journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Governments are finding cyber security to be a major challenge as they store far more data than the private sector, often in older and more vulnerable systems, and are regularly targeted by hackers and sophisticated malware. The document discusses various threats to computer systems like malware, viruses, phishing, and zero-day attacks. It proposes solutions like usernames and passwords, firewalls, email encryption, updated anti-virus software, and regular backups to provide security from these threats. Analysis of existing security solutions can help determine weaknesses in data security.
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
Millions of people worldwide have Internet access today. Intrusion detection technology is a modern wave of information technology monitoring devices to deter malicious activities. Malware development malicious software is a vital problem when it comes to designing intrusion detection systems IDS . The key challenge is to recognize unknown and hidden malware, because malware writers use various evasion techniques to mask information to avoid IDS detection. Malicious attacks have become more sophisticated and Furthermore, threats to security have increased, including a zero day attack on internet users. Through the use of IT in our daily lives, computer security has become critical. Cyber threats are becoming more complex and pose growing challenges when it comes to successful intrusion detection. Failure to prevent invading information, such as data privacy, integrity and availability can undermine the credibility of security services. Specific intrusion detection approaches were proposed in the literature to combat computer security threats. This paper consists of a literature survey of the IDS that uses program algorithms to use specific data collection and forensic techniques in real time. Data mining techniques for cyber research are introduced in support of intrusion detection. Mohammed I. Alghamdi "An Assessment of Intrusion Detection System (IDS) and Data-Set Overview: A Comprehensive Review of Recent Works" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-2 , February 2021, URL: https://www.ijtsrd.com/papers/ijtsrd35730.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35730/an-assessment-of-intrusion-detection-system-ids-and-dataset-overview-a-comprehensive-review-of-recent-works/mohammed-i-alghamdi
This document discusses intrusion detection techniques for mobile networks. It begins by outlining the vulnerabilities of wireless networks, including the open medium, dynamic topology, lack of centralized monitoring, and cooperative algorithms. It then explains the need for intrusion detection systems, as completely preventing intrusions is unrealistic. The document classifies intrusion detection systems and outlines their requirements, including continuous monitoring, fault tolerance, and adaptability. It concludes by describing the two main techniques of intrusion detection: anomaly detection, which flags deviations from a normal activity profile; and misuse detection, which searches for patterns matching known attacks.
The document discusses authentication, authorization, and accounting (the three As) as a leading model for access control. It describes authentication as identifying users, usually with a username and password. Authorization gives users access to resources based on their identity. Accounting (also called auditing) tracks user activity like time spent and services accessed. The document provides details on different authentication methods like passwords, PINs, smart cards, and digital certificates. It emphasizes the importance of strong passwords and changing them regularly.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
This document discusses information system security. It defines information system security as collecting activities to protect information systems and stored data. It outlines four components of an IT security policy framework: policies, standards, procedures, and guidelines. It also discusses vulnerabilities, threats, attacks, and trends in attacks. Vulnerabilities refer to weaknesses, while threats use tools and scripts to launch attacks like reconnaissance, access, denial of service, and viruses/Trojans. Common attacks trends include malware, phishing, ransomware, denial of service, man-in-the-middle, cryptojacking, SQL injection, and zero-day exploits.
IRJET- Security from Threats of Computer SystemIRJET Journal
Governments are finding cyber security to be a major challenge as they store far more data than the private sector, often in older and more vulnerable systems, and are regularly targeted by hackers and sophisticated malware. The document discusses various threats to computer systems like malware, viruses, phishing, and zero-day attacks. It proposes solutions like usernames and passwords, firewalls, email encryption, updated anti-virus software, and regular backups to provide security from these threats. Analysis of existing security solutions can help determine weaknesses in data security.
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
Millions of people worldwide have Internet access today. Intrusion detection technology is a modern wave of information technology monitoring devices to deter malicious activities. Malware development malicious software is a vital problem when it comes to designing intrusion detection systems IDS . The key challenge is to recognize unknown and hidden malware, because malware writers use various evasion techniques to mask information to avoid IDS detection. Malicious attacks have become more sophisticated and Furthermore, threats to security have increased, including a zero day attack on internet users. Through the use of IT in our daily lives, computer security has become critical. Cyber threats are becoming more complex and pose growing challenges when it comes to successful intrusion detection. Failure to prevent invading information, such as data privacy, integrity and availability can undermine the credibility of security services. Specific intrusion detection approaches were proposed in the literature to combat computer security threats. This paper consists of a literature survey of the IDS that uses program algorithms to use specific data collection and forensic techniques in real time. Data mining techniques for cyber research are introduced in support of intrusion detection. Mohammed I. Alghamdi "An Assessment of Intrusion Detection System (IDS) and Data-Set Overview: A Comprehensive Review of Recent Works" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-2 , February 2021, URL: https://www.ijtsrd.com/papers/ijtsrd35730.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35730/an-assessment-of-intrusion-detection-system-ids-and-dataset-overview-a-comprehensive-review-of-recent-works/mohammed-i-alghamdi
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
This document discusses intrusion detection techniques for mobile networks. It begins by outlining the vulnerabilities of wireless networks, including the open medium, dynamic topology, lack of centralized monitoring, and cooperative algorithms. It then explains the need for intrusion detection systems, as completely preventing intrusions is unrealistic. The document classifies intrusion detection systems and outlines their requirements, including continuous monitoring, fault tolerance, and adaptability. It concludes by describing the two main techniques of intrusion detection: anomaly detection, which flags deviations from a normal activity profile; and misuse detection, which searches for patterns matching known attacks.
Now a day’s risk of becoming a victim of spam and phishing attacks increases while accessing Internet. Many Web
sites exhibit violent and illegal content. Most of users are now unable to protect their networks and themselves also. However,
some countries have deployed systems for filtering the Web content. Since, the existing systems show high latency and overblocking.
Thus, an efficient method for Web filtering concept to protect users at the Internet service provider level is
presented. The proposed solution can detect and block illegal and threatening Web sites. The suggested scalable softwarebased
approach can examine Internet domains in wire speed without over-blocking. The Web filter serves as security measure
for all connected users, especially for users with limited IT expert knowledge. This solution is totally transparent to all
Network devices in the network. Setup, installation and maintenance can be created only by the Internet Service provider
administrator. So, the suggested security system is safe from attacks from users and from the network side.
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
The document discusses various aspects of information security and network security. It defines information security and describes different types including physical security, communication security, and network security. It then discusses several common security processes and tools used for protection, such as anti-virus software, access controls, firewalls, intrusion detection systems, policy management, and vulnerability scanning. However, it notes that no single security measure provides complete protection and that security is an ongoing process.
This document discusses network security. It begins by defining network security and explaining the three main types: physical, technical, and administrative security controls. It then defines vulnerabilities as weaknesses that can be exploited by threats such as unauthorized access or data modification. Common network attacks are described as reconnaissance, access, denial of service, and worms/viruses. Emerging attack trends include malware, phishing, ransomware, denial of service attacks, man-in-the-middle attacks, cryptojacking, SQL injection, and zero-day exploits. The document aims to help students understand vulnerabilities, threats, attacks, and trends regarding network security.
This document discusses web security and attacks. It begins with an abstract noting that the web presents problems for both web clients and servers, requiring steps to protect both. Chapter 1 defines web security and discusses general security concepts like privacy, integrity, and availability. It also outlines technical methods to secure systems, like encryption, passwords, firewalls, and monitoring. Chapter 2 defines types of computer attacks like denial of service, man-in-the-middle, and brute force attacks. It also discusses social engineering techniques used to manipulate users into revealing confidential information.
