Reorganization of Firewalls based on Policy Distribution
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
science projects buddy
Active In SP

Posts: 278
Joined: Dec 2010
28-12-2010, 11:29 PM

Reorganization of Firewalls based on Policy Distribution
Sreejith S
Department of Computer Science And Engineering
Government Engineering College, Thrissur
December 2010

 Introduction to firewalls
 Why distributed firewalls??
The new system
 Requirements and System Components
 Implementation on BSD Linux

Unauthorized access control mechanism
Packet Filter
Application Gateway
Circuit-level Gateway

Drawbacks of the
conventional system[2]

Insiders of the netwo rk are trusted
Congestion Points
New protocols which are difficult to be
processed at firewalls
Application specific access controls

Distributed Firewalls

Requirements Of The New Firewall
A security policy language(e.g. KeyNote)
An authentication mechanism (e.g.. IPsec.)
A repository to keep credentials.

System Components
A Central Management System
A Transmission System
Implementation of the policies at client side

Implementation of a
distributed firewall on BSD

Elements of the Implementation
A set of kernel extensions
A user level daemon process
A device driver

Enhancement of Performance
Easier protocol filtering
Protection from insider attacks
Filtering can be done as per needs and
End-to-end encryption improves security

[1] Thames, J Lane., Randal, Abler., and Kneeling, David . A distributed
firewall and active response architecture providing preemptive
protection. A.C.M. March 2008.
[2] Ioannidis, Sotiris., Keromytis, Angelos D., Bellovin, Steve M., and
Smith, Jonathan. Implementing a Distributed Firewall . A.C.M 2000.
[3] Stepanek, Robert. Distributed Firewalls. Seminar on Network
Security: Telecommunication Software and Multimedia Laboratory.
Helsinki University of Technology. 2001.
[4] Wikipedia, the free online encyclopedia.

.pdf   Reorganization of Firewalls based on Policy distribution.pdf (Size: 178 KB / Downloads: 49)
Use Search at wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
science projects buddy
Active In SP

Posts: 278
Joined: Dec 2010
29-12-2010, 12:01 AM

Reorganisation of Firewalls based on Policy Distribution
B.Tech Seminar report
Sreejith S
Department of Computer Science And Engineering
Government Engineering College, Thrissur
December 2010

.pdf   Reorganization of Firewalls based on Policy distribution Report.pdf (Size: 117.5 KB / Downloads: 48)

Firewalls are central elements of network security. Still, classical firewalls are
subjected to a number of limitations. This is chiefy attributed to the inability in
completely trusting the insiders of the network, topology restrictions and so on. Dis-
tributed firewalls, which are designed for alleviating these weaknesses, promise a new
stronger line of network defense. In distributed firewall system the security policies
are defined centrally but are implemented at the network endpoints like hosts, routers
etc.The implementation of this architecture is quite efficient and easy, espicially in
Linux based systems, providing better administration capabitlities.

Chapter 1

Network Security is a topic that has gained significant attention in the present
scenario, where security attacks like intrusion, masquerading, hacking, denial of ser-
vice etc. are being a real threat to confidential affairs. A firewall is a method that
acts as a frontier to defend these attacks and unauthorized traffic. The traffic filtering
done by a firewall is based on a set of ordered filtering rules based on some predefined
security policy requirements. The topic introduces the new firewall technology that
promises a better protection than conventional firewalls − named the Distributed
Firewall system. They reside in induvidual hosts in a network, and protects the en-
terprise network’s servers as well as end user machines.

1.1 Organization Of the Report
1. Chapter 2 introduces what firewall applications are and what the different forms
of conventional firewalls are. The chapter also deals with the flaws of the con-
ventional systems and the need for migrating to distributed firewalls
2. Chapter 3 describes the architechture of the Distributed Firewall - What its
requirements are, its structure and components, and how it works.
3. Chapter 4 illustrates the implementation of a distributed firewall on BSD Linux
Operating System.
4. Chapter 5 points out the advantages of the new system over the existing system.

