache server keep a copy of web page locally if any other time someone requests the same web page, the web page can be directed from the local cache itself.

It also provides a detailed access to all log files of all internal and external machines.[6]

1.7 Networking and Firewalls

In most of the organization people used to think that if they deploy firewall they were secure. However, firewall is just one component in the network and its function is to filtering the traffic, but they cannot do everything. The nature of perimeter of the security is also changed they are no longer just used for outbound traffic only. Many organization now-a-days are much more complex and connect to different business partner, Virtual Private Network (VPN), and e-commerce. Firewall also support multi-network interfaces and can control traffic between them. The complexity of firewall is such that more and more functionality is added to the firewall, thereby possibly creating holes in the firewall, which may compromise integrity and security of the data. [1]

1.7.1 Firewall Interfaces: Inside, Outside, and DMZ

The most basic form of firewall is one which the firewall has two interfaces one for inside network and other for outside network. In this case the outside interface is connected to un-trusted network and inside interface is connected to a trusted network. For a company's business needs a web server need to be placed? If the web server is placed on the outside network as shown in the figure then the web server is fully exposed to threats with little protection from the router. As shown in the figure the A Web Server located outside the Firewall. [7], [1]

Figure 1.2 A Web Server Located Outside the Firewall, source [7]

1.7.2 A Web Server Located Inside the Firewall

The other possibility in the two interface firewall scenario is that keeping the web server inside the firewall zone that is in the internal network. The firewall should be configured to allow port 80 and 443 i.e. HTTP & HTTPS, through to the IP address of Web Server. This prevents any direct attack on the web server but if the hacker is able to compromise the web server and get super remote access to the internal network. This creates a possible risk to the internal network. The figure shows the web server inside the firewall.

Figure 1.3 Web Servers Located Inside the Firewall

1.7.3 A DMZ Network

To stop the super remote access from internal web server to internal network, a multiple interface firewall is required. This multiple interface firewall is widely used in the commercial market. This interface allows establishing intermediate zone of trust for both internal and external network. These are referred to as DMZ (Demilitarized zone). A DMZ network is protected to some extent as the internal network. The access to the DMZ from internal network is also filtered by firewall as well. The figure below shows A DMZ Network. [9], [1]

Figure 1.5 Two Firewall Architecture, source [10]

1.8 Firewall Policies

As a security assessment process one must have a clear idea of various business communications that is passing through the firewall. Each protocol that is been access has it our risk and it must be justified according to the business needs. It is essential that firewall policies must be well documented, with business justification for each rule clearly articulating the documentation. Changing the firewall policies should be sparingly and cautiously with the management approval.

1.8.1 Address Translation

Address allocation for private internets, certain non-registered IP address range which are to be used by private network and should not be routed over the internet. The addresses which are reserved are as follows:

192.168.0.0 - 192.168.255.255

Figure 1.4 DMZ Network, source [9]

1.7.4 Two-Firewall Architecture

The two firewall one for external network and other for internal interwork with the DMZ (Bastion Hosts) lying between them. In this scenario the internal firewall acts as a second gatekeeper to keep the external visitors directly coming into the internal network. The benefit of using dual screened subnet architecture for a firewall setup is that if the external hosts are exploited (as it could be since the services in the DMZ are request by many users and is exposed to a greater risk of being hacked), you still have a interior firewall as a second gatekeeper to defend the attacker of hacking the machines. The figure below shows the two-firewall architecture. [10]

Figure 1.5 Two Firewall Architecture, source [10]

1.8 Firewall Policies

As a security assessment process one must have a clear idea of various business communications that is passing through the firewall. Each protocol that is been access has it our risk and it must be justified according to the business needs. It is essential that firewall policies must be well documented, with business justification for each rule clearly articulating the documentation. Changing the firewall policies should be sparingly and cautiously with the management approval.

1.8.1 Address Translation

Address allocation for private internets, certain non-registered IP address range which are to be used by private network and should not be routed over the internet. The addresses which are reserved are as follows:

192.168.0.0 - 192.168.255.255

172.16.0.0 - 172.31.255.255

10.0.0.0 - 10.255.255.255

The primary reason for reserving the private address is in-sufficient number of IPV4 address. Most organization hides their internal address to the public world by using NAT (Network Address Translation). This serves as a basic security measure to make the hacker little difficult to hack the machines. NAT is basically performed on the internal firewall and basically takes two forms Static and Dynamic. When NAT is performed, the firewall rewrites the source and/or the destination address in the IP header, completely replacing them with a translated address.

