Run a Firewall Simulation

Question

Run a Firewall Simulation   
Follow the instructions below. In a Word document, answer the questions asked along the way. Questions that should be answered are written in italics text. There is no need to structure your paper as an essay (i.e., do not write an introduction or conclusion or arrange your responses in a narrative).
 Download the firewall visualization tool from the course resources. Unzip the file.
  
Start the firewall visualization tool by double-clicking on “Firewall Visualization Tool.jar.” Note this tool requires Java to be installed on your computer. The home screen of the tool looks like this:
  

  
Choose “no firewall” and click next. On the resulting screen, click the button to continue.
  

  
Note that the traffic flows from both the cloud and Internet to the client machines. By default, there is no malicious traffic flowing to the machines.
 Click on the “OS Exploits” option. Eventually, you will see a similar red-colored bug flow from the Internet into the local area network and land on a machine, infecting the machine. Once a machine is infected, it is marked as such with the “international no” emblem.
  Now you will configure a firewall to prevent such infections.
  Start a new session by clicking “File | New” in the upper window of the tool. This time, choose the “perimeter firewall” option. The window that comes up will look like this:
  

  
You now have a firewall between the Internet (represented by a cloud) and your network router. Click the play button and watch what happens. Do you see traffic flowing from the Internet into your system or from your network to the Internet? Explain why or why not.
  Add some active attacks by clicking on several different options. Are these attacks able to get to your network? Do you feel your system is secure? What’s wrong with this scenario?
  Configure your firewall to allow traffic to flow in and out of your network. Do this by choosing the “options” tab at the top of the tool and define firewall rules. You should see a screen similar to the one below:
  

  
Name your firewall rule (typically with a name that focuses on a given subject or attack). The “Source IP” option and port refer to how you want the firewall to recognize a given source IP/port combination and respond. The “Destination IP” is similar but focuses on a destination rule. The goal of any good firewall configuration is to identify legitimate traffic while restricting malicious traffic. Try setting the following firewall rule:
  

  • Rule Name: DNS Rule
 • Source IP: DNS, Source Port: 53
 • Destination IP: Any, Destination port *
 • Protocol: Any.
  
Click “Save Rule.” You should now see the rule in your Active Rules box. Click “close” and you should be back to your Network Firewall Visualization Tool window.
 Click the play button and watch what happens. You may need to move the speed bar to the right for a higher rate of traffic. What traffic now flows through the firewall?
 Add some active attacks and watch if they flow through the firewall. Would you claim your rule is now sufficient to allow traffic to flow for a typical network? Why or why not? Do any of the active attacks now work against machines behind the firewall?
  Come up with a series of rules that seem to protect the network from all attacks. Be sure to watch the legitimate traffic denied and malicious traffic permitted in the lower right hand portion of the screen. That should tell you how well your rules are working. How many rules did you have to write to secure your network? Were you able to completely secure the network? What types of rules did you create?
  Choose “File | New” to restart the program and click “load from file” button. Point the program to the “Firewall Workstation Data File.dat” file.
 This scenario was configured so that workstations can pass through firewall2 and gain access to the database. Firewall1 has an “allow all traffic” rule set so all information is passed through to the network and from the network to the servers. Write rules to prevent active attacks from passing through firewall1 and attacking the database. Which active attacks are you able to prevent by restricting access on the firewall?
  Think back to your reading on malicious software attacks and distributed denial of service attacks. Why do you think that these types of attacks are not able to be prevented through the firewall? How might you prevent these attacks from taking place?
  Close the firewall simulation tool and write up your responses to the questions above in italics.

  Length: 3-5 pages, not including title and reference pages

MrJms · Answer

Firewall Simulation Exercise
  
You now have a firewall between the Internet (represented by a cloud) and your network router. Click the play button and watch what happens. Explain why or why not.
  
Although the system sends traffic to the internet and the internet sends traffic to the system, the traffic flow stops as it approaches the firewall.  The process ends with the traffic being indicated the Firewall Log as Legitimate Traffic Denied. This is because the firewall acts as the gatekeeper as traffic flows in and out of the system. 
  
