CS 3326: Networks Security

Spring 2017

Project II Description
Assigned: March 25, 2017 Due: April 8, 2017

Firewall Visualization Tool

Introduction

This case study is designed so that it will engage you in the process of active learning, help
you relate classroom learning to real-life experiences and increase your interest and
motivation in learning networks security.

To achieve the most of out it, you need to read all the sections carefully and attempt the case
study one task at a time. The learning process develops sequentially; therefore there is no
point of jumping between tasks or attempting to resolve later tasks before fully completing
the earlier ones.

Case Study

1. Case Learning Objectives

Explain why it is important to configure firewall effectively

Learn how to setup firewall rules to satisfy organization policies.
Update firewall rules when network architecture is changed.
Distinguish the different roles of external firewall and internal firewall.

2. Case Description

This case study relies mainly on a firewall visualization tool that was developed by a group
of students under the supervision of professors working in the United States Air Force
Academy. In this case study, you will be using this visualization tool to solve a set of
problems that will examine your understanding of the functionalities of firewalls and how to
set firewall rules and the different threats that firewalls can detect and prevent. The problems
will test your ability to analyze and critique different situations. Attached with this case study
document, the paper published regarding this tool. It will be very beneficial for your group to
read over this paper to understand the idea behind why this tool could be a very useful
practice for you throughout this course work.
 The tool, which is an executable file, is also attached along with this file. There is also a
.dat file that you will use later in solving one of the problems.

3. Tool Setup and Problems Set

SETUP:

1. Start the Firewall program.You should see a screen similar to the one below:

Choose no firewall and click next. The following screen will appear:
 Click the Run button. Note that the traffic flows both from the cloud or internet
to the client machines. By default, there is no malicious traffic flowing to the machines. Click on
the OS Exploit option. Eventually, youll see a similar red colored bug flow from the internet
into the local area network and land on a machine, infecting the machine. Once a machine is

infected, it is marked as such with the international No emblem or . Lets see how
configuring a firewall will help prevent such infections.

FIREWALL Configuration

1. Start a new session by clicking File -> New in the upper window of the tool. This time,
choose the Parameter firewall. The window that comes up will look like this:
 You now have a firewall between the internet (represented by a cloud) and your network
router. Click the play button and watch what happens. Do you see traffic flowing from
the internet into your system or from your network to the internet? Explain why or
why not.

2. Add some active attacks by clicking on several different options. Are these attacks
able to get to your network? Do you feel your system is secure? Whats wrong with
this scenario?

3. Configure your firewall to allow traffic to flow in and out of your network. Do this by
choosing the options tab at the top of the tool and define firewall rules. You should see
a screen similar to the one below:
 Name your firewall rule (typically with a name that focuses on a given subject or attack).
The Source IP option and port refer to how you want the firewall to recognize a given
source IP/Port combination and respond. The Destination is similar but focusing on a
destination rule. The goal of any good firewall configuration is to identify legitimate
traffic while restricting malicious traffic. Try setting the following firewall rule:

Rule Name: DNS Rule

Source IP: DNS, Source Port: 53
Destination IP: Any, Destination port *
Protocol: Any.

Click Save Rule. You should now see the rule in your Active Rules box. Click close
and you should be back to your Network Firewall Visualization Tool window. Click the
play button and watch what happens. You may need to move the speed bar to the right for
a higher speed of traffic. What traffic now flows through the firewall? Add some
active attacks and watch if they flow through the firewall. Would you claim your rule is
now sufficient to allow traffic to flow for a typical network? Why or why not? Do
any of the active attacks now work against machines behind the firewall?

4. Come up with a series of rules which seems to protect the network from all attacks. Be
sure to watch the legitimate traffic denied and malicious traffic permitted in the lower
right hand portion of the screen. That should tell you how well your rules are working.
How many rules did you have to write to secure your network? Were you able to
completely secure the network? What types of rules did you create?
 5. Choose File -> new to restart the program and click load from file button, pointing the
program to the .dat file provided with this case study.

This scenario was configured so that workstations can pass through firewall2 and gain
access to the database. Firewall1 has an allow all traffic rule set so all information is
passed through to the network and from the network to the servers. Write rules to prevent
active attacks from passing through firewall 1 and attacking the database. Which active
attacks are you able to prevent by restricting access on the firewall?

Think back to the malicious software attacks and distributed denial of service attacks.
Why do you think that these types of attacks are not able to be prevented through
the firewall? How might you prevent these attacks from taking place?

Project Requirements

Task1: Acquire the necessary background knowledge

In order to start working on this case study, you need to acquire the necessary background
knowledge. This case study requires knowledge of two main topics:
a- Networking and IP addressing, refer to [2]
b- Firewalls
c- Active attacks (OS Exploits, Viruses, Trojans ..etc)

For each topic, you will need to research books from the campus library and online resources
besides the few resources that will be provided along with this case study to gain the needed
knowledge to proceed with the case study. It is very important that you gain good
understanding of how IP addressing and ports are defined in a LAN, and the TCP/IP protocol
stack, as well as the different techniques used for packets routing on a network. A good
understanding of firewall configurations is also needed.

See the attached documents along with this file for few references on some of these topics.
Also check the references section for more pointers.

Make sure that you give yourself the enough time to research these topics and study them
well before you proceed to task 2.
 Task2: Discussion questions

Start navigating into the visualization tool. The tool has a help menu item that has a detailed
explanation of all the functionalities provided in the tool and how to use them. For this task,
you only need to answer discussion questions 1 through 5. All your answers need to be
clearly stated, explained and justified.

Deliverables

Each group needs to deliver a report including the following sections:

Section 1: Background knowledge. In this section you need to summarize the
knowledge you have gained from your readings and research in the networking,
firewalls and active attacks topics. Your writeup should be in your own words of
understanding (i.e. do not copy and paste the contents from your references). This
section should be somewhere between 7 to 9 pages. Be precise and skip unnecessary
details. Whenever possible use diagrams, comparison tables or illustrative figures to
summarize the knowledge base you acquired.
Section 2: Answers to discussion questions 1 to 5. All your answers need to be
comprehensive, add screenshots and explanations to your configurations and to the
conclusions.
Section 3: References. If any of the requirements in Section 1 were gleaned from
existing books, papers, articles, or products, your sources should be cited. Citations
from any wiki websites will not be accepted as valid citations.

Submit any configuration files that you had to setup while running the test cases.

Extra Credit

You have the opportunity to earn up to 5% extra credit. Should you happen to complete the
required portions of the case study early, consider adding in extra ideas or extensions in
exchange for a few extra points (and a more interesting case study). So brainstorm as a group
and see what you come up with! Be creative and think out of the box! If you opt to do any
extra credit, be sure to include a brief description of it when you submit the final report.

Submissions instructions

Each group needs to submit their deliverables in the specified blackboard submission
directory AND print out a copy of the report and hand it to me by the due date. Late
submissions will not be accepted! In addition, each student in your group should send an
email to (iskanderm@uhd.edu) that indicates his or her assessment of each group member's
 contribution to this phase of the project (e.g., Bill did 40% of the work, and Mary did 60% of
the work).

References

[1] Tutorial on Cisco Firewall Rule Format (Included in the directory)

[2] William Stallings, Computer Networking with Internet Protocols and Technology, 1st
edition, recommended chapter 2.