Beruflich Dokumente
Kultur Dokumente
Virtual private network was developed to help users protect and better control their internet
connection. However, virtual private network cannot protect users from viruses, hacking
attempt or generally anything bad. Many techniques are proposed such as antivirus protection
technique that is designed to detect and remove software viruses, and other malicious software
like worms, Trojans, and more. But this technique does not protect users from intruders. In this
research, we proposed an integrated security system for home users. Using this system, we can
provide security from both internal i.e. antivirus and external layers i.e. virtual private network.
The aim of this research is to provide an integrated system that will protect the home users
from intruders and other viruses
.
Key Terms: Antivirus, VPN, Tunneling, Personal System Security, Encryption.
Introduction:
Internet has become an essential part of everyone’s daily life. It also attracts intruders or
attackers when users are online. As more applications become interconnected through the
internet, greater attention is now being paid to the effectiveness of network security. Network
security focuses on protecting computers, networks, programs, and data from unintended or
unauthorized access, change, or destruction. Security is one of the biggest challengers in
today’s interconnected world. As soon as your PC is connected to the Internet, you are being
targeted by unlimited number of malicious programs, viruses, hackers and other unknown new
threats appearing every day [1]. Not only this but also the information you send and received
might be intercepted, read and even altered.
The field of network security is a very dynamic and highly technical field dealing with all
aspects of scanning, hacking and securing systems against intrusions. Since invented, computer
network has brought along tremendous effectiveness in every aspect of life. Besides that, users
face threats from all kinds of attack from hackers [8]. Network security includes protection
methods for all information that is stored and transferred through a system network. This is
also a special field of interest and a difficult and complex work at the same time. In the
information outburst age, hackers develop at a faster rate than ever on all scales.
Despite widespread use of antivirus software, malware remains pervasive. The question that
comes into mind is that can home users fully rely on the antivirus software for protection?
Antivirus protection cannot effectively detect all current forms of attacks. The antivirus works
on a very basic principle; they scan a file and then matches its digital signature against the
known malwares. If the signature is match in the database it reports it, delete it or even disinfect
it depending on the program. Another question that pops up into my mind is that, is there any
drawback in the existing system because whenever a new malware is found, it takes time before
the antivirus database can be updated and during this period the malware can already take
complete control of the computer.
1.1 Objectives:
The development of computers and networks has also highlighted the security threats faced by
home users. So, the core objectives of this research are as follows:
1. To provide an integrated system to provide home users an encrypted connection over a less
secure network, such as the Internet.
2. To secure the users from external threats such as spying and intrusion.
3. To secure the users from viruses and other infected files by using both behaviour-based and
signature-based detection method.
1.3 Scope:
The scope of the proposed system is very vast when it comes to the systems security of home
users as it can be implemented for any home user as for them security is a major concern.
Personal System Security Essentials (PSSE) is the first hybrid security system based on
windows platform for the security of home users. PSSE integrates AV with a virtual private
network. Antivirus acts as an inner layer security while a VPN acts as an outer layer security.
It provides anti-malware protection, virtual private network with encryption, creates a safe and
encrypted connection over a less secure network.
Virtual Private Network
A VPN supplies network connectivity over a possibly long physical distance. In this respect, a
VPN is a form of Wide Area Network (WAN). The key feature of a VPN, however, is its ability
to use public networks like the Internet rather than rely on private leased lines. VPN
technologies implement restricted-access networks that utilize the same cabling and routers as
a public network, and they do so without sacrificing features or basic security.
“An Internet-based virtual private network (VPN) uses the open, distributed
infrastructure of the Internet to transmit data between corporate sites.”
Basically, a VPN is a private network that uses a public network (usually the Internet) to
connect remote sites or users together. Instead of using a dedicated, real-world connection such
as leased line, a VPN uses "virtual" connections routed through the Internet from the company's
private network to the remote site or employee.
