International Journal of Advanced Research in Engineering and Technology (IJARET) Volume 12, Issue 4, April 2021, pp. 484-491, Article ID: IJARET_12_04_046 Available online at https://iaeme.com/Home/issue/IJARET?Volume=12&Issue=4 ISSN Print: 0976-6480 and ISSN Online: 0976-6499 DOI: 10.34218/IJARET.12.4.2021.046
© IAEME Publication Scopus Indexed
DISTRIBUTED FIREWALL WITH DYNAMIC INTRUSION DETECTION MODULE
Dr. Zalte S.S. Department of Computer Science, Shivaji University, Kolhapur, India
Patil P.N Department of Computer Science, Vishwakarma College of Arts, Commerce and Science, Pune, India
Deshmukh S.N. Department of Computer Science, Vishwakarma College of Arts, Commerce and Science, Pune, India
ABSTRACT Computers and Internet, both are becoming an essential part of life. With computer networks we are sharing resources, exchanging information, and number of personal transactions which must be secured from unauthorized access, with Network Security we can prevent and detect unauthorized access. So, we can maintain integrity, confidentiality and accessibility of computer networks. One way to achieve Network Security is FIREWALL. A firewall is a system which monitors and filters traffic and gives entry/ blocks data packets based on a set of security rules. Distributed firewall is introduced to eliminate the problems which are difficult to solved in conventional firewalls. Distributed firewall is not restricted by topology and entry point as conventional firewall. Distributed firewall secure critical network endpoints, it provides unlimited Scalability and overcomes single point of failure problems. In this paper, we have proposed Distributed Firewall with Dynamic Intrusion Detection Module to achieve elevated security to the network. Key words: Network Security, Distributed Firewall, computer networks, Policy, Threats, Intrusion Detection. Cite this Article: Zalte S.S, Patil P.N and Deshmukh S.N, Distributed Firewall with Dynamic Intrusion Detection Module, International Journal of Advanced Research in Engineering and Technology, 12(4), 2021, pp. 484-491. https://iaeme.com/Home/issue/IJARET?Volume=12&Issue=4
https://iaeme.com/Home/journal/IJARET 484 [email protected] Distributed Firewall with Dynamic Intrusion Detection Module
1. INTRODUCTION In a pandemic situation, the internet network has become an essential part of our life. Every second, the number of personal transactions occurs with the use of the Internet. Rather than processing, computer networks are mostly used only for transmission of information and data. To prevent hacking of confidential data or unauthorized access or virus attack, network security is vital. With a firewall we can accomplish network security. A firewall is a hardware device or set of instructions between two networks that filters the traffic and allows or denies access to the sensitive data transmission through the network following some security rules. Firewall prevents access to unauthorized users and provides protection from outside cyber attackers by defending computers or networks from malware or unnecessary network traffic. A firewall creates a barrier between an untrusted network and a trusted network.
2. CONVENTIONAL FIREWALL A firewall is a mechanism that supervises and filters in and outgoing network traffic based on predetermined security rules [1]. There are some policies and codes to protect data from outside networks. Data may be hacked within the organization. Most destructive attacks can occur inside the network due to no restriction in the internal network. Some drawbacks of conventional firewall as follows: • Convectional firewall heavily depends on network topology [2]. • In conventional firewalls there may be risk of internal network attack. • Not all protocols are handled in conventional firewalls. • There is a single-entry point and failure of this leads to problems. • Log record is not maintained for all network activities. • Cannot enforce Password policy and its prevention from misuse.
Figure 1
3. DISTRIBUTED FIREWALL DESIGN Distributed firewalls are host-resident security domain software applications that protect the enterprise network’s servers and end-user machines against unwanted Intrusion and secure the network by protecting serious points, exactly where hackers want to enter [3]. They are like private firewalls excluding they offer several important advantages like central management, logging, and in some cases, access-control granularity. These topographies are necessary to implement corporate security policies in larger enterprises.
https://iaeme.com/Home/journal/IJARET 485 [email protected] Zalte S.S, Patil P.N and Deshmukh S.N
Distributed firewalls solved the single point-of failure problem presented by the firewall. A feature of distributed firewalls is centralized management. To give consistent security policies helps and maximizes limited resources it gives the ability to populate Servers and end-users’ machines to configure. Distributed firewalls help in two ways. Remote end-user machines can be secured. Secondly, they secure critical network endpoints where hackers want to enter. Preventing intrusion by malicious code and detaining other such code by not letting the protected server be used as a launch pad for expanded attacks. Distributed firewall allows implementation of security policy without restricting topology in and outside point of view.
