Network Security and Firewall Technology

With the explosion of the public Internet, corporate networks connected to the Internet, if not adequately secured, are vulnerable to damaging attacks. Hackers, viruses, worms, Trojan horses, and spyware try to invade privacy. This research examines how these threats affect the corporate network and ways to reduce them. MikroTik routerOS was configured as the router to examine these threats. Network Address Translation and packet filtering where the key features configured to make the network hidden for unauthorized users and filter unwanted traffics that might reflect malicious acts. The configuration and test were carried out at Iya Abubakar Computer Center, Ahamdu Bello University, Zaria, Nigeria. At the onset, the targeted network was full of virus, worms, Trojan horses, spyware, and vulnerable to unauthorized users. The signal strength of the network was usually very poor due to the effect from the threats affecting the bandwidth. The firewall was configured to filter out inherently dangerous services, exposing the network to fewer risks. After the research, the performance and efficiency of the network was improved tremendously.

Download Full-text

NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network

Electronics ◽

10.3390/electronics9091510 ◽

2020 ◽

Vol 9 (9) ◽

pp. 1510 ◽

Cited By ~ 1

Author(s):

Prakash Veeraraghavan ◽

Dalal Hanna ◽

Eric Pardede

Keyword(s):

Internet Protocol ◽

The Internet ◽

Network Address Translation ◽

Ip Address ◽

Address Translation ◽

Corporate Network ◽

Ip Spoofing ◽

Simulation Results ◽

Ip Packet

The Internet Protocol (IP) version 4 (IPv4) has several known vulnerabilities. One of the important vulnerabilities is that the protocol does not validate the correctness of the source address carried in an IP packet. Users with malicious intentions may take advantage of this vulnerability and launch various attacks against a target host or a network. These attacks are popularly known as IP Address Spoofing attacks. One of the classical IP-spoofing attacks that cost several million dollars worldwide is the DNS-amplification attack. Currently, the availability of solutions is limited, proprietary, expensive, and requires expertise. The Internet is subjected to several other forms of amplification attacks happening every day. Even though IP-Spoofing is one of the well-researched areas since 2005, there is no holistic solution available to solve this problem from the gross-root. Also, every solution assumes that the attackers are always from outside networks. In this paper, we provide an efficient and scalable solution to solve the IP-Spoofing problem that arises from malicious or compromised inside hosts. We use a modified form of Network Address Translation (NAT) to build our solution framework. We call our framework as NAT++. The proposed infrastructure is robust, crypto-free, and easy to implement. Our simulation results have shown that the proposed NAT++ infrastructure does not consume more than the resources required by a simple NAT.

Download Full-text

Performance Analysis for Wireless Networks: An Analytical Approach by Multifarious Sym Teredo

The Scientific World JOURNAL ◽

10.1155/2014/304914 ◽

2014 ◽

Vol 2014 ◽

pp. 1-8 ◽

Cited By ~ 1

Author(s):

D. Shalini Punithavathani ◽

Sheryl Radley

Keyword(s):

Wireless Networks ◽

Performance Analysis ◽

Analytical Approach ◽

The Internet ◽

Network Address Translation ◽

Backward Compatibility ◽

Address Translation ◽

Ipv6 Transition ◽

The World ◽

Dual Stack

IPv4-IPv6 transition rolls out numerous challenges to the world of Internet as the Internet is drifting from IPv4 to IPv6. IETF recommends few transition techniques which includes dual stack and translation and tunneling. By means of tunneling the IPv6 packets over IPv4 UDP, Teredo maintains IPv4/IPv6 dual stack node in isolated IPv4 networks behindhand network address translation (NAT). However, the proposed tunneling protocol works with the symmetric and asymmetric NATs. In order to make a Teredo support several symmetric NATs along with several asymmetric NATs, we propose multifarious Sym Teredo (MTS), which is an extension of Teredo with a capability of navigating through several symmetric NATs. The work preserves the Teredo architecture and also offers a backward compatibility with the original Teredo protocol.