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
This document provides guidance on securing Wi-Fi networks and recommendations for:
1. Threat types including rogue access points, misconfigured APs, and denial of service attacks.
2. Using a wireless intrusion detection/prevention system to identify threats and enforce policies.
3. Requirements for enterprise wireless networking including encryption standards and authentication.
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
This document provides an overview of intrusion detection and prevention systems (IDPS). It discusses the types of threats, vulnerabilities, and intrusions that IDPS aim to address. It describes the differences between network-based and host-based IDPS, as well as signature-based and anomaly-based detection methods. The document also outlines some key capabilities of IDPS, such as identifying hosts, operating systems, applications, and network characteristics. It notes limitations of IDPS, including inability to analyze encrypted traffic. Finally, it emphasizes the importance of properly deploying and managing IDPS according to organizational needs and policies as part of a layered defense-in-depth security strategy.
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
Technical solutions, introduced by policies and implantations are essential requirements of an
information security program. Advanced technologies such as intrusion detection and prevention system (IDPS)
and analysis tools have become prominent in the network environment while they involve with organizations to
enhance the security of their information assets. Scanning and analyzing tools to pinpoint vulnerabilities, holes
in security components, unsecured aspects of the network and deploying of IDPS technology are highlighted.
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
This document describes a project report submitted for the degree of Bachelor of Technology in Information Technology. The report focuses on network intrusion detection and node recovery using dynamic path routing. It was submitted by three students - Nishanth G., Sudharshan N., and Surya Krishnan R. - to Sri Venkateswara College of Engineering in partial fulfillment of their degree requirements. The document includes sections on acknowledgements, abstract, contents, introduction, literature survey, system design, network topology, network intrusion detection and prevention, node recovery, source anonymity, dynamic path routing, results and discussions, and conclusions. It aims to address privacy and security issues in networks through techniques like encryption, evidence collection, risk assessment
This document provides an introduction to information security concepts. It defines information security as protecting information and systems from unauthorized access, use, disclosure, disruption or destruction. The key aspects of information security are confidentiality, integrity and availability. Basic security terminology like identification, authentication, access control and confidentiality are explained. Common network vulnerabilities like weak passwords, protocol design flaws, and unauthorized access through modems are also discussed. The importance of network security is to protect company assets, gain competitive advantage and ensure regulatory compliance.
This document is a standard developed by Concordia University College for their VPN security. It begins with definitions of a policy, standard, and guideline. A policy outlines specific requirements, a standard describes system-specific procedures that must be followed, and a guideline provides suggestions for best practices.
The VPN Security Standards document then outlines the authority, purpose, and scope. The standards section lists technical requirements for devices connected to the university network regarding virus protection, SNMP, printer services, default web pages, unauthorized access, physical security, and use of non-university devices. Violations may result in network disconnection, and exceptions require IT and CIO approval.
CYBER FORENSICS AND AUDITING
Topics Covered: Introduction to Cyber Forensics, Computer Equipment and associated storage, media Role of forensics Investigator, Forensics Investigation Process, Collecting Network based Evidence Writing, Computer Forensics Reports, Auditing, Plan an audit against a set of audit criteria, Information Security Management, System Management. Introduction to ISO 27001:2013
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
The new massachusetts privacy rules v5.35.1stevemeltzer
The document summarizes the key aspects of the Massachusetts Data Privacy Rules, including the scope, requirements, and compliance deadlines. It outlines the requirements to develop a comprehensive written information security program (cWISP) that includes administrative, technical, and physical safeguards. It also discusses breach reporting requirements and computer system security requirements related to encryption, firewalls, patches, and employee training. Sample policies, checklists, and other resources are provided to help organizations achieve compliance.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Gold prospecting using Remote Sensing ‘A case study of Sudan’IJERD Editor
Gold has been extracted from northeast Africa for more than 5000 years, and this may be the first
place where the metal was extracted. The Arabian-Nubian Shield (ANS) is an exposure of Precambrian
crystalline rocks on the flanks of the Red Sea. The crystalline rocks are mostly Neoproterozoic in age. ANS
includes the nations of Israel, Jordan. Egypt, Saudi Arabia, Sudan, Eritrea, Ethiopia, Yemen, and Somalia.
Arabian Nubian Shield Consists of juvenile continental crest that formed between 900 550 Ma, when intra
oceanic arc welded together along ophiolite decorated arc. Primary Au mineralization probably developed in
association with the growth of intra oceanic arc and evolution of back arc. Multiple episodes of deformation
have obscured the primary metallogenic setting, but at least some of the deposits preserve evidence that they
originate as sea floor massive sulphide deposits.
The Red Sea Hills Region is a vast span of rugged, harsh and inhospitable sector of the Earth with
inimical moon-like terrain, nevertheless since ancient times it is famed to be an abode of gold and was a major
source of wealth for the Pharaohs of ancient Egypt. The Pharaohs old workings have been periodically
rediscovered through time. Recent endeavours by the Geological Research Authority of Sudan led to the
discovery of a score of occurrences with gold and massive sulphide mineralizations. In the nineties of the
previous century the Geological Research Authority of Sudan (GRAS) in cooperation with BRGM utilized
satellite data of Landsat TM using spectral ratio technique to map possible mineralized zones in the Red Sea
Hills of Sudan. The outcome of the study mapped a gossan type gold mineralization. Band ratio technique was
applied to Arbaat area and a signature of alteration zone was detected. The alteration zones are commonly
associated with mineralization. The alteration zones are commonly associated with mineralization. A filed check
confirmed the existence of stock work of gold bearing quartz in the alteration zone. Another type of gold
mineralization that was discovered using remote sensing is the gold associated with metachert in the Atmur
Desert.
Reducing Corrosion Rate by Welding DesignIJERD Editor
This document summarizes a study on reducing corrosion rates in steel through welding design. The researchers tested different welding groove designs (X, V, 1/2X, 1/2V) and preheating temperatures (400°C, 500°C, 600°C) on ferritic malleable iron samples. Testing found that X and V groove designs with 500°C and 600°C preheating had corrosion rates of 0.5-0.69% weight loss after 14 days, compared to 0.57-0.76% for 400°C preheating. Higher preheating reduced residual stresses which decreased corrosion. Residual stresses were 1.7 MPa for optimal X groove and 600°C
Router 1X3 – RTL Design and VerificationIJERD Editor
Routing is the process of moving a packet of data from source to destination and enables messages
to pass from one computer to another and eventually reach the target machine. A router is a networking device
that forwards data packets between computer networks. It is connected to two or more data lines from different
networks (as opposed to a network switch, which connects data lines from one single network). This paper,
mainly emphasizes upon the study of router device, it‟s top level architecture, and how various sub-modules of
router i.e. Register, FIFO, FSM and Synchronizer are synthesized, and simulated and finally connected to its top
module.
Hearing loss is one of the most common human impairments. It is estimated that by year 2015 more
than 700 million people will suffer mild deafness. Most can be helped by hearing aid devices depending on the
severity of their hearing loss. This paper describes the implementation and characterization details of a dual
channel transmitter front end (TFE) for digital hearing aid (DHA) applications that use novel micro
electromechanical- systems (MEMS) audio transducers and ultra-low power-scalable analog-to-digital
converters (ADCs), which enable a very-low form factor, energy-efficient implementation for next-generation
DHA. The contribution of the design is the implementation of the dual channel MEMS microphones and powerscalable
ADC system.
Influence of tensile behaviour of slab on the structural Behaviour of shear c...IJERD Editor
-A composite beam is composed of a steel beam and a slab connected by means of shear connectors
like studs installed on the top flange of the steel beam to form a structure behaving monolithically. This study
analyzes the effects of the tensile behavior of the slab on the structural behavior of the shear connection like slip
stiffness and maximum shear force in composite beams subjected to hogging moment. The results show that the
shear studs located in the crack-concentration zones due to large hogging moments sustain significantly smaller
shear force and slip stiffness than the other zones. Moreover, the reduction of the slip stiffness in the shear
connection appears also to be closely related to the change in the tensile strain of rebar according to the increase
of the load. Further experimental and analytical studies shall be conducted considering variables such as the
reinforcement ratio and the arrangement of shear connectors to achieve efficient design of the shear connection
in composite beams subjected to hogging moment.
