Firewall Configuration Research Articles

Analisis Kerentanan Keamanan Website Menggunakan Metode PTES (Penetration Testing Execution And Standart)

With rapid advances in Information Technology (IT), the need for an IT-based learning framework and mechanism has become an unavoidable necessity. This requires solid security in a system, using the Penetration Testing Execution and Standard (PTES) method. This research method is quantitative and descriptive, used to illuminate website security and provide input for improvement. The research involved Tenable Nessus Professional tools that emit vulnerabilities, such as Browseable Web Directory and Potentially Clickjacking Web. The PTES stages covered include Planning, Data Collection, Scanning, Access Rights, Security, and Web Application Firewall (WAF) configuration. The hope is that this method will provide an in-depth understanding of potential threats and vulnerabilities in government information systems, as well as present solutions. The research results are expected to provide education and insight into website security. This allows related parties to take preventive and corrective steps, improve security, and protect the integrity and confidentiality of data entities. As a result, information systems are expected to be more secure and resistant to potential cyber threats.

Cyber Security Portal for Effective Management of Servers and Firewalls

The project is an innovative endeavour that tackles the difficulties associated with overseeing heterogeneous servers inside the digital ecosystem. It suggests the creation of a single, centralized interface for the real-time monitoring and management of firewall configurations, security, and server health on diverse platforms. With an all-inclusive platform, administrators may take proactive measures against new threats by integrating firewall settings seamlessly, detecting security risks, streamlining server management, and providing administrators with actionable intelligence.Beyond traditional server management, the proposed system offers a centralized hub for effective, safe, and straightforward administrative server management in multi-server environments. It increases the overall effectiveness of server administration by reducing difficulties with server management and establishing the groundwork for a strong and resilient digital infrastructure that can adjust to changing cyber security threats

Security of remote iot system management by integrating firewall configuration into tunneled traffic

Security of remote iot system management by integrating firewall configuration into tunneled traffic

Implementasi Perangkat Next Generation Firewall untuk Melindungi Aplikasi dari Serangan Malware

Based on the rapid development of technology, which has positive and negative impacts, one of the negative impacts is data leakage, called cybercrime. This is very dangerous and causes huge losses. In addition, the most commonly found cybercrimes are malware threats, phishing, DDoS, and others. In this study, the implementation of the Paloalto firewall is carried out by configuring the firewall, as is the attack testing stage using malware such as Eicar, ransomware, Trojans, Dos, and web filtering. The results of this test aim to prevent the risk of data loss, material loss, and the paralysis of public services. And to be efficient and effective in scanning for a variety of attacks without affecting network performance. The implications of the results found are expected to solve the problem at hand perfectly. NGFW performs prevention by blocking access to malware that enters its network traffic. This research also implements NGFW, where firewall configuration is carried out, namely by creating a rule policy on the firewall. In this study, an evaluation of network performance was carried out after the implementation of NGFW and firewall configuration. The results show that the use of NGFW and rule policies on firewalls can improve network security efficiently and effectively. It is hoped that these results can overcome the paralysis of public services due to malware attacks and improve network performance.

Communication Safety of Cybernetic Systems in a Smart Factory Environment

The aim of this contribution is to propose the architecture for a layered design of the production system. This proposal uses the IEC 62443 norm, including the Defense-in-Depth strategy and proven technical principles applicable in a Smart Factory with a focus on communication security. Firstly, the identification of communication forms and trends in the Smart Factory environment was identified considering the spectrum of communication protocols used within various types of automation structures used in modern production facilities. The next part of the work deals with the definition of wired and wireless forms of data transfers in production systems including their advantages and disadvantages from the view of cybernetic safety and threads in communication systems, together with the description of norms from the field of security of communication systems applicable in the industrial environment. The core of this work is the proposal of the methodology to secure the Smart Factory production system in the Industry 4.0 environment. The proposal defines important implementation steps together with a summarization of the generally applicable basic principles suitable for the process of securing a Cyber production system or Smart Factory in an industrial environment, including the example of an Iptables firewall configuration within the OPC UA communication protocol and the real example of a Smart Factory production system segmentation.