1.8.1.1 Static Translation

In a static NAT, a permanent one-to-one mapping takes place. Mapping an unregistered IP address to a registered IP address. This is useful when a device need to access a public network (internet). The figure below show the static NAT, in this the computer with 192.168.32.15 will always translated to 213.18.123.112 and so on. [11], [14]

Figure 1.6 Static Network Address Translations, source [11]

1.8.1.2 Dynamic Translation

In a dynamic NAT, Mapping of unregistered IP address to a registered IP Address from a pool of registered IP addresses. At a time of communication Dynamic NAT establishes a one-to-one connection between an unregistered IP address to a registered IP address from a pool of available IP address. As shown in the figure a Dynamic NAT, the computer with IP address 192.168.32.15 will translate to the first available address in the range from 213.18.123.116 to 213.18.123.150: [11]

Figure 1.7 Dynamic NAT, Source [11]

1.8.1.3 Port Address Translation

In PAT when multiple numbers of internal hosts wants to initiate a session with a global address in the pool then there will be overloading. This is a configuration parameter in NAT, which is referred as PAT. In normal circumstances there will be more number of clients, want to access a few public IP addresses, in other words you are mapping many inside client to a single internal IP address (many-to-one). It is also know that TCP/UDP uses 16bit to encode the port number which account to 65536 different services to a source. PAT tries to use original source port number if it is not used. If not available it will use the next available port number from the appropriate group. If all the available port numbers are exhausted, then process starts again. [13]

1.9 Popular Firewalls

There are many firewall vendors in the market. Firewall usually takes either a hardware form or a software form. Firewall takes a form of computers running common operating system (OS) with the software installed on top of it, or purposefully built as a hardware appliance intended as a firewall for a particular OS. The major vendors of firewalls are as follows:

Firewall vendors

Form

Operating System (OS)

3com Corporation & Sonic Wall

Hardware

Custom

Check Point Software Technologies

Both

Windows, Solaris

Cisco Systems, Inc.

Hardware

Custom

Cyber Guard

Hardware

Custom

Microsoft

Software

Windows server 2003

Net Screen

Hardware

Custom

Novell

Software

Netware

Stone soft, Inc.

Software

Linux

Symantec Corporation

Software

Windows, Solaris

Watch Guard Technologies, Inc

Hardware

Custom

Table 1.1 Firewall Vendors and Type, Source [1]

Check Point FW-1 comes in both hardware and software, normally it is installed on common software like Solaris and Windows but it is partnership with Nokia. Microsoft ISA Servera Symantec Enterprise Firewall fall in software category. Cisco PIX firewalls fall in hardware appliance category

Few vendors which run on a pure software installed on a common general purpose OS usually employing some sort of Hardening process so that hacker do not actually compromise the security of the underlying OS. Instead of causing a downfall of firewall, hacker could just attack the OS that hosting the firewall and cause the machine to route the packet before firewall see them. [1]

Axent Raptor, one of the types of Firewall runs a service called as vulture to kill a vulnerable process that attempt to start malicious applications, virus, and Trojans. This software lock the windows OS such that no other outside program or unauthorized person can infect the server. The best features of Axent Raptor are it would allow email to go into the SMTP server but doesn't allow the un-legitimate user to access mail from the web server. It would allow the user to brow the web content and doesn't allow dangerous files to download in it. It will also allow the remote user to access only the particular machines but not the complete network. [15]

1.9.1 Cisco PIX Firewall

The Cisoc PIX firewall is designed to meet all types of networks which include enterprise, medium network and small or home network. PIX model has a VPN support and can support multiple users. PIX can be manageable and un-manageable with upgrading and support additional interfaces. [1]

Key items that PIX Firewall includes are as follows:

Different level of clear throughput starting from 10Mbps to 10Gbps

An Unlimited number of VPN connections

Optional encryption standards like 168-bit 3DES (Triple Data Encryption Standard) or 56-bit DES (Data Encryption Standard) VPN tunnel.

