Tuesday, May 2, 2001SC 546 1

Net Defender Net Defender Net Defender Net Defender

By:

Krishna Maddikara

Synopsis of PresentationSynopsis of Presentation

• Security Issues

• Firewalls:

– How do they work?

– What can they do?

• The future of Security called

“Net Defender”

Security Issues Today:Security Issues Today:

• What are the issues and problems?

• Who are the intruders and why?

• What are their techniques?

What are the Issues & Problems?What are the Issues & Problems?

• Security was not a fundamental design consideration

• The Internet is growing exponentially

• User dependence is increasing;

• With increasing complexity

• There are billions of entry points

Who are the intruders?Who are the intruders?

• CriminalsCriminals

• “ “CuriousCurious” Intruders” Intruders

• InsidersInsiders

• Corporate SpiesCorporate Spies

Motives:Motives:

• Money

• Access to additional resources

• Competitive advantages

• Curiosity and Mischief

Possible Attacks:Possible Attacks:

• Compromises and Vulnerabilities

• DDoS (Distributed Denial of Service)

• “Sniffing”

• Port Scanning

• Malicious code

Example of DoS attack:Example of DoS attack:

IntruderIntruder

TargetTarget

ICMP request with ICMP request with spoofed IP of targetspoofed IP of target

Example of DoS attack:Example of DoS attack:

IntruderIntruder

TargetTarget

Flood Target Flood Target with replieswith replies

Finally this report contain information regarding our firewall which we had developed using Packet Filtering Technique.

And now I'll describes its functioning and working in detail.

Net DefendersNet Defenders

What is Net Defender?What is Net Defender?• A simple Firewall for securing Personal Computer from

unauthorized access through Internet or network by novice and advanced users.

• A firewall that monitors all traffic to and from a site This allows for monitoring, filtering, logging, and proper access to the network

Net defender Problem StatementNet defender Problem Statement

Developing a simple Firewall for securing Developing a simple Firewall for securing Personal Computer from unauthorized Personal Computer from unauthorized access through Internet or network by access through Internet or network by novice and advanced users.novice and advanced users.

Objective of Net defender Objective of Net defender Net Defender software is being designed keeping in mind a Net Defender software is being designed keeping in mind a novice user (those who knows very less about networking or novice user (those who knows very less about networking or computers). computers).

We had laid a great deal of stress in providingWe had laid a great deal of stress in providinga sound user interface so that a general user should learn how a sound user interface so that a general user should learn how to use and control this firewall in simple and easy steps.to use and control this firewall in simple and easy steps.

REQUIREMENT ANALYSISREQUIREMENT ANALYSIS

• o Users perspective

• o Developer Perspective

• o Functional Perspective

General System and General System and Interface RequirementsInterface Requirements

1.1. The interface should be intuitive for users to use.The interface should be intuitive for users to use.

2. Users should be able to immediately stop all 2. Users should be able to immediately stop all outgoing Internet traffic using the firewalloutgoing Internet traffic using the firewall..33. . The system should have the ability to notify the The system should have the ability to notify the user about all blocked attacks from the Internet.user about all blocked attacks from the Internet. 1. Users should be able to enable/disable these 1. Users should be able to enable/disable these notifications of attacks.notifications of attacks.

Main ScreenMain Screen

Firewall has a simple user Firewall has a simple user interface that gives you instant interface that gives you instant access to all your securityaccess to all your securityfeaturesfeatures

Add Rule :Add Rule :

This dialog box will help in adding This dialog box will help in adding new rules to Firewall. To create a new rules to Firewall. To create a rule, you must first specify the kind rule, you must first specify the kind of traffic that should be affected by of traffic that should be affected by the rule. There are several different the rule. There are several different characteristics of traffic, each of characteristics of traffic, each of which you can use to specifythe kind which you can use to specifythe kind

of traffic that you want to controlof traffic that you want to control..

Port Scanner:Port Scanner:

• Port Scanner can be opened by going to tool menu and selecting port scanner from there It is a Small Utility for checking a system for open ports. It systematically scans the ports of the computer and report the open port to the user. User then can define the rule in the Firewall to close that particular port

Well-known ports used by TCPWell-known ports used by TCPWell-known ports used by TCPWell-known ports used by TCPPort Protocol Description

   7 Echo Echoes a received datagram back to the sender

    9 Discard Discards any datagram that is received

  11 Users Active users

  13 Daytime Returns the date and the time

  17 Quote Returns a quote of the day

  19 Chargen Returns a string of characters

  20 FTP, Data File Transfer Protocol (data connection)

  21 FTP, Control File Transfer Protocol (control connection)

  23 TELNET Terminal Network

  25 SMTP Simple Mail Transfer Protocol

  53 DNS Domain Name Server

  67 BOOTP Bootstrap Protocol

  79 Finger Finger

  80 HTTP Hypertext Transfer Protocol

111 RPC Remote Procedure Call

How do Firewalls work?How do Firewalls work?• Most firewalls function through packet

filtering

– Filter based upon port or address

Courtesy http://www.vicomsoft.com/knowledge/reference/firewalls1.html

Filtering based on PortFiltering based on Port• Filtering based on port occurs by

examining the Transport layer

• Deny-all

– Reject all packets except to required services

Courtesy http://www.vicomsoft.com/knowledge/reference/firewalls1.html

Filtering Based on AddressFiltering Based on Address

• The incoming and outgoing address can be examined to see if the computer is allowed access to the network

• However, this can be circumvented by an attacker who fakes the incoming address, making it look as if they are allowed

How Net Defender preventHow Net Defender prevent

• Lets look over some of the common attacks we spoke about

Preventing Compromises and VulnerabilitiesPreventing Compromises and Vulnerabilities

• The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another.

• Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports

Action :• Select whether to Allow that type of traffic to pass threw or

Block it.

Block All• Block All prevents the transmission of ANY AND ALL network

traffic that is attempting to either enter or leave your computer.

Allow All• Allow All effectively disables Firewall protection for both

incoming and outgoing traffic

Port Scanner:Port Scanner:

• Port Scanner can be opened by going to tool menu and selecting port scanner from there

• It is a Small Utility for checking a system for open ports.

• It systematically scans the ports of the computer and report the open port to the user.

• User then can define the rule in the firewall to close that particular port

Working of the filter:Working of the filter:

• working of firewall is based on the following steps

• Ø Extract the packet header

• Ø Check the protocol associated

• Ø Compare with the rules

• Ø Check the source and destination add. If protocol is same

• Ø Check out the port if protocol is TCP

Other Prevention:Other Prevention:• Preventing DDoS:

– Turn off ping except to trusted IP’s

• Preventing Port Scanning:– Turn off all ports except ports needed

– Use NAT to hide IP’s

• Preventing Malicious Code– Difficult to block with firewall

– Internal zones can prevent spreading and contamination

Direction of Internet VulnerabilitiesDirection of Internet Vulnerabilities

• Sophistication of attacks is increasing

• Knowledge is being passed to less knowledgeable

• Vendor testing cycle is decreasing

– Relying on patches

Direction of Internet SecurityDirection of Internet Security

• Better encryption methods

• Adding more security to the transport and IP layer of protocols

– IPSEC

• Packet level security based on socket or destination address

Future Improvements:Future Improvements:

• This analysis can be extended to the level of granularity necessary to move directly into creating a program that will effectively model a firewall in a simple network.

• It could also be extended to model a more complex firewall and/or proxy server.

We would like to thank:We would like to thank:

Mr.P.Ramesh(HOD)

&

Mr.E.Venkataramana(Supervisor)

The class for your time and patience.