A Novel Method for Prevention of Bandwidth Distributed Denial of Service AttacksIJERD Editor
Distributed Denial of Service (DDoS) Attacks became a massive threat to the Internet. Traditional
Architecture of internet is vulnerable to the attacks like DDoS. Attacker primarily acquire his army of Zombies,
then that army will be instructed by the Attacker that when to start an attack and on whom the attack should be
done. In this paper, different techniques which are used to perform DDoS Attacks, Tools that were used to
perform Attacks and Countermeasures in order to detect the attackers and eliminate the Bandwidth Distributed
Denial of Service attacks (B-DDoS) are reviewed. DDoS Attacks were done by using various Flooding
techniques which are used in DDoS attack.
The main purpose of this paper is to design an architecture which can reduce the Bandwidth
Distributed Denial of service Attack and make the victim site or server available for the normal users by
eliminating the zombie machines. Our Primary focus of this paper is to dispute how normal machines are
turning into zombies (Bots), how attack is been initiated, DDoS attack procedure and how an organization can
save their server from being a DDoS victim. In order to present this we implemented a simulated environment
with Cisco switches, Routers, Firewall, some virtual machines and some Attack tools to display a real DDoS
attack. By using Time scheduling, Resource Limiting, System log, Access Control List and some Modular
policy Framework we stopped the attack and identified the Attacker (Bot) machines
Firewalls are hardware or software tools that control access between private networks and public networks like the internet. There are several types of firewalls including packet filtering, circuit-level gateways, application gateways, and stateful multilayer inspection firewalls. Packet filtering firewalls work at the network layer and filter based on packet attributes. Application gateways filter at the application layer using proxies. Stateful multilayer inspection firewalls combine aspects of the other types and track communication sessions. Firewalls provide security benefits like blocking vulnerable services, enforcing access policies, and concentrating security management, but also have disadvantages like potentially limiting network access and concentrating risk.
This document discusses firewalls, including their definition, history, types, and purposes. A firewall is a program or hardware device that filters network traffic between the internet and an internal network based on a set of security rules. There are different types of firewalls, including packet filtering routers, application-level gateways, and circuit-level gateways. Firewalls aim to restrict network access and protect internal systems by only allowing authorized traffic according to a security policy.
This document provides an overview of firewalls, including what they are, different types, basic concepts, their role, advantages, and disadvantages. It defines a firewall as a program or device that filters network traffic between the internet and a private network based on a set of rules. The document discusses software vs hardware firewalls and different types like packet filtering, application-level gateways, and circuit-level gateways. It also covers the history of firewalls, their design goals, and how they concentrate security and restrict access to trusted machines only.
Gartner predicted that by the end of 2019, 90% of enterprise internet connections would be secured by next-generation firewalls. The document outlines key requirements for next-generation firewalls including identifying applications regardless of port or encryption, identifying users regardless of device or IP address, decrypting encrypted traffic, and protecting against known and unknown threats in real time with predictable multi-gigabit throughput. It discusses the need to close dangerous policy gaps left by legacy firewalls and the evolution of threats that exploit encryption to avoid detection.
This document provides an overview of firewalls, including what they are, different types, basic concepts, their role, advantages, and disadvantages. It defines a firewall as a program or device that filters network traffic between the internet and a private network based on a set of rules. The document discusses software vs hardware firewalls and different types like packet filtering, application-level gateways, and circuit-level gateways. It also covers the history of firewalls, their design goals, and how they concentrate security and restrict access to trusted machines only.
Lakshmi.S presents information on firewalls including definitions, types, and concepts. A firewall filters internet access to protect private networks. There are software and hardware firewalls. Types include packet filtering routers, application-level gateways, and circuit-level gateways. Firewalls concentrate security, filter unnecessary protocols, hide internal information, and require connections through the firewall. While firewalls improve security, they can hamper some network access and concentrating security in one location means compromising the firewall poses risks.
This document discusses different types of firewalls and their functions. It begins by explaining why computers need protection and why firewalls are needed. There are three main types of firewalls: packet filtering, application-level, and circuit-level. Packet filtering firewalls control protocols, IP addresses, and port numbers using rulesets. Application-level firewalls allow or block specific application traffic using mechanisms for each desired application. Circuit-level firewalls relay TCP connections by copying bytes between an external host and internal resource. In summary, firewalls provide network security by controlling access and filtering unauthorized traffic between internal and external networks.
Network security involves implementing multiple layers of defenses to protect a network from threats. It includes technologies like firewalls, antivirus software, and intrusion detection systems to manage access and detect malware and exploits. As networks increasingly face hacking threats, strong network security tools are essential for organizations to protect their systems, data, and reputation. Network security strategies aim to authorize only legitimate users while blocking malicious actors from harming the network.
The document discusses different types of firewalls including hardware and software firewalls, and describes their purposes and functions. It outlines the history of firewalls from their origins in the late 1980s to prevent unauthorized access. The document also defines various firewall techniques like packet filtering, application gateways, and proxy servers; and types such as stateful inspection firewalls, unified threat management firewalls, and next-generation firewalls.
This document discusses the design and implementation of a network security model using routers and firewalls. It begins by outlining the importance of network security and some common vulnerabilities, threats, and attacks against network devices like routers. It then provides details on specific attacks like session hijacking, spoofing, and denial of service attacks. The document also discusses best practices for router and firewall security policies, including access control, authentication, and traffic filtering. The overall aim is to protect networks from vulnerabilities and security weaknesses by implementing preventative measures, securing devices like routers and firewalls, and establishing proper security policies.
Network security architecture is the planning and design of the camp.pdfaquazac
Network security architecture is the planning and design of the campus network to reduce
security risks in accordance with the institution’s risk analysis and security policies. It focuses on
reduc-ing security risks and enforcing policy through the design and con-figuration of firewalls,
routers, and other network equipment.
Network security is important because it is one of the means to enforce the policies and
procedures developed by the institution to protect information. It is often referred to as the “front
door” in broader discussions of IT security. To the extent that you can block network access to a
computer, you “lock” the door and provide bet-ter protection for that computer and its contents.
Traditional network design has focused on creating a secure net-work perimeter around the
organization and strategically placing a firewall at the point where the network is connected to
the Inter-net. For higher education, this traditional design is problematic; our constituents need
access from off campus to a large number of machines and services on campus. In addition,
because we have many computers on our campus that we cannot implicitly trust, we also must be
concerned about security threats from inside the perimeter protected by a traditional firewall.
These design issues require a different approach to network security. Although it is impossible to
do justice to the topic of network design in a few pages, there are some best practices that I feel
universities should focus on in terms of network design.
Step 1: Eliminate Network Components That Still UseShared Ethernet
Shared Ethernet switches (or hubs) were developed more than a decade ago to interconnect
multiple computers and networks. These hubs retransmit all network traffic to all computers
connected to that hub. The security implication is that if one computer has its security
compromised it can be used to monitor network traffic com-ing from any other computer that
shares the same hub. This could expose passwords and other sensitive information. Today,
switched Ethernet, which isolates traffic intended for one computer from the view of others on
the same switch, is very inexpensive and, hence, it is worth the cost of replacing older hubs.
Step 2: Embrace and Implement the Concept of Defense and Use Multiple Firewalls Within
Your Network
Commercial and Linux-based firewalls are inexpensive enough that you can deploy these in
multiple locations as needed. It is still bene-ficial to have a firewall separating your institutional
network from the connection to the Internet. This firewall, called a border firewall, will provide a
minimal level of protection for all computers on your net-work. The major benefit of this firewall
is that it allows your network and security staff to quickly block external access should a threat
arise, such as when the “SQL worm” was launched in January 2003 In addition to the border
firewall, consider adding internal firewalls to protect areas that requi.