Various types of rack-mountable, different types of network card supports for small business offices.

A user license which can support more number of internal IP address and DHCP (Dynamic Host Configuration Protocol) server features which support fixed or variable number of address assignment. This total depends on the type of PIX model used. [1]

PIX OS is design solely for securing the network infrastructure. It has high end feature which provide high level of security and efficiency. There was no weakness found in PIX OS as found in Windows or Unix OS. PIC has many security features and with its up-to-date OS and specially designed hardware it remains the number one competitor in the market. The features which are included in PIX OS are as follows: [1]

URL filtering: Network Administrator can implement the security policy and limit the access to URL for a particular user.

Content Filtering: Can block Java Applets and ActiveX

Purpose-built Operating System: It can eliminate the loop-holes and weakness found in different OS basically in Window or UNIX.

Adaptive Security Algorithm (ASA): method of filtering in PIX is through stateful inspection packet filtering, which allows analyzing, inspecting the traffic flowing in and out of the network.

Cut-through proxy: Authenticate the access policy of the users through PIX

Dynamic Host Configuration Protocol (DHCP): It can work like a DHCP client or DHCP server

Routing functionality: It support both dynamic and static routing protocol like RIP, OSPF etc.,

Support for RADIUS (Remote authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access Control System): It support Authentication, Authorization, and Accountability for users passing through the PIX firewall.

NAT & PAT: Hides the internal network from internet by applying address translation and make more efficient in use of internal IP address.

VPN (Virtual Private Network): It is capable of connecting mobile user site-to-site by using encryption standards like DES, 3DES and AES.

Intrusion Detection: PIX can protect the network from various forms of attacks such as DNS Guard, Flood Guard, Mail Guard and IP Verify and has the ability to detect and identify the attack from the signature.

Failover: It provides a high quality solution in case of any failure.

Point to Point Protocol over Ethernet (PPPoE) support: It is compatible with xDSL (X Digital Subscriber Line) and cable modems. [1]

Introduction of the project:

Firewalls are crucial elements in network security, and they have been widely deployed to secure private networks in businesses and institutions. A firewall is a security protector located at the point of admission flanked by a private network and the exterior Internet such that all inward and outgoing packets have to go by through it. A packet is able to be viewed as tulle with a limited number of fields such as source IP address, purpose IP address, source port number, destination port number, and protocol type. By investigative the values of these fields for incoming and outgoing packets, a firewall accepts legitimate packets and discards illegitimate ones according to its "policy," that is, "configuration."A firewall policy consists of a sequence (that is, an ordered list) of rules, whack rules' of the form (predicate) à (decision). The ( predicate) of a rule is a Boolean expression over some packet fields such as source IP address, destination IP address, source port number, destination port number, and protocol type. The (decision) of a law can be accept, throw away, or a combination of these decisions with other options such as a logging option.

The system in a firewall rule often disagreement. To make your mind up such conflicts, the decision for each packet is the choice of the first (that is, the highest priority) rule that the packet matches. Even though a firewall policy is a mere succession of rules, properly conniving one is, by no means, easy. The system in a firewall policy is rationally entangled because of conflicts among rules and the resulting order compassion. Ordering the rules correctly in a firewall is critical yet difficult. The suggestion of any rule in a firewall cannot be unspoken correctly without examining all the rules listed on top of that rule. In addition, a firewall strategy may consist of a large numeral of rules.

A firewall on the Internet may consist of hundreds or even a small number of thousand rules in extreme cases. One is able to picture the complexity of the logic underlying so many conflicting rules. An error in a firewall policy, that is, a wrong definition of being legitimate or illegitimate for some packets, means that the firewall either accepts some malicious packets, which consequently creates security holes in the firewall ,or discards some legitimate packets, which consequently disrupts normal business.

Moreover case could reason permanent, if not tragic, consequences. Known the importance of firewalls, such errors are not suitable. Regrettably, it has been experiential that most firewalls on the Internet are poorly designed and have many errors in their policies. Therefore, how one can design firewall policies correctly is an important issue. Since the correctness of a firewall policy is the focus of this paper, we assume that a firewall is correct if and only if its policy is correct and a firewall policy is correct if and only if it satisfies it's given requirement specification, which is usually written in a natural language. In the rest of this paper, we use the term "firewall" to mean "firewall policy" or "firewall configuration," unless otherwise specified. With the worldwide internet connection, network safety has gained significant attention in research and industrial community. Owing to the rising threat of network attacks, firewalls have become significant rudiments not only in enterprise network but also in small-size and home networks.

