Abstract
Network security has become one of the most important interesting areas for researches. Protecting the network can be done by many mechanisms. Among the most effective one is the network firewall. While the firewall protecting the network from the external intruding, it does upward nothing about the internal intruding. Internal intruding or Inside attacks can lead to a big loosing. One of these attacks is attaching an unauthorized host to the network to get benefits of using the network resources provided by the server (like Internet service) or to leak information into the outside. To solve this problem, this paper suggested that two new programs have to be built under windows operating system in a client server model, one at the client and another at the server. The first supplies an authenticated unique host-ID to each packet destined to leave the network, while the latter verifies these information, allowing the authenticated packet to pass into its destined while dropping and documenting the unauthorized one. This work is considered as a logical extension of the conventional network firewall and can be installed with any of these firewalls. While the conventional firewall is protecting against outside attacks, this work is protecting against one of these inside attacks.
Highlights
According to the annual CSI/FBI, Computer Crime and Security Survey, the number of successful attacks from the inside is roughly equal to numbers from the outside
The Getting Host-ID algorithm is as follow: Step-1- Setup the Component Object Model in the Windows Management Instrumentation (WMI) consumer Step-2- Set the system security context into process-wide in the consumer Step-3- Define a Iwbemlocator object used to access the WMI service Step-4- Get the interface handle to the Iwbemlocator
This paper proposes the use of cache of Host-ID at the server: Caching Framework When the incoming packet is deciphered and authorized by the UMAC method, the HostID is read from the packet and search it in the HostID cache
Summary
According to the annual CSI/FBI, Computer Crime and Security Survey, the number of successful attacks from the inside is roughly equal to numbers from the outside. The conventional firewall can distinguish the source of the packets by reading both fields: source Media Access Control (MAC) address and source IP address This is not always true, according to two reasons, first: Dynamic Host Configuration Protocol (DHCP) is a protocol, which enables a host to obtain an IP-address dynamically from a DHCP-server upon boot time. The internal adversary can change the values of these two fields (including the MAC address) of his packets or frames into the corresponding fields of an authorized host To solve this problem, we need to manage an enumeration of all protected hosts behind the firewall, and initialize each host with its unique ID. The process of finding and adding these information to each packet and verifying of these information requires many changes to the operating systems of all hosts (clients and server), on the protected network, that need to communicate through the firewall. The Client/Server model has become one of the central
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: AL-Rafidain Journal of Computer Sciences and Mathematics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