This document provides an overview of network security. It discusses the history and need for network security. It describes common network attacks and authentication methods. The document outlines basic network security techniques like Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). It also discusses network security architecture and concludes that network security is an important field that requires ongoing improvement to address evolving threats.
The document discusses network and data security. It notes that there is a hacker attack every 39 seconds and over 300,000 new malware are created daily, posing significant threats. It then defines network security and data protection, and discusses various technical and organizational strategies that can help improve security, such as firewalls, antivirus software, access control, encryption protocols like WPA2, and employee training. The document emphasizes adopting a holistic, next-generation approach to endpoint security to effectively combat modern cyber threats.
The document discusses security measures taken by the ICT directorate of Addis Ababa Science and Technology University. They use a FortiGate 1200D firewall to secure their internal network and servers from threats. They also use Kaspersky antivirus software, implement backup and fault tolerance systems, and take steps to secure their web, database, and mail servers. The staff follow security checklists that include keeping systems updated, implementing firewalls and SSL, encrypting connections, securing user logins and databases, and scanning for malware.
This seminar covers network security from its history to modern techniques. It introduces network security, the need for it due to increased internet usage, and basic concepts like authentication and common attacks. The document outlines early security protocols and why confidentiality, availability and integrity of information were important as the internet grew. It discusses how to secure a network from outside intrusion and different authentication techniques. Specific security methods like WPA, WEP and how hackers have evolved are also summarized. The advantages and challenges of network security are presented, as well as the importance of a well-designed security architecture for an organization's network.
This document provides an overview of firewalls, including what they are, how they work, types of firewalls, and their history. A firewall is a program or device that filters network traffic between the internet and an internal network based on a set of rules. There are different types, including packet filtering routers, application-level gateways, and circuit-level gateways. Firewalls aim to only allow authorized traffic according to a security policy while protecting internal systems. They provide advantages such as restricting access and hiding internal network information but can also limit some network connectivity.
The Ultimate Guide to Network Firewalls_ Everything You Need to Know.pdfCyberPro Magazine
Network firewalls provide multiple layers of security, significantly enhancing your network’s ability to resist cyber threats. They offer comprehensive protection against a wide range of attacks, from simple malware to complex, multi-vector threats.
Cyberoam network security appliances offer next generation security features and deliver future-ready security to highly complex enterprise networks. The unique Layer 8 identity-based security gives enterprises complete visibility and control over user activity.
Similar to Welcome to International Journal of Engineering Research and Development (IJERD) (20)
Active Power Exchange in Distributed Power-Flow Controller (DPFC) At Third Ha...IJERD Editor
This paper presents a component within the flexible ac-transmission system (FACTS) family, called
distributed power-flow controller (DPFC). The DPFC is derived from the unified power-flow controller (UPFC)
with an eliminated common dc link. The DPFC has the same control capabilities as the UPFC, which comprise
the adjustment of the line impedance, the transmission angle, and the bus voltage. The active power exchange
between the shunt and series converters, which is through the common dc link in the UPFC, is now through the
transmission lines at the third-harmonic frequency. DPFC multiple small-size single-phase converters which
reduces the cost of equipment, no voltage isolation between phases, increases redundancy and there by
reliability increases. The principle and analysis of the DPFC are presented in this paper and the corresponding
simulation results that are carried out on a scaled prototype are also shown.
Mitigation of Voltage Sag/Swell with Fuzzy Control Reduced Rating DVRIJERD Editor
Power quality has been an issue that is becoming increasingly pivotal in industrial electricity
consumers point of view in recent times. Modern industries employ Sensitive power electronic equipments,
control devices and non-linear loads as part of automated processes to increase energy efficiency and
productivity. Voltage disturbances are the most common power quality problem due to this the use of a large
numbers of sophisticated and sensitive electronic equipment in industrial systems is increased. This paper
discusses the design and simulation of dynamic voltage restorer for improvement of power quality and
reduce the harmonics distortion of sensitive loads. Power quality problem is occurring at non-standard
voltage, current and frequency. Electronic devices are very sensitive loads. In power system voltage sag,
swell, flicker and harmonics are some of the problem to the sensitive load. The compensation capability
of a DVR depends primarily on the maximum voltage injection ability and the amount of stored
energy available within the restorer. This device is connected in series with the distribution feeder at
medium voltage. A fuzzy logic control is used to produce the gate pulses for control circuit of DVR and the
circuit is simulated by using MATLAB/SIMULINK software.
Study on the Fused Deposition Modelling In Additive ManufacturingIJERD Editor
Additive manufacturing process, also popularly known as 3-D printing, is a process where a product
is created in a succession of layers. It is based on a novel materials incremental manufacturing philosophy.
Unlike conventional manufacturing processes where material is removed from a given work price to derive the
final shape of a product, 3-D printing develops the product from scratch thus obviating the necessity to cut away
materials. This prevents wastage of raw materials. Commonly used raw materials for the process are ABS
plastic, PLA and nylon. Recently the use of gold, bronze and wood has also been implemented. The complexity
factor of this process is 0% as in any object of any shape and size can be manufactured.
Spyware triggering system by particular string valueIJERD Editor
This computer programme can be used for good and bad purpose in hacking or in any general
purpose. We can say it is next step for hacking techniques such as keylogger and spyware. Once in this system if
user or hacker store particular string as a input after that software continually compare typing activity of user
with that stored string and if it is match then launch spyware programme.
A Blind Steganalysis on JPEG Gray Level Image Based on Statistical Features a...IJERD Editor
This paper presents a blind steganalysis technique to effectively attack the JPEG steganographic
schemes i.e. Jsteg, F5, Outguess and DWT Based. The proposed method exploits the correlations between
block-DCTcoefficients from intra-block and inter-block relation and the statistical moments of characteristic
functions of the test image is selected as features. The features are extracted from the BDCT JPEG 2-array.
Support Vector Machine with cross-validation is implemented for the classification.The proposed scheme gives
improved outcome in attacking.
Secure Image Transmission for Cloud Storage System Using Hybrid SchemeIJERD Editor
- Data over the cloud is transferred or transmitted between servers and users. Privacy of that
data is very important as it belongs to personal information. If data get hacked by the hacker, can be
used to defame a person’s social data. Sometimes delay are held during data transmission. i.e. Mobile
communication, bandwidth is low. Hence compression algorithms are proposed for fast and efficient
transmission, encryption is used for security purposes and blurring is used by providing additional
layers of security. These algorithms are hybridized for having a robust and efficient security and
transmission over cloud storage system.
Application of Buckley-Leverett Equation in Modeling the Radius of Invasion i...IJERD Editor
A thorough review of existing literature indicates that the Buckley-Leverett equation only analyzes
waterflood practices directly without any adjustments on real reservoir scenarios. By doing so, quite a number
of errors are introduced into these analyses. Also, for most waterflood scenarios, a radial investigation is more
appropriate than a simplified linear system. This study investigates the adoption of the Buckley-Leverett
equation to estimate the radius invasion of the displacing fluid during waterflooding. The model is also adopted
for a Microbial flood and a comparative analysis is conducted for both waterflooding and microbial flooding.
Results shown from the analysis doesn’t only records a success in determining the radial distance of the leading
edge of water during the flooding process, but also gives a clearer understanding of the applicability of
microbes to enhance oil production through in-situ production of bio-products like bio surfactans, biogenic
gases, bio acids etc.
