Saurabh & Sandeep_final

8/7/2019 Saurabh & Sandeep_final

1/37

INTRODUCTION


2/37

Chapter 1

Introduction

1.1 Objective

1.2 Scope1.3 Overviews

The SRS establishes requirements for the Firewall system application software. This documentshall be used as a reference for the Software Design Document (SDD). This project is aimed tofacilitate the controlling of various computers from the viruses .As we know that in the presentIT world its a very difficult task to protect our computers.

Nowadays, security becomes more and more important. Firewall system is the solution toenhance system security. Beside of basic password authorization, The Administrator willgenerate a string and store it into the Firewall system and windows registry so as to start thesystem.[1]

1.1 Objective:-

In order to secure our corporate network, we must define our idea of a network perimeter. We need to determine what things must be protected, develop a security policy, and establish mechanisms to enforce the policy and methods we are going toemploy.

.

These mechanisms must come after our security policy is developed, not before. Todefine a security mechanism that will protect our corporate site, in specific firewalls, andto provide us with the prerequisites to implement it. Security policies vary fromorganization, of course, but one issue that will set these policies aside will be platform for what they are being developed. We must look closely at the platform well be choosing,as it will definitely define all future projects, level of security and consequently thesecurity policy being developed. Thats why a security policy must come first toguarantee the success of the mechanisms that will be implemented.

As a LAN or web administrator, one already knows that the hardest part of connecting hiscorporation to the Internet is not justifying the expense or effort, but convincing

management that it is safe to do so, especially at a large company. A firewall not onlyadds real security, but also plays an important role as a security blanket for management


3/37

1.2 Scope :-

A firewall basically a protective device. If we are building a firewall, the first thing we need toworry about is what were trying to protect. When we connect to the Internet, were putting threethings at risk:

A firewall is a system of hardware and software components designed to restrict access betweenor among networks, most often between the Internet and a private Internet.

The firewall is part of an overall security policy that creates a perimeter defense designedto protect the information resources of the organization.

A Firewall separates a protected network from an unprotected one, the Internet. A firewall isa piece of software or hardware that filters all network traffic between our computer, homenetwork, or company network and the Internet. It is our position that everyone who uses theInternet needs some kind of firewall protection.

Data: the information kept on the computers Resources: the computers themselves Reputation Since this software deals with security hence it can be used for securing personal data. C an be used in colleges and universities for securing confidential data. C an be used in banks for safety deposits and securing account information

1.3 Overview:-

Firewalls are network devices which enforce an organization's security policy. Since their development, various methods have been used to implement firewalls. These methods fillter network traffic at one or more of the seven layers of the.ISO network model, most commonly at

the application ,transport, and network, and data-link levels. In addition, researchers havedeveloped some newer methods, such as protocol normalization and distributed firewalls, whichhave not yet been widely adopted.

Firewalls involve more than the technology to implement them. Specifying a set of fillteringrules, known as a policy, is typically complicated and error-prone. High-level languages have

been developed to simplify the task of correctly defining a firewall's policy. Once a policy has been specified, the firewall needs to be tested to determine if it actually implements the policycorrectly.Little work exists in the area of firewall theory; however, this article summarizes whatexists. Because some data must be able to pass in and out of a firewall, in order for the protectednetwork to be useful, not all attacks can be stopped by firewalls. Some emerging technologies,

such as Virtual Private Networks (VPN) and peer-to-peer networking pose new challenges for firewalls.

Our basic need and problem is to provide trusted and secure acess level to the user When weconnect to the Internet, were putting three things at risk: Data,the information kept on thecomputers, Resources, the computers themselves, Reputation. So we basically need a protectivedevice.


4/37

We need a software whose basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Typical examples are the Internet, which is a zone with notrust, and an internal network, which is a zone of higher trust.