VPN technology can be used for site-to-site connectivity as well, which would allow a branch
office with multiple access lines get rid of the data line, and move traffic over the existing
Internet access connection. Since many sites use multiple lines, this can be a very useful
application, and it can be deployed without adding additional equipment or software.s
Users can exchange private data securely, making the expensive leased lines redundant. The
term VPN has been associated in the past with such remote connectivity services as the public
telephone network and Frame Relay PVCs, but has finally settled in as being synonymous with
Passed data networking. Before this concept surfaced, large corporations had expended
considerable resources to set up complex private networks, now commonly called Intranets.
These networks were installed using costly leased line services, Frame Relay, and ATM to
incorporate remote users. For the smaller sites and mobile workers on the remote end,
companies supplemented their networks with remote access.
Servers or ISDN. At the same time, the small- to medium-sized enterprises (SMEs), who could
not afford dedicated leased lines, were relegated to low-speed switched services. As the Internet
became more and more accessible and bandwidth capacities grew, companies began to offload
their Intranets to the web and create what are now known as Extranets to link internal and
external users. However, as cost-effective and quick-to deploy as the Internet is, there is one
fundamental problem – security.
Today’s VPN solutions overcome the security factor. Using special tunneling protocols and
complex encryption procedures, data integrity and privacy is achieved in what seems, for the
most part, like a dedicated point-to-point connection. And, because these operations occur over
a public network, VPNs can cost significantly less to implement than privately owned or leased
services.
Although early VPNs required extensive expertise to implement, the technology has matured
already to a level that makes its deployment a simple and affordable solution for businesses of
all sizes, including SMEs who were previously being left out of the revolution. Using the
Internet, companies can connect their remote branch offices, project teams, business partners,
and e-customers into the main corporate network. Mobile workers and telecommuters can get
secure connectivity by dialling into the POP (Point-of-Presence) of a local ISP (Internet Service
Provider). With a VPN, corporations see immediate cost reduction opportunities in their long
distance charges (especially important to global companies), leased line fees, equipment
inventories (like large banks of modems), and network support requirements. VPN
technologies have myriad protocols, terminologies and marketing influences that define them.
For example, VPN technologies can differ in:
The workgroup found that the following characteristics are necessary for a successful UC Davis
VPN implementation:
1.Available to all Cyber Safe remote computers. Every vendor supported end-user platform
should be able to use the VPN service, but VPN access from computing systems that are or can
be compromised should be denied.
2. Easily supportable. VPN implementation must not substantially increase help desk
utilization or costs.
4. Security that is not “one size fits all”. The ability to assign remote users to security zones
based on authorization groups is highly desirable in many circumstances. For example, SSL
VPN technology could be used to enhance campus wireless security through the assignment of
users to trusted and untrusted zones depending on their affiliation.
5. Granular administration. A VPN implementation that permits administrative delegation
in an environment of central control would be highly desirable. A vendor solution that permits
departmental participation through independent purchase of compatible equipment
may also be acceptable.
6. Split tunnel services. Split tunnel services should be supported by a campus VPN
implementation.
7. Browser support. The SSL VPN solution must be compatible with current Internet Web
browsers, including Internet Explorer, Safari, Netscape, Opera and Firefox.
9. Scalability. It should be possible to begin small and economically increase capacity without
degrading performance. Technical details relating to interoperation with the existing VLAN
infrastructure may contribute significantly in this respect.
10. Hardened. The VPN platform should have a hardened operating system and firmware that
provide no opportunities for exploits.
11. Operation 24x7x365. Every hour of the night and day, some UC Davis affiliate uses
campus resources remotely, so we require a high availability platform. An active/passive
configuration would provide fail-safe operation if a load balancing active/active configuration
was unaffordable.
12. Supported. As a core service, VPN would require 24x7 vendor telephone support and 24x7
hardware maintenance availability. The workgroup identified one feature, Endpoint Security
Integration, which will require further analysis. While end-point security is a highly desirable
function for entry to the campus network, the ability to check an operating system version,
application of security patches or the currency of anti-virus detection files would likely benefit
the campus as part of a broader offering, integrated into network access for wired, wireless and
VPN services.
