Professional Documents
Culture Documents
Osy Project.f
Osy Project.f
MICRO PROJECT
Academic year:2020-21
TITTLE OF PROJECT
“INTERNET SECURITY AND
FIREWALL”
SUBJECT:OSY
SUBJECT CODE:22516
COURCE AND CODE :CO-5I
Subject teacher : Prof.S.R.JAIN
1
MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI
CERTIFICATE
2
MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI
CERTIFICATE
3
MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI
CERTIFICATE
4
MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI
CERTIFICATE
A firewall is a software program or hardware with software program that creates a security
perimeter whose main function is control unauthorized access of incoming and outgoing data or
information over a network. Firewalls protect you from offensive software that may come to reside on
your systems or from prying hackers. When connected to the internet, even a standalone PC or a network
of interconnected computers make easy targets for malicious software & unscrupulous hackers. A
firewall can offer the security that makes you less vulnerable and also protect your data from being
compromised or your computers being taken hostage. A firewall protects the flow of traffic over internet
and is less restrictive of outward and inward information and also provides internal user the illusion of
anonymous FTP and www connectivity to internet
SR PAGE
NO TOPIC NAME NO
1. Introduction 1
2. 1.0 : Rationale 2
3. 2.0 : Aim/ Benifits 2
4. 3.0 : Course Outcomes Achieved 2
5. 4.0 : Literature Review 2
6. 5.0 : Actual Methodology followed
Internet Security 3 to 5
Firewall
Firewall types
7. 6.0 : Actual Resource Used 6
8. 7.0 : Output of This Micro project 6
9. 8.0 : Skill Developed/Learning Outcomes of this 7
Micro Project
10. 9.0 : Application of this project 7
11. 10 : Conclusion 7
12. 11 : Refrence 8
Information security is a critical need for individuals as well as society and all countries around the
world. Since invented, computer network has brought along tremendous effectiveness in every aspect of
life. Besides that users also have to face threats from all kinds of attack from hackers. Network security
includes protection methods for all information that is stored and transferred through a system network.
This is also a special field of interest and a difficult and complex work at the same time. Reality has
proved that attack methods are more advanced and sophisticated than before and hackers aim to attack
information during the storing, processing and transferring phases. Since the Internet era, more and more
computers are attacked by viruses, Trojans and also by various kinds of TCP/IP protocol injections.
[13, 5]
In the information outburst age, hackers develop at a faster rate than ever on all scales. A firewall is
not only software (like a firewall on Windows OS) but also can be a dedicated hardware in network
security. A firewall as dedicated hardware helps computers in network to analyse data ensuring that
malware cannot penetrate into the system. It also allows network administrators to control activities on
users’ computers, filter and restrict data access and transfer data from inside out and vice versa.
[13, 6-11] Due to the importance of network security, I chose the topic “Network Security and
Firewall” as my final year project to study solutions enhancing computer security. There is no absolute
safety solution so in order to secure the information on a network, we need to construct many layers of
protection. A firewall is the outermost layer of that system. The goal of this project is to study the basic
concepts of a firewall, threats to computer network security, a firewall topologies, how they work and
deployment of open source firewall products. The firewall product used for testing phase is ClearOS which
runs on the basis of open source Linux.
a) The first among the components is the “Internet Access Security Policy” of an
organization. This means that when the organization is connecting to the internet what
was the expected level of security at high level. Without depending on the equipment
that are used the security policy must have a life time because it is not based on the
techniques and the technology that is implemented (Government of the Hong Kong,
2009). According to this statement, an instance for this type of security policy is a
corporate network of an organization is not accessed by the external users that means
they are not permitted use that network if not they have unauthorized authentication. If
an organization require transferring its corporate information through the internet and
if that information is not available in the public domain then the information is
transferred in a confidential approach. And all the other external services will be
banned and only the corporate users are permitted to send e-mails across the internet.
c) The third one is firewall system which is a combination of both software and
hardware that means the both the software and hardware components can make the
firewall. Generally a firewall system is made up of an “IP packet filtering router” and
a host computer sometimes it is also called as application gateway or a bastion host
which will run authentication software and application filtering.
All the above components are very important and necessary for making a firewall. A
firewall is said to be not configured properly if there is no Internet access security
policy. There is no value for the policy if that is not configured properly and also if is
not enforced with worthy procedures.
Packet filter
The first reported type of network firewall is called a packet filter, which inspect
packets transferred between computers. The firewall maintains an access control list
which dictates what packets will be looked at and what action should be applied, if
any, with the default action set to silent discard. Three basic actions regarding the
packet consist of a silent discard, discard with Internet Control Message Protocol or
TCP reset response to the sender, and forward to the next hop. Packets may be filtered
by source and destination IP addresses, protocol, source and destination ports. The
bulk of Internet communication in 20th and early 21st century used either
Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) in
conjunction with well-known ports, enabling firewalls of that era to distinguish
between specific types of traffic such as web browsing, remote printing, email
transmission, file transfer.
The first paper published on firewall technology was in 1987 when engineers from
Digital Equipment Corporation (DEC) developed filter systems known as packet filter
firewalls. At AT&T Bell Labs, Bill Cheswick and Steve Beloved continued their
research in packet filtering and developed a working model for their own company
based on their original first-generation architecture.
Connection tracking
From 1989–1990, three colleagues from AT&T Bell Laboratories, Dave Presotto,
Jamadar Sharma, and Kshitij Nigam, developed the second generation of firewalls,
calling them circuit-level gateways.
Second-generation firewalls perform the work of their first generation
predecessors but also maintain knowledge of specific conversations between
endpoints by remembering which port number the two IP addresses are using at
layer 4 (transport layer) of the OSI model for their conversation, allowing
examination of the overall exchange between the node]s.
1. An application-level gateway acts as a relay node for the application level traffic.
They intercept incoming and outgoing packets, run proxies that copy and forward
information across the gateway, and function as a proxy server, preventing any direct
connection between a trusted server or client and an untrusted host.
2. A firewall is a network security device that monitors incoming and outgoing network
traffic and decides whether to allow or block specific traffic based on a defined set of
security rules.
10 . Conclusion
The goal of this project was to gain knowledge about a firewall as well as threats to the
computer network security and deployment of ClearOS an open source Linux firewall. This thesis includes
theoretical background of a firewall and network security as well as a study case about real life situations
which administrators have to deal with. Those practical situations consisted of blocking certain IPs acces-
sing the Web servers, only allowing one local and one external IP to access and administer a firewall,
preventing a scan port with Nmap, establishing rules for countering DoS.
1. https://www.ietf.org/rfc/rfc2196.txt.Accessed
2. http://www.bestsecuritytips.com/xfsection+article.articleid+2.htm
3. https://www.clearos.com/clearfoundation/social/community-dashboard/entry/go-ing-back-to-
our-red-hat-roots
4. http://www.contegix.com/products/a