DNS Tunnelling, Exfiltration and Detection over Cloud Environments

The domain name system (DNS) protocol is fundamental to the operation of the internet, however, in recent years various methodologies have been developed that enable DNS attacks on organisations. In the last few years, the increased use of cloud services by organisations has created further security challenges as cyber criminals use numerous methodologies to exploit cloud services, configurations and the DNS protocol. In this paper, two different DNS tunnelling methods, Iodine and DNScat, have been conducted in the cloud environment (Google and AWS) and positive results of exfiltration have been achieved under different firewall configurations. Detection of malicious use of DNS protocol can be a challenge for organisations with limited cybersecurity support and expertise. In this study, various DNS tunnelling detection techniques were utilised in a cloud environment to create an effective monitoring system with a reliable detection rate, low implementation cost, and ease of use for organisations with limited detection capabilities. The Elastic stack (an open-source framework) was used to configure a DNS monitoring system and to analyse the collected DNS logs. Furthermore, payload and traffic analysis techniques were implemented to identify different tunnelling methods. This cloud-based monitoring system offers various detection techniques that can be used for monitoring DNS activities of any network especially accessible to small organisations. Moreover, the Elastic stack is open-source and it has no limitation with regards to the data that can be uploaded daily.

Automated Firewall Configuration in Virtual Networks

The configuration of security functions in computer networks is still typically performed manually, which likely leads to security breaches and long re-configuration times. This problem is exacerbated for modern networks based on network virtualization, because their complexity and dynamics make a correct manual configuration practically unfeasible. This article focuses on packet filters, i.e., the most common firewall technology used in computer networks, and it proposes a new methodology to automatically define the allocation scheme and configuration of packet filters in the logical topology of a virtual network. The proposed method is based on solving a carefully designed partial weighted Maximum Satisfiability Modulo Theories problem by means of a state-of-the-art solver. This approach formally guarantees the correctness of the solution, i.e., that all security requirements are satisfied, and it minimizes the number of needed firewalls and firewall rules. This methodology is extensively evaluated using different metrics and tests on both synthetic and real use cases, and compared to the state-of-the-art solutions, showing its superiority.

When ransomware strikes, what's your recovery plan?

Preventing a ransomware attack requires a tiered approach utilising a defence-in-depth methodology. This incorporates user training, email filtering, virus detection, firewall configuration, edge security and activity monitoring, combined with an array of additional techniques where budget, resources and expertise allow.

Developing Application in Anticipating DDoS Attacks on Server Computer Machines

The use of server computer machines in companies is primarily a web hosting server that is very easy to experience threats, especially external security threats such as attempts to infiltrate, hacking, viruses, and other malicious attacks. Having a secure server is indispensable for working online and especially if involved in business-related network transactions. The Server's realization to be safe from threats is to protect the server machine's security on the hardware and software side and pay attention to network security that goes to the server machine. Generally, firewall applications on router devices have configuration limitations in securing the network, namely non-integrated applications. In other words, it is necessary to manage the perfect firewall configuration to anticipate Distributed Daniel attacks of Service (DDoS) attacks. Therefore, this study aims to integrate existing firewall applications for router devices into an integrated program to secure the network. The methodology used is the Network Development Life Cycle (NDLC). The research results on this developed application program can overcome DDoS attacks without setting up a firewall on the router device and can automatically monitor DDoS attack activities from outside the Server. Securing servers from DDoS attacks without setting up a firewall on the router device and automating the monitoring of DDoS attack activity from outside the Server are the novelties of this study that have not been available in previous studies.