 
  
Add some active attacks by clicking on several different options. Are these attacks able to get to your network? Do you feel your system is secure?  What’s wrong with this scenario?
  
Upon activation of attacks, the flow described above remains the same. Since all traffic, regardless of its legitimacy, are stopped by the firewall, the attacks were not able to get to the network. At first glance, this appears to be a very good countermeasure to avoid attacks and seems like the system is very secure. However, upon closer look, it can be observed that as much as the firewall blocks malicious traffic, it also prohibits legitimate traffic to go through. Ideally, firewall should only forbid entry for malicious traffic and permit legitimate traffic to flow through the network. Moreover, it must be noted that there are passive attacks, which cannot be easily determined in such a simple simulation.
  
 
  
Try setting the following firewall rule: • Rule Name: DNS Rule • Source IP: DNS, Source Port: 53 • Destination IP: Any, Destination port * • Protocol: Any. Click “Save Rule.” What traffic now flows through the firewall? 
  
Based on observation, the traffic flow remain generally the same. All traffic are stopped by the firewall whether going out of the system to the cloud or going in the system from the cloud. Legitimacy of the traffic still does not matter given that even legitimate traffic cannot get in and out of the system as the firewall blocks all traffic. 
  
 
  
Add some active attacks and watch if they flow through the firewall. Would you claim your rule is now sufficient to allow traffic to flow for a typical network? Why or why not?  Do any of the active attacks now work against machines behind the firewall?
  
            As much as traffic flows smoothly within the system, the outbound and inbound traffic remains restricted like before. In this regard, the traffic flow stays very limited for a typical network. All legitimate traffic that is blocked from either way (inbound from the cloud or outbound from the system) become logged as Legitimate Traffic Denied.
  
As for the active attacks, none of the these attacks was able to work against the machines behind the firewall as all traffic flow from the cloud cannot enter the system and as a result, the Firewall Log presents the value 0 in the Malicious Traffic Allowed counter. Again, as explained earlier, there are passive attacks which are unaccounted for in this simulation so it is too early to declare that the network is secure.
  
 
  
How many rules did you have to write to secure your network? Were you able to completely secure the network? What types of rules did you create?
  
I tried creating individual rules for DNS, Database, Email, VOIP, Web, and Chat as Source IPs and then set the Destination IP to “Any.” In a way, it secured the network and made traffic flow within the system. However, the inbound traffic from cloud to the system remains restricted.
  
 
  
Write rules to prevent active attacks from passing through firewall1 and attacking the database. Which active attacks are you able to prevent by restricting access on the firewall?
  
            First, I observed the legitimate traffic flow in the set-up. What I saw was that almost, if not all, traffic from the cloud are all malicious while all the traffic from the workstations are bound for the database. Based on these observations, I deleted the rule All In and All Out to block the entry of all incoming traffic regardless of their legitimacy. Then, I set new rules for Firewall 1 such as Any to DB, which allows traffic from the cloud to database, and DB to Any, which allows traffic from database to the cloud. The result is that Firewall 1 becomes able to fend off OS Exploits, Virus, Trojan, Web Attacks, and Ack Scan not targeted to DB. However, it has failed to block Ack Scan attack that are specifically targeted to database but ultimately, the attack just registered as System Scanned and not a Successful attack.
  
 
  
Think back to your reading on malicious software attacks and distributed denial of service attacks. Why do you think that these types of attacks are not able to be prevented through the firewall? How might you prevent these attacks from taking place?
  
There can be a number of reasons why the firewall can fail to prevent certain types of attacks. For one, the attacks can actually be flooding attacks, which are done in an attempt to overload the network to reach its maximum capacity on its link to the server. Another possible reason is that the attack can be a Distributed Denial of Service attack, which uses the flaw in network coding, in some cases it can be an error in common applications, to have a hold of access.

Category:	Computer Science
Offered Price:	$20.00
Due Date:	17 May 2018, 12:05
Added:	14 May 2018, 12:53
Assigned To:	MrJms

Price:	30.00
Added:	28 May 2018, 05:33
Words:	895 words
Attachments:	1 file
Buyers:	8 buyers

Run a Firewall Simulation

Secure Payment

We let the professionals process your money

Have a similar question?