Download Full-text

Novel Value Added Services Generated from Corporate Network Data

Advanced Science Letters ◽

10.1166/asl.2015.5922 ◽

2015 ◽

Vol 21 (4) ◽

pp. 648-651

Author(s):

Lukas Tanutama ◽

Gerrard Polla ◽

Raymond Kosala ◽

Richard Kumaradjaja

Keyword(s):

Service Provider ◽

Service Providers ◽

Core Competencies ◽

Value Added ◽

Business Environment ◽

The Internet ◽

Network Data ◽

Corporate Networks ◽

Corporate Network ◽

Close Relationship

The competitive nature of Internet access service business drives Service Providers to find innovative revenue generators within their core competencies. Internet connection is the essential infrastructure in the current business environment. Service Providers provide the Internet connections to corporate networks. It processes network data to enable the Internet business communications and transactions. Mining the network data of a particular corporate network resulted in its business traffic profile or characteristics. Based on the discovered characteristics, this research proposes novel generic Value Added Services (VAS). The VAS becomes the innovative and competitive revenue generators. The VAS is competitive as only the Service Provider and its customer know the traffic profile. The knowledge becomes the barrier of entry for competitors. To offer the VAS, a Service Provider must build close relationship with its customer for acceptance.

Download Full-text

Domain Name System during the Transition from IPv4 to IPv6

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.687-691.1912 ◽

2014 ◽

Vol 687-691 ◽

pp. 1912-1915

Author(s):

Hong Cheng Tian ◽

Hong Wang ◽

Jin Kui Ma

Keyword(s):

Transition Period ◽

Functional Unit ◽

Transition Phase ◽

The Internet ◽

Domain Name System ◽

Domain Name ◽

Network Address Translation ◽

Address Translation ◽

Operating Process ◽

Long Time

IPv4 and IPv6 will coexist for a long time, due to ISPes’ inertia in the transition from IPv4 to IPv6. Domain Name System (DNS) is a very important functional unit in the Internet. This paper describres the hierarchy and operating process of IPv6 DNS, IPv6 DNS resolver, and presents the DNS transition from IPv4 to IPv6 in particular. We suggest two methods to implement DNS service during the transition period: DNS-Application Level Gateway (DNS-ALG) with Network Address Translation-Protocol Translation (NAT-PT), and dual stacks. And we also propose their respective operational principles. This paper is of valuable reference for network engineers to construct DNS in the transition phase.

Download Full-text

SCADA vs. the Hackers

Mechanical Engineering ◽

10.1115/1.2002-dec-3 ◽

2002 ◽

Vol 124 (12) ◽

pp. 37-40 ◽

Cited By ~ 4

Author(s):

Alan S. Brown

Keyword(s):

Power Grid ◽

The Internet ◽

Cyber Attack ◽

Industrial Control ◽

Wireless System ◽

Industrial Control Systems ◽

Encrypted Data ◽

Corporate Networks ◽

The Public ◽

The Us

This article focuses on United States’ power grid vulnerability to cyber attack. None of the industrial control systems used to monitor and operate the nation's utilities and factories were designed with security in mind. Moreover, their very nature makes them difficult to secure. Linking them to networks and the public Internet only makes them harder to protect. The Internet made it easy. Instead of installing expensive private telecommunications links, companies let the Internet carry SCADA messages. Encryption may prevent a remote attack on data, but also may leave utilities vulnerable to attacks over corporate networks that are often linked to facilities. Someone on the inside may be able to unscramble encrypted data. Similarly, drive-by hackers will still be able to take advantage of security flaws in a wireless system to sneak into a plant network behind any encryption device. Stronger IT policies and encryption are good first steps. But the US power grid—and the entire nation’s utility and industrial infrastructure—remain vulnerable to cyberattack from terrorists and angry employees.

Download Full-text

Methods for Applying of Scheme of Packet Filtering Rules

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i8206.0981119 ◽

2019 ◽

Vol 8 (11) ◽

pp. 1014-1019

Keyword(s):

Information Resources ◽

System Management ◽

Network System ◽

Web Content ◽

Security Threat ◽

Related Event ◽

Packet Filtering ◽

Corporate Networks ◽

Corporate Network ◽

The Web

This article is devoted to research methods for applying of scheme of packet filtering rules. The scheme of the Firewall is developed on corporate network to allow protect the network system from information security threat. Use of Firewall in different mode of protection in the corporate networks is given which is accessed to segment information resources under the administrator's rules. Filtering packets rule is worked out according to the state of the virtual connection that the process moving of packets is determined by flags and sequence numbers of head IP addresses. The system logging log is designed to record a message about events that involve firewall operating system management activities and events that are fraught with an intersection-related event log. Consequently, the offered rules of packet filtering protected the network traffic from unwanted action. Furthermore, the rules of packet filtering is formed, allowing to observe and management access to resource users on the Web content.