Gesture Gaming on the World Wide Web Using an Ordinary Web CameraIJERD Editor
- Gesture gaming is a method by which users having a laptop/pc/x-box play games using natural or
bodily gestures. This paper presents a way of playing free flash games on the internet using an ordinary webcam
with the help of open source technologies. Emphasis in human activity recognition is given on the pose
estimation and the consistency in the pose of the player. These are estimated with the help of an ordinary web
camera having different resolutions from VGA to 20mps. Our work involved giving a 10 second documentary to
the user on how to play a particular game using gestures and what are the various kinds of gestures that can be
performed in front of the system. The initial inputs of the RGB values for the gesture component is obtained by
instructing the user to place his component in a red box in about 10 seconds after the short documentary before
the game is finished. Later the system opens the concerned game on the internet on popular flash game sites like
miniclip, games arcade, GameStop etc and loads the game clicking at various places and brings the state to a
place where the user is to perform only gestures to start playing the game. At any point of time the user can call
off the game by hitting the esc key and the program will release all of the controls and return to the desktop. It
was noted that the results obtained using an ordinary webcam matched that of the Kinect and the users could
relive the gaming experience of the free flash games on the net. Therefore effective in game advertising could
also be achieved thus resulting in a disruptive growth to the advertising firms.
Hardware Analysis of Resonant Frequency Converter Using Isolated Circuits And...IJERD Editor
-LLC resonant frequency converter is basically a combo of series as well as parallel resonant ckt. For
LCC resonant converter it is associated with a disadvantage that, though it has two resonant frequencies, the
lower resonant frequency is in ZCS region[5]. For this application, we are not able to design the converter
working at this resonant frequency. LLC resonant converter existed for a very long time but because of
unknown characteristic of this converter it was used as a series resonant converter with basically a passive
(resistive) load. . Here, it was designed to operate in switching frequency higher than resonant frequency of the
series resonant tank of Lr and Cr converter acts very similar to Series Resonant Converter. The benefit of LLC
resonant converter is narrow switching frequency range with light load[6] . Basically, the control ckt plays a
very imp. role and hence 555 Timer used here provides a perfect square wave as the control ckt provides no
slew rate which makes the square wave really strong and impenetrable. The dead band circuit provides the
exclusive dead band in micro seconds so as to avoid the simultaneous firing of two pairs of IGBT’s where one
pair switches off and the other on for a slightest period of time. Hence, the isolator ckt here is associated with
each and every ckt used because it acts as a driver and an isolation to each of the IGBT is provided with one
exclusive transformer supply[3]. The IGBT’s are fired using the appropriate signal using the previous boards
and hence at last a high frequency rectifier ckt with a filtering capacitor is used to get an exact dc
waveform .The basic goal of this particular analysis is to observe the wave forms and characteristics of
converters with differently positioned passive elements in the form of tank circuits.
Simulated Analysis of Resonant Frequency Converter Using Different Tank Circu...IJERD Editor
LLC resonant frequency converter is basically a combo of series as well as parallel resonant ckt. For
LCC resonant converter it is associated with a disadvantage that, though it has two resonant frequencies, the
lower resonant frequency is in ZCS region [5]. For this application, we are not able to design the converter
working at this resonant frequency. LLC resonant converter existed for a very long time but because of
unknown characteristic of this converter it was used as a series resonant converter with basically a passive
(resistive) load. . Here, it was designed to operate in switching frequency higher than resonant frequency of the
series resonant tank of Lr and Cr converter acts very similar to Series Resonant Converter. The benefit of LLC
resonant converter is narrow switching frequency range with light load[6] . Basically, the control ckt plays a
very imp. role and hence 555 Timer used here provides a perfect square wave as the control ckt provides no
slew rate which makes the square wave really strong and impenetrable. The dead band circuit provides the
exclusive dead band in micro seconds so as to avoid the simultaneous firing of two pairs of IGBT’s where one
pair switches off and the other on for a slightest period of time. Hence, the isolator ckt here is associated with
each and every ckt used because it acts as a driver and an isolation to each of the IGBT is provided with one
exclusive transformer supply[3]. The IGBT’s are fired using the appropriate signal using the previous boards
and hence at last a high frequency rectifier ckt with a filtering capacitor is used to get an exact dc
waveform .The basic goal of this particular analysis is to observe the wave forms and characteristics of
converters with differently positioned passive elements in the form of tank circuits. The supported simulation
is done through PSIM 6.0 software tool
Amateurs Radio operator, also known as HAM communicates with other HAMs through Radio
waves. Wireless communication in which Moon is used as natural satellite is called Moon-bounce or EME
(Earth -Moon-Earth) technique. Long distance communication (DXing) using Very High Frequency (VHF)
operated amateur HAM radio was difficult. Even with the modest setup having good transceiver, power
amplifier and high gain antenna with high directivity, VHF DXing is possible. Generally 2X11 YAGI antenna
along with rotor to set horizontal and vertical angle is used. Moon tracking software gives exact location,
visibility of Moon at both the stations and other vital data to acquire real time position of moon.
“MS-Extractor: An Innovative Approach to Extract Microsatellites on „Y‟ Chrom...IJERD Editor
Simple Sequence Repeats (SSR), also known as Microsatellites, have been extensively used as
molecular markers due to their abundance and high degree of polymorphism. The nucleotide sequences of
polymorphic forms of the same gene should be 99.9% identical. So, Microsatellites extraction from the Gene is
crucial. However, Microsatellites repeat count is compared, if they differ largely, he has some disorder. The Y
chromosome likely contains 50 to 60 genes that provide instructions for making proteins. Because only males
have the Y chromosome, the genes on this chromosome tend to be involved in male sex determination and
development. Several Microsatellite Extractors exist and they fail to extract microsatellites on large data sets of
giga bytes and tera bytes in size. The proposed tool “MS-Extractor: An Innovative Approach to extract
Microsatellites on „Y‟ Chromosome” can extract both Perfect as well as Imperfect Microsatellites from large
data sets of human genome „Y‟. The proposed system uses string matching with sliding window approach to
locate Microsatellites and extracts them.
Importance of Measurements in Smart GridIJERD Editor
- The need to get reliable supply, independence from fossil fuels, and capability to provide clean
energy at a fixed and lower cost, the existing power grid structure is transforming into Smart Grid. The
development of a smart energy distribution grid is a current goal of many nations. A Smart Grid should have
new capabilities such as self-healing, high reliability, energy management, and real-time pricing. This new era
of smart future grid will lead to major changes in existing technologies at generation, transmission and
distribution levels. The incorporation of renewable energy resources and distribution generators in the existing
grid will increase the complexity, optimization problems and instability of the system. This will lead to a
paradigm shift in the instrumentation and control requirements for Smart Grids for high quality, stable and
reliable electricity supply of power. The monitoring of the grid system state and stability relies on the
availability of reliable measurement of data. In this paper the measurement areas that highlight new
measurement challenges, development of the Smart Meters and the critical parameters of electric energy to be
monitored for improving the reliability of power systems has been discussed.
Study of Macro level Properties of SCC using GGBS and Lime stone powderIJERD Editor
The document summarizes a study on the use of ground granulated blast furnace slag (GGBS) and limestone powder to replace cement in self-compacting concrete (SCC). Tests were conducted on SCC mixes with 0-50% replacement of cement with GGBS and 0-20% replacement with limestone powder. The results showed that replacing 30% of cement with GGBS and 15% with limestone powder produced SCC with the highest compressive strength of 46MPa, meeting fresh property requirements. The study concluded that this ternary blend of cement, GGBS and limestone powder can improve SCC properties while reducing costs.
Seismic Drift Consideration in soft storied RCC buildings: A Critical ReviewIJERD Editor
Reinforced concrete frame buildings are becoming increasingly common in urban India. Many such
buildings constructed in recent times have a special feature – the ground storey is left open for the purpose of
parking, i.e., columns in the ground floor do not have any partition walls (of either masonry or
Reinforced concrete) between them. Such buildings are often called open ground storey buildings. The
relative horizontal displacement in the ground storey is much larger than storeys above it. The total horizontal
earthquake force it can carry in the ground storey is significantly smaller than storeys above it. The soft or weak
storey may exist at any storey level other than ground storey level. The presence of walls in upper storeys
makes them much stiffer than the open ground storey. Still Multi storey reinforced concrete buildings are
continuing to be built in India which has open ground storeys. It is imperative to know the behavior of
soft storey building to the seismic load for designing various retrofit strategies. Hence it is important to
study and understand the response of such buildings and make such buildings earthquake resistant based
on the study to prevent their collapse and to save the loss of life and property.
