Project Guide: Dr. Brig. S.P.

Ghrera

Team Members: Ankita Aggarwal 101297 Vijit Singhal 101302 Pranjali Jaggi 101284 Ampin Gupta 101337

Table of Contents
Objective

Problem Statement
Introduction Project Plan Model Used Work Plan Input\Output Implementation Source Code and Output References

Objective
Semester 7: Part-1(Packet Filtering Fire Wall) Learning to filter packets. Creating a packet filter firewall. Write packet filtering rules. Testing and debugging.

Problem Statement
To control the incoming and outgoing network traffic

by analyzing the data packets and be able to determine whether it should be allowed through or not, based on a predetermined rule set.

What is Packet Filtering??

Packet filtering is a network security mechanism that

works by controlling what data can flow to and from a network. The data that flows is in the form of packets.
Packet filtering firewall allows only those packets to

pass, which are allowed as per your firewall policy. Each packet passing through is inspected and then the firewall decides to pass it or not. The packet filtering can be divided into two parts: I. Stateless packet filtering. II. Statefull packet filtering.

Functions of a Packet Filtering Firewall

Control: Allow only those packets that you are

interested in to pass through.

Security: Reject packets from malicious outsiders Watchfulness: Log packets to/from outside world

Advantages of Packet Filtering

Because not a lot of data is analyzed or logged, they use very little CPU resources and create less latency in a network. They tend to be more transparent in that the rules are configured by the network administrator for the whole network so

the individual user doesnt have to face the rather complicated task of firewall rule sets.
It is cost effective to simply configure routers that are already a part of the network to do additional duty as firewalls.

Disadvantages of Packet Filtering

Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not support complex rule based models.

Different types of filtering mechanisms

Model used
Incremental Model

Work Plan
Literarture Review
Packet Filtering Firewall Circuit and Application level Gateway

Implementation

Implementing Rules

Build Packet Circuit and Filter Firewall Application level Gateway Implementation

Stateful Multilaye Inspection Firewal

July 2013

Aug

Sept Oct Nov Dec Jan 2014

Feb Mar Apr May

Completed Remaining

Input/output
Input:
Packets coming from network

Output:
List of blocked packets and their IP addresses and their port numbers.

Implementation Aspects
Hardware requirements: Packet filters require few hardware resources. It works efficiently on: Processor : 1 GHz RAM : 512 Mb OS : Windows

Software versions used: Microsoft Visual C++ 2006 edition.

How packet filtering works

How packet filtering rules are specified:
The rules are specified as a table of conditions and actions that are applied in a certain order until a decision to route or drop the packet is reached.

Use Case Diagram:

Filter Hook Driver:

A filter hook driver is a kernel-mode driver that is used to filter

network packets. Filter- hook drivers extend the functionality of the system- supplied Internet Protocol(IP) filter driver.
In the Filter-hook driver, we implement a callback function and

the we register this callback with the IP Filter Driver. After the filter- hook driver is registered, the IP filter driver assigns the file object for the filter hook- driver.

 Implementation of Filter- hook driver:

1. Create a Filter- Hook Driver, For this, must create a Kernel 2. 3.

4.
5.

Mode Driver. Get a pointer to IP Filter Driver. Send a specific IRP. The data passed in this message includes a pointer to the filter function. Filter packets. Once filtering is finished, we must de-register the filter function.

 Working of filter:
Working of the filter is implemented by an important function named as PF_FORWARD_ACTION cbFilterFunction. This function contains several parameters: Packet header Packet Length Packet Interface Index RecvLinkNextHop The callback function PF_FORWARD_ACTION is called for each packet received or sent, accordingly it performs one of the three functions: PF_FORWARD PF_PASS PF_DROP

Working of firewall is based on the following steps:

Extract the packet header Check the protocol associated Compare with the rules Check the source and destination add. If protocol is same Check out the port if protocol is TCP Drop or pass the packet

Output
A file containing all defined rules is saved created

using ADD RULE function and a list of specified rules can be seen by using the VIEW REGISTERED RULES.
Using the PORT SCANNER function, all open ports

associated with an IP address can be identified.

Future Work
Semester 8:Part-2 (Circuit and Application Level Gateway Firewall) Creating circuit level gateway filtering firewall. Creating application level gateway filtering firewall. Integration. Test run. Real-time evaluation of Stateful Multilayer Inspection Firewall

References
[1]V.K. Solanki, K.P. Singh, M. Venkatesan, S. Raghuwanshi, , "Firewalls Policies Enhancement Strategies Towards Securing Network", Dept. of CSE, Anna Univ., Chennai, India , in Proceedings of 2013 IEEE Conference on Information and Communication Technologies (ICT 2013), 11-12 April 2013. [2] Tugkan Tuglular, Fevzi Belli, "Protocol-Based Testing of Firewalls", Department of

Computer Science, Dept. of Comput. Eng., Izmir Inst. of Technol., Izmir, Turkey , 2009 Fourth South-East European Workshop on Formal Methods.

[3] Khaled Salah, Khalid Elbadawi, Member, Raouf Boutaba, "Performance Modeling and Analysis of Network Firewalls", Khalifa Univ. of Sci., Sharjah, United Arab Emirates, IEEE transactions on network and service management, vol. 9, no. 1, march 2012 [4] Alex X Lieu, "Change-Impact Analysis of firewall policies", ESORICS 2007, LNCA 4734,pp 155-170, Springer-Verlag Berlin Heidlberg 2007.

 [5] Ian Mothersole and Martin J. Reed, " Optimising Rule Order for a Packet

Filtering Firewall", University of Essex, Wivenhoe Park, Colchester, Essex, CO4 3SQ, United Kingdom, Network and Information Systems Security (SAR-SSI), 2011 Conference 18-21 May 2011
[6] Dmifty Rovniagin, Avishai Wool, " The Geometric Efficient Matching

Algorithm For Firewalls", School of Electrical Engineering, Tel Aviv University, Ramat Aviv 69978, Israel, Dependable and Secure Computing, IEEE Transactions on (Volume:8 , Issue: 1 ) Jan.-Feb. 2011
[7] Cryptography and Network Security : Principles and Practice by William

Stallings
[8] Computer Networks by Andrew S. Tanenbaum

Thank you!!