3. Types of Virtual Private Networks:
The other required component of remote-access VPNs is client software. In other words,
employees who want to use the VPN from their computers require software on those computers
that can establish and maintain a connection to the VPN. Most operating systems today have
built-in software that can connect to remote-access VPNs, though some VPNs might require
users to install a specific application instead. The client software sets up the tunnelled
connection to a NAS, which the user indicates by its Internet address. The software also
manages the encryption required to keep the connection secure. You can read more about
tunneling and encryption later in this article.
3.2 Site-to-Site VPN:
Site-to-Site VPNs are an alternative WAN infrastructure that used to connect branch offices,
home offices, or business partners' sites to all or portions of a company's network. VPNs do
not inherently change private WAN requirements, such as support for multiple protocols, high
reliability, and extensive scalability, but instead meet these requirements more cost-effectively
and with greater flexibility.]
A company can connect multiple fixed sites over a public network such as the Internet through
the use of dedicated equipment and large-scale encryption. Site-to-site VPNs can be one of two
types:
1). Intranet-based - If a company has one or more remote locations that they wish to join in a
single private network, they can create an intranet VPN to connect LAN to LAN.
2). Extranet-based - When a company has a close relationship with another company (for
example, a partner, supplier or customer), they can build an extranet VPN that connects LAN
to LAN, and that allows all of the various companies to work in a shared environment.
Network security has become important due to the inter-connection of computers and the rise
of the internet. This section describes some of the popular network threats.
c) Phishing Attacks: These attacks are becoming quite popular due to the proliferation of Web
sites. In phishing scams, an attacker sets up a web site that masquerades as a legitimate site.
By tricking a user, the phishing site obtains the user's clear text password for the legitimate
site. Phishing has proven to be quite effective in stealing user passwords.
d) Session Hijacking: It is intercepting and carrying out a session begun by another entity.
Suppose two people have entered into a session but then a third person intercepts the traffic
and carries out a session in the name of the other person then this will be called session
hijacking. For example, if an Online merchant used a wiretap to intercept packets between you
and Amazon.com, the Online merchant can monitor the flow of packets. When the user has
completed the order, Online merchant can intercept when the "Ready to check out" packet is
sent and finishes the order with the user obtaining shipping address, credit card detail and other
information. In this case we say the Online merchant has hijacked the session.
e) Man-in-the-Middle Attack: In this type of attack also one entity intrudes between two
others. The difference between man-in-the-middle and hijacking is that a man-in-the-middle
usually participates from the start of the session, whereas a session hijacking occurs after a
session has been established. This kind of attack is frequently described in protocols. For
example, suppose two parties want to exchange encrypted information. One party contacts the
key server to get a secret key that will be used in the communication. The key server responds
by sending the private key to both the parties. A malicious middleman intercepts the response
key and then eavesdrop on the communication between the two parties.
f) Web Site Defacement: One of the most widely known attacks is the web site defacement
attack. Since this can have a wide impact they are often reported in the popular press. Web sites
are designed so that their code can be easily downloaded enabling an attacker to obtain the full
hypertext document. One of the popular attacks against a web site is buffer overflow. In this
kind of attack, the attacker feeds a program more data than what is expected. A buffer size is
exceeded and the excess data spills over adjoining code and data locations. Network and
System Security
Encryption is the process of taking all the data that one computer is sending to another and
encoding it into a form that only the other computer will be able to decode. Most computer
encryption systems belong in one of two categories:
• Symmetric-key encryption
• Public-key encryption
4.1 Symmetric-key encryption:
In each computer has a secret key (code) that it can use to encrypt a packet of information
before it is sent over the network to another computer. One should know that which computers
will be talking to each other so the key can be installed on each computer. Symmetric-key
encryption is essentially the same as a secret code that each of the two computers must know
in order to decode the information. The code provides the key to decoding the message.