Post processing of SLM Ti-6Al-4V Alloy in accordance with AMS 4928 standardsIJERD Editor
This Research work was done to find out the impact of AMS 4928 standard heat treatment on
Selective Laser Melted (SLM) Ti-6Al-4V Grade 23 alloy. Ti-6Al-4V Grade 23 is an Extra Low Interstitial
version of Ti alloy with lower impurities and is α+β type alloy at room temperature. SLM is one type of method
in Additive Manufacturing based on Powder bed system. Each powder layer of few microns is coated and a laser
beam is scanned to melt the metal powder according to the specification of the part and subsequently moved
downwards layer by layer. The test coupons were first heat treated according to the above mentioned standard.
The tensile testing and the microstructural analysis were done to compare the results with that of mentioned in
the AMS 4928.The yield stress andPercentage elongation in the test coupons achieved are better than the
minimum requirement by AMS 4928 standard. Coarse lamellar grain structures were obtained with no
continuous network of alpha at prior beta grain boundaries.
Treatment of Waste Water from Organic Fraction Incineration of Municipal Soli...IJERD Editor
Evaporation is one of treatment alternatives of waste water from condensation of vapour in flue gas
or from flue gas scrubber system of an incinerator. The waste water contains tar and heavy metals which are
toxic and must be separated, before discharged to environment or recycled. Due to the relatively low efficiency
of the evaporation process, a combination of the evaporation-absorption process is developed to increase the
efficiency. The aim of this research is to study the separation efficiency of tar from the tar-water mixture from
organic fraction incineration of garbage by evaporation-absorption process, and compared it with the
evaporation process. The evaporation process was performed by evaporating the waste water directly, while the
evaporation-absorption process was carried out by evaporating the waste water before it had been mixed with
palm oil as an absorbent. The results showed that the efficiency to separate the heavy tar of the evaporation
process was 73.27% compared to the combination of evaporation-absorption that was 98.82%. Meanwhile, for
the separation of the light tar, the efficiencies of both process types were almost the same. This system can be
integrated with the incinerator for the treatment of flue gases and waste water generated from the burning of
organic fraction of MSW
Content Based Video Retrieval Using Integrated Feature Extraction and Persona...IJERD Editor
This document describes a content-based video retrieval system that extracts features from videos and uses those features to retrieve matching videos from a database. The system first segments videos into frames, applies optical character recognition (OCR) to extract text and automatic speech recognition (ASR) to extract keywords. It then extracts additional low-level visual features like color, texture and edges. All the extracted keywords and features are stored in a database. When a query video is input, the same features are extracted and used to search the database for similar videos. The results are then re-ranked based on the user's past viewing history to personalize the results. The system is evaluated on a database of 15 videos and is able to retrieve matching videos
Planar Internal Antenna Design for Cellular Applications & SAR AnalysisIJERD Editor
This paper presents a new design of direct-fed Multi band printed Planar Internal Antenna (PIA), for
cellular applications. The PIA antenna is composed of ground plane, meander radiating strip and two other
parasitic strips are printed on a common substrate. The designed antenna has been simulated in CST
environment. The simulated results for the resonant frequency, return loss, radiation pattern and gain are
presented and discussed. The bandwidths for three resonance achieved on the basis of -6 dB return loss.These
Bandwidths can be utilized for GSM 900, GSM 1800, GSM 1900, LTE 2300 and Bluetooth/WLAN as an
acceptable reference in mobile phones applications. Further the antenna was placed in proximity to the SAR
head on CST environment. The simulated results of SAR analysis are presented in this paper with acceptable
range.
Intelligent learning management system startersIJERD Editor
learning management system (lms) is increasingly gaining popularity in the academic community as
a means of delivering e-learning contents. Simply placing lecture notes and videos among other contents on
lmss do not particularly train the best. This situation could be improved with intelligent tutoring systems (itss)
integration into preferred lms to make it more adaptive and effective, through enhanced student participation
and learning. This work aims, therefore, to create a starter model and a model java its integrated preferred lms.
The its integrated lms starter model was proposed through augmentation and a fluid iterative cycle of
awareness, suggestion, development, evaluation and conclusion. Known open/inexpensive, tried and tested
popular lmss were evaluated at cms matrix site, and complemented. Java its integrated moodle (preferred),
employing certain architectural framework of its integrated lms, was created following the spiral model of
software development
Welcome to International Journal of Engineering Research and Development (IJERD)
1. International Journal of Engineering Research and Development
e-ISSN: 2278-067X, p-ISSN: 2278-800X, www.ijerd.com
Volume 6, Issue 5 (March 2013), PP. 112-118
Analysis of Firewall Policy Rules a Comparative Study
V. Anantha Krishna1, Dr. T. Aruldoss Albert Victoire2,
1
Research Scholar, Department of Computer Science and Engineering, 2.Asst.Professor, Department of
Electrical and Electronics Engineering, Anna University Coimbatore, Coimbatore,India-641047
Abstract:- A firewall is a system for enforcing access control policy between two networks and is one
of the most important measures to protect against network attacks. Firewalls traditionally protect the
internal network from outside threats. But there has been increasing need for preventing the misuses of
the network by the internal users which most previous firewalls overlook. Now a days, the Internet
users are traditionally relied on the firewalls to enforce their security policy by protecting their local
network systems from the network- based security threat and illegal data access. However, these
controls do not provide a comprehensive solution to secure a private network connected to the Internet.
Depending on the institution’s local policy, authentication may be restricted to computers located in
offices in which there is an individual who is responsible for use of the machine. Such a policy may be
enforced in order to provide some means of security against hacking remote services. This paper deals
with how to simulate the Firewall based on different policy rules and Compare it with some other
security system.
Keywords:- Network security, information Technology, Firewalls, Filtering, Policy, Rules, Threat.
I. INTRODUCTION
The Internet has made large amounts of information available to the average computer user at home, in
business and in education. For many people, having access to this information is no longer just an advantage, it
is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious
attack from anywhere in the world. Users who Connect their computers to the Internet must be aware of these
dangers, their implications and How to protect their data and their critical systems. Firewalls can protect both
individual Computers and corporate networks from hostile intrusion from the Internet, but must be understood
to be used correctly.
A firewall protects networked computers from intentional hostile intrusion that could compromise
confidentiality or result in data corruption or denial of service. It may be a hardware device or a software
program running on a secure host computer. In either case, it must have at least two network interfaces, one for
the network it is intended to protect and one for the network it is exposed to. A firewall sits at the junction point
or gateway between the two networks, usually a private network and a public network such as the Internet. The
earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into
different physical sub networks, they limited the damage that could spread from
one subnet to another just like fire doors or firewalls. A firewall examines all traffic routed between the two
networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A
firewall filters both inbound and outbound traffic. It can also manage public access to private networked
resources such as host applications. It can be used to log all attempts to enter the private network and trigger
alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and
destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific
types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic
is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet
attribute or state.
A firewall cannot prevent individual users with modems from dialing into or out of the network,
bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls.
