NETWORK SECURITY WITH FIREWALL

NAME ID
FUAD AL PARVEZ 17-35187-2
RIFFAT SHADMAN SAKI 17-35189-2

SUPERVISED BY:
DR. AFROZA NAHAR
ASSOCIATEPROFESSOR
DEPARTMENT OF CSE
AMERICAN INTERNATIONAL UNIVERSITY-BANGLADESH

RRSEARCH PROPOSAL SUBMITTED IN THE PARTIAL FULFILMENT OF THE

REQUREMENTS FOR THE DEGREE OF BACHELORS

FACULTY OF SCIENCE AND TECHNOLOGY

AMERICAN INTERNATIONAL UNIVERSITY - BANGLADESH

2020
NETWORK SECURITY WITH FIREWALL

TABLE OF CONTENTS

1. Abstract ............................................................................................................... 4

2. Introduction ........................................................................................................ 4

2.1 Problem statement ................................................................................................ 5

2.2 Objective .............................................................................................................. 5

3. Methodology ...................................................................................................... 5

3.1 Packet-Filtering Firewalls ..................................................................................... 6

3.1.1 Model development ............................................................................................ 6

3.2 Circuit level gateways........................................................................................... 7

3.2.1 Model developement............................................................................................ 7

3.3 Application proxy firewall ................................................................................... 8

3.3.1 Model development .............................................................................................. 8

3.4 Deeppacket inspection firewall ............................................................................ 9

3.4.1 Model develoment ............................................................................................... 9

3.4.2 DEEP PACKET INSPECTION VS. CONVENTIONAL PACKET FILTERING ................. 10

3.4.3 DEEP PACKET INSPECTION TECHNIQUES ........................................................... 11

 3.5 Protection level................................................................................................... 11

4. Possible outcome............................................................................................... 12

5. Cost Estimation .................................................................................................. 12

6. Working shedule .............................................................................................. 13

7. References ......................................................................................................... 14
1. Abstract
Network firewalls act as the first line of defense against unwanted and
malicious traffic targeting Internet servers. Predicting the overall firewall
performance is crucial to network security engineers and designers in
assessing the effectiveness and resiliency of network firewalls against
DDoS (Distributed Denial of Service) attacks as those commonly
launched by today's Botnets. In this paper, we present an analytical
approaches to secure the network.

2. Introduction
Information security is a critical need for individuals as well as society
and all countries around the world. Since invented, computer network has
brought along tremendous effectiveness in every aspect of life. Besides
that, users also have to face threats from all kinds of attack from hackers.
Network security includes protection methods for all information that is
stored and transferred through a system network. This is also a special
field of interest and a difficult and complex work at the same time. Reality
has proved that attack ways are more advanced than before and hackers
aim to attack information during the storing, processing and transferring
phases.
A firewall is not only software but also can be a dedicated hardware in
network security. A firewall as dedicated hardware helps computers in
network to analyze data ensuring that malware cannot penetrate into the
system. It also allows network administrators to control activities on
users’ computers, filter and restrict data access and transfer data from
inside out and vice versa.
2.1 Problem Statement
• Network error detection
• Block unwanted data
• Filtering the traffic
• Malware analysis & get rid of it
• Building wall for security issues in network

2.2 Objective
There is no absolute safety solution so in order to secure the data on a
network, we need to construct many layers of protection. A firewall is the
outermost layer of that system.
The goal of this research is to-
• Study the basic concepts of a firewall,
• Threats to computer network security,
• Firewall methods, how they work for the security.

3. Methodology
The research methodology adopted in the present research is a
combination of simulation and experimental investigation. The
major research activities have been discussed in subsequent
sections.
3.1 Packet-Filtering Firewalls
Packet-filtering firewalls operate at the network layer (Layer 3) of the OSI model.
Packet-filtering firewalls make processing decisions based on network addresses,
ports, or protocols.

Packet-filtering firewalls are very fast because there is not much logic going behind
the decisions they make. They do not do any internal inspection of the traffic. They
also do not store any state information. You have to manually open ports for all
traffic that will flow through the firewall.

Packet-filtering firewalls are considered not to be very secure. This is because they
will forward any traffic that is flowing on an approved port. So there could be
malicious traffic being sent, but as long as it’s on an acceptable port, it will not be
blocked.

3.1.2 Model development

Figure 1: Packet-filtering
3.2 Circuit-Level Gateways
As another simplistic firewall type that is meant to quickly and easily approve or
deny traffic without consuming significant computing resources, circuit-level
gateways work by verifying the transmission control protocol (TCP) handshake.
This TCP handshake check is designed to make sure that the session the packet is
from is legitimate.

While extremely resource-efficient, these firewalls do not check the packet itself.
So, if a packet held malware, but had the right TCP handshake, it would pass right
through. This is why circuit-level gateways are not enough to protect your business
by themselves.

