PROJECT REPORT

ON

Web Based Visualization & Management System for Security

Policies
Carried Out at

CENTRE FOR DEVELOPMENT OF ADVANCED COMPUTING

ELECTRONIC CITY, BANGALORE.

UNDER THE SUPERVISION OF

Mr. Muraleedharan N
C-DAC Bangalore

Submitted By -

Amitabh Srivastava (190851920009)

Nasir Khan (190851920053)
Niraj Kumar (190851920060)
Mridula Hirwani (190851920047)
Arvind Punar(190851920018)

PG DIPLOMA IN ADVANCED COMPUTING

C-DAC, BANGALORE
2
 CERTIFICATE

This is Certify that the Web Visualization and Management System is carried out by

Group Members: -

Amitabh Srivastava (190851920009)

Nasir Khan (190851920053)

Niraj Kumar (190851920060)

Mridula Hirwani (190851920047)

Arvind Punar(190851920018)

The bonafide students of Diploma in Advance Computing of Centre for Development of

Advance Computing, Electronic City, Bangalore from January 1 st,2020 to January 30th,2020.
The course end work is carried out under my direct supervision and is ……….% completed.

Name of Supervisor
Mr. Muraleedharan N
CDAC, #68, Electronic City,
Bangalore-560100, India

3
 PG-DAC Final Project Report

Candidate’s Declaration
We hereby certify that the work being presented in the report entitled Web Based
Visualization & Management System For Security Policies, in the partial fulfilment of the
requirement for the award of PG-DAC and submitted in the department of DAC of the C-
DAC Bangalore, is an authentic record of our work carried out during the period 1 st January

4
2020 – 29th January 2020 under the supervision of Mr. Muraleedharan N C-DAC
Bangalore.
The matter presented in the report has not been submitted by me for the award of any degree
of this or any other Institute/University.

(Name and Signature of Candidates)

Amitabh Srivastava (190851920009)

Nasir Khan (190851920053)

Niraj Kumar (190851920060)

Mridula Hirwani (190851920047)

Arvind Punar (190851920018)

5
6
7
 ACKNOWLEDGMENT

I take this opportunity to express my gratitude to all those people who have been directly and
indirectly with me during the competition of this project
I pay thank to Mr. Muraleedharan N who has given guidance and a light to me during this
major project. Her versatile knowledge about “Web Based Visualization & Management
System for Security Policies” has eased me in the critical times during the span of this Final
Project.
I acknowledge here out debt to those who contributed significantly to one or more steps. I take
full responsibility for any remaining sins of omission and commission.

Student Name PRN

Amitabh Srivastava (190851920009)

Nasir Khan (190851920053)
Niraj Kumar (190851920060)
Mridula Hirwani (190851920047)
Arvind Punar (190851920018)

Group No. 20

8
 ABSTRACT

Security Policy is important in any organization. These policies are managed by various
devices and through various ways such as role-based policies, role-based access, blocking
certain IP and URL, access to particular websites and blocking sensitive websites.

Security policy keep the malicious users out and also exert control over potential risky users
within your organization. The first step in creating a policy is to understand what information
and services are available (and to which users), what the potential is for damage and whether
any protection is already in place to prevent misuse.

Security Policies in most of the cases and in many ways are maintained through text files which
is difficult to manage. To manage this security policy, we are designing a graphical (visual)
web-based system which will be beneficial for the network administrator or security policy
manager to maintain and manage security policy in an organization in better and easy way.

Through our web-based software, we can monitor traffic, events and system health. We can
manage policy which includes data, application and users. Applications can be disabled or
enabled. We will have reports based on traffic, events and any security alert.

Our objective is providing web-based Visualization to the system based on some security
policies and generate a software to provides a suite of tools for maintaining compliance and
enforcing policies related to organizational security policies.

9
 TABLE OF CONTENTS
SECTION I
1. Introduction ….....................................................................................................................8
1.1 Objective and Scope...........................................................................................................8
2. Literature Review................................................................................................................9
2.1 Problem Definition ............................................................................................................9
2.2 Proposed System ...............................................................................................................9
3. Software Requirement Specification...................................................................................10
3.1 External Interface Requirements........................................................................................10
3.1.1 User Interface..................................................................................................................10
3.1.2 Hardware Interface..........................................................................................................11
3.1.3 Software Interface...........................................................................................................11
3.1.4 Communications Interface..............................................................................................11
3.2 System Features.................................................................................................................11
3.3 Other Non-functional Requirements .................................................................................12
3.3.1 Performance Requirements.............................................................................................12
3.3.2 Safety Requirements.......................................................................................................12
3.3.3 Security Requirements....................................................................................................12
3.3.4 Software Quality Attribute..............................................................................................13
4. Architecture ........................................................................................................................13
4.1 System Architecture ..........................................................................................................13
4.2 Specific Requirements........................................................................................................14
4.2.1 Use Case Report .. ..........................................................................................................14
4.2.2 User Classes & Characteristics........................................................................................16
4.2.3 Class Diagram………………………………………………………………………….17
5. System Design.....................................................................................................................18
5.1.1 Description & Priority.....................................................................................................18
5.1.2 Stimulus/ Response Sequences.......................................................................................18
5.1.3 Functional Requirements.................................................................................................18