FWS: Analyzing, maintaining and transcompiling firewalls

Firewalls are essential for managing and protecting computer networks. They permit specifying which packets are allowed to enter a network, and also how these packets are modified by IP address translation and port redirection. Configuring a firewall is notoriously hard, and one of the reasons is that it requires using low level, hard to interpret, configuration languages. Equally difficult are policy maintenance and refactoring, as well as porting a configuration from one firewall system to another. To address these issues we introduce a pipeline that assists system administrators in checking if: (i) the intended security policy is actually implemented by a configuration; (ii) two configurations are equivalent; (iii) updates have the desired effect on the firewall behavior; (iv) there are useless or redundant rules; additionally, an administrator can (v) transcompile a configuration into an equivalent one in a different language; and (vi) maintain a configuration using a generic, declarative language that can be compiled into different target languages. The pipeline is based on IFCL, an intermediate firewall language equipped with a formal semantics, and it is implemented in an open source tool called FWS. In particular, the first stage decompiles real firewall configurations for iptables, ipfw, pf and (a subset of) Cisco IOS into IFCL. The second one transforms an IFCL configuration into a logical predicate and uses the Z3 solver to synthesize an abstract specification that succinctly represents the firewall behavior. System administrators can use FWS to analyze the firewall by posing SQL-like queries, and update the configuration to meet the desired security requirements. Finally, the last stage allows for maintaining a configuration by acting directly on its abstract specification and then compiling it to the chosen target language. Tests on real firewall configurations show that FWS can be fruitfully used in real-world scenarios.

IMPLEMENTASI VIRTUAL PRIVATE NETWORK (VPN) DI PERPUSTAKAAN UNIVERSITAS ISLAM MALANG

This study aims to explain to use a VPN in the UNISMA Library. The research method used is descriptive-qualitative and data was obtained through interviews with five informants, observation, and documentation. Data analysis techniques by collecting data, data reduction, data presentation and drawing conclusions. While the validity of the data was obtained through triangulation. The results showed that the use of VPN in the UNISMA Library to speed up internet connection and data privacy. UNISMA library uses a proxy server router operating system for VPN networks. To be able to make Mikrotik a VPN server, configuration is required which includes IP pool configuration, IP router configuration, PPP configuration, DHCP server configuration, NAT by pass firewall configuration and IP security configuration. The library selection of VPN products considers the aspects of strong authentication, encryption that is strong enough, meets standards, integration with other field network services.

Beware: NAT Traversal is a Simple and Efficient Approach to Open Firewall Holes

NAT traversal techniques allow processes with private, non-routable IP addresses to communicate with other processes outside the network secured limits. Techniques such as UDP Hole Punching have been standardized by the IETF, and using tunnels based on those techniques it is easy to allow application processes on top of any transport protocol, including TCP, to both start and receive packets from the Internet across NAT devices. However, as a side effect those techniques also freely proceed through firewalls. In this work we describe how it is possible to configure any server running on any port (no firewall configuration required) to establish connections initiated at arbitrary Internet clients, making unauthorized services easily available. We also show that the process is lightweight, in particular after the initial setup is concluded, thus virtually supporting any type of unauthorized applications.

NETWORK DEFENSE SYSTEM MONITORING THROUGH A MOBILE APPLICATION

paper proposed a way to secure and protect pc or laptop remotely via mobile device. These two device communicate by exchanging information or data using database connection. There will be two applications that are developed, windows-based application and mobile application. The proposed scheme used some firewall configuration and log management to complete the process. The firewall configuration will block computer attacks such as Denial of Service. Log management is to generate a specific log file if there is a possible threat. It will then invoke. the windows application to update the database which is regularly accessed by mobile application. It then alerts user on possible attack or threat.

Implementation of a PSO-Based Security Defense Mechanism for Tracing the Sources of DDoS Attacks

Most existing approaches for solving the distributed denial-of-service (DDoS) problem focus on specific security mechanisms, for example, network intrusion detection system (NIDS) detection and firewall configuration, rather than on the packet routing approaches to defend DDoS threats by new flow management techniques. To defend against DDoS attacks, the present study proposes a modified particle swarm optimization (PSO) scheme based on an IP traceback (IPTBK) technique, designated as PSO-IPTBK, to solve the IP traceback problem. Specifically, this work focuses on analyzing the detection of DDoS attacks to predict the possible attack routes in a distributed network. In the proposed approach, the PSO-IPTBK identifies the source of DDoS attacks by reconstructing the probable attack routes from collected network packets. The performance of the PSO-IPTBK algorithm in reconstructing the attack route was investigated through a series of simulations using OMNeT++ 5.5.1 and the INET 4 Framework. The results show that the proposed scheme can determine the most possible route between the attackers and the victim to defend DDoS attacks.