4. COMPONENTS OF DISTRIBUTED FIREWALL Policy Language: The policy language is the set of rules used to create policies for each of the firewalls., which direct the firewall in how to evaluate the network traffic. security policy language describes what connections are permitted or prohibited. After policy is getting compiled it is shipped to the end points. Policy Distribution: The system management tools are used to allocate the policy to the firewalls and to collect logging and reporting information. The policy distribution mechanism should guarantee the integrity of the policy during transfer [4]. This policy is checked before processing the incoming or outgoing messages. The distribution of the policy can be different and differs with the implementation. It can be either directly pushed to the internet host, or pulled when necessary, or it may even be provided credentials to the users when they try to communicate with the hosts. Policies are distributed according to one of the following distribution schemes: • Policies as well as authorizations can be pushed to every single end point in the policy domain. • Policies and authorizations can be pulled from a trusted repository during initialization. • Policies are pulled during initialization of the policy verifier whereas authorizations for authentication mechanisms remain on a trusted repository and are requested whenever communication traffic is reaching a node from a yet unknown host.
Certificate For identification of a particular host there may be the chance of using an IP address, distributed firewalls mechanism of security is more important [2]. It is preferred to use certificates to identify hosts. IPsec provides cryptographic certificates. To secure network traffic and the transmission of policies. Source can then be uniquely verified by their certificate. It is about analyzing and constructing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data privacy, data integrity, authentication and non-repudiation. Unlike IP addresses, which can be easily spoofed, the digital certificate is much more secure and the authentication of the certificate is not easily forged. Policies are distributed by means of these certificates. In implementation of distributed firewall technology, policy languages are translated into some internal format by a compiler. This policy file is distributed to all the protected hosts by the system management software. A mechanism applies the security policy to incoming packets or connections and the incoming packet accepted or rejected by each host according to policy and the cryptographically verified identity of each sender (Ioannidis). Different variations may exist in implementation of distributed firewall technology. These variations are called a hybrid firewall, which is a combination of traditional firewall and distributed firewall.
https://iaeme.com/Home/journal/IJARET 486 [email protected] Distributed Firewall with Dynamic Intrusion Detection Module
5. POLICIES The security policies transmitted from the central management server have to be applied by the user-end. The end-user part of the Distributed Firewall does give any organizational control for the network administrator to control the implementation of security policies. The end-user allows traffic based on the security rules it has implemented. A “security policy” defines the security guidelines of a system. Without a distinct security policy, there is no way to know what access is permitted or rejected. A simple example for a firewall is: a) It Allow all connections to the web server. Reject all other access. b) The distribution of the policy can be varying with the implementation. It can be either directly sent to end systems, or received when necessary. Pull Technique: Pull Technique While booting up, hosts knock to the central management server to verify whether the central management server is up and live [4]. It registers with the central management server and sends requests for its policies which it should implement. The central management server offers the host with its security policies. For example, a license server or a security authorization server can be asked if a certain communication should be allowed. A conventional firewall could do the same thing, but it lacks significant knowledge about the context of the request. End systems may know things like which files to be involved, and what their security heights might be. Such type of information could be approved over a network protocol, but only by adding complexity. Push Technique: The push technique is working when the policies are updated at the central management side by the network administrator and the hosts have to be updated immediately [4]. This push technology guarantees that the hosts always have the updated policies at any time. The policy language describes which inbound and outbound connections on any component of the network policy domain are permissible, and can affect policy decisions on any layer of the network, being it at refusing or passing certain packets or enforcing policies at the Application Layer [5].