5/37

OVERALLDE SCRIPTION


6/37

Chapter 2

The Overall Description

2.1 Product Perspective2.1.1 System Interfaces

2.1.2 Hardware Interfaces2.1.3 Software Interfaces2.1.4 C ommunications Interfaces2.1.5 Memory C onstraints2.1.6 Operations

2.2 Product Functions2.3 User C haracteristics2.4 C onstraints2.5 Assumptions and Dependencies

2.1 Product Perspective:-

Project status: - Independent Similar projects: - Firewall protector

2.1.1 Sy stem Interfaces:-

256 MB RAM with 3-GB hard disk. Processor: - above P3 Active Firewall

2.1.2 Hardware Interfaces:-

A system with at least 1GB RAM and minimum 4 GB hard-disk. Active Firewall. Processor:- above P3


7/37

2.1.3 Software Interfaces:-

Development:-

IDE-2008 Visual Studio. Operating system: - Window-XP.

Deployment:-

Dot net Framework 3.5 version. Operating system: - Window-XP.

2.1.4 Communications Interfaces :-

The Firewall system with its LAN file communicates with the Operating System of the

computer.

2.1.5 Memor y Constraints:-

During development:- Primary Memory: - 128 Mb, efficiently Secondary Memory: - 512Mb

2.1.6 Operations:- Provides security to the system. C reates administrator. Provide privilege. Lock/unlock the website. Reassign the password file. Register new user.

2.2 Product Functions:-

Provides security to system. Lock the website when Firewall is active. Unlock the website when the Firewall is off again.


8/37

2.3 User Characteristics:-

User must be aware of using C omputer System. User must have a little knowledge about protect the Firewall. User must be aware of the use of Firewall.

2.4 Constraints:-

Interface to other applications is that the Firewall system makes an interface with theOperating system of the computer.

Safety and security considerations are that the user must take care of the Firewall system.

2.5 Assumptions and Dependencies:-

Assumptions

User must have Window-XP operating system installed in his/her P C . User must know how to create Firewall protection.

Dependencies

The only main dependency of this software is the user name and password, without the user name and password will not be able to start the Firewall system.

[][][][]


9/37

SPECIFICREQUIREMENT S


10/37

Chapter 3

Specific Requirements

3.0 External interface requirements3.1 Performance Requirements

3.2 Design C onstraints3.3 Software system attributes

3.3.1 Reliability3.3.2 Availability3.3.3 Security3.3.4 Maintainability3.3.5 Portability

3.4 Organizing the Specific Requirements3.4.1 System Mode3.4.2 Feature

3.0 External Interfaces:-

Name of item : - Internet Description of purpose : - Until and unless we do not connect

. Internet the Firewall system will not start. Source of input : - Active Internet Destination of output : - System starts and displays in screen. Timing : - Normal boot time (approx 10-12 sec.). Window formats :- Window-XP

3.1 Performance Requirements :-

The number of simultaneous users to be supported : - 1(Single user) Amount and type of information to be handled : - 2 (Username and Password)


11/37

3.2 Design Constraints:-

Firewall system shall be a 32 bit Windows application. The application shall be implemented using Visual Studio2008. The user interface shall be implemented using Framework 3.5. All definable options shall have default values supplied by the application. The application shall display error messages to the user when an error is detected during

login. No error condition shall cause the application to exit prematurely.

3.3 Software Sy stem Attributes:-

3.3.1 Reliabilit y:-

This software is reliable because all the privileges provided to the user will be same as that toadministrator.

3.3.2 Availabilit y:-

This software is every time available. It can be used anytime without any circumstances e.g.(Say 24*7).

3.3.3 Securit y:-

This software is secure because the password and username of the administrator is only known tohim only. It remains unknown to others as well as the password of the system cannot be crackedsince the correct password entered.

3.3.4 Maintainabilit y:-

This software is easy to maintain because of its cost .it requires less maintenance cost and henceit is economic .Also it do not require any other software for its operation.

3.3.5 Portabilit y:-

This software is portable. It does not require any specific need to look upon. This software caneasily been moved since it takes less space and totally depends on the Internet and system for itsfunction and operation.


12/37

3.4 Organizing the Specific Requirements:-

3.4.1 Sy stem Mode:-

At a time this software can only perform on a single system. Hence the system mode of thissystem is single mode.

3.4.2 Feature:-

Provides security to the system. C reates administrator. Provide privilege. Lock/unlock the Website.. Reassign the password file


13/37

CHANGEMANAGEMENT

PROCE SS


14/37

Chapter 4Change Management Process

As the software is in the initial prospective view. Hence this will require modifications. thus asthe client want to make modifications he/she can make an call or for beneficiary he can send usan E-mail regarding what changes has to be made.