Firewall encompass been the border cover for secure networks beside attacks and illegal traffic by filtering out unwanted network traffic coming from or going away to the secured network. The filter choice is based on a set of filter rules definite according to predefined security policy supplies. Even though operation of firewall knowledge is an important step toward securing our networks, the difficulty of managing firewall policies might limit the effectiveness of firewall policies might limit the effectives of firewall policies might limit the effectiveness of firewall policies might limit the effectiveness of firewall security.

In solitary firewall surroundings, the local firewall policy may include intra-firewall anomaly, where the same packet may match additional than one filtering rule. Moreover, in distributed firewall environments, firewalls might also have inter-firewall anomalies when individual firewalls in the same path perform different filtering actions on the same traffic.

Therefore, the administrator must give special attention not only to all rule relations in the same firewall in order to determine the correct rule order, but also to all relations between rules in different firewalls in order to determine the proper rule placement in the proper firewall .We in addition use a tree-based filter symbol to develop a anomaly discovery algorithms for coverage any intra- and inter- firewall irregularity in any general network. We lastly develop a rule editor to create anomaly-free firewall policies, and very much simplify adding, removing and modifying filter rules.

Even though firewall security has been known strong attention in the research society, the emphasis was mostly on the filtering performance issues. On the other hand we have attempted to address only one of the conflict problems which are the rule correlation in filtering policies. We propose the method of diverse firewall design. This document represents the first attempt to apply the well-known code of diverse plan to firewalls. We present a method that can compare two given firewalls and output all functional discrepancies between them in human readable format. This is the first method created for this purpose. We present a method to compute firewall change impacts by computing all functional discrepancies between the firewalls before and after changes. This is the first technique for doing firewall alters impact psychoanalysis.

Existing system:

Firewalls are crucial elements in network safety, and contain been widely deployed in most businesses and institution for secure private networks. The purpose of a firewall is to look at each incoming and outgoing packet and make a decision whether to accept or to discard the packet based on a sequence of rules type. By examining the values of these fields for incoming and outgoing packets, a firewall accepts legitimate packets and discards illegitimate ones according to its "policy, "that is, "configuration." An error in firewall policies may accept some malicious packets or discard some genuine packets. So only we are proposed to design a correct firewall policy, which are resolving the all

Functional Discrepancies.

Firewalls are crucial elements in network safety, and contain been widely deployed in most businesses and institution for secure private networks. The purpose of a firewall is to look at each incoming and outgoing packet and make a decision whether to accept or to discard the packet based on a sequence of rules type. By examining the values of these fields for incoming and outgoing packets, a firewall accepts legitimate packets and discards illegitimate ones according to its "policy," that is, "configuration." An error in firewall policies may accept some malicious packets or discard some genuine packets. So only we are proposed to design a correct firewall policy, which are resolving the all functional discrepancies.

This chapter briefly described almost the works review that related to this project. It explained the explanation of Web Application Firewall, how its work and determined the current problem with regard to the susceptibilities of the web server. It also discussed the function of Mod Security and how It can protect the web server from malicious attacks through Application Layer. It will also briefly describe the penetration testing tool that was used in this project Susceptibilities Scanner. There are also the explanations of Apache Web Server and the concept of reverse proxy.

Objectives and Functions of operating system:

An Operating system is a program that controls the execution of application programs and act as interface between computer hardware and applications:

Convenience: Operating system makes more convenient to use the system.

Efficiency: It allows computer system resources to be used frequently and efficiently

Ability to evolve: To permit efficient development, testing, and introduction of new system and Operating system should be constructed of new system functions without interfering with service

Literature Survey:

The works review was organizes into several subject areas will review and concept of the undertaken project as to assist its overall implementation.