10
5.2 System Feature ..................................................................................................................19
6. Implementation....................................................................................................................20
7. Output Screens…………………………………………………………………………21-31

SECTION II

APPENDIX
Conclusion.........................................................................................................................32
References …....................................................................................................................32

LIST OF FIGURES

Fig. 1.1 Architecture .......….....................................................................................................14

Fig. 1.2 Use Case Diagrams ....................................................................................................16

Fig. 2.1 Flow Diagram ......…..................................................................................................17

ABBREVIATIONS & ACRONYMS

• SRS - Software Requirement Specification

• JSP - Java Server Pages.

11
Chapter 1

INTRODUCTION

The aim of this document is to explain the functionality of web-based policy visualization
and management system which can be used by the network administrator and security
policy manager to monitor, maintain and manage security policies in an organization. It is
the outcome of rigorous consideration of the requirements of the customer, by the various
groups.
This document will provide a baseline for design of user interfaces, coding & evaluation
of test plans. It will be used as a solid foundation for continued product evaluation.
Security Policies in most of the cases and in many ways are maintained through text files which
is difficult to manage. To manage these security policies, we are designing a graphical (visual)
web-based system which will be beneficial for the network administrator or security policy
manager to maintain and manage security policy in an organization in better and easy way.

OBJECTIVE AND SCOPE:

This product can be used in any organization to implement security policies. Network
Administrator, Security Policy Manager and organizations will be benefited by this web-
based software.

12
Chapter 2
LITERATURE REVIEW

Over the last few decades, remarkable infrastructure growths have been noticed in security-
related issues throughout the world. So, with increased demand for Security, Web based
visualization and security management has become important area for the security. By help of
this we can block web application, show network traffic data, health care of network, data
traffic information. The scopes like prevention, detection, and intervention which have led to
the development of real and consistent security policy system which are capable for add,
delete, update some ports.

https://en.wikipedia.org/wiki/Network_security

http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=6

https://www.nist.gov/itl/applied-cybersecurity/nice/resources/executive-order-13800/reference-list

PROBLEM DEFINITION:

To provide functionality of web-based policy visualization and management system which

can be used by the network administrator and security policy manager to monitor, maintain
and manage security policies in an organization. It is the outcome of rigorous consideration
of the requirements of the customer, by the various groups.

PROPOSED SYSTEM:

This application will include the following information:

We are developing a web-based visualization and management system which can

be used by network administrator and security policy manager to manage security
policy in our organization by which we can add, update, delete port number, view
network traffic, analysis of system health care.
The major features of the system are as follows:
Login: - Only some specific user of an organization have authority to login the web
application.

Dashboard: - The dashboard has Monitor System, Management System and Report.

13
Chapter 3

SOFTWARE REQUIREMENT SPECIFICATION

3.1 External Interface Requirements

This section shall describe the interface requirements for the Web Based Visualization &

Management System for Security Policies. They specify the way the user shall interact with

the system as well as define the necessary hardware interfaces and communication interface

required by the software to store and retrieve data.

The system will be a two-tiered design with a Server Application and Client Applications. The
user will only interact with the system through client applications running on a PC. The general
user interface will be forms with buttons and other familiar human computer interactive tools.
The client application will use this interface, which will interact with the server application (via
http) to retrieve and post necessary data. The server will interact with the csv file to centrally
store all the data for the system.

To store a data and report, we used CSV file. The server application will be implemented in
Java, and make use of JSP, Html, CSS using bootstrap and APACHE (http server) to provide
the interface to the client application.

3.1.1 User Interfaces

The user interface shall follow basic Window style and functionality conventions.

• User Entry Screen – In an organization there are some specific person which have a
authority to login in an web application. Once the information is logged and the submit
button is pressed, a login page will appear. After login, monitoring of corresponding User
will start, until he logout.