Rules Assurance: Preventing Unauthorized Access through Building Right Firewall Configuration

Any business organization’s backbone is their infrastructure which establishes the connection between their own intranet, vendor/customer network and external world. Network is linked between these network are through dedicated connection or public connection via internet. To build any network, it requires servers, firewalls, routers, core and access switches with communication link. The topology of network, link type, usage of network devices are chosen based on organization need and type of data transaction flows between these networks. Considering volume of data growth because of digital revolution, sensitiveness of data like Personally Identifiable Information (PII) or Protected Health information (PHI), it is necessary to protect data from hackers and save network from phishing, malware or ransomeware. Firewall will control the access and decides what to allow or deny between networks. These rules are defined in firewall Access Control List (ACL). A strong, well matured access control policy plays a key role to ensure network security and data protection. A firewall rule defines inbound and outbound data traffic between source and destination. These sources and destinations are identified by IP addresses, subnet ranges, protocols, applications, and port numbers. ACL defines what can be accessed / denied from internal (OUT BOUND) or from external (IN BOUND). In general a firewall has hundreds of ACLs and at times in thousands as well. Since frequent changes are inevitable, managing firewall rules becomes a complex task. There is no relationship between these rules and need not be in an order. Firewall will not validate duplicate or overlapping of rules. Every rule in ACL is independent and there are more possibilities of having obsolete and invalid rules. To overcome all these complexities, this wok presents rules mining, which helps to analyze firewall rules, identify security flaws, vulnerabilities from existing rules and eliminate redundant or unused rules from network. This paper proposes a new guidelines that can be used on existing firewall ACL or while building new firewall ACL to protect network from external sources. These guidelines will help network administrators to fix configuration errors.

RANCANG BANGUN OWNCLOUD DAN MELINDUNGINYA TERHADAP SERANGAN DDOS

Layanan penyimpanan menggunakan Google Drive ataupun DropBox merupakan layanan yang digunakan secara cuma-cuma di internet, sebagai besar menggunakan teknologi Cloud Computing. Hal ini berarti layanan pada Cloud Computing dapat disediakan dengan cepat dan meminimalisir interaksi dengan penyedia layanan vendor/provider Cloud Computing. Tempat penyimpanan data yang sering menjadi kendala yang bersifat pribadi ataupun pekerjaan, seringkali menyulitkan dalam mengakses. Gangguan keamanan dari aktifitas jaringan seperti Denial of Service dan infeksi virus yang cukup beragam. Kesulitan berbagi data dengan inipun menjadi kendala terutama menyeting batas waktu dokumen yang dibagikan, dengan siapa saja dokumen dibagikan dan hak akses apasaja yang diberikan. Kendala seperti inilah yang dihadapi sehari-harinya dan cukup mengganggu fleksibelitas terutama dalam rutinitas pekerjaan, maka dibutuhkan konfigurasi firewall untuk meminimalisir gangguan tersebut sehingga layanan tetap bisa diakses