Chapter 2
Security at the network edge :

Most organisations today uses an internal network that interconnects their com-
puter systems and usually with an access to the internet. So its mandatory that there
must be a significant degree of trust between the hosts connected to a network as
well as some protection mechanisms to assure the confidentiality of the organisation.
But the internet is an inherently insecure network. Every network is susceptible to a
variety of attcks when it interfaces the internet. Some common attacks are:
• Sniffer programs : Sniffer programs moniter the internet traffic for sensitive data
like usernames and passwords, and makes them available to an attacker.
• Port Scanners : Port scanners send messages to some remote host and try to
see if any port is available and waiting to receive a call. Once a port has been
found to be open, an attacker can utilize it to get into the system.
• Dictionary Attacks: These programs run in background mode on a machine.
They encrypt a lot of words and compares each of them with some sensitive
information. They are found to be often successful in such attempts and provides
the attcker with alomost 1/3 rd of the sensitive information.
Firewalls are security applications that can be a part of the computer system
or a network. They are designed to block unauthorized access while permitting au-
thorized communications. They acts as a secure gateway for the whole network.
Conventional firewalls can be classified as[5] :

1. Packet Filters :
Packet filters deploy the basic firewall technique. It inspects every packet incom-
ing into the network and filters them based on a set of predefined rules. They
does not pay attention to whether a packet is a part of an existing stream of traf-
fic and make use of the charcteristics of a packet such as the packets souce and
destination address, its protocol, and for TCP/UDP packets, the port number.
They work on the first three layers of the OSI model.
2. Application Gateway :
Application Gateways apply filtering mechanisms to specific applications. It
allows customized filters to be plugged into the gateway to support address and
port translation for certain application layer control protocols such as FTP, Bit
Torrent, IM etc.
3. Circuit -Level Gateway :
Circuit Layer gatways works at the session layer of the OSI model and applies
specifies security rules when a connection(TCP/UDP) is established to check if
the requested session is legitimate. They allow uninterrupted packet transfer
once the connection has been established. These firewalls are relatively inex-
pensive to implement. But they do not filter induvidual packets
4. Proxy Server :
A proxy server acts as a mediator between clients seeking resources. It intercepts
all packets that enter and leave the network. They filter traffic based on an IP
address or a protocol. They effectively hides the true network addresses.
Conventional firewalls suffer from a number of issues when the degree of security
increases. These loopholes are espicially the points of interest for an attacker or an intruder. Some of the weaknesses found in traditional systems are as follows : -
1. Traditional firewalls assume that every insider in a network can be completely
trusted. As so, internal traffic which is not seen by the firewall cannot be
filtered, and hence naturally they can’t block attcks that originate from within
the organisation itself.
2. As the size of networks are getting larger, they tend to possess a large number
of entry points for performance, failover etc. As there is no system for a unified
and comprehensive management, there is a significant amount of difficulty in
admininstering these networks.
3. End-to-end encryption can prevent firewalls from recognising the contents of
packets. This is a threat to the security of the organisation. Considerable trust
is implied to the users when end-to-end encryption is permitted.

Use Search at wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion

Important Note..!

If you are not satisfied with above reply ,..Please


So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  Security Framework for Wireless Communications in Smart Distribution Grid seminar tips 2 1,019 28-10-2013, 10:56 AM
Last Post: purplepearls
  Web-Enabled Ration Distribution andControlling pdf study tips 0 237 19-07-2013, 02:39 PM
Last Post: study tips
  FIREWALLS ABSTRACT study tips 0 246 22-05-2013, 04:12 PM
Last Post: study tips
  A TECHNICAL SEMINAR ON FIREWALLS study tips 0 243 09-05-2013, 02:24 PM
Last Post: study tips
Last Post: study tips
  Distribution Channel Strategy grew in importance ppt study tips 0 435 02-03-2013, 10:21 AM
Last Post: study tips
  Policy-by-Example for Online Social Networks pdf study tips 0 466 26-02-2013, 12:44 PM
Last Post: study tips
  Digital Cinema and Super-High-Definition Content Distribution on Optical High-Speed study tips 0 393 14-02-2013, 04:45 PM
Last Post: study tips
  A Survey of Context Data Distribution for Mobile Ubiquitous Systems study tips 0 274 09-02-2013, 12:32 PM
Last Post: study tips
  Modified Distribution Method (MODI) pdf project girl 0 364 01-02-2013, 09:50 AM
Last Post: project girl