MAHARASHTRA STATE BOARD OF TECHNICAL EUCATION

GURUKUL EDUCATION SOCIETYS INSTIITUTE

ENGINEERING &TECHNOLOGY NANDGAON

MICRO PROJECT
Academic year:2020-21

TITTLE OF PROJECT
“INTERNET SECURITY AND
FIREWALL”
SUBJECT:OSY
SUBJECT CODE:22516
COURCE AND CODE :CO-5I
Subject teacher : Prof.S.R.JAIN

1
 MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI

CERTIFICATE

This Is To Certify That SABALE ROHIT MADHAV Roll No:26 of Forth

Semester Of Computer Engineering Project Diploma Satisfactorily In Subject
OSY For The Academic Year 2020-21 As Prescribed In The Curriculum.

Place:Nandgaon Enrollment no: 201607090

Date : Exam seat no-240486

PROF.S.R.JAIN PROF.S.R.JAIN PROF.V.K.

PROJECT GUIDE HOD ZARKHANDE
PRINCIPLE

2
 MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI

CERTIFICATE

This Is To Certify That DEORE DHANRAJ BALKRISHNA Roll No: 19 of

Forth Semester Of Computer Engineering Project Diploma Satisfactorily In
Subject OSY For The Academic Year 2020-21 As Prescribed In The Curriculum.

Place:Nandgaon Enrollment no: 2016070084

Date : Exam seat no-240482

PROF.S.R.JAIN PROF.S.R.JAIN PROF.V.K.

PROJECT GUIDE HOD ZARKHANDE
PRINCIPLE

3
 MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI

CERTIFICATE

This Is To Certify That GAIKWAD AMOL YAMAJI Roll No: 19 of Forth

Semester Of Computer Engineering Project Diploma Satisfactorily In Subject
OSY For The Academic Year 2020-21 As Prescribed In The Curriculum.

Place:Nandgaon Enrollment no 201607091

Date : Exam seat no-240487

PROF.S.R.JAIN PROF.S.R.JAIN PROF.V.K.

PROJECT GUIDE HOD ZARKHANDE
PRINCIPLE

4
 MAHARTASHTRA STATE BOARD OF TECHNICAL
EDUCATION MUMBAI

CERTIFICATE

This Is To Certify That SONVANE VIKAS ISHVAR Roll No:25 of Forth

Semester Of Computer Engineering Project Diploma Satisfactorily In Subject
OSY For The Academic Year 2020-21 As Prescribed In The Curriculum.

Place:Nandgaon Enrollment no: 2016070165

Date : Exam seat no-240489

PROF.S.R.JAIN PROF.S.R.JAIN PROF.V.K.

PROJECT GUIDE HOD ZARKHANDE
PRINCIPLE

“DEPARTMENT OF COMPUTER ENGINEERING”

5
ACKNOWLEDGEMENT

I would like to express my special thanks of gratitude to Prof . S.R.JAIN as

well as our HOD Prof.S.R.JAIN,as well as our Principal PROF.V.K.ZAEKHANDE who
gave me the golden opportunity to do this wonderful project on the topic of “INTERNET
SECURITY AND FIREWALL” , which also helped me in doing a lot of Research and i came
to know about so many new things I am really thankful to them… Secondly i would also like
to thank my parents and friends who helped me a lot in finalizing this project within the
limited time fram. Thanks all of you !

“DEPARTMENT OF COMPUTER ENGINEERING”

6
 Abstract

A firewall is a software program or hardware with software program that creates a security
perimeter whose main function is control unauthorized access of incoming and outgoing data or
information over a network. Firewalls protect you from offensive software that may come to reside on
your systems or from prying hackers. When connected to the internet, even a standalone PC or a network
of interconnected computers make easy targets for malicious software & unscrupulous hackers. A
firewall can offer the security that makes you less vulnerable and also protect your data from being
compromised or your computers being taken hostage. A firewall protects the flow of traffic over internet
and is less restrictive of outward and inward information and also provides internal user the illusion of
anonymous FTP and www connectivity to internet

“DEPARTMENT OF COMPUTER ENGINEERING”

7
 GROUP DETAILS :

SR. Roll no Student Name Enrollment no Seat No

NO
1 26 SABALE ROHIT MADHAV 2016070090

19 DEORE DHANRAJ BALKRISHN 2016070084

2
29 GAIKWAD AMOL YAMAJI 2016070091
3
25 SONAWANE VIKAS ISHWAR 2016070165
4

“DEPARTMENT OF COMPUTER ENGINEERING”

8
 .. INDEX..