Download Full-text

Network Address Translation: Extending the Internet Address Space

IEEE Internet Computing ◽

10.1109/mic.2010.96 ◽

2010 ◽

Vol 14 (4) ◽

pp. 66-70 ◽

Cited By ~ 13

Author(s):

Dan Wing

Keyword(s):

The Internet ◽

Address Space ◽

Network Address Translation ◽

Internet Address ◽

Address Translation

Download Full-text

QoS Provisioning Framework in IP-Based VPN

Encyclopedia of Networked and Virtual Organizations ◽

10.4018/978-1-59904-885-7.ch173 ◽

2010 ◽

pp. 1317-1324 ◽

Cited By ~ 5

Author(s):

Mirjana D. Stojanovic ◽

Vladanka S. Acimovic-Raspopovic

Keyword(s):

Virtual Private Network ◽

Network Services ◽

The Internet ◽

Qos Provisioning ◽

Corporate Networks ◽

Wide Range ◽

Corporate Network ◽

Promising Solution ◽

Private Network ◽

Network Technologies

A virtual private network (VPN) can be broadly defined as a “restricted communication between a set of sites, making use of a backbone that is shared with other traffic not belonging to that communication” (Carugi & De Clercq, 2004, p.116). Since the late nineties, with pervasive deployment of the Internet protocol (IP) technology in corporate networks, IP-based VPNs, in several forms and based on different network technologies, have become a promising solution for a wide range of corporate network services.

Download Full-text

QoS Provisioning Framework in IP-Based VPN

Networking and Telecommunications ◽

10.4018/978-1-60566-986-1.ch044 ◽

2010 ◽

pp. 706-715

Author(s):

Mirjana D. Stojanovic ◽

Vladanka S. Acimovic-Raspopovic

Keyword(s):

Virtual Private Network ◽

Network Services ◽

The Internet ◽

Qos Provisioning ◽

Corporate Networks ◽

Wide Range ◽

Corporate Network ◽

Promising Solution ◽

Private Network ◽

Network Technologies

Download Full-text

Implementation of Network Address Translation Using TCP/IP Model In Internet Communication System

International Journal of Scientific Research in Science Engineering and Technology ◽

10.32628/ijsrset207385 ◽

2020 ◽

pp. 447-453

Author(s):

Ei Ei khaing ◽

Mya Thet Khaing ◽

Akari Myint Soe ◽

Shwe Sin Myat Than

Keyword(s):

Resource Sharing ◽

Transmission Control Protocol ◽

Internet Protocol ◽

Data Communication ◽

Basic Unit ◽

The Internet ◽

Internet Communication ◽

Network Address Translation ◽

Traffic Routing ◽

Address Translation

Nowadays, many people will be used internet that for their work, communication, education, economic and organization necessary that is used today. Network address translation (NAT) is a method of remapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. A network is a system of hardware and software, put together for the purpose of communication and resource sharing. A network includes transmission hardware devise to interconnect transmission media and to control transmissions and software to decode and format data. The Internet protocol suite is the computer networking model and set of communications protocols used on the Internet and similar computer networks. Knowledge on how the internet is able to communicate with internet users is a mystery to some people. Internet communication need to be TCP/IP protocol which means that TCP is Transmission Control Protocol, or what is sometimes simply used to refer to Internet Protocol, is the basic unit for communication on the internet. This can also be applied to private internet, like Ethernet and so on. Despite TCP and IP being used interchangeably, there is a slight difference between the two in relation to the roles they play IP is directly responsible for obtaining internet addresses and then it is the work of TCP to deliver the data obtained to the addresses achieved by IP. TCP/IP provides end-to-end connectivity specifying how data should be packetized, addressed, transmitted, routed and received at the destination. This paper aim is described operation and models of TCP-IP suite in data communication network.

Download Full-text