Policies involving the use and misuse of passwords and user accounts must be strictly enforced. These are
management issues that should be raised during the planning of any security policy but that cannot be solved
with firewalls alone. Anyone who is responsible for a private network that is connected to a public network
needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via
modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect
them. They feel that no malicious intruder would be motivated to break into their computer. Dial up users who
have been victims of malicious attacks and who have lost entire days of work, perhaps having to reinstall their
112
2. Analysis of Firewall Policy Rules a Comparative Study
operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random
IP addresses and attack whenever the opportunity presents itself. There are two access denial methodologies
used by firewalls. A firewall may allow all traffic through unless it meets certain criteria or it may deny all
traffic unless it meets certain criteria. The type of criteria used to determine whether traffic should be allowed
through varies from one type of firewall to another. Firewalls may be concerned with the type of traffic or with
source or destination addresses and ports. They may also use complex rule bases that analyze the application
data to determine if the traffic should be allowed through. How a firewall determines what traffic to let through
depends on which network layer it operates at.
1.1.Security Issues: Practical Considerations: Currently, most web sites are simply vehicles for disseminating
information such as corporate profiles and descriptions of products /services For owners of such sites, the
greatest concern is keeping unauthorized users from accessing the site and corrupting their data. But as business
increasingly embrace true electronic commerce taking orders on-line, accepting credit cad info and digital-cash
payments, both companies and their customers will demand higher levels of security.
1.1.1. Vulnerabilities of the web:-Businesses are looking to internet to achieve a global presence and become
more accessible to catering to customers. Web site consist of 1. an application ( the server ) running on a local
operating system 2. data (web pages ) stored in a local database or file management system. As such, web sites
are vulnerable to all the techniques that intruders have been developing for years to attack operating systems and
databases
1.1.2.Principal threats:- There are 4 principal threats such as unauthorized alteration of data, unauthorized
access to the underlying operating systems, eavesdropping on messages passed between a server and a browser
and impersonation.
At first glance, the chances of the first two breaches occurring may appear negligible. After all, If a server
is dedicated to web site access, what can potential intruders really do, aside from executing relatively simple
commands allowing them to view information. But already weaknesses are becoming apparent.
1.2. Securing a Web site : There are two basic lines of attacks in improving Web security 1. securing the site
itself and 2. securing the applications running on the sites. Both are essential.
1.2.1.Securing the site :- Install all operating system security patches recommended by the vendor, the
Department of energy’s computer incident advisory capability and the computer emergency responses team.
After that, it is a matter of keeping up with the latest security advisories and promptly installing patches as
flaws turn up.
1.2.2. Securing the application running on it:- Install the web sever software with minimal system privileges.
If full privileges are given, anyone who gets past the server and into its file directory has access to everything on
the system including additional applications, pass word files and other critical information.
There are several new technologies that can be used to improve use authentication. These technologies include
the following:
1.3.Message digest: A calculation performed on a message. The calculation is based on a secret key. Message
digests are used in a login authentication scheme called the “Challenge Handshake”.
1.4.Public-key-encryption:-A method of encryption for which the key used to encrypt a message is different
from the key used to decrypt the message. The public key is made available to anyone who needs to
communicate. They encrypt the message to be sent with that key, but only user can decrypt it. This is based on
practical methods used to encrypt entry forms and email.
1.5.Use of a firewall:- This offers the most common and effective approach by far. A firewall is an application
software that sits on a computer between user LAN and the Internet. All Internet messages must pass through
the firewall. To reach the server from the internet, user must have a firewall account that defines users user ID,
password, group ID, system administrator and given permissions. Permissions include any combination of
reading, writing or execution files in the network.
113
3. Analysis of Firewall Policy Rules a Comparative Study
The complete framework of firewall testing should contain two components: (1) generating test packets
that test the firewall given a certain policy, and (2) generating various policies scenarios to test the firewall
handling of different policy styles/configuration. Although both are needed to claim a complete testing
environment for firewalls, our focus is on the first problem, i.e., given a firewall/policy, how to ensure that the
firewall implements this policy configuration correctly.
II. FIREWALL DESIGN PRINCIPLES:
Information systems in corporations, government agencies and other organizations have undergone a steady
evolution:
1.Centralized data processing system, with a central mainframe supporting a number of directly connected
terminals.
2.Local area networks (LANs) interconnecting PCs and terminals to each other and the mainframe.
3.Premises network, consisting of a number of LANs, interconnecting PCs, servers and perhaps a mainframe or
two.
4.Enterprise-wide network, consisting of multiple, geographically distributed premises networks interconnected
by a private wide area network (WAN).
5.Internet connectivity, in which the various premises networks all hook into the Internet and may or may not
also be connected by a private WAN.
Internet connectivity is no longer optional for organizations. The information and services available are
essential to the organization. Moreover, individual users within the organization want and need Internet access,
and if this is not provided via their LAN, they will use dial-up capability from their PC to an Internet service
provider (ISP). However, while Internet access provides benefits to the organization, it enables the outside
world to reach and interact with local network assets. This creates a threat to the organization. While it is
possible to equip each workstation and server on the premises network with strong security features, such as
intrusion protection, this is not a practical approach. Consider a network with hundreds or even thousands of
systems, running a mix of various versions of UNIX, plus Windows. When a security flaw is discovered, each
potentially affected system must be upgraded to fix that flaw. The alternative, increasingly accepted, is the
firewall. The firewall is inserted between the premises network and the Internet to establish a controlled link and
to erect an outer security wall or perimeter. The aim of this perimeter is to protect the premises network from
Internet-based attacks and to provide a single choke point where security and audit can be imposed. The firewall
may be a single computer system or a set of two or more systems that cooperate to perform the firewall function.
In this section, we look at the general characteristics of firewalls.
2.1.Firewall Characteristics:- The following design goals for a firewall:
1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by
physically blocking all access to the local network except via the firewall.
2. Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of
firewalls are used, which implement various types of security policies.
3. The firewall itself is immune to penetration. This implies that use of a trusted system with a secure operating
system. Generally there are four techniques that firewalls use to control access and enforce the site's security
policy. Originally, firewalls focused primarily on service control, but they have since evolved to provide all
four:
2.1.1.Service control: Determines the types of Internet services that can be accessed, inbound or outbound. The
firewall may filter traffic on the basis of IP address and TCP port number; may provide proxy software that
receives and interprets each service request before passing it on; or may host the server software itself, such as a
Web or mail service.
2.1.2.Direction control: Determines the direction in which particular service requests may be initiated and
allowed to flow through the firewall.
2.1.3.User control: Controls access to a service according to which user is attempting to access it. This feature
is typically applied to users inside the firewall perimeter (local users). It may also be applied to incoming traffic
from external users; the latter requires some form of secure authentication technology.
2.1.4.Behavior control: Controls how particular services are used. For example, the firewall may filter email to
eliminate spam, or it may enable external access to only a portion of the information on a local Web server.
114
4. Analysis of Firewall Policy Rules a Comparative Study
2.2.The following capabilities are within the scope of a firewall:
1. A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits
potentially vulnerable services from entering or leaving the network, and provides protection from various kinds
of IP spoofing and routing attacks. The use of a single choke point simplifies security management because
security capabilities are consolidated on a single system or set of systems.
2. A firewall provides a location for monitoring security-related events. Audits and alarms can be
implemented on the firewall system.
3. A firewall is a convenient platform for several Internet functions that are not security related. These include a
network address translator, which maps local addresses to Internet addresses, and a network management
function that audits or logs Internet usage.
4. A firewall can serve as the platform for IPSec. Using the tunnel mode capability, the firewall can be used to
implement virtual private networks.
2.3.Firewalls have their limitations, including the following:
1. The firewall cannot protect against attacks that bypass the firewall. Internal systems may have dial-out
Capability to connect to an ISP. An internal LAN may support a modem pool that provides dial-in capability for
traveling employees and telecommuters.
2. The firewall does not protect against internal threats, such as a disgruntled employee or an employee who
unwittingly cooperates with an external attacker.
3. The firewall cannot protect against the transfer of virus-infected programs or files. Because of the variety of
operating systems and applications supported inside the perimeter, it would be impractical and perhaps
impossible for the firewall to scan all incoming files, e-mail, and messages for viruses.