3.2.1 Model Development

Figure 2: Circuit proxy firewall

3.3 Application Proxy Firewalls
Application proxy firewalls take a different approach than the two
previously mentioned types. They work at the application layer of the
TCP/IP protocol stack, providing proxy service for specific applications.
Each application proxy sits between the internal network and the world
outside. There is no direct communication between the internal computer
and the other end of the conversation, as there is with packet filtering and
stateful firewalls. Instead, packets travel between the external system and
the proxy. The proxy examines the packets and determines which packets
should be passed on to the application.

Application proxy firewalls provide a high degree of security and

excellent logging features. However, the need to have a separate proxy for
each application to be protected is a major limitation, especially if proxies
aren't available for some of the software that you need to protect.

3.3.1 Model Development

Figure 3: Application proxy firewall

3.4 Deep packet inspection firewall
Deep packet inspection is a form of packet filtering usually carried out as
a function of your firewall. It is applied at the Open Systems
Interconnection's application layer.
Deep packet inspection evaluates the contents of a packet that is going
through a checkpoint. Using rules that are assigned by you, your Internet
service provider, or the network or systems administrator, deep packet
inspection determines what to do with these packets in real time.
Deep packet inspection is able to check the contents of these packets and
then figure out where it came from, such as the service or application that
sent it. In addition, it can work with filters in order to find and redirect
network traffic from an online service, such as Twitter or Facebook, or
from a particular IP address.

3.4.1 Model development

Figure 4: Deep packet inspection firewall

3.4.2 Deep Packet Inspection Vs. Conventional Packet
Filtering
Conventional packet filtering only reads the header information of each
packet. This was a basic approach that was less sophisticated than the
modern approach to packet filtering largely due to the technology
limitations at the time. Firewalls had very little processing power, and it
was not enough to handle large volumes of packets. In other words,
conventional packet filtering was similar to reading the title of a book,
without awareness or evaluation of the content inside the cover. With the
advent of new technologies, deep packet inspection became feasible.

3.4.3 Deep Packet Inspection Techniques

Some of the main techniques used for deep packet inspection include:
● Pattern or signature matching – One approach to using firewalls that
have adopted IDS features, pattern or signature matching, analyzes each
packet against a database of known network attacks. The downside to this
approach is that it’s effective only for known attacks, and not for attacks
that have yet to be discovered.
● Protocol anomaly – Another approach to using firewalls with IDS
features, protocol anomaly uses a “default deny” approach, which is a key
security principle. Using this technique, protocol definitions are used to
determine which content should be allowed. This differs from the
approach of simply allowing all content that doesn’t match the signatures
database, as occurs in the case of pattern or signature matching. The
primary benefit of protocol anomaly is that it offers protection against
unknown attacks.
● IPS solutions – Some IPS solutions implement DPI technologies. These
solutions have similar functionality to in-line IDS, although they have the
ability to block detected attacks in real-time. One of the biggest challenges
in using this technique is the risk of false positives, which can be mitigated
to some extent through the creation of conservative policies.
Some limitations exist with these and other DPI techniques, although
vendors offer solutions aiming to eliminate the practical and architectural
challenges through various means. Additionally, DPI solutions are now
offering a range of other complimentary technologies such as VPNs,
malware analysis, anti-spam filtering, URL filtering, and other
technologies, providing more comprehensive network protection.

3.5 Protection level

Security level of firewalls

Packet Inspection Application proxy Circuit gateway Packet filtering

Figure 5: Security level of firewall

4. Possible outcome

Figure 6: Possible outcome look using firewall

5. Cost estimation

Packet Circuit Application Deep

filtering proxy proxy packet
(Tk)/unit (Tk)/unit (Tk)/unit inspection
(Tk)/unit
Material 1,00,000 1,00,000 1,00,000 1,00,000
Fieldstrips 40,000 70,000 1,50,000 3,00,000
Modification 0 10,000 20,000 50,000
Service 25,000 40,000 80,000 2,00,000
6. Working schedule
7. Reference
B. Nguyen, "Network Security and Firewall", Theseus.fi, 2016.
[Online].
D. Rountree, "Packet Filtering Firewall - an overview | ScienceDirect
Topics", Sciencedirect.com, 2011. [Online].
E. Dosal, "What is a Firewall? The Different Firewall Types &
Architectures", Compuquip.com, 2020. [Online].
"What is Deep Packet Inspection? How It Works, Use Cases for DPI,
and More", Digital Guardian, 2020. [Online].
K. Salah and R. Baitaba, "Performance Modeling and Analysis of
Network Firewalls", research.net, 2012. [Online].
E. Dosal, "What is a Firewall? The Different Firewall Types &
Architectures", Compuquip.com, 2020. [Online].