The address space for Internet is running out as more machines and domain names are being
added to the Internet. A new structure called IPv6 solves this problem by providing a 64-bit
address space to IP addresses. As part of IPv6, the Internet Engineering Task Force (IETF)
adopted an IP Security Protocol (IPsec) Suite that addresses problems such as spoofing,
eavesdropping and session hijacking. IPsec is implemented at the IP layer so it affects all layers
above it. IPsec is somewhat similar to SSL, in that it supports authentication and confidentiality
that does not necessitate significant changes either above it (in applications) or below it (in the
TCP protocols). Just like SSL, it was designed to be independent of the cryptographic protocols
and to allow the two communicating parties to agree on a mutually supported set of protocols.
The basis of IPsec is called a security association which is basically a set of security parameters
that are required to establish a secured communication. Some examples of these parameters
are: Encryption algorithm and mode Encryption Key Authentication protocol and key Lifespan
of the association to permit long running sessions to select a new key Address of the opposite
end of an association
6. Tunneling:
Most VPNs rely on tunneling to create a private network that reaches across the Internet.
Essentially, tunneling is the process of placing an entire packet within another packet and
sending it over a network. The protocol of the outer packet is understood by the network and
both points, called tunnel interfaces, where the packet enters and exits the network.
Tunneling requires three different protocols:
1. Carrier protocol: The protocol used by the network that the information is traveling
over
2. Encapsulating protocol: The protocol (GRE, IPsec, L2F, PPTP, L2TP) that is
wrapped around the original data
3. Passenger protocol: The original data (IPX, NetBeui, IP) being carried.
6.1 Tunnelling: Site-to-Site
In a site-to-site VPN, GRE (generic routing encapsulation) is normally the encapsulating
protocol that provides the framework for how to package the passenger protocol for transport
over the carrier protocol, which is typically IP-based. This includes information on what type
of packet is being encapsulated and information about the connection between the client and
server. Instead of GRE, IPsec in tunnel mode is sometimes used as the encapsulating protocol.
IPsec works well on both remote-access and site-to-site VPNs. IPsec must be supported at both
tunnel interfaces to use.
In a remote-access VPN, tunneling normally takes place using PPP. Part of the TCP/IP stack,
PPP is the carrier for other IP protocols when communicating over the network between the
host computer and a remote system. Remote-access VPN tunneling relies on PPP.
6.3 Layer 2 Tunneling Protocol:
Description:
The entire L2TP packet, including payload and L2TP header, is sent within a User
Datagram Protocol (UDP) datagram. A virtue of transmission over UDP (rather than
TCP; c.f. SSTP) is that it avoids the "TCP meltdown problem". It is common to
carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or
strong authentication by itself. IPsec is often used to secure L2TP packets by providing
confidentiality, authentication and integrity. The combination of these two protocols is
generally known as L2TP/IPsec (discussed below).
The two endpoints of an L2TP tunnel are called the LAC (L2TP Access Concentrator)
and the LNS (L2TP Network Server). The LNS waits for new tunnels. Once a tunnel is
established, the network traffic between the peers is bidirectional. To be useful for
networking, higher-level protocols are then run through the L2TP tunnel. To facilitate
this, an L2TP session (or 'call') is established within the tunnel for each higher-level
protocol such as PPP. Either the LAC or LNS may initiate sessions. The traffic for each
session is isolated by L2TP, so it is possible to set up multiple virtual networks across
a single tunnel. MTU should be considered when implementing L2TP.
The packets exchanged within an L2TP tunnel are categorized as either control
packets or data packets. L2TP provides reliability features for the control packets, but
no reliability for data packets. Reliability, if desired, must be provided by the nested
protocols running within each session of the L2TP tunnel.
flags and version: control flags indicating data/control packet and presence of length,
sequence, and offset fields.
Length (optional): Total length of the message in bytes, present only when length flag is
set.
PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to
encapsulate PPP packets. Many modern VPNs use various forms of UDP for this same
functionality.
The PPTP specification does not describe encryption or authentication features and relies on
the Point-to-Point Protocol being tunnelled to implement any and all security functionalities
The PPTP implementation that ships with the Microsoft Windows product families implements
various levels of authentication and encryption natively as standard features of the Windows
PPTP stack. The intended use of this protocol is to provide security levels and remote access
levels comparable with typical VPN products
Description:
A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This
TCP connection is then used to initiate and manage a GRE tunnel to the same peer. The
PPTP GRE packet format is non-standard, including a new acknowledgement
number field replacing the typical routing field in the GRE header. However, as in a
normal GRE connection, those modified GRE packets are directly encapsulated into IP
packets, and seen as IP protocol number 47. The GRE tunnel is used to carry
encapsulated PPP packets, allowing the tunnelling of any protocols that can be carried
within PPP, including IP, NetBEUI and IPX.
Today, PPTP is still widely used in corporate VPNs. A big reason for this is the fact it
comes built-in on pretty much any platform. This also makes it very easy to set up,
since it doesn’t require any additional software.
PPTP was created by a consortium led by Microsoft. It utilizes Microsoft Point-to-Point
Encryption (MPPE), along with MS-CHAP v2 authentication. While these days you’ll
rarely find anything other than 128-bit encryption with this protocol, it still suffers from
alarming security risks.
In the past, it was demonstrated that PPTP could be cracked in just two days – a problem
that has since been patched by Microsoft. But even Microsoft itself recommends using
SSTP or L2TP/IPsec, which says enough about how reliable PPTP is nowadays.
7. Anti-Virus
7.1 What exactly is an Antivirus?
Antivirus software is a computer program that identify and remove computer virus and other
malicious software like worms and Trojans from an infected computer. Not only this, an
antivirus software also protects the computer from further virus attacks. Anti-virus system
detects viruses from system like vchost.exe, servicemgr.exe, lsass.exe, tore virus generated by
autorun.info. Generally, Antivirus first check the size & according to it if match the size with
its data base then it finds out the pattern from that file if so then it will delete it.
An anti-virus software program is a c-program that can be used to scan files to identify and
eliminate computer viruses and other malicious software (malware). Anti-virus software
typically uses two different techniques to accomplish this:
· Examining files to look for known viruses by means of a virus dictionary
· Identifying suspicious behaviour from any computer program which might indicate
infection
7.3.1 Virus dictionary approach:
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a
dictionary of known viruses that have been identified by the author of the anti-virus software.
If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus
software can then either delete the file, quarantine it so that the file is inaccessible to other
programs and its virus is unable to spread, or attempt to repair the file by removing the virus
itself from the file.
To be successful in the medium and long term, the virus dictionary approach requires periodic
online downloads of updated virus dictionary entries. As new viruses are identified "in the
wild", civically minded and technically inclined users can send their infected files to the authors
of antivirus software, who then include information about the new viruses in their dictionaries.
The suspicious behaviour approach, by contrast, doesn't attempt to identify known viruses, but
instead monitors the behaviour of all programs. If one program tries to write data to an
executable program, for example, this is flagged as suspicious behaviour and the user is alerted
to this, and asked what to do.
Unlike the dictionary approach, the suspicious behaviour approach therefore provides
protection against brand-new viruses that do not yet exist in any virus dictionaries. However,
it also sounds a large number of false positives, and users probably become desensitized to all
the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is
obviously useless to that user. This problem has especially been made worse over the past 7
years, since many more no malicious program designs chose to modify other. exes without
regards to this false positive issue. Thus, most modern anti-virus software uses this technique
less and less.
Some antivirus-software will try to emulate the beginning of the code of each new executable
that is being executed before transferring control to the executable. If the program seems to be
using self-modifying code or otherwise appears as a virus (it immediately tries to find other
executables), one could assume that the executable has been infected with a virus.