The works review was organized into several subject areas that are related to

This project. It will review the concepts of the undertaken projects as to assist its overall implementation. The references made would be able to clarify and understand various aspects of the project such as the concept of firewall and Web Application Firewall, Mod Security as an effective Web Application Firewall, the problems with regard to the exposures of the web server, the concept of proxy server and reverse proxy, and also the penetration testing tools, that is Acunetix Web Susceptibility Scanner.

Firewalls are the main provision of the enterprise security and of widely approved knowledge for protecting the private systems. A small error in firewall policies will create security holes that allow malicious act into the private networks, cause of these malicious acts the normal business process could be lead to irreparable. The greatest firewall plans on the internet are poorly measured and taking many blunders. Therefore how one can design firewall policies correctly is an important issue. In my proposals here am going to create a new firewall policy which is act effectively by comparing with other firewall policies. Here one middle ware is using to create the new policy, but the middle ware does not know the policies of existing firewalls are using here. Am going to give a specific requirement to, two type firewalls which are contains different policies, the firewalls will act depends upon them policies so the output of the firewalls will be different. That means one firewall may be accept the requirement and another firewall may be rejecting.

Firewall Issues:

This issues have several kinds of applications, showing the issues arising when firewalls are located within the communication path. Describes the issues of each specification application in more structured way, defining the following classes' problems:

Software

Hardware

Network

Security Policy:

Here they are two categories of firewall issues and further subdivide them accordingly:Issues are caused by:

1.The fact application is unaware of the network.

2 The fact that the network is unaware of the application

Both the network and the application may not be aware of each other in terms of requirements. And the application assumes network transparency. The application also expects reliability and secure operations therefore expects to be protected against malicious intends. Both required same thinking between network and the application.

Issues caused by the application having difficulties to be aware of network needs:

Issue when application try to adopt towards needs of network. It Has four categories. Software, Hardware, network and security policy.

Software and Port numbers:

Unless the application starts the port numbers and number of ports are unknown. Firewall administrator need to create big holes if the application is not capable, of determining the amount of ports to be used. Try to push all traffic through a single hole causes referral problems.

4.1.2 Hardware

Applications want to be aware of the underlying network have difficulties with:

Understanding the number and kind of firewall located within routing path

Pushing data across long connections that need enough buffer space and switching capacity.

Opening multie high performance channels over a single fiber.No firewalls deal with multiple wavelengths on single fiber.If the wavelength is divided into DWDM equipment then firewall are not able to deal it.

Network:

Applications are typically unaware of their position within the network. This may cause issues like:

• Certain grid applications cannot be placed inside the DMZ. This, as the data contained withinSuch application may be too sensitive to allow it to be compromised and therefore can only beplaced within the enterprise network. The application will need to be changed such that itplaced within the enterprise network. The application will need to be changed such that ittemporally publishes relevant pieces of the information from its location on the enterprise sideof the firewall to a server reachable via the DMZ.

• Grid applications are more and more developed using a SOA. Such architecture is inherentlydistributed. If a workflow orchestrates components located at various places, the interfacesmay need to cross multiple firewalls and DMZs, each with their own security and firewallpolicies. The more a workflow is allowed to be flexible, the more security policy issues are likely.

• Applications are built independently of their network addresses, but rather have things like URLs to identify them. Applications with a need for special network resources, that bypass the regular Internet, must somehow indicate this. Therefore, firewalls involved in bypass connections also may need to perform elaborate routing functions,

Security Policies:

Firewalls may not have enough information to authorize applications

Firewalls must not protect against attacks from the public network, but also it prevent the public network from being abused where the application does not provide enough information.

Application need to trust each other and firewalls may not be able to extend the security context between any two applications.

Applications cannot provide firewalls with enough information so that firewall may therefore not be aware if connection is trusted

4.2 Issues caused by the network being unable to be aware of the application

This is the traditional approach where the application expects the network to be transparent and the issue is therefore the network.