Misery Digraphs: Delaying Intrusion Attacks in Obscure Clouds

When remote command injection attacks succeed at the entry points of a cloud (servers exposed to the outside Internet), attackers targeting a specific asset in the cloud will pursue further exploration to find their targets. Attack targets, such as database servers, are often running on separate machines, forcing an extra step for a successful attack. However, compromising two or three machines is all an attacker needs to reach an isolated database through a simple attack path. The goal of this paper is to investigate the possibility of frustrating attackers by constructing a cloud network architecture that hides the path to a target asset in the network, utilizing multiple moving decoy virtual machines and confusing firewall configurations. A deceiving cloud network architecture can significantly delay attacks (by stretching the attack path from a handful of steps to thousands), providing time for system administrators to intervene and resolve the intrusion. This paper introduces the concept of misery digraphs , which provide a theoretical foundation for creating intrusion deception in clouds. This paper describes the necessary steps to convert a cloud to one that includes a misery digraph, and evaluates the feasibility and effectiveness of using the approach with Amazon Web Services. Our simulation results demonstrate that for a cloud implementing misery digraphs with a simple attack path of length five, there is a 91% probability that an attack requires at least 1000 steps to reach the target.

Systematic Literature Review on Usability of Firewall Configuration

Firewalls are network security components that handle incoming and outgoing network traffic based on a set of rules. The process of correctly configuring a firewall is complicated and prone to error, and it worsens as the network complexity grows. A poorly configured firewall may result in major security threats; in the case of a network firewall, an organization’s security could be endangered, and in the case of a personal firewall, an individual computer’s security is threatened. A major reason for poorly configured firewalls, as pointed out in the literature, is usability issues. Our aim is to identify existing solutions that help professional and non-professional users to create and manage firewall configuration files, and to analyze the proposals in respect of usability. A systematic literature review with a focus on the usability of firewall configuration is presented in the article. Its main goal is to explore what has already been done in this field. In the primary selection procedure, 1,202 articles were retrieved and then screened. The secondary selection led us to 35 articles carefully chosen for further investigation, of which 14 articles were selected and summarized. As main contributions, we propose a taxonomy of existing solutions as well as a synthesis and in-depth discussion about the state of the art in firewall usability. Among the main findings, we perceived that there is a lack (or even an absence) of usability evaluation or user studies to validate the proposed models. Although all articles are related to the topic of usability, none of them clearly defines it, and only a few actually employ usability design principles and/or guidelines.

Case Studies of SCADA Firewall Configurations and the Implications for Best Practices

Firewall configuration is an important activity for any modern day business. It is particularly a critical task for the supervisory control and data acquisition (SCADA) networks that control power stations, water distribution, factory automation, etc. Lack of automation tools to assist with this critical task has resulted in unoptimised, error prone configurations that expose these networks to cyber attacks. Automation can make designing firewall configurations more reliable and their deployment increasingly cost-effective. Best practices have been proposed by the industry for developing high-level security policy ( e.g ., ANSI/ISA 62443-1-1). But these best practices lack specification in several key aspects needed to allow a firewall to be automatically configured. For instance, the standards are vague on how firewall management policies should be captured at a high-level using its specifications. In this paper, we uncover these missing pieces and propose extensions. We apply our extended best-practice specification to real-world firewall case studies to achieve multiple objectives: 1) to evaluate the usefulness of the refined best-practice in the automated specification of firewalls and 2) to illustrate that even in simple cases, SCADA networks are often insecure due to their misconfigured firewalls.

Security Threats in Software Defined Mobile Clouds (SDMC)

Future Internet comprises of emerging ICT mega-trends (e.g., mobile, social, cloud, and big data) commands new challenges like ubiquitous accessibility, high bandwidth, and dynamic management to meet the data tsunami requirements. In the recent years, the rapid growth of smartphone business is highly evidenced due to its versatile usage irrespective of location, personality or context. Despite of increased smartphone usage, exploiting its full potential becomes very difficult owing to its typical issues such as resource scarcity, mobility and more prominently the security. Software Defined Networking (SDN), an emerging wireless network paradigm can make use of rich mobile cloud functionalities such as traffic management, load balancing, routing, and firewall configuration over physical abstraction of control planes from data planes. Hence SDN leads to a clear roadmap to Software Security control in Mobile Clouds (SDMC). Further it can be extended to a level of Security prevention. To address in this direction, this paper surveys the relevant backgrounds of the existing state-of-art works to come up with all possible SDMC threats and its countermeasures.