However, this method results in a lot of false positives. Yet another detection method is using
a sandbox. A sandbox emulates the operating system and runs the executable in this simulation.
After the program has terminated, the sandbox is analysed for changes which might indicate a
virus. Because of performance issues this type of detection is normally only performed during
on-demand scans.
The dictionary approach to detecting virus is often insufficient due to the continual creation of
new viruses, yet the suspicious behaviour approach is ineffective due to detect false positive
alarm. Hence, the current understanding of anti-virus software will never conquer computer
virus.
A well maintained virus test bed, which contains viruses known to computer antivirus
researches can be used for evaluating products which will detect known viruses. The virus
detection analysis can be carried out by scanning the contents of the test bed and concluding
results from the scanning reports. Unfortunately, some product may crash during the scanning
and in such files causing crashes need to be traced and files resulting in crashes should be
treated as unidentified by the product.
A well maintained virus test bed containing viruses known to computer antivirus researches
can be used for evaluating products preventing known viruses. The difference between is that
the product is working in the background and this requires more complicated evaluation
methods, but the same virus test bed can be used with products, which will prevent known
viruses.
7.6 Detecting Unknown viruses
A virus test bed can also be used as a basis for the analysis for product, which detect unknown
viruses. Often products detecting unknown viruses are combined with products which will
detect known viruses. If possible, the products known virus detection capability should be
disabled. Known virus detection may be detached by removing virus database files, by using
old database files or by using specific operation mode of a product. Unfortunately, the known
virus detection may be an inseparable part of a product and in this case test bed should be
limited to viruses not known to the product and a vulnerability analysis may be necessary.
7.7 Preventing Unknown viruses
A virus test bed can be also used for evaluating products which will prevent unknown viruses.
The difference is that the product is working in the background and this requires special
evaluation methods, but the same virus test bed can be used with product which will prevent
unknown viruses. This is demonstrated in Virus Research Unit’s behaviour blocker analysis.
With products preventing unknown viruses, virus attack emulation and Vulnerability analysis
are also required.
8.1File viruses
Some programs are viruses in disguise, when executed they load the virus in the memory along
with the program and perform the predefined steps and infect the system. They infect program
files like files with extensions like .EXE, .COM, .BIN, .DRV and .SYS. Some file viruses just
replicate while others destroy the program being used at that time. Such viruses start replicated
as soon as they are loaded into the memory. As the file viruses also destroy the program
currently being used, after removing the virus or disinfecting the system, the program that got
corrupted due to the file virus, too, has to be repaired or reinstalled.
The boot sector virus can be the simplest or the most sophisticated of all computer viruses.
Since the boot sector is the first code to gain control after the ROM start up code, it is very
difficult to stop before it loads. If one writes a boot sector virus with sufficiently sophisticated
anti-detection routines, it can also be very difficult to detect after it loads, making the virus
nearly invincible. Specifically, let’s look at a virus which will carefully hide itself on both
floppy disks and hard disks, and will infect new disks very efficiently, rather than just at boot
time. Such a virus will require more than one sector of code, so we will be faced with hiding
multiple sectors on disk and loading them at boot time. Additionally, if the virus is to infect
other disks after boot-up, it must leave at least a portion of itself memory-resident. The
mechanism for making the virus memory resident cannot take advantage of the DOS Keep
function (Function 31H) like typical TSR programs.
8.3 Macro viruses
Script viruses should be replicated by using the environment needed for Replication. For
example, viruses using MS-DOS batch language should be Replicated using batch files as goat
files and viruses using Visual Basic Scripting should be replicated using Windows Scripting
Host.
Multipartite viruses are the hybrid variety; they can be best described as a cross between both
Boot Viruses and File viruses. They not only infect files but also infect the boot sector. They
are more destructive and more difficult to remove. First of all, they infect program files and
when the infected program is launched or run, the multipartite viruses start infecting the boot
sector too. Now the interesting thing about these viruses is the fact that they do not stop, once
the boot sector is infected. Now after the boot sector is infected, when the system is booted,
they load into the memory and start infecting other program files. Some popular examples
would be Invader and Flip etc.