6. DISTRIBUTED FIREWALL ARCHITECTURE While the security policies are organized in a decentralized way their management is not allowing system administrators to set policies from a central host and therefore still fulfil the requirements of efficient system and network administration. The whole distributed firewall system contains of four main parts as shown in Figure-2: 1. The Management Center: The management center is answerable for the management of all endpoints in the network, security policy constitution and distribution, log file receiving from the host and analysis, intrusion detection and certain measure adoption [6]. 2. Policy actuator: Policy actuator is installed in every host or gateway to receive the security policy issued by the management Centre, and to explain and implement the policy [7]. It interprets and runs the security policy program. It is the real program to protect the endpoint host, and it is mainly to realize the function of the conventional firewall. Moreover, it also achieves the functions of communicating with the management control Centre and creating communication link requests for the remote endpoint. 3. Remote endpoint connectors: It is the programs specifically designed for the remote endpoint host, to prove their identity to Maintaining the Integrity of the Specifications [7]. 4. Log server: The log server is in authority for the collection of the various actions occurring in the whole network, such as protocol rule log, user login event logs, user Internet access logs, for audit analysis [8].
https://iaeme.com/Home/journal/IJARET 487 [email protected] Zalte S.S, Patil P.N and Deshmukh S.N
Figure-2 Distributed Firewall Architecture
7. ADVANTAGES OF DISTRIBUTED FIREWALL • The most significant advantage of distributed firewall is that it shields hosts that are not within a topology edge. Network security is no more dependent on network topology. • Problems like performance equation bottleneck and traffic congestion are resolved in distributed firewalls as network security is no longer dependent on a single firewall. • As all the required information is available at the decision point i.e., end host, filtering of protocols like FTP are easy for distributed firewalls [8]. • In distributed firewalls the insiders are not trustable. Dividing the network into parts having different security levels is easier with distributed firewalls. • Security policy rules are established and distributed as on demand. The host needs to communicate with external networks which determines the apt policy. • In distributed firewalls without affecting the network security, end to end decryption is possible.
8. DISADVANTAGES OF DISTRIBUTED FIREWALL 1. Old protocols do not recognize strong cryptography used in a distributed firewall. So distributed firewalls cannot protect legacy applications. 2.Compliance of the security policy for insiders is one of the major complications in the distributed firewalls. This problem especially occurs when each ending host has access to changing security policy. There can be some techniques to make altering policies harder but it is not totally impossible to foil it. 3.In distributed firewalls intrusion detection systems are less effective as complete network traffic is not on the single point.
9. DATA SECURITY THREATS Security of data is of much concern. A network manager accepts data Security provisions and policies to avert and monitor unauthorized access, alterations, perversion, declination of a computer network and network-accessible resources. The main data security threats are:
Denial of Service (DOS) This network data security threat makes use of the simple fact that all servers have only a limited capacity to handle requests. Beyond the capacity of server data security threat brings down the
https://iaeme.com/Home/journal/IJARET 488 [email protected] Distributed Firewall with Dynamic Intrusion Detection Module server [9]. DOS has been used in the ancient to cause downtime of leading e-commerce firms, since it is an easy network security threat to launch [10].
IP Spoofing or IP Masquerading IP masquerading, means being an IP imposter. Using cryptographic mechanisms, the server that is attacking our network server pretends to be someone else and as a result is able to gain illegal access to the server being attacked [11]. This network data security threat is conceivable because of the inherent poor authentication in the IP protocol.
Session Hijacking Gaining the control of a user’s session resulting in a very serious data security crack. For example, a user may be accessing some critical data or making an internet purchase. At that time, a session hijacker takes control of the user session, thereby gaining the access of sensitive session data. The user believe that he has been logged out from the session and he logs back in. Session hijacking is an extremely dangerous network data security threat wherein the attacker could compromise confidential user data such as passwords or even credit card information [12].
Physical access to servers in data centers It is wonderful that we get so involved in protecting against internet-based network data security threats that we do not understand that physical unauthorized access to our data center servers is still the largest threat to internet network and data security. Various centers have network data security protection in the form of fingerprint-based authentication and verification of credentials of all operations personnel visiting the data Centre.
10. INTRUSION DETECTION There are so many firewalls that can able to detect intrusions. If that service is to be provided by a distributed firewall, each distinct host has to notice probes and forward them to some central location for processing and correlation. For protecting network attack, firewall and intrusion detection techniques cooperate with each other. An intrusion detection system is a device containing a programme which supervises a network or systems for malicious action or policy desecrations.
