Packet Filtering Is a Network Security Mechanism That Works by Controlling What Data Can

Packet Filtering Is a Network Security Mechanism That Works by Controlling What Data Can

CHAPTER 1

INTRODUCTION

  1. 1 Overview

Packet filtering is a network security mechanism that works by controlling what data can flow to and from a network. We provide a very brief introduction to high-level IP networking concepts (a necessity for understanding packet filtering).

To transfer information across a network, the information has to be broken up into small pieces, each of which is sent separately. Breaking the information into pieces allows many systems to share the network, each sending pieces in turn. In IP networking, those small pieces of data are called packets. All data transfer across IP networks happens in the form of packets.

A router has to make a routing decision about each packet it receives; it has to decide how to send that packet on towards its ultimate destination. In general, a packet carries no information to help the router in this decision, other than the IP address of the packet's ultimate destination. The packet tells the router where it wants to go, but not how to get there. Routers communicate with each other using "routing protocols" such as the Routing Information Protocol (RIP) and Open Shortest Path First (OSPF) to build routing tables in memory to determine how to get the packets to their destinations. When routing a packet, a router compares the packet's destination address to entries in the routing table and sends the packet onward as directed by the routing table. Often, there won't be a specific route for a particular destination, and the router will use a "default route;" generally, such a route directs the packet towards smarter or better-connected routers. (The default routes at most sites point towards the Internet.)

In determining how to forward a packet towards its destination, a normal router looks only at a normal packet's destination address and asks only "How can I forward this packet?" A packet filtering router also considers the question "Should I forward this packet?" The packet filtering router answers that question according to the security policy programmed into the router via the packet filtering rules.

1. 2 Objective of the project

  • Project is concerned with analyzing all packets across LAN
  • Here filtering of packets is carried out by means of filtering rules
  • In first rule filtering is carried out by means of IP address.
  • In second rule filtering is by means of size of the packet.
  • In third rule filtering is carried out by means of data inside the packet.

1. 3 Existing system

  • Current filtering tools are not perfect

Despite the widespread availability of packet filtering in various hardware and software packages, packet filtering is still not a perfect tool. The packet filtering capabilities of many of these products share, to a greater or lesser degree, common limitations:

  • Some protocols are not well suited to packet filtering

Even with perfect packet filtering implementations, you will find that some protocols just aren't well suited to security via packet filtering, for reasons we'll discuss later in this book. Such protocols include the Berkeley "r" commands (rcp, rlogin, rdist, rsh, etc.) and RPC-based protocols such as NFS and NIS/YP.

  • Some policies can't readily be enforced by normal packet filtering routers

The information that a packet filtering router has available to it doesn't allow you to specify some rules you might like to have. For example, packets say what host they come from, but generally not what user. Therefore, you can't enforce restrictions on particular users. Similarly, packets say what port they're going to, but not what application; when you enforce restrictions on higher-level protocols, you do it by port number, hoping that nothing else is running on the port assigned to that protocol. Malicious insiders can easily subvert this kind of control.

  • Filters are based on the contents of the individual packets.
  • Filter tools are OS specific (i.e.) platform dependent.

1.3.1 Limitation of existing system

  • Filters are based on the contents of the individual packets
  • Filter tools are OS specific(i.e) platform dependent
  • User needs detailed knowledge & time consuming
  • Do not provide follow up for updating the rules.

1.4 Proposed system

The proposed system is supposed to reduce the cost of expenses. It is to be developed into a user-friendly environment & more understandable output is to be produced. In the proposed system the simple filters are to be combine to form very complex filters, so that more security measures are taken to safeguard our data. The user may dynamically select the rules as per their choice and manually configure the rules specification. The proposed system is platform independent and can be run in a system irrespective of the operating system or hardware configurations, cause we are using Java to develop the system.

1.4.1 Advantages of proposed system

  • Reduced Cost.
  • User-friendly environment & understandable output.
  • Simple filters combined to form complex filters.
  • The user can select rules or their combination.
  • Platform Independent.

1.5 Organization of the thesis

The report of the software project is framed chapter-wise. The development of the software product comprising of various phases is reflected in the chapters given below. These chapters portray the detailed information of each of the development activities of the software project. The whole report gives a brief explanation about the various stages of the software development life cycle. Any phase of software development can be verified in the given report as it is framed in an orderly fashion in chapter-wise format. The outlay of the report is summarized as follows:

Chapter 1: Introduction

This chapter gives the basic information of the software product taken for development consideration and the information of the organization that needs for the implementation of the finished software product. The system overview and the information about the software organization have been included in this section.

Chapter 2: Development Process and Solution Approach

This chapter deals with the project requirements of the software. The Hardware and software requirements, functional and nonfunctional requirements are analyzed here.