The mail should be sending to the developer so that he can avail the regarding changes asrequired by the client.


15/37

SYS TEMOVERVIEW


16/37

Chapter 5Sy stem Overview

5.0 Data Flow Diagram

The system overview is stated as:-

The process determines whether the inbound or outbound traffic should be allowed or denied.This was dilated for the necessary activities and tasks needed in the creation of the proposedsoftware based firewall system.

5.0 Data Flow Diagram:-

A data flow diagram (DFD) is a graphical representation of the "flow" of data throughan information system. DFDs can also be used for the visualization of data processing (structureddesign).

On a DFD, data items flow from an external data source or an internal data store to an internaldata store or an external data sink, via an internal process.

Level 0:-


17/37

Level 1:-


18/37

DE SIGNCON SIDERATION


19/37

Chapter 6Design Considerations

6.0.1 Assumptions and Dependencies6.0.2 General C onstraints6.0.3 Goals and Guidelines6.0.4 Development Methods

6.0.1 Assumptions and Dependencies

Assumptions

User must have Window-XP operating system installed in his/her P C . User must know how to protect pc from the virus.

Dependencies

The only main dependency of this software is the Firewall system.

6.0.2 General Constraints

Firewall system shall be a 32 bit Windows application. The application shall be implemented using Visual Studio2008. The user interface shall be implemented using Framework 3.5. All definable options shall have default values supplied by the application. The application shall display error messages to the user when an error is detected during

login. No error condition shall cause the application to exit prematurely. Interface to other applications is that the Firewall system makes an interface with the

Operating system of the computer.


20/37

6.0.3 Goals and Guidelines

The Goal of this software is to provide security constraints. The use of this software makes theuser secure from any intruders brute force attack.

This software is easy to use and needs low maintenance.

To provide the people in your organization with access to the WWW withoutallowing the entire world to peak in;

To erect a barrier between an untrusted piece of software,your organizations public Webserver, and the sensitive information that resides on your private network

The possible guidelines which are being referred during the orientation of this software will be asfollows:-

The coding rules are being followed. Statements are commented after every class declaration so as to make user understand about thecode.

6.0.4. Development Methods

The Iterative Model is used for developing this software. It is because Iterative and Incrementaldevelopment is at the heart of a cyclic software development process developed in response to the

weaknesses of the waterfall model. It starts with an initial planning and ends with deployment with the cyclicinteractions in between. Iterative and incremental development is essential parts of the Rational UnifiedProcess.


21/37


22/37

ARCHITECURALCONCEPT


23/37

Chapter 7Sy stem Architecture

7.0.1 Uses- C ase Diagram7.0.2 Process flow diagram

This software has been inspires by the software FIREWALL PROTE C TOR which has thecapability to lock and unlock the site using Firewall system device. Hence the same phenomenaare used in our project with a little variation.

The basic motive of our software is to secure the P C from the unauthorized access and this canonly be done through system start-up process must be handled by the admin through a Firewallsystem.

The Input of this software will be the user-id and password of the Administrator and the outputwill be the lock the unauthorized site of the system.

To have a better view over the mechanism and functionality of the modules Use-case Diagramand Process Flow Diagram are provided.

7.0.1 Uses-Case Diagram:-

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagramdefined by and created from a Use-case analysis. Its purpose is to present a graphical overviewof the functionality provided by a system in terms of actors, their goals (represented as usecases), and any dependencies between those use cases.

The main purpose of a use case diagram is to show what system functions are performed for which actor. Roles of the actors in the system can be depicted.


24/37

Use-Case Diagram


25/37

7.0.2 Process flow diagram: -

A process flow diagram (PFD) is a diagram commonly used in engineering to indicate thegeneral flow of plant processes and equipment. The PFD displays the relationship between major equipment of a plant facility and does not show minor details such as piping details and

designations.

Process Flow Diagram


26/37

POLICIE S ANDTECTIC S


27/37

Chapter 8Policies and Tactics

The coding is strictly followed as per IEEE standards.

