University of Wollongong Research Online University of Wollongong Thesis Collection 1954-2016 University of Wollongong Thesis Collections 1998 Firewalls and internet security Shaukat Hussain University of Wollongong Follow this and additional works at: https://ro.uow.edu.au/theses University of Wollongong Copyright Warning You may print or download ONE copy of this document for the purpose of your own research or study. The University does not authorise you to copy, communicate or otherwise make available electronically to any other person any copyright material contained on this site. You are reminded of the following: This work is copyright. Apart from any use permitted under the Copyright Act 1968, no part of this work may be reproduced by any process, nor may any other exclusive right be exercised, without the permission of the author. Copyright owners are entitled to take legal action against persons who infringe their copyright. A reproduction of material that is protected by copyright may be a copyright infringement. A court may impose penalties and award damages in relation to offences and infringements relating to copyright material. Higher penalties may apply, and higher damages may be awarded, for offences and infringements involving the conversion of material into digital or electronic form. Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong. Recommended Citation Hussain, Shaukat, Firewalls and internet security, Doctor of Philosophy thesis, School of Information Technology and Computer Science, University of Wollongong, 1998. https://ro.uow.edu.au/theses/2013 Research Online is the open access institutional repository for the University of Wollongong. For further information contact the UOW Library: [email protected] FIREWALLS AND INTERNET SECURITY A thesis submitted in fulfillment of the requirements for the award of the degree Master of Honors from UNIVERSITY OF WOLLONGONG by SHAUKAT HUSSAIN School of Information Technology and Computer Science 1998 Copyright 1998 by SHAUKAT HUSSAIN All Rights Reserved 11 Dedicated to my family Abstract The original communications technology in world was the telegraph. The telegraph transfer mode lasted until the telephone was invented. The telephone was an evident improvement over the telegraph, it did not take long before the computer networks came. Computer networking bring a great revolution with data and voice traffic carried by the different standardised communications protocols such as Transmission Control Protocol/Intemet Protocol (TCP/IP). TCP/IP communication suite for internetworking has led to a global system of interconnected hosts and networks that is commonly referred to as the Internet. Now mostly operating systems using TCP/IP for standardised communication. No doubt that the maturity of TCP/IP over UNIX is more stronger in case of fast and trusted communication environments. A network with TCP/IP under UNIX environment is not enough secure for intemetworking/Intemet. This is due to the host-to-terminal architecture (of UNIX), and its trusted TCP/IP based services. TCP/IP intemetworking/Intemet environment some patches to UNIX and its TCP/IP based services can make them secure. The other operating systems with respect to their existing TCP/IP inetemetworking/Intemet services also need some patches. Most popular patches to existing TCP/IP based intemetworking/Intemet services are firewalls and Secure Socket Layer (SSL). These patches are available via ftp or http from different sites of the Internet. Firewalls can protect the whole organisational network services from any external network or the external Internet users, while SSL can protect each business transaction. Different firewalls have been analysed and proxy based firewall is implemented, tested and its weakness are measured. The weakness are covered by an additional program called Secure Link Interface (SLI). However due to changing trend of the existing Internet style with respect to the bandwidth, speed, and Quality of Services (QoS), the life of existing proxy based firewall is no longer. A new secure way for the future networking and the internetworking environment is also briefly discussed. VI Acknowledgments I would like to express my deepest gratitude to my supervisor Associate Professor Dr. Josef Pieprzyk for his studious guidance and support through the entire period of this study. I would also like to express my appreciation of the support and assistance provided by the members of the Centre for Computer Security Research in the School of Computer Science. In particular, I would like to thank Professor Jennifer Seberry and Associate Professor Dr. Rei Safavi-Naini for their encouragement. I am also greatly indebted to my wife and my children who have been a source of encouragement and support during the difficult times in this work. Vll Contents Certificate of Originality......................................................................... iv Abstract......................................................................................................... v Acknowledgements.....................................................................................vii Table Of Figures..................................................................................... XU 1 INTRODUCTION TO THESIS ORGANISATION..........................1 1.1 Organisation of the Thesis................................................................. 1 2 COMPUTER NETWORKING............................................................ 3 2.1 Introduction to Networking............................................................ 3 2.2 Advantages of Networking................................................................4 2.3 Network Topologies............................................................................. 4 2.3.1 Ethernet.................................................................................................5 2.3.2 Token Ring........................................................................................... 5 2.3.3 Fiber Distributed Data Interface (FDDI)..................................... 6 2.3.4 Asynchronous Transfer Mode (ATM)............................................6 2.4 Network Classification.......................................................................6 2.4.1 Local Area Network (LAN)................................................................ 7 2.4.2 Metropolitan Area Network (MAN)...................................................7 2.4.3 Wide-Area Network (WAN)................................................................ 7 2.4.4 Internet.................................................................................................. 7 2.5 Network Architecture........................................................................7 2.6 Type of Data Communication............................................................ 9 2.6.1 Connection-Oriented Services.......................................................... 9 2.6.2 Connectionless Services..............................................................10 2.7 Networking Protocols......................................................................10 2.8 Network Addresses.............................................................................10 2.9 Services Access Points (SAPs) ..........................................................10 2.10 Network Standardisation.............................................................. 11 3 TCP/IP AND UNIX INTRODUCTION............................................... 13 3.1 Communication Protocols............................................................... 13 viii 3.1.1 Transmission Control Protocol (TCP)....................................... 13 3.1.2 User Datagram Protocol (UDP).................................................15 3.1.3 Internet Protocol (IP)..................................................................75 3.1.4 Internet Control Message Protocol (ICMP)...............................17 3.1.5 Address Resolution Protocol (ARP) and Reverse ARP (RARP) 18 3.2 TCP/IP Layering Model......................................................................18 3.3 Client/server Model..........................................................................20 3.4 D omain Name Services (DNS)........................................................... 21 3.5 UNIX Basic Introduction..................................................................21 3.5.1 Kernel...........................................................................................27 3.5.2 Process.........................................................................................27 3.5.3 Parent and Child Process........................................................... 22 3.5.4 Shell.............................................................................................22 3.5.5 Scheduling and Swapping........................................................... 22 3.5.6 Super-user................................................................................... 23 3.5.7 Booting Process...........................................................................23 3.5.8 UNIX FileSystem.........................................................................24 3.5.9 File Permission Rights................................................................ 25 4 ESSENTIAL UNIX NETWORK ADMINISTRATION.................29 4.1 System Resources..............................................................................