SR PAGE
NO TOPIC NAME NO
1. Introduction 1
2. 1.0 : Rationale 2
3. 2.0 : Aim/ Benifits 2
4. 3.0 : Course Outcomes Achieved 2
5. 4.0 : Literature Review 2
6. 5.0 : Actual Methodology followed
 Internet Security 3 to 5
 Firewall
 Firewall types
7. 6.0 : Actual Resource Used 6
8. 7.0 : Output of This Micro project 6
9. 8.0 : Skill Developed/Learning Outcomes of this 7
Micro Project
10. 9.0 : Application of this project 7
11. 10 : Conclusion 7

12. 11 : Refrence 8

“DEPARTMENT OF COMPUTER ENGINEERING”

9
 Introduction

Information security is a critical need for individuals as well as society and all countries around the
world. Since invented, computer network has brought along tremendous effectiveness in every aspect of
life. Besides that users also have to face threats from all kinds of attack from hackers. Network security
includes protection methods for all information that is stored and transferred through a system network.
This is also a special field of interest and a difficult and complex work at the same time. Reality has
proved that attack methods are more advanced and sophisticated than before and hackers aim to attack
information during the storing, processing and transferring phases. Since the Internet era, more and more
computers are attacked by viruses, Trojans and also by various kinds of TCP/IP protocol injections.
[13, 5]
In the information outburst age, hackers develop at a faster rate than ever on all scales. A firewall is
not only software (like a firewall on Windows OS) but also can be a dedicated hardware in network
security. A firewall as dedicated hardware helps computers in network to analyse data ensuring that
malware cannot penetrate into the system. It also allows network administrators to control activities on
users’ computers, filter and restrict data access and transfer data from inside out and vice versa.
[13, 6-11] Due to the importance of network security, I chose the topic “Network Security and
Firewall” as my final year project to study solutions enhancing computer security. There is no absolute
safety solution so in order to secure the information on a network, we need to construct many layers of
protection. A firewall is the outermost layer of that system. The goal of this project is to study the basic
concepts of a firewall, threats to computer network security, a firewall topologies, how they work and
deployment of open source firewall products. The firewall product used for testing phase is ClearOS which
runs on the basis of open source Linux.

“DEPARTMENT OF COMPUTER ENGINEERING”

1
1.0 Rationale :
Computer and network security has a wide range of applications and most of the
applications need ample security and access to the network should be restricted from
intruders and anomalies. Firewalls can be considered as the best choice this process
and in general the firewalls provide some access restrictions to the incoming and
outgoing traffic across a network.

2.0 Aim /Benefits

The aim of this Micro project is to perform the about the project is Internet Security
and firewall

3.0 Course Outcomes Achieved

a) Operate & Install operating system and configure it.
b) Explain the use of operating system tools to perform various functions.
c) Execute process commands for performing process management operations.
d) Test different scheduling algorithms to calculate turnaround time and average
waiting time.
e) Test and calculate efficiency of different memory management techniques and Use
of file management techniques.

4.0 Literature Review

The term firewall originally referred to a wall intended to confine a fire within a line
of adjacent buildings. Later uses refer to similar structures, such as the metal sheet
separating the engine compartment of a vehicle or aircraft from the passenger
compartment. The term was applied in the late 1980s to network technology that
emerged when the Internet was fairly new in terms of its global use and connectivity.
The predecessors to firewalls for network security were routers used in the late 1980s.
Because they already segregated networks, routers could apply filtering to packets
crossing them.

“DEPARTMENT OF COMPUTER ENGINEERING”

2
5.0 Actual Methodology followed
Internet Security
Internet security is a branch of computer security specifically related to not only
Internet, often involving browser security and the World Wide
Web, but also network security as it applies to other applications or operating systems
as a whole. Its objective is to establish rules and measures to use against attacks over
the Internet.[1] The Internet represents an insecure channel for exchanging information,
which leads to a high risk of intrusion or fraud, such as phishing, online viruses,
Trojans, worms and more.
 Malicious software
An internet user can be tricked or forced into downloading software that is of
malicious intent onto a computer. Such software comes in many forms, such as
viruses, Trojan horses, spyware, and worms.
 Denial-of-service attacks
A denial-of-service attack (Do’s attack) or distributed denial-of service attack (Didoes
attack) is an attempt to make a computer resource unavailable to its intended users.
Another way of understanding Dados is seeing it as attacks in cloud computing
environment that are growing due to the essential characteristics of cloud
computing.[4] Although the means to carry out, motives for, and targets of a DoS
attack may vary, it generally consists of the concerted efforts to prevent an Internet
site or service from functioning efficiently or at all, temporarily or indefinitely.
 Network layer security
TCP/IP protocols may be secured with cryptographic methods and security
protocols. These protocols include Secure Sockets Layer (SSL), succeeded by
Transport Layer Security (TLS) for web traffic, Pretty Good Privacy (PGP) for email,
and IPsec for the network layer security.
 Internet Protocol Security (IPsec)
IPsec is designed to protect TCP/IP communication in a secure manner. It is a set of
security extensions developed by the Internet Task Force (IETF). It provides security
and authentication at the IP layer by transforming data using encryption. Two main
types of transformation that form the basis of IPsec: the Authentication Header (AH)
and ESP. These two protocols provide data integrity, data origin authentication, and
interplay service. These protocols can be used alone or in combination to provide the
desired set of security services for the Internet Protocol (IP) layer.