Following testing will be performed:-

B lack B ox Testing: - Black-box testing is a method of software testing that tests the functionality of anapplication as opposed to its internal structures or workings (see white-box testing). Specificknowledge of the application's code/internal structure and programming knowledge in general is notrequired. Test cases are built around specifications and requirements, i.e., what the application issupposed to do. It uses external descriptions of the software, including specifications, requirements,

and designs to derive test cases. These tests can be functional or non-functional, though usuallyfunctional. [8]

It is classified as:-

Equivalence class partitioning: - Equivalence partitioning (also called Equivalence C lassPartitioning or E C P) is a software testing technique that divides the input data of a software unit into

partitions of data from which test cases can be derived. In principle, test cases are designed to cover each partition at least once. This technique tries to define test cases that uncover classes of errors,thereby reducing the total number of test cases that must be developed.

B oundar y value anal ysis: - Boundary value analysis is a software testing technique in which tests aredesigned to include representatives of boundary values. Values on the edge of an equivalence

partition or at the smallest value on either side of an edge. The values could be either input or outputranges of a software component. Since these boundaries are common locations for errors that result insoftware faults they are frequently exercised in test cases.

White box testing: - White-box testing is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testingan internal perspective of the system, as well as programming skills, are required and used to design

test cases. The tester chooses inputs to exercise paths through the code and determine the appropriateoutputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (I C T).[9]

Integration testing: - Integration testing (sometimes called Integration and Testing, abbreviated"I&T") is the phase in software testing in which individual software modules are combined and testedas a group. It occurs after unit testing and before system testing. Integration testing takes as itsinput modules that have been unit tested, groups them in larger aggregates, applies tests defined in an


28/37

integration test plan to those aggregates, and delivers as its output the integrated system readyfor system testing .

Big bang: - In this approach, all or most of the developed modules are coupled together to forma complete software system or major part of the system and then used for integration testing.The Big Bang method is very effective for saving time in the integration testing process.However, if the test cases and their results are not recorded properly, the entire integration

process will be more complicated and may prevent the testing team from achieving the goal of integration testing.

Sy stem testing: - System testing of software or hardware is testing conducted on a complete, integratedsystem to evaluate the system's compliance with its specified requirements. System testing falls withinthe scope of black box testing, and as such, should require no knowledge of the inner design of thecode or logic.

Now to maintain the software following points will be considered:-

In engineering, maintainability is the ease with which a product can be maintained in order to:

correct defects meet new requirements make future maintenance easier, or cope with a changed environment


29/37

DETAILED DE SIGN


30/37

Chapter 9Detailed Sy stem Design

The packet filtering systems route packets between internal and external hosts, but they do itrelationally. They allow or block certain types of packets in a way that reflects a sites own

security as shown in Figure. The type of router Firewall used in a package filtering firewall isknown as a screening router.

Every packet has a set of headers containing certain information. This information is highlyessential to the router and it includes; IP source address, IP destination address,Protocol (whether the packet is a TEP, UDP, or I C MP packet, T C P or UDP source port, T C P or UDP destination

port, and IC MP message type.Most of the existing firewall systems are implemented onhardware, that is, they are hardware based. Because of the hardware platform, the firewalls havethe following shortcomings: they are very expensive; being hardware based, most of the firewallrequires extensive configuration procedure.

Network administrators are specially trained to handle the firewall system; each vendor hasspecific configuration procedures for their firewall systems.The implication of this is that theknowledge in one firewall system may not be applicable in another system; most of the hardware

based firewall system cannot be upgraded. The limitations of the hardware based firewall arereasons for our adoption and the implementation of software based approach to firewalldevelopment.


31/37

Histor y:Firewalls have existed since about 1987, and several surveys and histories have already been written. However, none of them provide both the depth and breadth of this survey, nor dothey focus on the peer-reviewed literature describing firewall technology.

In [1994], Alec Muffett wrote a paper which provided an excellent review of the firewall policiesand architectures of the time. This paper was aimed at people considering implementing afirewall, describing the technologies which they might select, their tradeoffs, and how tomaintain a firewall. One section of the Internet standards document RF C 1636 [Braden et al.1994] is about the status of firewalls as of February, 1994. In this section, they discuss the

problem of false security that a firewall often provides to an organization behind one.They alsoreview the concepts of application- and transport-level proxies, as well as simple packet filtering.

