DATA SECURITY IN LOCAL NETWORK USING

DISTRIBUTED FIREWALL

SEMINAR PRESENTATION



Submitted by

Rk


333501
1.Computers and Networking have become
inseparable by now. A number of
confidential transactions occur every
second and today computers are used
mostly for transmission rather than
processing of data.
2. So Network Security is needed to prevent
hacking of data and to provide
authenticated data transfer.
3.Network Security can be achieved by
Firewall
In most systems today, the firewall is the
machine that implements the security
policy for a system
A firewall is typically placed at the edge of a
system and acts as a filter for unauthorized
traffic
Filters tend to be simple: source and
destination addresses, source and destination
ports, or protocol (tcp, udp, icmp)
3
EXAMPLE OF FIREWALL
Here we have
4 competing
companies.
They have
installed
firewalls to
protect their
secrets from
their
competitors.
Only Web
server access
is allowed
from external
hosts
4
Internet
Company 2
Company 4
Company 1
Company 3
Firewall
Firewall Firewall
Firewall
Some problems with the conventional firewalls that
lead to Distributed Firewalls are as follows:
1. Depends on the topology of the network.
2. Do not protect networks from the internal attacks.
3.Unable to handle protocols like FTP and RealAudio.
4.Has single entry point and the failure of this leads to
problems.
5. Unable to stop "spoofed" transmissions
6. unable to dynamically open and close their networking
ports. In order to solve these problems while still
retaining the advantages of the conventional firewalls,
the concept of "distributed firewall" is proposed.

1.Distributed firewalls are host-resident security
software applications that protect the network's
servers and end-user machines against unwanted
intrusion.
2.They offer the advantage of filtering traffic from
both the Internet and the internal network.
3. This enables them to prevent hacking attacks that
originate from both the Internet and the internal
network.
4. This is important because the most costly and
destructive attacks still originate from within the
organization.
ARCHITECTURE OF STANDARD FIREWALLS
1. contains internal and external
host, internet, firewall, network,
web server, intranet web server.

2. In internal part of network,
there is two hosts, one is trusted
(Internal host 1) and other one is
untrusted (Internal host 2).

3.Both hosts are connected to
the corporate network; web
server and intranet web server
are also connected to the
network.
4Then network connected to the
internet and between network
and internet, there is firewall.
There is also a external host
which is connected to the
internet.

CONNECTION TO WEB SERVER
1. In this figure, we can
see that when internal
hosts want to connected
with web server, they
can connect. It is not
important that they are
trusted or not.
2.For external host,
firewall allowed to
connect with the web
server. So external host
will connect to web
server.


CONNECTION TO INTRANET
1. In this figure, we can see
that internal hosts are
connected to the intranet web
server (company private).
Here, It is not also important
that they are trusted or not.

2. But for external host,
intranet web server is blocked
by this firewall. External
hosts are not allowed to
connect with the intranet web
server. Here we can see that
the disadvantage this
conventional firewall.
Internal hosts are allowing to
connect with the intranet web
server, but here one host is
untrusted. Here there is no
blocking rule for internal
hosts.


ARCHITECTURE OF DISTRUBUTED
FIREWALLS
COMPONENT OF
DISTRUBUTED FIREWALL
1. A central management system
for designing the policies.

2. A transmission system to
transmit these polices .

3. Implementation of the designed
policies in the client end.
1. secure enterprise-wide servers, desktops, laptops,
and workstations.
2. provides greater control and efficiency and it
decreases the maintenance costs of managing
global security installations.
3. This feature maximize network security resources
by enabling policies to be centrally configured,
deployed, monitored, and updated.
4. From a single workstation, distributed firewalls
can be scanned to understand the current
operating policy .
1. It should guarantee the integrity of the policy
during transfer.
2.The distribution of the policy can be different
and varies with the implementation. It can be
either directly pushed to end systems, or
pulled when necessary.
DISTUBUTED FIREWALL FIGURE
1. contains internal and external host,
internet, network, web server, intranet
web server, and a internal host on other
side of network which is
communicating through telnet.

2. Here firewall policy is distributed to
all the systems and web server. If
firewall policy allowed connecting with
server or systems, then only they
connect.

3. In internal part of network, there are
two hosts, one is trusted (Internal host
1) and other one is untrusted (Internal
host 2). Both hosts are connected to the
corporate network; web server and
intranet web server are also connected
to the network. Then network connected
to the internet and between network
and internet, there is firewall. There is
also an external host and internal host
using telecommuting which is
connected to the internet.


CONNECTION TO WEB SERVER
In this figure, we can see
that when internal hosts
want to connected with
web server,they can
connect. Although internal
host of external side of
network and external host
can connect to the web
server. Because they are
allowed to connect with the
server.