Linking viruses may require that the system is first infected with the virus in order to construct
the linkage. However, scanners typically detect the virus even when the linkage does not exist
and this can be utilised in virus detection analysis. Furthermore, a linkage virus may be capable
of replicating even without establishing the linkage, but if this is not the case, then the linkage
should be created before analysis. Otherwise we are not analysing true working viruses,
because the virus is not capable of replicating without the linkage.
As demonstrated with the definition of stealth viruses, memory resident Viruses may be able
to deceive antivirus products, if the memory scanning does not work correctly for some reason
and the virus active in the central memory is not found. In such a case it is possible that a
antivirus scanner is actually replicating a virus, because the virus may infect each file the
scanner opens for reading. Therefore, one phase of antivirus product evaluation could be
evaluating products’ capabilities to detect viruses in central memory.
Self-distributing viruses have at least one special replication channel from a local system to a
remote system. The replication should be performed by using the replication channels.
However, the replication environment should be an isolated environment in order to prevent
the virus accidently spreading to external systems. Preventing antivirus products should be
analysed based on the prevention mechanism. This may require that the replication channel is
used or that the virus is activated while the antivirus product is actively preventing virus.
9. Proposed System:
Our proposed system provides both virtual private network and antivirus. This integrated
system can be observed as a process flow in Figure. (4.1) clarifying the storing point of view
as well as the retrieving point of view. It can be observed in Figure (4.1) personal system “User”
is protected by an antivirus which is an inner layer. On the other hand, virtual private network
is the outer layer. In fig 4.1, user is connected to virtual private network and the requests are
being send and receive over an encrypted tunnel. The proposed system makes it more difficult
for intruders or hackers to target a home user.
The proposed system scans all ingoing and outgoing data. Proposed system also detects
malicious files and links. It also warns against opening malicious websites based on the
behaviour technique. The proposed system also encrypts connection over a less secure network,
such as internet. The data flow in a virtual private network. Proposed system transmits the data
between the remote user and the company network in an encrypted tunnel, which gives a secure
connection to home users. The proposed system also allows the users to set parameters as per
need to control the system usage.
In the below diagram (fig 4.1) author focuses on computer and network security. The data is
passing through an encrypted tunnel to the VPN server, the transmission of data is secured with
encryption. From VPN server request is being send to internet. This whole process is secured
with VPN. The system has the antivirus to detect the viruses and malwares.
AV Defence:
Below is the AV design of the proposed system, it scans all the malwares and infected
programs. As it can be seen in the below figure 5.4, proposed system has a scan mode that
keeps blinking. Below in the ‘Panel’ a virus has been found.
Shah, K. and Kapdi, T. (2015). Disclosing Malicious Traffic for Network Security.
International Journal of Advances in Engineering and Technology (IJAET), [online]
7(6), pp.1701-1706.
Rani, S. and Rani, S. (2016). Data Security in Cloud Computing Using Various
Encryption Techniques. International Journal of Modern Computer Science (IJMCS),
[online] 4(3), pp.163-166.
ZHU, S. (2013). Algorithm Design of Secure Data Message Transmission Based on
OPENSSL and VPN. Journal of Theoretical and Applied Information Technology,
[online] 48(1), pp.562-569.
Al-Otaibi, N. and Gutub, A. (2014). 2-Layer Security System for Hiding Sensitive Text
Data on Personal Computer. Lecture Notes on Information Theory, [online] 2(2),
pp.151-157.
Mungovan, D., Howley, E. and Duggan, J. (2015). Modelling Antivirus Defence
Strategies in Scale Free Networks. [online] Available at:
http://netserver.it.nuigalway.ie/endahowley/papers/aics08.pdf [Accessed 13 Jun.
2017].