One may subdivide these issues into 5 kinds, with an increasing amount of difficulty to be

Specified ports could be easily opened within a firewall and they should not reporesent any problem for a firewall administrator.Neverthless each of these application has to be examined in detail to verify whether the communication protocols comlies with the security policy of the local organisation

4.2.2 Detectable dynamic data transfer ports

Applications that use a single well-known port for a control channel and a set of dynamic ports forthe data transfer. The control channel (typically in clear-text) is used to synchronize thecommunication behavior between client and server applications, e.g. to exchange informationabout the dynamic ports that will be allocated for file transfers (data stream of an ftp session).The control streams can be constantly monitored by special firewall plug-ins that extracts the ports dynamically allocated for the data streams. These ports are then automatically opened in the firewall. Such a mechanism has been already developed for the FTP, H.323 and SIP protocols.

4.2.4 Arbitrarily dynamic data transfer ports

These application may start a data transfer using one ephemeral port or a set of ephermal ports, then they may add or remove sockets arbitrarily at any time .The difficulty is determining the complete communication setup at starting time implies that a complete range of ephermal ports need to be permanently allowed for transferring through the firewall

4.2.5 High throughput data pipes with non standard traffic patterns

Applications that require high throughput data pipes. These data streams often have special SLAs(service level agreements).Theses SLAs could result in unfair behavior of the streams, leading to reduced throughout for normal traffic.

Methodology:

This Project clearly identifies amount firewall to implement. With the Help of software implementation is done in project and comparing with different operating systems. And the comprising is made between the Web Server with Mod security application and the web server that is directly connected to the internet.

Wireshark;

Wireshark is a network packet analyzer it will try to capture network packets and tries to dipay thatdata.Wireashark is a network packet analyzer as measuring a device indside the network cable.Wireshark is one of the best source

Uses:

Troublesooting network problems

Examine security problems

Debug Protocol Implementation

Wireshark can capture traffic from many different network media types.Media things ehich are supported it depends upon various operating system

C:\Users\taqi\Desktop\69036.jpg

C:\Users\taqi\Desktop\69037.jpg

Wiresark is not an intrusion detection system it will not allowed to do wrong things.If any thing happens then wireshark will know that thing.Wireshark will not manipulate tings on network,it will only measure things from network.Wireshark doesn't send packets on the network .

Wireshark is open source packet analyzer used for network troubleshooting analysis software and it used to communiocate protocol development.Ir runs in various operating system including Linux,Mac OS X,BSD,and Solaris and Microsoft windows.I t is used to capture data analyze

Fearures;

Data can captured from the wire from a live network connection or read a file that recorded captured packets

Captured files can be programmatically edited or converted

Data dispays can be refined using a display filter

Raw USB traafic can be captures with the help of wireshark.

Packet Tracer:

Packet Tracer v3.1 is an interactive tool that is worn to study the basic function of avariety of devices at the physical, data link, network, and move layers of the OSI model. Thisis planned to teach new students how and why campaign in a network employment the waythey do. Packet Tracer v3.1 is a stand-alone, medium-fidelity reproduction situation that allowsnovice to design, configures, and troubleshoots CCNA-level networks. Students create a network topology with a drag-and-drop boundary. Switches and routers may be configured through a replicated versionof Cisco IOS. After the devices have been connected and configured, enter simulationmode. This causes RIP v2 routing updates and a form of STP to be executed. Students may thendescribe packets and watch the animation of the route each packet takes through the networkA discrete-time model allows students to follow a packet as it encounter different networkdevices in a step-by-step or continuous movie mode. At any point in the journey, a packet maybe stopped and its headers may be examined and processed based on the device algorithmsexplored.

Tecnology and Protocol:

Packet Tracer v3.1 supports these technologies and protocols:

• Console, straight-thru, cross-over, serial, fiber and modem connections

• Limited Cisco IOS CLI configuration of switches and routers

• Switches, port individuality, VLAN database, VLANs, and trucking

• Routers, ACLs, VLSM, simple NAT and PAT, and a form of DHCP

• Routing, RIP v2, static and default routes, and load balancing

• Clouds, bridges, hubs, access points, repeaters, PCs, servers, and printers

Packet Tracer features:

• Bridging, switching, and routing tables

• OSI encapsulation

• Many OSI Layer 1, 2, 3, and 4 features

• A confront Mode that requires students to direct the packet

File:Cisco Packet Tracer.png

Packet tracer is used to make easy the creation of engaging,collaborative,and localized instructional materials. Troublshoot wit help of firewall. Take two routers and connect two routers with firewall and device shows the trouble shooting and running firewall.

,

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.