Chapter 3 : Core Of Project

This chapter deals with the core of the project (i.e) detailed about the language description JAVA and also about the important aspects about the filtering.

Chapter 4 : Result Analysis

This chapter deal about flow chart that means of Diagrammatic Representation of server operation and client server connectivity.

Chapter 5 : Source code

This chapter deals with the action part (i.e) codings. It gives the action to the project.

Chapter 6 : Testing

This chapter deals with the different kinds of testing that our project involves.

Chapter 7 : Snap shots

This chapter deals with the input and output screens involve in the project.

Chapter 8 : Conclusion

It concludes the project and gives some suggestion for its future enhancements.

CHAPTER 2

2. DEVELOPMENT PROCESS AND DESIGN

This chapter deals with software development life cycle and development strategies that can be adopted for the application system.

2.1 Requirement Analysis and Specification

This involves analyzing the system requirements for creating the application and the specification should be feasible for implementing the application.

2.1.1 Hardware Specification

Processor: Pentium

RAM: 64MB

Speed: 166 MHz

Resolution: 640 x 480 pixels

Hard Disk: 2 GB

Operating System: Platform independent

2.1.2 Software Specification

Front-End: JAVA

Design: Swings

Back-end: MS-ACCESS

2.1.3 Specific Requirements

This section describes about both the functional and nonfunctional requirements of the system. The functional requirements section defines the system’s requirement specifications from functionalities point of view. The non-functional requirements section defines performance requirements, design constraints, etc, which are dealt in detail in corresponding sub-sections.

2.1.3.1 Functional requirements

Functional requirements of the system encompasses the following set of operations

  • Provides a better, faster service for the users.
  • To view Network information.
  • To be more user friendly.

2.1.3.2 Non-functional requirements

  1. Performance Requirements

Speed:

This is one of the most important factors, the system should respond in the minimal response time to facilitate the user.

Storage:

The system should work at minimum storage space.

  1. Attributes

1. Efficiency:

To make efficiency high, the size of computing code should be less and the resources required by the program to perform its functions should be low.

2. Ease of installation:

To achieve ease of installation, the effort required for

installing the system should be minimal.

3. Maintainability:

If the effort required for locating and fixing an error in a

program is less, maintainability is said to be easy.

4. Reliability:

If the program performs its intended function with required

precision it is said to have high reliability.

2.3 Module Details

This project consists of the following modules:

1.Analysing Module.

2.Filter Implementation Module.

3.Report Generation Module.

Analysing Module:

This module is used to monitor the data across the

network.This module analyses all incoming packets and

produces a report.It gives the following details about the

incoming packet:

Packet size

Protocol

Packet type

Source and destination IP

IP check sum

Source and destination port.

Filter Implementation Module:

After the packets are analysed specific filtering rules can be applied

to filter the incoming packets.Filtering can be based on the rules namely,

Port Number

IP Address

Packet Size

Protocol Type

Report Generation module:

This module generates the report about the receved and discarded packets and the reson for their transaction.This module helps to trace the entire function of the project.

2.4 Testing

The project considered for development is tested for error-free performance and is subjected to implementation by the concern. Once the system has been efficiently developed and tested, it needs to be implemented. Testing is the process of executing a program with the aim of detecting errors. It is done manually or by automation using any tool. Testing is considered as a destructive process that separates itself from other stages of the system development.

The key objective of the testing process is to find errors in the program developed for implementation in the organization. Therefore testing has to be done on the program developed in order to locate error in coding and logic that are contained within the program.

The various types of testing measures to be taken are:

  • Test to see if system requirement specification is taken care of.
  • Test to see the proper handling of the user inputs.
  • Test the robustness of the system.
  • Check for errors and validations of the inputs.

All the tests were done based on the sequence of modules. Each module is tested uniquely to detect the error in the particular module and in turn rectify it thus result in proper functioning of the application.

2.4.1 System Testing

Similar to the development of the project, testing also plays a major role in the process of developing a software project. Moreover, this system testing part is considered as the lengthiest process of the project. Rather developing and coding the testing procedure is much more risky too. In this project module, substantial flow of properinformation and collectionof programs have been done. This includes the following various types of working testing procedures.

2.4.2 Unit Testing

Each of the modules in the project is considered as a separate unit and that particular unit is tested individually. In packet sensing each sensing each information from the user agent string given related to number of packets transferred are checked repeatedly.

2.4.3 Integration Testing

With results of the unit testing procedure the integration part of testing begins. This integration unit is much more complex than the previous one which gives complete data flow of the system. Apart from it, this is a lengthy process of a system development. This integration process begins with integrating one module at a time, to make it really work correctly. Hence any data loss in between the system fails with a warning error message.

