Secured and Controlled Network Traffic with Load Balancing Using IP-Tables
Total Page:16
File Type:pdf, Size:1020Kb
Volume 6, No. 7, September-October 2015 International Journal of Advanced Research in Computer Science REVIEW ARTICLE Available Online at www.ijarcs.info Secured and Controlled Network Traffic with Load Balancing using IP-Tables Talwinder kaur Mohita Garg M.tech(CSE) North west institute of engg.&tech., North west institute of engg. & tech. Dhudike(Moga) Dhudike (Moga) Abstract : There are two IP addresses for a typical home network: one for local devices to connect to across the local area network (LAN), another for the external or wide area network (WAN) Internet connection. A virtual private network (VPN) is a method for the extension of a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus are benefiting from the functionality, security and management policies of the private network. The aim of this method of course is to balance the traffic so as to avoid the congestion. Keywords: Load balancing, IP network, VPN, NAT. (1) INTRODUCTION network and the Internet. Firewall prevents unauthorized use and access to your network. The job of a firewall is to carefully analyze data entering and exiting the network A default IP address is normally set to internal LAN, private based on your configuration. It ignores information that number for example, 192.168.1.1 for their internal IP comes from unsecured, unknown or suspicious locations. A address. No matter the brand of router, its default internal IP firewall plays an important role on any network as it address is listed in the manufacturer's documentation. This provides a protective barrier against most forms of attack IP address can be changed by Administrators during router coming from the outside world. Firewalls can perform a setup or at any time later. These private LAN-IP address variety of other functions, but are chiefly responsible for remains fixed, unless someone manually changes it. The controlling inbound and outbound communications on external WAN-IP address of the router is set when the router anything from a single machine to an entire network. connects to the Internet service provider. This address can also be viewed on the router's administrative console. IP-tables In network security, use of IP Tables is becoming very important. In any campus network, IP-tables can share Alternatively, the WAN-IP address can be found by a Web- private networking to simulate the network traffic isolation. based IP address lookup service—such as In the present study, real implementation of IP-tables is WhatIsMyIPAddress.com—from any computer on the home done to improve the security and controlling the network LAN. Load balancing is an important component in traffic. improving the efficiency of distributed systems because it distributes an even workload over all the processors. [1] It further improves the bandwidth usage for Compute intensive applications and load balance the network traffic Load balancing is a process of reassigning the total load to over multiple internet service providers using virtual private the individual nodes of the collective system to make network (VPN). resource utilization effective and to improve the response Load balancing in the network may results time of the job. Simultaneously removing a condition in 1) Reduced Congestion in the network. which some of the nodes are over loaded while some others 2) Reduced packet loss and packet delay. are idle.[2] Network Load Balancing uses fully distributed 3) Increased overall efficiency of the network. software architecture. An identical copy of the Network Load Balancing driver runs in parallel on each cluster host. (2) SOFTWARE FIREWALLS The drivers arrange for all cluster hosts on a single subnet to concurrently detect incoming traffic for the cluster's primary A software firewall protects computer from outside attempts IP address. [3] to control or gain access computer and prevents unwanted access to the computer over a network connection by Firewalls A firewall is a security device that can be a identifying and preventing communication over risky ports. software program or a dedicated network appliance. The For individual home users, the most popular firewall choice main purpose of a firewall is to separate a secure area from a is a software firewall. Software firewalls are installed on less secure area and to control communications between the computer (like any software) and can customize it; allowing two. It is a protective system that lies between computer some controls over its function and protection © 2015-19, IJARCS All Rights Reserved 102 Talwinder kaur , International Journal of Advanced Research in Computer Science, 6 (7), September–October, 2015,102-104 features. Many software firewalls have user defined controls from potential Internet attacks. There are many different for setting up safe file and printer sharing and to block default configurations for these devices - some allow no unsafe applications from running on your system. communications from the outside and must be configured, Additionally, software firewalls may also incorporate using rules, others (like those available for the home market) privacy controls, web filtering and more. are already configured to block access over risky ports. Rules can be as simple as allowing port 80 traffic to flow Software firewalls, also sometimes called personal firewalls, through the firewall in both directions. are designed to run on a single computer. These are most commonly used on home or small office computers that Firewalls are also used for Network Address Translation have broadband access, which tend to be left on all the time. (NAT). This allows a network to use private IP addresses that are not routed over the Internet. Private IP address Computers communicate over many different recognized schemes allow organizations to limit the number of publicly ports, and the firewall will tend to permit these without routed IP addresses they use, reserving public addresses for prompting or alerting the user. For example, computers Web servers and other externally accessed network access Web pages over port 80 and use port 443 for secure equipment. NAT allows administrators to use one public IP Web communications. A home computer would expect to address for all of their users to access the Internet - the receive data over these ports. However, a software firewall firewall is "smart" enough to send the requests back to the would probably block any access from the Internet over port requesting workstation's internal IP. NAT also allows users 421, over which it does not expect to receive data. A inside a network to contact a server using a private IP while software firewall also allows certain programs on the user's users outside the network must contact the same server computer to access the Internet, often by express permission using an external IP. In addition to port and IP address rules, of the user. Some software firewalls also allow firewalls can have a wide variety of functionality. Firewalls configuration of trusted zones. These permit unlimited are vital to network management. Without this control over communication over a wide variety of ports. This type of computer and network access, large networks could not access may be necessary when a user starts a VPN client to store sensitive data intended for selective retrieval. Network reach a corporate intranet. address translation (NAT), web server load balancing, and redirecting traffic to transparent proxies all share a common One drawback to software firewalls is that they are software feature: they involve a level of indirection in the meaning of running on a personal computer operating system. If the IP addresses and port numbers, and can be implemented by underlying operating system is compromised, then the rewriting those values in IP headers and payloads. [4] firewall can be compromised as well. Since many other programs also run on a home computer, malicious software (5) METHODOLOGY could potentially enter the computer through some other application and compromise the firewall. Software firewalls IP Tables are based on open source and easy to implement also rely heavily upon the user making the right decisions. and manipulate according to need of the organization for controlling the traffic for need based applications. iptables is a user-space application program that allows a system (3) HARDWARE FIREWALLS administrator to configure the tables provided by the Linux kernel firewall (implemented as different Net filter modules) A hardware firewall uses packet filtering to examine the and the chains and rules it stores. Different kernel modules header of a packet to determine its source and destination. and programs are currently used for different protocols; This information is compared to a set of predefined or user- iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, created rules that determine whether the packet is to be and ebtables to Ethernet frames. Iptables requires elevated forwarded or dropped. privileges to operate and must be executed by user root, otherwise it fails to function. Hardware firewalls can be purchased as a stand-alone product but more recently hardware firewalls are found in Network address translation (NAT) is a methodology of broadband routers, and should be considered an important remapping one IP address space into another by modifying part of the system and network set-up, especially for a network address information in Internet Protocol (IP) broadband connection. Hardware firewalls can be effective datagram packet headers while they are in transit across a with little or no configuration, and they can protect every traffic routing device. The usage of Network Address machine on a local network. Most hardware firewalls will Translation (NAT) devices is very common among the have a minimum of four network ports to connect other devices such as computers, laptops and smart phones computers, but for larger networks, business networking connecting to the Internet.