Proposed Intrusion Detection Module Intrusion Detection Module works in three phases. Phase I: Capturing the network traffic from the firewall. Intrusion Detection Module inspects user’s activity and system activity by analyzing content of the packet which is not possible in Conventional firewall modules. Phase II: Policy handler checks filtering rules for protecting the adversary to attack. To detect possible attack, intrusion detection module may add new rules or modify existing rules as shown in Figure-3. Phase III: Once filtering rules get added to the firewall, then it blocks the packet which is matched in the Policy Repository. The rules are presented with this format
https://iaeme.com/Home/journal/IJARET 489 [email protected] Zalte S.S, Patil P.N and Deshmukh S.N
Figure-3 Intrusion Detection Module 11. CONCLUSION Since the Conventional firewalls only determine the packet’s header not the content so that they cannot provide dynamic defense against various attacks. In this paper, enhanced firewalls integrating with the intrusion detection technologies. The system can real-time monitors the data packet and modify the security policies. However, it generates conflicting rules when adding or modifying a rule. Thus, the enhanced system should provide the function to checks and remove firewall anomalies anatomically to achieve good performance. The proposed module may achieve higher data protection to the network. It also protects the end-user of the networks from the inside and outside attacks.
REFERENCES
[1] Hamed, H; Boutaba, R. ; Hasan, M, et al. "Conflict classification and analysis of distributed firewall policies" IEEE Journal on Selected Areas in Communications,23(10):2069-2084, 2005
[2] Sneha Sahare, Mamta Joshi, Manish Gehlot “A Survey paper: Data Security in Local Networks Using Distributed Firewall” ISSN :0975-3397 Vol. 4 No. 09 Sep 2012, 1617
[3] RAJENDRA H. “Roll of Distributed Firewalls in Local Network for Data Security” ISSN: 0974-1011 Vol. 6, No.2, Apr 2013 ISSN: 0974-1011 (Open Access)
[4] Satinder,Vinay “Distributed Firewall: A Way Of Data Security In Local Area Network” ISSN- 2319-8354(E) Vol. No.4, Special Issue (01), April 2015
[5] HiralB.Patel, Ravi S.Patel , Jayesh A.Patel “Approach of Data Security in Local Network using Distributed Firewalls” International Journal of P2P Network Trends and Technology (IJPTT) - Volume 1 Issue 3 November to December 2011
[6] JayshriV.Gaud, MahipM.Bartere “Data Security Based On Lan Using Distributed Firewall” ISSN 2320–088X
[7] Dr.T.Pandikumar, MekonnenGidey “Data Security In Lan Using Distributed Firewall” e-ISSN: 2395 -0056 p-ISSN: 2395-0072 Volume: 04 Issue: 05 | May -2017
[8] R. Maruthaveni, R. Latha “Data Security in Local Networks Using Distributed Firewalls” ISSN: 2319-7064
https://iaeme.com/Home/journal/IJARET 490 [email protected] Distributed Firewall with Dynamic Intrusion Detection Module
[9] Iman Sharafaldin, Arash Habibi Lashkari, Saqib Hakak and Ali A. Ghorbani, “ Developing Realasic Distributed Daniel of Service (DDoS) Attack Dataset And Taxonomy, 978-1-7281- 1576-4/19/$31.00 c 2019 IEEE
[10] Jasmeen Kaur Chahal, Abhinav Bhandari & Sunny Behal, “Distributed Denial of Service Attacks: A Threat or Challenge”, ISSN: 1361-4576 , 30 May 2019
[11] Maderi Lavanya, P.K.Sahoo, “IP spoofing and its Detection Technique”, International Journal of Advance Computing Technique and Applications (IJACTA), ISSN : 2321-4546, Vol 4, Issue 1, June 2016.
[12] Anuj Kumar Baitha, Prof. Smitha Vinod, “Session Hijacking and Prevention Technique”, International Journal of Engineering & Technology, 7 (2.6) (2018) 193-198, March 2018.
https://iaeme.com/Home/journal/IJARET 491 [email protected]