2.5 Maintainanace

Maintenance is a set of software engineering activities that occur after software has been delivered to the customer. The maintenance phase forces changes that is associated error correction and adoptions required as the software environment evolves and changes due to enhancements broughtout by changing customer requirements. The maintenance phases reapply the steps of the definition and development phase but do so in the context of existing software. When the customer identifies any fault inthe system changes could be easily made as there would be very less chance for the customer to face any problem with the application.

The application is developed in windows98 platform and the application would work without any error in the windows98 platform. But when the same application is to be used in some other environment of windows family then suitable changes has to be made to the software to accommodate itself to current environment on which it is been implemented.

Since this is an ongoing project in our organization and there are lot of advanced modules to be completed before implementation. Hence, the implementation cycle is forbidden from the report produce. This particular implementation issues undergo a lots of changes in the system

CHAPTER 3

3.CORE OF PROJECT

3.1 ABOUT JAVA

3.1.1 INTRODUCTION TO JAVA

Java is a simple, object-oriented, distributed, interpreted, robust, secure, architectural-neutral, portable, high-performance, multithreaded and dynamic language.

3.1.1.1 Simple

Java is simpler to learn for programmers if they think in terms of objects and methods. Java has eliminated the complexities present in C++. Java supports garbage collection to further simply the language as it takes the burden of the memory management off the programmer. Java does not use header files and it eliminates the C processor. Constructs like struct and unionhave been removed. Java also the operator overloading and multiple inheritance features of other object oriented languages. Perhaps the most important simplification, however is that java does not use pointers. Java automatically handles the referencing and de-referencing of objects for you. Thus it frees us from having to worry about dangling pointers, invalid pointer references and memory leaks.

3.1.1.2 Object-Oriented:

Java is an object-oriented language. It mainly focuses on the data in the application and methods that manipulate the data, rather than thinking strictly in terms of procedures. Java comes with an extensive set of classes, arranged, that you can use in your programs.

3.1.1.3 Distributed:

Java was built with network communication in mind. It had a comprehensive library of routines for dealing with network protocols such as TCP/IP, HTTP, and FTP. Hence it is easy to read a remote file or resources, as it is to read a local file. Java applications are open and can be accessed across the Internet.

3.1.1.4 Interpreted:

Java is an interpreted language. The Java compiler generates byte-code for the JVM (Java Virtual Machine). This Java byte-code is platform independent and the programs can be run on any platform the JVM has been ported to.

3.1.1.5 Robust:

Java has been designed for writing reliable or robust software. It is a strongly typed language, which allows for extensive compile time checking for potential type mismatch problems. The lack of pointers and pointer arithmetic features increases the robustness of Java programs by abolishing the pointer related bugs. Exception handling is another feature in Java that makes for more robust programs.

3.1.1.6 Secure:

Security is a critical part of the Java environment. Java allows us to create virus-free programs and prevent malicious code security, which can be achieved by a digital signature to Java code. The origin of the code can be established in a cryptographically secure and unforgettable way.

3.1.1.7 Architectural-Neutral and Portable:

Because Java programs are compiled to an architecture neutral byte code format, a Java application can run on any system, as long as that system implements the JVM. Java’s primitive data types are consistent from system to system. The class libraries include portable interfaces for each platform on which the runtime environment is available.

3.1.1.8 High-Performance:

Java performance is impressive for an interpreted language, mostly because of the development of “Just in Time” compilers that can translate java byte-codes into machine code for a particular CPU at run time. The performance of Java’s interpreted byte codes is much better than the high-level scripting languages.

3.1.1.9 Multithreaded:

Java is a multithreaded language. It provides for multiple threads of execution that can handle different tasks. An important benefit of multithreading is that it improves the interactive performance of graphical application for the user.

3.1.1.10 Exception and Exception Handling:

Exception handling is a significant feature of Java. An exception is a signal that indicates some sort of exceptional condition has occurred. To throw an exception, is to signal an exceptional condition. To catch an exception is to take whatever actions are necessary to recover from it.

Exception propagated through the lexical block structure of a Java method and then up the method call stack. If the exception is not caught by the block of code, then it propagates to the next higher enclosing blockof data. If it is not caught there, it propagates up again. If an exception is never caught, it propagates all the way to the main() method from which the program started. An exception in Java is an object that is an instance of some sub class of java.lang.Throwable. Throwable has two standard sub classes: java.lang.Error and java.lang.Exception. Exceptions are objects and the contain data and define methods.

The try/catch/finallystatements are in Java’s exception handling mechanism. tryestablishes a block of code that is to have its exceptions and abnormal exists handled. The tryblock is followed by one or more catch clauses that catch and handle specified types of exceptions. The catch clauses are optionally followed by a finallyblock that contains “clean-up” code. The statements of finallyclause are guaranteed to be executed regardless of how the code in the tryblock exists.

Top View