Transcript Firewalls and VPN

1
NET 536
NETWORK SECURITY
Networks and
Communication
Department
Firewalls and VPN
Firewall



Provides a barrier and/or filter between
networks
Can be configured to block packets
Sometimes called a level 4 switch
VPN

VPN (Virtual Private Network)
 Acts
as a private network connection (inside a
company for example) while running over a more
public internet.

Uses IP Tunneling.
Advantages: Firewall and VPN

Firewalls
Provides protection to network resources by restricting
access based upon information contained in packets
 Common Use: Allows the separation of Intra-nets from the
Internet


VPN
Allows access through firewalls by creating virtual circuits
using tunneling.
 Common Use: Provides secure remote access to an
institution's protected resources

Tunneling

Wraps an IP frame inside another frame of the
same layer.
 An


IP frame inside another IP frame.
The inner packet can be encrypted, which allows
for privacy of the connection.
You may remember IP6 was tested by tunneling
inside IP4 packets.
Disadvantages: VPNs

Tunneling increases the length of IP packets
 May
result in inefficient use of bandwidth, especially
for short packets

Potential performance impact at end routers as
they need to do more work
 Remove

headers, decrypt packet body
Administrative overhead and cost associated with
managing the VPN server
Scenario 1- No Firewall
Scenario 1 - Described

Simulates two sales people working offsite
 Characterized
by light Web Browsing and light
Database access

Connect to a server via the Internet.
Scenario 2- Firewall
Scenario 2- Described

Replaces the simple router previously used to
connect to the server with a firewall
 Configured

to block Database access.
The Sales people can still engage in Web
Browsing
Scenario 3- Firewall with VPN
Scenario 3- Described

Scenario 3 configures a VPN for Sales A
 Sales
A now tunnels through the firewall and can
access the database
 Still allowing web browsing

Sales B is restricted to web browsing with no
database access.
Results

Average Client DB and Client HTTP Traffic for the
three scenarios. Show live.
Exercise1
1)
From the obtained graphs, explain the
effect of the firewall, as well as the
configured VPN, on the database
traffic requested by Sales A and Sales
B.
Answer 1 - Observations
From the captured graphs, it can be observed
that without the firewall both Sales A and Sales B
clients were able to access the database, while
adding the firewall prevented both Sales clients
from accessing it. Configuring the VPN access for
Sales A allowed it to access the database through the
firewall.

Exercise 2
2)Compare the graphs that show the received HTTP
traffic with those that show the received database
traffic.
Answer 2 - Observations
Comparing the graphs of received HTTP and
database traffic for both Sales A and B clients
confirms that both clients receive HTTP traffic in all
scenarios (i.e., the firewall permits HTTP traffic from
both Sales clients). Once the firewall is in place
however, database traffic is only permitted through
the firewall using a VPN.

Exercise 3
3) Generate and analyze the graph(s) that show
the effect of the firewall, as well as the
configured VPN, on the response time (delay)
of the HTTP pages and database queries.
Answer 3- DB Queries


Obviously there is no DB Query response times
for the Firewall without VPN
Firewall with VPN response time is slower due to
overhead from the VPN and additional router.