Selection, Configuration and Testing of Firewall, for NIIT Intranet

Abstract

A firewall acts as a watch guard for the network. It not only provides control over the network traffic but also envisages the traffic as an effective and alert net monitor. The scope of the project encompassed selection and implementation of the firewall which best serves the needs for NUST Institute of information technology. For the firewall selection the very first step was to collect the requirements of network users. All the faculty members were consulted through Questionnaires but the feed back was not enough so a panel of users was selected to provide the requirements more thoroughly and specifically. The panel constituted of two faculty members and one system administrator. Personal interviews were conducted to collect information in addition to the Questionnaire. Visits were made to various organizations in Islamabad to know the extent and brand of firewall in use. It was found that almost all of them use some type of firewall which varies from proxy servers to the hardware appliances. Information gathering about the firewalls available in market was a parallel activity for this internet proved to be effective which provided reviews, documentation and white papers on different products. Winroute, Wingate, Raptor, PIX, Firewall-1 were taken into account after short listing. After collecting all the necessary information about the requirements and the products available in the market the analysis was initiated. From the user requirements it was also identified that which requirements are more important than others. By assigning different weights to these factors the product was selected. To incorporate the price issues and other special issues taxonomy multi ranking evaluation method was used. The method resulted in providing us the best choice. From this evaluation Winroute emerged as the best choice for NIIT. Winroute is a product of Tiny software Inc. This firewall was acquired and installed in one of the PCs in the NIIT Lab no.4 and the experimentation was done and different configurations were tested in the network environment. Three PCs were used which is a minimum requirement for such experiments. One of the PC was connected with the help of cross over cable to provide a singular path for the network traffic. Traffic was generated through the ping and netsend commands. Internet was also accessed through the NIIT intranet. As all the internet traffic was coming through NIIT proxy server so it was not possible to do the packet filtering. So to solve this problem the another test arrangement was established in CERN lab where the firewall PC had access to the internet through a dialup modem. Different services were allowed and denied at the firewall and the firewall activity was monitored and was documented in the form of logs. A number of functionality which the firewall offers were tested. The proxy server capabilities of the firewall were used for filtering of web content also. A number of hacking tools were used including sub seven and net bus. The firewall was found effective in blocking these trojans from communicating across the firewall. Some experimentation was done with the denial of service tools which showed that the firewall is effective in blocking some of the attacks but not all of them. During the experimentation the performance of the firewall was also evaluated by independent monitoring organizations like Gibson research corporation. The testing revealed that the firewall provides complete opaqueness to the network against the passing by random scanners. The result comparison with the scanning of existing firewall showed that there is appreciable amount of safety being provided by this product. The vulnerabilities of the firewall were also considered to know about the gray areas of the product. It was found that the firewall comes with a default blank login which should be changed in first place. The remote login facility of the firewall is considered to be vulnerable. The firewall does not provide the content authentication facility so the administrator has to assume optimistically that no hacking tool is using the reserved ports. The firewall does not provides the alert facility so a periodic watch is required to detect any disallowed activity by the network users. Winroute not only is a firewall but it can act as a network monitoring tool which can be used in number of network related experiments and research project at NIIT. Its packet logging capability can be used effectively to demonstrate the working of networks and for the documentation of the network traffic.