Firewalls and VPN
Download
Report
Transcript Firewalls and VPN
1
NET 536
NETWORK SECURITY
Networks and
Communication
Department
Firewalls and VPN
Firewall
Provides a barrier and/or filter between
networks
Can be configured to block packets
Sometimes called a level 4 switch
VPN
VPN (Virtual Private Network)
Acts
as a private network connection (inside a
company for example) while running over a more
public internet.
Uses IP Tunneling.
Advantages: Firewall and VPN
Firewalls
Provides protection to network resources by restricting
access based upon information contained in packets
Common Use: Allows the separation of Intra-nets from the
Internet
VPN
Allows access through firewalls by creating virtual circuits
using tunneling.
Common Use: Provides secure remote access to an
institution's protected resources
Tunneling
Wraps an IP frame inside another frame of the
same layer.
An
IP frame inside another IP frame.
The inner packet can be encrypted, which allows
for privacy of the connection.
You may remember IP6 was tested by tunneling
inside IP4 packets.
Disadvantages: VPNs
Tunneling increases the length of IP packets
May
result in inefficient use of bandwidth, especially
for short packets
Potential performance impact at end routers as
they need to do more work
Remove
headers, decrypt packet body
Administrative overhead and cost associated with
managing the VPN server
Scenario 1- No Firewall
Scenario 1 - Described
Simulates two sales people working offsite
Characterized
by light Web Browsing and light
Database access
Connect to a server via the Internet.
Scenario 2- Firewall
Scenario 2- Described
Replaces the simple router previously used to
connect to the server with a firewall
Configured
to block Database access.
The Sales people can still engage in Web
Browsing
Scenario 3- Firewall with VPN
Scenario 3- Described
Scenario 3 configures a VPN for Sales A
Sales
A now tunnels through the firewall and can
access the database
Still allowing web browsing
Sales B is restricted to web browsing with no
database access.
Results
Average Client DB and Client HTTP Traffic for the
three scenarios. Show live.
Exercise1
1)
From the obtained graphs, explain the
effect of the firewall, as well as the
configured VPN, on the database
traffic requested by Sales A and Sales
B.
Answer 1 - Observations
From the captured graphs, it can be observed
that without the firewall both Sales A and Sales B
clients were able to access the database, while
adding the firewall prevented both Sales clients
from accessing it. Configuring the VPN access for
Sales A allowed it to access the database through the
firewall.
Exercise 2
2)Compare the graphs that show the received HTTP
traffic with those that show the received database
traffic.
Answer 2 - Observations
Comparing the graphs of received HTTP and
database traffic for both Sales A and B clients
confirms that both clients receive HTTP traffic in all
scenarios (i.e., the firewall permits HTTP traffic from
both Sales clients). Once the firewall is in place
however, database traffic is only permitted through
the firewall using a VPN.
Exercise 3
3) Generate and analyze the graph(s) that show
the effect of the firewall, as well as the
configured VPN, on the response time (delay)
of the HTTP pages and database queries.
Answer 3- DB Queries
Obviously there is no DB Query response times
for the Firewall without VPN
Firewall with VPN response time is slower due to
overhead from the VPN and additional router.