III. DESIGNING OF FIREWALL
3.1 Processing Model:- Packet filtering is a core functionality of network firewalls. The main idea is that the
firewall resides on a network Node (Host or Router) and inspects all network traffic. Inspection is performed in
accordance to network security policy. Based on this policy, the firewall makes a decision regarding what action
to perform on a given packet. The most commonly performed actions are:
Accept the packet is permitted to pass through
Deny/Drop the packet is silently dropped
3.2 Policy:- The firewall’s behavior is controlled by the “Policy”. Policy consists of “Rules. Each rule consist of
condition and action. Condition describes the criteria used to match individual packets. Action describes the
activity to be performed if matches have been made. Basic conditions consist of tests, matching individual
fields of the packet such as source address, destination address, packet type, etc. In the case of stateful
inspection, connection-related variables like connection state could be checked. Finally, various system state
variables like current time of day, CPU load, or system-wide configuration parameters could be taken into
account. The condition could be viewed as a predicate. Usually, for a packet to match a condition, all tests must
be satisfied (logical conjunction).The sequence of rules processing differs significantly between various firewall
implementations. There are two common matching strategies: “single trigger” processing means that an action
of the first matching rule will be performed. “multi-trigger” processing means that all rules will be matched and
an action from the last matching rule will be performed. Some firewalls like ipfilter support “multi-trigger”
policy by default, but allow individual rules to specify quick option which signifies that no further processing
should be done on matched packet. Some firewall like iptables have even more complex processing logic, which
allows for branching by organizing rules in into chains and providing special actions to redirect control from one
chain to another.
IV. FORMAL MODELS
One direction of research is the definition of special high-level languages (sometimes graphical) to
describe firewall policy. In such languages, the policy representation is translated to the native policy
description language of an actual firewall platform. Examples are: Firewall Builder, HLFL, FLIP, Firmato,
INSPECT, ,XACML. Some of these languages allow user to describe the policy of a single firewall, while
others allow user to define an organization security policy which is translated to policy files for multiple
firewalls. The research in this area is fragmented. A single, generally accepted mathematical model describing
firewall policies is yet to emerge. Below we highlight some of the work in this area: Ehab S. Al-Shaer and
Hazem H. Hamed ,use fixed rule structure, they call “5-tuple filter”: order, protocol, src ip, src port, dst ip, dst
port, action In order to formally model firewall policy, these researchers start by defining the relationship
between rules in the policy.
Then they define the following relations between two rules: “completely disjoined”, “exactly matched”,
“inclusively matched”, “partially disjoing”, “correlated”. Next Al-Shaer and Hamed proved that these
115
5. Analysis of Firewall Policy Rules a Comparative Study
relationships are distinct and that their union represents the universal set of relations between any two k-tuple
filters in a firewall policy. The policy is represented as a single-rooted tree, where each node represents a field
of a filtering rule and each branch at this node represents a possible value of the associated tree.
Fig 3: Example of policy representation as a tree string
4. Simulation Process:- This firewall is packet filtering system based on policies working at windows. This
policy database is stored Ms_Access is configurable with JAVA as a language tool. This task is carried out by a
simple JDBC-ODBC driver that delivers policies from ms_access to user space depending on configured
policies, the firewall will either drop or allow the packet into the network. Different policies are to be configured
for incoming and outgoing packets arriving on different interfaces, taking into consideration the arrival time of
the packets , the source and destination IP address, source and destination ports and protocol. Also considering
sub_nettting, overcoming the internal spoof attacks and NAT(Network Address Translation) taking us a step
further in making our firewall run more efficiently. This project developed with Java language in win 2000
environment to run over multi home host. The steps involved in creating a firewall policy are as follows:
1.Identification of network applications deemed necessary 2. identification of vulnerabilities associated with
applications 3.Cost-benefits analysis of methods for securing the applications 4. Creation of applications traffic
matrix showing protection method, and implementing a firewall rule set 5. Creation of firewall rule set based on
applications traffic matrix.
4.1. Main Objectives: The main objectives are A. To sniff the packets B. To accept or reject the packet
based on specific policies defined over a. source IP Address b. Destination IP Address c. Protocol d.
Source Port e. Destination Port C. To develop a stateless packet filtering system with additional
capabilities such as overcoming internal spoofing
4.2. Assumptions & Constraints: The firewall we designed for a single host
computer will function the same when placed in a router, which is connected to an external network.1. This
firewall requires windows Platform. 2. We are capturing the packets at IP Layer only
V. SAMPLE SCREENS
Fig5.1:This screen shows a pop up menu that to view the restricted web sites through this firewall.
116
6. Analysis of Firewall Policy Rules a Comparative Study
Fig5.2:This screen shows the restricted web sites through this firewall.
Fig5.3:This screen shows a pop up menu that to allow add/delete new policy to this firewall.
Fig5.4:This screen shows one of the two operations that can be performed on the list of Restricted Sites as
accept.
VI. TESTING THE PROJECT
The complete framework of firewall testing should contain two components: (1) generating test packets
that test the firewall given a certain policy, and (2) generating various policies scenarios to test the firewall
handling of different policy styles/configuration. Although both are needed to claim a complete testing
environment for firewalls, the researcher in this study focuses on the first problem, i.e., given a firewall/policy,
how to ensure that the firewall implements this policy configuration correctly. Testing the firewall by
exhaustively injecting all possible packets into the firewall will be enough. However, this is infeasible due to the
huge number of packets needed. Even if we try to restrict the test traffic to the range of relevant.
Evaluation of different factors affecting the improvement in the firewall test accuracy relative to random-
sampling test.
117
7. Analysis of Firewall Policy Rules a Comparative Study
Relative impovement in test
350
300
250 Series3
accuacy
200
Series2
150
100 Series1
50
0
1 2 3 4 5 6 7 8 9 10
Average sement fault
probability
VII. CONCLUSION
The project “firewall implementation ” facilitates the working of internet access in the most efficient
and restricted way. All the requirements were considered while developing this application. The project is
complete in the sense it meets all the requirements of the establishment Grievance Cell. Even then there is
always a scope for improvement. Keeping in view the user-friendly approach required for the package, certain
standards of the corporation are followed. The project “Firewall Implementation”, facilitates the better
restrictions which can be imposed by the administrator, in a user-friendly manner. Our policy structure
concentrates mainly on the basic five tuples.
REFERENCE
[1]. E. Al-Shaer and H. Hamed. “Firewall Policy Advisor for Anomaly Detection and Rule Editing.”
IEEE/IFIP Integrated Managem
[2]. Alex X. Liu, Member, IEEE, Mohamed G. Gouda, Member, IEEE “Diverse Firewall Design”
[3]. Rongbo Du, Rei Safavi-Naini and Willy “Design and Implementation of A Content Filtering Firewall”
[4]. William Stallings “Cryptography and Network Security Principles and practices” pearson 2 nd edition.
[5]. Asian Journal of Information Technology –Med well Journal online-ISSN1682-3915 –2007.
Biographie: Anantha Krishna V received his M.C.A degree from Sri Venkateswara University and M.Tech.
Degree in Computer Science and Engineering Degree from Osmania University, India. With more than 10 years
of teaching experience in various reputed Engineering Colleges in and around South India, he is now working as
Assistant Professor in the Department of Computer Science & Engineering at Aalim Muhammed Salegh
College of Engineering, Chennai. He is a life member of Indian Society of Technical Education (ISTE) and
Student member of Institute of Electrical and Electronic Engineers.
He has presented many technical papers in International Conference and published papers in reputed
International Journal. He has participated and coordinated several Faculty Development Programmes,
workshop, seminars and conference.
His other areas of interests are Network security, Mobile Computing, Ad hoc networks, Wireless
sensor Networks, Distributed systems and Multicast Distribution. And his career plan is to continue the research
in the wireless networking area.
118