A review of firewalls and their technology appeared in Spectrum [Lodin and Schuba 1998]. This paper is an excellent description of firewalls and their technology at the time it was written. Alsoin [1998], Rik Farrow wrote a firewall product analysis which was related to the C SI _rewall

comparison for that year. This analysis is aimed at management and people just arriving atfirewalls, and provides them with the background information they would need to talk with afirewall vendor intelligently.

Surve y:A brief description of our designed software based firewall system for network security is asfollows. The software firewall system has the following description; it accepts inbound network traffic and analysis the following: IP source address, Protocol destination address, Protocol (T C Por UDP), and I C MP message type. We applied the policy table probe on the traffic information.The results of the probe were passed into the underlying firewall algorithm that initiated thedecision making process. Given figure is the flow chart for the firewall algorithm.


32/37

Figure :Firewall Sy stem Flowchart

The process determines whether the inbound or outbound traffic should be allowed or denied.This was dilated for the necessary activities and tasks needed in the creation of the proposedsoftware based firewall system.


33/37

CONCLU SION S


34/37

Chapter 10Conclusions

Information security has become an important concept in any organizations due to thefact that an unprotected information system can be exposed to danger in a network as a

result of penetration tools at the disposal of hackers and crackers. Therefore, there wasneed to ensure adequate protection of internal network from hackers. To achieve this,there are so many tools at the disposal of the network administrator and the securityadministrator, which include; IPS (Inclusion Prevention System),

Firewall Security System and the IDS (Inclusion Detection System). This work focused on the firewall system that filtered what goes in and comes out of the network. Ithad the ability to block an unauthorized traffic and allow authorized traffic using the IP(Internet Protocol) table. The firewall algorithm was implemented using Java

programming language, which was based on java security architecture.

It also utilizes the concept of socket programming which enables network communication over the internet. The limitation of this work was the inability of thesystem to track traffic from dial-up connections. We therefore recommend that futurework on this software should solve the problem of tracking down traffic from dial-upconnections. The system supports 70 concurrent connections at a time and this can also

be improved upon in future software development.


35/37

DEFINITION S

&

REFERENCE S


36/37

Definitions, Acron yms, and Abbreviations:-

Definitions :-

A firewall is a system of hardware and software components designed to restrict access between or among networks, most often between the Internet and a private Internet.

The firewall is part of an overall security policy that creates a perimeter defense designedto protect the information resources of the organization.

A Firewall separates a protected network from an unprotected one, the Internet. A firewall is a piece of software or hardware that filters all network traffic between our computer, home network, or company network and the Internet. It is our position thateveryone who uses the Internet needs some kind of firewall protection.

Two goals:

To provide the people in your organization with access to the WWW withoutallowing the entire world to peak in; To erect a barrier between an untrusted piece of software,your organizations

public Web server, and the sensitive information that resides on your privatenetwork.

Basic idea: Impose a specifically configured gateway machine between the outside world and

the sites inner network. All traffic must first go to the gateway, where software decide whether to allow or

reject.


37/37

References:-

1. . Kurose J. F., Ross K. IV (20th) C omputer Networking: A Top-Dgon Approach, A2. Press Publication New York. lejpt.academicdirect.org 3. Tamarch D. Network traffic control and management, Boston Massachusetts, 2006.4. Snikart R. C ontrol Techniques for network traffic, C ar bridge University press, 2007.5. Megn S. P. The Mathematics of network traffic C ontrol-firewall perspective, Birkhauser

publishers, Germany, 2007.6. Dick P. Application of firewall to network security, Pensuin Books, New York, 2001.7. Pius B. An effective security control prevent an authorized network traffic, Journal of 8. information technology, New York, 2003

Web

1. http://en.wikipedia.org/wiki/Iterative_and_incremental_development2. http://en.wikipedia.org/wiki/Black-box_testing3. http://en.wikipedia.org/wiki/White-box_testing

B ooks Referred:-

1. C# 2008 Programming Black Book.2. Beginners in C# by Murach.

Documents

Saurabh & Sandeep_final