FIREWALL SYSTEM DESIGN & IMPLEMENTATION

ENFORCING ACCESS CONTROL PLOICY BETWEEN TWO OR MORE NETWORKS

A Firewall is a system or group of systems that enforces an access control policy between

two or more networks. The firewall can be thought of as a pair of mechanisms one, which

exists to permit traffic.

A Firewall consists of software which controls the network traffic and also of

hardware components like the arrangement of router, public servers, and work stations

and so on.Firewall Software is a basic requirement for anyone using broadband to prevent

hacking, virus and other security risks. Typically firewall software works by hiding your

computer (via the ports that connect it to the Internet) from unknown users. The firewall

is the best solution for very critical and dangerous network threats.

Types of Firewall:

1. Packet Filtering Firewall

2. Circuit Level Firewall

3. Application Level Firewall.

Packet Filtering Firewall

Packet Filtering Firewall works at the lowest level of the protocol stack possible.

This firewall works at the network layer of both TCP/IP, OSI models.

Packet filters works on the incoming and outgoing traffic based on IP addresses

(source and destination). Packet filters do not examine upper layer data and do not

support advanced user authentication.

Circuit Level Firewall

A Circuit level firewall is second-generation firewall that validates TCP and UDP

connections before opening a connection. Once a handshake has taken place it passes

everything until the session is ended. This firewall operates at the session layer of the OSI

model and transport layer of the TCP/IP model.

This firewall maintains a table of valid connections, which includes session state

sequencing information and lets the packets containing the data pass through when the

network information matches an entry in the virtual circuit table.

When a connection is terminated its table entry is removed and that virtual circuit

between the two peers is closed.

Application Level Gateway:

Packet filtering firewalls represent one extreme of the firewalls, the application

gateway represents the other. Application level gateways are so called because they

operate at the application layer of the protocol of the protocol stack.

An application level firewall runs proxy server application acting as an

intermediary between two systems. Consequently application level firewalls are

sometimes called as proxy server firewalls. Client sends a request to the server running

the application level firewall to connect to an external service such as FTP or HTTP. The

proxy server evaluates the request and decides to permit or deny the request based on a

set of rules. Proxy server understands the protocol of the service they are evaluating.

Thus they only allow packets through complying with the protocols for that

service. They also enable additional benefits detailed audit records, sessionsinformation

user authentication, URL filtering and caching.

Scope of Project:

A firewall provide security to the computer connected to internet. Firewall is

normally deployed in the gateway or proxy machines through which the inter-network

traffic happens. The firewall acts as a filter for the url’s specified in the browser. Any

authorized site will not be opened. Firewall allow user to access specific sites in the

internet.

This selectivity is useful in two ways. One way is that an organization can decide

who has access to what and allow its employees to get access to the authorized sites

within the network through this firewall system. And other application of this selectivity

is for the home users where one can limit the usage of net by restricting to some site.

Project Features:

This project implements the third generation of firewall i.e., Application layer

firewall based on HTTP protocol. This includes the standard features of new generation

firewalls and some enhancement to overcome the limitations.

The primary goal of this project is to let the user to access only authorized

websites and all other website will be restricted.

Existing System:

The policy in the firewall defines the characteristics of acceptable and

unacceptable network traffic based on the packet criteria at the IP level or above.

Typically, network traffic that represents hostile intrusion attempts, denial of service

attacks and/or authorized attempts to read, write or modify the information is proactively

denied by the firewall.

A firewall examines all traffic routed between two network to see if it meets

certain criteria. If it does, it is routed between the networks otherwise it is stopped.

Firewalls can filter packets based on their source and destination addresses and port

numbers. This is known as address filtering.

Firewalls can also filter specific type of network traffic based on the protocol.

This is also known as protocol filtering because to forward or reject is based on the

protocol used. Firewall can also control traffic by packet attribute or state.

Problems in the existing system:

As packet filters do not examine upper layer data and do not support advanced

features, implementation of circuit filter is time consuming (i.e., deals with virtual circuit

tables) and both are complicated to implement we go for application level firewall.

Proposed System:

This project implements the 3rd generation of firewalls-Application layer firwall

based on the HTTP protocol. An application level firewall runs proxy server

Application acting as an intermediary between two systems

The client sends an request to the server running the Application Level Firewall

to connect to an external service such as HTTP. The proxy server evaluates the request

and decides to permit or deny the request based on the set of rules defined by the firewall.

This includes the standard features of new generation Firewalls and some enhancements.

The main objective of this project is to create software that can interrupt users who wants

access to unauthorized websites and allow only those, which are present in Firewall log

with some security restrictions.

Algorithm for Firewall:

1. Start the Firewall

2. Get the request from the user.

3. If the request website cannot be opened.

4. Open the website.

5. Stop.

System Requirements

Hardware Requirements

Intel Pentium Processor

Monitor

128 MB RAM

40 BG HDD

Standard Keyboard (104 Keys)

Mouse

Software Requirements:

JRE (Java Runtime Environment)

Operating System: Microsoft Windows XP