14
3.1.2 Hardware Interfaces

Back-end Server Configuration

• Intel core-i3
• 4 GB RAM

Front-end Client Configuration

• Internet Connectivity

• Installed Web Browser

3.1.3 Software Interfaces

Software configuration for back-end Services

• Spring Boot (Spring MVC)

• Apache Tomcat

Software configuration for front-end Services

• Installed Web Browser (Chrome/IE/Firefox).

• Other Client application Software as per requirements.

3.1.4 Communications Interfaces

This section describes all the communication required on all tiers.

• Client on Internet will be using HTTP/HTTPS protocol.

• All data transferred between the server and the individual computers shall use the
TCP/IP networking protocol. This network is accessible from the internet.

3.2 System Features

This application will include the following functionalities:

3.1.1 Response Sequences:

15
 The following are response sequences after the User clicks on the Login button
in Home page.

3.1.3 Login:
The organization specific User who login successfully will be having a mail id
and password. He needs to enter the user mail id and password; on successful validation
he will be redirected to another webpage.

3.1.4 Management of Security Policy (View/Add/Delete/Modify):

After the successful login, User can find or Search for network Information, he
will be provided data like to add, delete, update the security rules.

3.1.5 Listing of Traffic and Events

Showing traffic and events through pie chart and line graph.

3.3 Other Non-functional Requirements

3.3.1 Performance Requirements

• Web pages should be loaded within seconds.

• The system needs to be reliable.
• If unable to process the request then appropriate error message.
•
3.3.2 Safety Requirements

• The details need to be maintained properly.

• Users must be authenticated.
• The database must be kept backed up.
•

3.3.3 Security Requirements

• After entering the user id and password the user can access his profile.
• The details of the user must be safe and secure.

16
3.3.4 Software Quality Attributes

• Correct information must be entered into the system to prevent mismanaged conflicts
to occur.
• Periodic monitoring of the system must be done.

17
Chapter 4

ARCHITECTURE

4.1 SYSTEM ARCHITECTURE:

The Web based Visualization and Management System is a system which consists of major
part as Admin Module. We have made a dashboard for the above-mentioned modules. We have
user friendly architecture i.e. all the pages are tightly coupled so we are dependent on one
module to another module.

Web Based Visualization and

Management System

Admin

Fig 4.1 Basic Architecture Diagram

18
4.2 SPECIFIC REQUIREMENTS:

4.2.1 USE CASE REPORT

Use-Case: Login into the application.

Goal in Context: Gain access to the application.

Brief Description: This use case describes the interactivity between the actor and the
functionality of the application. How it works, how they are inter-related to each other.

Preconditions: There is no Precondition.

19
Basic Flow: In this application first user login into the System. Then Login user have all access
of the network details. And monitor both the network history and information.

Alternative Flow: The entity enters invalid registration and password then they will not be
allowed to enter the website.

Post Conditions: The website state is unchanged by this use-case.

Fig 4.3: Activity Diagram for User

20
Chapter 5

SYSTEM DESIGN

This application offers the following operations:

• The User who visits website have an option to login the web application.
• User Login by providing his details such as username, password.

• User who registers successfully will be having a mail id and password. He needs to

• enter the username id and password, on successful validation he will be redirected to

another webpage.

5.1 SYSTEM FEATURE

5.1.1 DESCRIPTION & PRIORITY

The system offers access to internet at user level and access to admin resources only by
validating the user with unique username and password.

5.1.2 STIMULUS/RESPONSE SEQUENCES

The response for the different classes of users are:

1) User- Login: User login the application and he can block/unblock ip ports and some
website, check System health, manage events and traffics and much more.
5.1.3 FUNCTIONAL REQUIREMENTS

• Login: Every time when User open system for work he/she have to login in the
application

Client/server system:

21
The term client/server refers primarily to an architecture or logical division of
responsibilities, the client is the application (also known as the front-end), A client/server
system is a distributed system in which,
• Some sites are client sites and others are server sites.
• All the data resides at the server sites.
• All applications execute at the client sites.

5.2 SYSTEM FEATURE

• It is a specific-user application.
• One of the features would be its user-friendly GUI (Graphical User Interface).
• It might have many useful application and features in the future.

22
Architecture Diagram: -

23
24
25
26
27
28
APPENDIX

CONCLUSION

Security Policies in most of the cases and in many ways are maintained through
text files which is difficult to manage. To manage these security policies, we are
designing a graphical (visual) web-based system which will be beneficial for the
network administrator or security policy manager to maintain and manage
security policy in an organization in better and easy way.

REFERENCES

• https://ieeexplore.ieee.org/document/278253
• https://www.javatpoint.com/java-tutorial
• https://www.javatpoint.com/jsp-tutorial

29