“DEPARTMENT OF COMPUTER ENGINEERING”

3
Firewall

a) The first among the components is the “Internet Access Security Policy” of an
organization. This means that when the organization is connecting to the internet what
was the expected level of security at high level. Without depending on the equipment
that are used the security policy must have a life time because it is not based on the
techniques and the technology that is implemented (Government of the Hong Kong,
2009). According to this statement, an instance for this type of security policy is a
corporate network of an organization is not accessed by the external users that means
they are not permitted use that network if not they have unauthorized authentication. If
an organization require transferring its corporate information through the internet and
if that information is not available in the public domain then the information is
transferred in a confidential approach. And all the other external services will be
banned and only the corporate users are permitted to send e-mails across the internet.

b) The other component in making the firewalls is mapping of the security

policy on the procedures and technical designs, these procedures and technical designs
on which the security policy is mapped must be followed and implemented while
connecting to the internet. During this process the configuration of the system will be
changed and the information will be added as a fresh technology and so on. The usage
of one-time passwords can be taken as example for the technical design considering
the authentication of an organizational network. Generally the technical designs
depends on one security policy among the two polices. The two policies are allowing
any service except it is denied expressly or deny any service except it is permitted
expressly. The second one is the most secure among the two security policies.

c) The third one is firewall system which is a combination of both software and
hardware that means the both the software and hardware components can make the
firewall. Generally a firewall system is made up of an “IP packet filtering router” and
a host computer sometimes it is also called as application gateway or a bastion host
which will run authentication software and application filtering.

All the above components are very important and necessary for making a firewall. A
firewall is said to be not configured properly if there is no Internet access security
policy. There is no value for the policy if that is not configured properly and also if is
not enforced with worthy procedures.

“DEPARTMENT OF COMPUTER ENGINEERING”

4
FIREWALLS TYPES

 Packet filter
The first reported type of network firewall is called a packet filter, which inspect
packets transferred between computers. The firewall maintains an access control list
which dictates what packets will be looked at and what action should be applied, if
any, with the default action set to silent discard. Three basic actions regarding the
packet consist of a silent discard, discard with Internet Control Message Protocol or
TCP reset response to the sender, and forward to the next hop. Packets may be filtered
by source and destination IP addresses, protocol, source and destination ports. The
bulk of Internet communication in 20th and early 21st century used either
Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) in
conjunction with well-known ports, enabling firewalls of that era to distinguish
between specific types of traffic such as web browsing, remote printing, email
transmission, file transfer.
The first paper published on firewall technology was in 1987 when engineers from
Digital Equipment Corporation (DEC) developed filter systems known as packet filter
firewalls. At AT&T Bell Labs, Bill Cheswick and Steve Beloved continued their
research in packet filtering and developed a working model for their own company
based on their original first-generation architecture.

 Connection tracking
From 1989–1990, three colleagues from AT&T Bell Laboratories, Dave Presotto,
Jamadar Sharma, and Kshitij Nigam, developed the second generation of firewalls,
calling them circuit-level gateways.
Second-generation firewalls perform the work of their first generation
predecessors but also maintain knowledge of specific conversations between
endpoints by remembering which port number the two IP addresses are using at
layer 4 (transport layer) of the OSI model for their conversation, allowing
examination of the overall exchange between the node]s.

“DEPARTMENT OF COMPUTER ENGINEERING”

5
6.0 Actual Resource Used

Sr Name of Resource / Specification Qty. Remarks

No. Material
1) Laptop Intel (R) Core i5- 4GB RAM 1 -

2) Operating System Windows 10 1 -

7.0 Output of This Micro-Project-

• INTERNET SECURITY AND FIREWALL

“DEPARTMENT OF COMPUTER ENGINEERING”

6
8.0 Skill Developed/Learning Outcome of this Micro-Project :-

1) Learn about Internet Security and firewalls.

2) Understand the basic types of internet security.

9.0 Applications of this Micro-Project

1. An application-level gateway acts as a relay node for the application level traffic.
They intercept incoming and outgoing packets, run proxies that copy and forward
information across the gateway, and function as a proxy server, preventing any direct
connection between a trusted server or client and an untrusted host.
2. A firewall is a network security device that monitors incoming and outgoing network
traffic and decides whether to allow or block specific traffic based on a defined set of
security rules.

10 . Conclusion
The goal of this project was to gain knowledge about a firewall as well as threats to the
computer network security and deployment of ClearOS an open source Linux firewall. This thesis includes
theoretical background of a firewall and network security as well as a study case about real life situations
which administrators have to deal with. Those practical situations consisted of blocking certain IPs acces-
sing the Web servers, only allowing one local and one external IP to access and administer a firewall,
preventing a scan port with Nmap, establishing rules for countering DoS.

“DEPARTMENT OF COMPUTER ENGINEERING”

7
11. Refrence

1. https://www.ietf.org/rfc/rfc2196.txt.Accessed
2. http://www.bestsecuritytips.com/xfsection+article.articleid+2.htm
3. https://www.clearos.com/clearfoundation/social/community-dashboard/entry/go-ing-back-to-
our-red-hat-roots
4. http://www.contegix.com/products/a

“DEPARTMENT OF COMPUTER ENGINEERING”

8