An Integrated Firewall System Model In A Multiclient-Server Environment

As the Internet grows, and the use of computers is getting more common, the need to secure networks and protect them from the Internet, while still being able to access it, is increasing. The easiest way to achieve a lot of this protection is through firewalls. Firewall technology is the most widely deployed security technology on the Internet. Firewalls have been around for several years. They are a fact of life on the Internet and it is not likely they will disappear in the future. Ongoing development and research in the field of firewall technology have shown a continually addition of features and services to conventional firewall systems.This thesis introduces a new concept for applying the security policy rules by both firewall administrators and users. The proposed firewall system solves some known problems which arise with the use of conventional firewalls residing at the networks perimeter. The developed firewall system integrates the main network firewall and the second-line firewalls into one system by the use of client/server technology to facilitate firewall configuration in a way that affords more convenience to users providing the new integrated firewall using multiclient-server scheme. It centralizes security functions in a single point, simplifying configuration and administration. The new system makes it easier to configure and administrate a firewall in a way in which it is not a source of annoyance to users which offering them higher level of flexibility by giving them the chance to participate in the process of configuration of the firewall using the client side of the system and without affecting the network security policy. It also makes the progress of configuration and administration of the firewall system smoother by reducing the administrator efforts to maintain the system. Good results have been achieved by using the program package. Results show that this system helps keeping the network traffic as low as possible, increasing the efficiency of the network and reducing the threats of malicious data passing in the network. It reduces the efforts and cost of overall system administration and maintenance as well. In addition, it affords users a system which is acceptable and preferable more than conventional firewall systems

On Generation of Firewall Log Status Reporter (SRr) Using Perl

Computer System Administration and Network Administration are few such areas where Practical Extraction Reporting Language (Perl) has robust utilization these days apart from Bioinformatics. The key role of a System/Network Administrator is to monitor log files. Log file are updated every day. To scan the summary of large log files and to quickly determine if there is anything wrong with the server or network we develop a Firewall Log Status Reporter (SRr). SRr helps to generate the reports based on the parameters of interest. SRr provides the facility to admin to generate the individual firewall report or all reports in one go. By scrutinizing the results of the reports admin can trace how many times a particular request has been made from which source to which destination and can track the errors easily. Perl scripts can be seen as the UNIX script replacement in future arena and SRr is one development with the same hope that we can believe in. SRr is a generalized and customizable utility completely written in Perl and may be used for text mining and data mining application in Bioinformatics research and development too.Comment: 10Page

Design and implementation of a hardened distributed network endpoint security system for improving the security of internet protocol-based networks

This thesis proposes a distributed approach to securing computer networks by delegating the role of a conventional firewall to a collection of nodes and controllers placed throughout the networks they are intended toprotect from attack. This distributed firewall system is a specific application of a generalized distriubted system framework that is also proposed in this thesis. The design and implementation of both the generalized framework and the application of the framework in creating a distributed firewall system for use on Ethernet-based networks that rely on the Internet Protocol are discussed. Conclusions based upon the preliminary implementation of the proposed systems are given along with future directions --Abstract, pageiii

Current Issues of Malicious Domains Blocking

Cyberattackers often use the Domain Name System (DNS) in their activities. Botnet C&C servers and phishing websites both use DNS to facilitate connection to or from its victims, while the protocol does not contain any security countermeasures to thwart such behavior. In this paper, we examine capabilities of a DNS firewall that would be able to filter access from the protected network to known malicious domains on the outside network. Considering the needs of Computer Security Incident Response Teams (CSIRTs), we formulated functional requirements that a DNS firewall should fulfill to fit the role of a cybersecurity tool. Starting from these requirements, we developed a DNS firewall based on the DNS Response Policy Zones technology, the only suitable open source technology available yet. However, we encountered several essential limitations in the DNS RPZ technology during the testing period. Still, our testing results show that simple DNS firewall can prevent attacks not detected by other cybersecurity tools. We discuss the limitations and propose possible solutions so that the DNS firewall might be used as a more complex cybersecurity tool in the future. Lessons learned from the deployment show that while the DNS firewall can indeed be used to block access to malicious domains, it cannot yet satisfy all the requirements of cybersecurity teams