FIREWALL SYSTEM DESIGN

& IMPLEMENTATION
ENFORCING ACCESS CONTROL PLOICY BETWEEN TWO OR
MORE NETWORKS

A Firewall is a system or group of systems that enforces an access control policy between
two or more networks. The firewall can be thought of as a pair of mechanisms one, which
exists to permit traffic.
A Firewall consists of software which controls the network traffic and also of
hardware components like the arrangement of router, public servers, and work stations
and so on.Firewall Software is a basic requirement for anyone using broadband to prevent
hacking, virus and other security risks. Typically firewall software works by hiding your
computer (via the ports that connect it to the Internet) from unknown users. The firewall
is the best solution for very critical and dangerous network threats.
Types of Firewall:
1. Packet Filtering Firewall
2. Circuit Level Firewall
3. Application Level Firewall.
Packet Filtering Firewall
Packet Filtering Firewall works at the lowest level of the protocol stack possible.
This firewall works at the network layer of both TCP/IP, OSI models.
Packet filters works on the incoming and outgoing traffic based on IP addresses
(source and destination). Packet filters do not examine upper layer data and do not
support advanced user authentication.
Circuit Level Firewall
A Circuit level firewall is second-generation firewall that validates TCP and UDP
connections before opening a connection. Once a handshake has taken place it passes
everything until the session is ended. This firewall operates at the session layer of the OSI
model and transport layer of the TCP/IP model.
 This firewall maintains a table of valid connections, which includes session state
sequencing information and lets the packets containing the data pass through when the
network information matches an entry in the virtual circuit table.
When a connection is terminated its table entry is removed and that virtual circuit
between the two peers is closed.
Application Level Gateway:
Packet filtering firewalls represent one extreme of the firewalls, the application
gateway represents the other. Application level gateways are so called because they
operate at the application layer of the protocol of the protocol stack.
An application level firewall runs proxy server application acting as an
intermediary between two systems. Consequently application level firewalls are
sometimes called as proxy server firewalls. Client sends a request to the server running
the application level firewall to connect to an external service such as FTP or HTTP. The
proxy server evaluates the request and decides to permit or deny the request based on a
set of rules. Proxy server understands the protocol of the service they are evaluating.
Thus they only allow packets through complying with the protocols for that
service. They also enable additional benefits detailed audit records, sessionsinformation
user authentication, URL filtering and caching.
Scope of Project:
A firewall provide security to the computer connected to internet. Firewall is
normally deployed in the gateway or proxy machines through which the inter-network
traffic happens. The firewall acts as a filter for the url’s specified in the browser. Any
authorized site will not be opened. Firewall allow user to access specific sites in the
internet.
This selectivity is useful in two ways. One way is that an organization can decide
who has access to what and allow its employees to get access to the authorized sites
within the network through this firewall system. And other application of this selectivity
is for the home users where one can limit the usage of net by restricting to some site.
Project Features:
This project implements the third generation of firewall i.e., Application layer
firewall based on HTTP protocol. This includes the standard features of new generation
firewalls and some enhancement to overcome the limitations.
The primary goal of this project is to let the user to access only authorized
websites and all other website will be restricted.
Existing System:
The policy in the firewall defines the characteristics of acceptable and
unacceptable network traffic based on the packet criteria at the IP level or above.
Typically, network traffic that represents hostile intrusion attempts, denial of service
attacks and/or authorized attempts to read, write or modify the information is proactively
denied by the firewall.
A firewall examines all traffic routed between two network to see if it meets
certain criteria. If it does, it is routed between the networks otherwise it is stopped.
Firewalls can filter packets based on their source and destination addresses and port
numbers. This is known as address filtering.
Firewalls can also filter specific type of network traffic based on the protocol.
This is also known as protocol filtering because to forward or reject is based on the
protocol used. Firewall can also control traffic by packet attribute or state.

Problems in the existing system:

As packet filters do not examine upper layer data and do not support advanced
features, implementation of circuit filter is time consuming (i.e., deals with virtual circuit
tables) and both are complicated to implement we go for application level firewall.

Proposed System:
This project implements the 3rd generation of firewalls-Application layer firwall
based on the HTTP protocol. An application level firewall runs proxy server
Application acting as an intermediary between two systems
 The client sends an request to the server running the Application Level Firewall
to connect to an external service such as HTTP. The proxy server evaluates the request
and decides to permit or deny the request based on the set of rules defined by the firewall.
This includes the standard features of new generation Firewalls and some enhancements.

The main objective of this project is to create software that can interrupt users who wants
access to unauthorized websites and allow only those, which are present in Firewall log
with some security restrictions.

Algorithm for Firewall:

1. Start the Firewall
2. Get the request from the user.
3. If the request website cannot be opened.
4. Open the website.
5. Stop.
System Requirements
Hardware Requirements
 Intel Pentium Processor
 Monitor
 128 MB RAM
 40 BG HDD
 Standard Keyboard (104 Keys)
 Mouse

Software Requirements:
 JRE (Java Runtime Environment)
 Operating System: Microsoft Windows XP