CONNECTION TO INTRANET
In this figure, we can see
that only internal host 1
and internal host of
external side is connected
to the intranet web server
(company private). Because
only these two are trusted,
other are untrusted.
So here it is not necessary
that internal host will
connect to private server. If
firewall policy allowed
only then they can connect.
Here it gives the advantage
of protecting the systems
from internal untrusted
hosts

1. Centralized management.
2. consistent security policies helps to maximize
limited resources.
3. gather reports and maintain updates centrally .
4. Distributed firewalls help in two ways.
4.1 Remote end-user machines can be secured .
4.2 Secondly, they secure critical servers on the
network preventing intrusion by malicious
code .
1. Distributed firewalls are often kernel-mode
applications that sit at the bottom of the OSI stack
in the operating system.
2. They filter all traffic regardless of its origin -- the
Internet or the internal network. They treat both
the Internet and the internal network as
"unfriendly".
3. They guard the individual machine in the same
way that the perimeter firewall guards the overall
network.
1. One of the most often used term in case of
network security and in particular distributed
firewall is policy.
2. A security policy defines the security rules
of a system. Without a defined security
policy, there is no way to know what access is
allowed or disallowed.A simple example for a
firewall is
Allow all connections to the web server.
Deny all other access.
The distribution of the policy can be different and
varies with the implementation. It can be either
directly pushed to end systems, or pulled when
necessary.
Pull technique :
1. The hosts while booting up pings to the central
management server to check whether the central
management server is up and active.
2. It registers with the central management server and
requests for its policies which it should implement.
The central management server provides the host
with its security policies.

Push technique :

1.The push technique is employed when the
policies are updated at the central management
side by the network administrator and the
hosts have to be updated immediately.

2. This push technology ensures that the hosts
always have the updated policies at anytime.
SERVER SIDE:
the server side is passive open and listens using the system listen() call
it accepts the incoming connections using the accept() call
if the packets are from the undesired network (determined using the source IP address)
go to decision;
if the incoming packets request HTTP service i.e. port no - 80 (suppose if HTTP
service is to be avoided)
go to decision;
if the packets contain malicious code
go to decision;
if the host(source IP address) look like an intruder
go to decision;
if all the conditions are overcome then
permit the packets;
decision:
deny the packets and drop them.
permit all other types of packets to go through
The Policy mentioned here checks for conditions that can deny the packets and
afterwards checks for permitting because if we allow permission first then all the packets
may be allowed. This is similar to the usage of Access Control List (ACLs) in routers.
Client side:
the client side is active open and the policies are distributed .
Server side:
1.This module is the server daemon that runs at the Central
management server.
2.The server listens on a particular port for a request from the client.
3. After accepting the connection the server daemon pushes out the
security policies specific to contacting client.
Client side:
1.This module is executed by the client at startup. The client contacts
the Central Management Server.
2. It registers with it as an active host. It then obtains its
updated policies and implements them.
3. After implementing these security policies the traffic is monitored
and controlled based on the security policies.
4. Thus the concept of distributed firewalls is implemented.
Server side:
server_Int (Interface) : Has all the methods to be
implemented on the server.
service_provider: This class implements the interface
server_int.
server: Creates an object of the service_provider class
and embeds it in the registry.
Client side:
private String calculateM acAddr( ): Gets the MAC
address of the machine and later sends it to the Server
when accessing the object in the registry.
public void execRules(String rules):Executes the rules
distributed by the server.
1.The security policies transmitted from the
central management server have to be
implemented by the host.
2.The host end part of the Distributed Firewall
does provide any administrative control for the
network administrator to control the
implementation of policies. The host allows
traffic based on the security rules it has
implemented.
KEY NOTE
1.Trust Management for solving
the authorization and security
policy problem.
2.Making use of public key
cryptography for authentication.
3. The Key Note evaluator
determines whether proposed
actions are consistent with local
policy .
4. . An important concept in Key
Note is monotonicity. This
simply means that given a set
of rules associated with a request, if
there is any subset that would
cause the request to be approved
then the complete set will also
cause the request to be approved.
5. It is worth noting here that
although Key Note uses
cryptographic keys as principal
identifiers, other types of
identifiers may also be used.

Key Note-Version: 2
Authorizer: "POLICY"
Licensees: "rsa-hex: 1023abcd"
Comment: Allow Licensee to connect to local port 23(telnet)
From Internal addresses only, or to port 22 (Ssh)
from anywhere. Since this is a policy, no signature field is
required.

Conditions: (Local ports == "23" && protocol == "tcp" &&
Remote address > "158.130.006.000" &&
Remote address < "158.130.007.255) -> "true";
Local ports == "22" && protocols == "tcp" ->
"true";

1. Distributed Firewall gives complete protection to
the network. It protects all the clients of the
networks from the internal and external attacks.
2.The distributed firewall system developed by us can
allow or deny the traffic meant for a particular
system based on the policy it has to follow.
3. Remote end-user machines can be secured so they
can't be used as entry points into the enterprise
network.
4.They secure critical servers on the network
preventing intrusion by malicious code .
THANK YOU