Data Security in Local Network
Using Distributed Firewall
Guided by:
Presented by:
Mohammad Under Supervision:
Raashid Azam Prof. Mirza Salim Beg
11-LECM-042
1 GD 1210
�Abstract
Computer and networking have become inseparable
now .
A number of confidential transaction occur every
second and today computers are used mostly for
transaction rather than processing of data, so Data
security is needed to prevent hacking of data and to
provide authenticated data transfer
2
�.Contd
Data security can be achieved by Firewall
Conventional firewall relay on the notion of restricted
topology and controlled entry point
Restricting the network topology, difficulty in filtering
certain protocols, expanding network and few more
problems leads to the evolution of DISTRIBUTED
FIREWALL
3
� Contents
Introduction to Security and Firewalls
Problems with traditional Firewalls
Distributed Firewall Concept
Distributed Firewall Implementation
Conclusions
4
� Firewalls
Firewall is a device or set of instruments designed to permit
or deny network transmissions based upon a set of rules and
regulations which are frequently used to protect networks from
unauthorized access
In most systems today, the firewall is the software that
implements the “security policy” for a system
A firewall is typically placed at the edge of a system and acts
as a filter for unauthorized traffic
5
� Security Policy
A “security policy” defines the security rules of a system.
Without a defined security policy, there is no way to know
what access is allowed or disallowed
An example policy: (simple)
◦ Allow all connections to the web server
◦ Deny all other access
6
� Firewall Example
Company 1 Firewall Firewall Company 2
Internet
Company 3 Firewall Firewall Company 4
7
� Firewall Drawbacks
Traditional Firewalls uses restricted topology of the network
Donot protect networks from internal attack
Certain protocols (FTP, Real-Audio) are difficult for
firewalls to process
Assumes inside users are “trusted”
single points of access make firewalls hard to manage
8
�.contd
1.Restricted topology
9
� .contd
2 .Assumes inside users are trusted
10
� .contd
3.Single point of failure or access
11
� .Data security Threats
IP Spoofing or IP masquerading
A B
10.10.10.1 134.117.1.60
B
10.10.10.1 134.117.1.60 Any (>1024) 80
Src_IP dst_IP Src_port dst_port
spoofed
11.11.11.1 134.117.1.60 Any (>1024) 80
Src_IP dst_IP Src_port dst_port
12
�.cont IP spoofing
impersonation
sender
partner
Oh, my partner
sent me a packet.
I’ll process this. victim
13
�.contd
Session hijacking
14
�contd
Denial of service(DOS)
15
� Distributed Firewall Concept
Destributed firewall is a mechanism to enforce a network
domain security policy through the use of policy language
Security policy is defined centrally
Enforcement of policy is done by network endpoint(s) where
is the hackers try to penetrate
16
� .contd
It filters traffic from both the internal and internet
network
They overcome the single point of failure concept
17
�18
�Architecture of Distributed
Firewalls
The whole distributed firewall system consists of four
main parts:
I. The management center
II. Policy actuator
III. Remote endpoint connectors
IV. Log server
19
�.contd
20
�PBNA System
Policy Based Network Management System
21
� Standard Firewall Example
Intranet
W e b s e rve r
External Internal Webserver (company
priva te)
Corporate
Internet Firewall
Corporate Network
Internal
External Internal
Host
Host Host
2
1
(untrusted)
22
� Standard Firewall Example
Connection to web server
Intranet
W e b s e rve r
External Internal Webserver (company
priva te)
Corporate
Internet Firewall
Corporate Network
Internal
External Internal
Host
Host Host
2
1
(untrusted)
23
� Standard Firewall Example
Connection to intranet
Intranet
W e b s e rve r
External Internal Webserver
(company
p r i v a te )
blocked by
firewall connection
a llo w e d ,
b u t s h o u ld
not be
Corporate
Internet Firewall
Corporate Network
External Internal
Internal
Host Host Host
1 2
(untrusted)
24
� Distributed Firewall Example
Internal Host Intranet
(telecommuting) W e b s e rve r
External Internal Webserver (company
priva te)
In t e r n e t Corporate Network
External Internal
Internal
Host Host
Host
2
1
(untrusted)
25
� Distributed Firewall Example to
web server
Internal Host Intranet
(telecommuting) W e b s e rve r
External Internal Webserver (company
priva te)
In t e r n e t Corporate Network
External Internal
Internal
Host Host
Host
2
1
(untrusted)
26
�Distributed Firewall Example to
intranet
Internal Host Intranet
(telecommuting) W e b s e rve r
External Internal Webserver (company
priva te)
Internet Corporate Network
Internal
External Internal
Host
Host Host
2
1
(untrusted)
27
� Components of Distributed
Firewalls
A Distributed Firewall is a mechanism to enforce a network domain
security policy through the use of the following:
Policy Language
Policy Distributed Scheme
Certificates
28
� .contd
Policy language
The Policy language is used to create policies for each firewall.
These policies are the collection of rules, which guides the firewall
for evaluating the network traffic. It also defines which
inbound and outbound connections on any component
of the network policy domain are allowed.
29
� .contd
Policy Distribution Scheme
The policy distribution scheme should guarantee the integrity
of the policy during transfer.
This policy is consulted before processing the incoming or
outgoing messages.
The distribution of the policy can be different and varies with
the implementation. It can be either directly pushed to end systems
or pulled when necessary
30
� .contd
Certificates
There may be the chance of using IP address for the
host identification by the distributed firewalls.
But a mechanism of security is more important.
It is preferred to use certificate to identify hosts.
IPSec provides cryptographic certificates. Unlike IP address,
which can be easily spoofed, the digital certificate is much more
secure and the authentication of the certificate is not easily
forged. Policies are distributed by means of these
31
� Advantages
1. Provides security for internet and intranet
2. Multiple access points
3. Insiders are no longer trusted
4. Security policy rules are distributed and established on
needed basis
5 End to End can be easily done and filtering packets is easy
32
� Disadvantage
1. Compliance of the security policy for insiders is one of the
major issues of the distributed firewalls. This problem
especially occurs when each ending host have the right of
changing security policy. There can be some techniques to
make modifying policies harder but it is not totally impossible
to prevent it.
2 It is not so easy to implement an intrusion detection system in
a distributed firewall environment. It is possible to log
suspicious connections on local server but these logs need to
be collected and analyzed by security experts in central service
33
� Conclusions
Distributed firewalls allows the network security policy
to remain under control of the system administrators
Insiders may no longer be unconditionally treated as
“trusted”
Does not completely eliminate the need for traditional
firewalls
More research is needed in this area to increase
robustness, efficiency,
42
� Future Work
High quality administration tools NEED to exist for
distributed firewalls to be accepted
Allow per-packet scanning as opposed to per-connection
scanning
Policy updating
43
� References
[1] Dr.T.Pandikumar1, Mekonnen Gidey2,“ DATA SECURITY IN LAN USING
DISTRIBUTED FIREWALL”, International Research Journal of Engineering
and Technology (IRJET).
[2] R. Maruthaveni1, R. Latha2,”Data Security in Local Networks Using
Distributed Firewalls”, International Journal of Science and Research
(IJSR)
[3] Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, Jonathan
M. Smith, “Implementing a Distributed Firewall”, CCS ’00,Athens,
Greece.
[4] Steven M. Bellovin, “Distributed Firewalls”, November 1999 issue of;
login: pp. 37-39.
[5] [Robert Stepanek, “Distributed Firewalls”,
[email protected], T-110.501
Seminar on Network Security, HUT TML 2001.
44
�45
