Security Comparison of Wired and Wireless Network with Firewall and ...

Download PDF
6 downloads 442 Views 307KB Size Report
Comment
Security Comparison of Wired and Wireless Network with Firewall and Virtual Private Network (VPN). Dr Y.P Kosta. Upena D Dalal. Department of Electronics ...
2010 International Conference on Recent Trends in Information, Telecommunication and Computing

Security Comparison of Wired and Wireless Network with Firewall and Virtual Private Network (VPN) Dr Y.P Kosta

Upena D Dalal

Department of Electronics and Communication Chitkara Institute of Technology Chitkara, India [email protected]

Rakesh Kumar Jha Department of Electronics and Communication National Institute of Technology Surat, India [email protected]

Department of Electronics and Communication National Institute of Technology Surat, India [email protected] II.

Keywords—Firewall, VPN, Wired, Wireless, Security, OPNET

I.

III.

INTRODUCTION

NETWORK TOPOLOGY

This section describes the network topology and its have following elements: the infrastructure of a Wired and WLAN[3], In case of wired networks: There are four workstation one of them supported HTTP one for FTP one for Remote-Custom_Application_Client and finally one for Raku_Hacker in Firewall protected subnet Three Ethernet server and Three Ethernet WkStn.In case of WLAN all network similar to wired network only network inside the Firewall Protected LAN The all server and WkStn is wireless based in addition an access point, wireless workstations connected to a wired server, VPN tunnels Connected from End to End. This network is evaluated by simulation (using OPNET 10.0).In case of wired network the wired used outside the Firewall Protected LAN is PPP_E3 with data rate 34.648 Mbps and inside network used 10 Mbps cable. In case of WLAN End-users’ workstations are simulated with a wireless router connected with a 100 Mbps wired link to the workstation. Although this adds supplementary delays, it does not create a Bottleneck since 100 Mbps represents almost 10 times the 802.11b’s 11Mbps speed.

Firewalls are multi-homed servers with routing capabilities that are aimed to protect the local networks against unauthorized accesses. Firewalls contain proxy servers which determine the firewalls security policies [10] for the corresponding applications. If a firewall does not have the proxy server of a certain application then this application is not allowed through the firewall. Proxy servers may introduce some additional processing delay to the forwarded packets, or just forward them without any proxy server latency (circuit level filtering) depending on the application that the datagram belong to. It also specifies whether there is an additional latency introduced to the datagram by the proxy servers, and which characteristics it has. A VPN [1] is an example of providing a controlled connectivity over a public network such as the Internet. VPN utilize a concept called an IP tunnel-a virtual point-to-point link between a pair of nodes that are actually separated by an arbitrary number of networks. OPNET [8] [9] allows comparing all security with VPN, with firewall and without firewall at a same time by using different scenarios. This paper is divided into 5 sections. 978-0-7695-3975-1/10 $25.00 © 2010 IEEE DOI 10.1109/ITC.2010.75

BACKGROUND INFORMATION

The wired network protected in both ways using VPN as well as Firewall. In case VPN a dedicated link (Tunnel) from source Router to Destination Router so there are minimum chance for interruption by proxy. But traffic sent and received is minimum than firewall because in firewall case proxy sent packet continuously to server for synchronizations the data. Since SND/REC may synchronize the data from server but in the case of VPN there is no chance for that’s one. In other way we think security about WLAN networks since our aim to compare the two networks so all scenario contains same infrastructure as is in wired networks. The use of WLAN networks raises a critical problem in security like the abolition of the physical barrier the first activity that we could notice in practice is simply the search for an Internet access. The best complement in the WEP [2] stays a solution of VPN (Virtual Private Network). Various technologies allow going up a tunnel VPN, which consists in calculating the data passing in transit between two machines, to insure the integrity and the authentication users.

Abstract—Computer networks are typically a shared resource used by many applications for many different purposes. Sometimes the data transmitted between application processes is confidential, and the application users would prefer that others not be able to read it. A firewall is a specially programmed router that sits between a site and the rest of the network. It is a router in the sense that it is connected to two or more physical networks and it forwards packets from one network to another, but it also filters the packets that flow through it. A VPN is an example of providing a controlled connectivity over a public network such as the Internet. VPNs utilize a concept called an IP tunnel-a virtual point-to-point link between a pair of nodes that are actually separated by an arbitrary number of networks. In this paper we set up a network where servers are accessed over the Internet by customers who have different privileges. We study how firewalls and VPNs can provide security to the information in the servers while maintaining access for customers with the appropriate privilege. We are implemented the Security comparison of wired and wireless networks by using well known tool OPNET 10.0

281

B.2 Firewall [7]

A. PARAMETER INVOLVE IN BOTH NETWORKS (Wired and Wireless)[7]

The firewall, which can also be seen such as a concentrator VPN, follows the model OPNET."ethernet2_slip8_firewall". It thus contains two interfaces Ethernet, those who interest us here, but also 8 interface series, unused in our case. It is characterized by the same parameters (CPU/Workstations, ARP/Wireless Router, and IP: Ethernet/Server). Since the most common WLAN usage is considered, the wireless speed was configured at 11 Mbps with the random CSMA/CA DCF access mode.

1) Workstations: are used in the whole of the simulations follow the model OPNET "ethernet_wkstn. It is a workstation equipped with an Ethernet interface at 100 Mbps.The model is characterized by a set of functional parameters; A Workstation has 1 CPU, the Ethernet group characteristics are Full-duplex mode, the promiscuous mode is disabled and the MTU is Ethernet. The TCP group characteristics are: the MSS has 1, buffer at reception has 8760 bytes, and the maximum delay ACK is 200 ms. 2) Server: Throughout our simulations we use a server for all the modeled applications. This last one follows the model OPNET "Ethernet server". It is a server equipped with an Ethernet interface of 100 Mbps. The IP group characteristics are: the Speed of treatment is 50 000 packets/sec; the size used in memory is 16 Mbytes. The TCP group characteristics are almost the same for a workstation.

IMPLEMENTATION In this research, work for six different scenarios is simulated. Scenario 1: This scenario contains with Wired Network with firewall. Scenario 2: This scenario contains with Wireless Network with firewall. Scenario 3: This scenario contains with Wired Network with VPN.Scenario 4: This scenario contains with Wireless Network with VPN.Scenario 5: This scenario contains with Wired Network without firewall.Scenario 6: This scenario contains with Wireless Network without firewall. There are two types: component heads and text heads [6]. IV.

RESULT ANALYSIS

In this paper we used both network so compression analysis in three ways. Fig 1. Firewall and VPN Protected Wired Network (Wired network)

1. In all wired condition (without firewall, with firewall and finally with VPN). 2. In all wireless condition (without firewall, with firewall and finally with VPN). 3. In both wired and wireless in condition of (without firewall, with firewall and finally with VPN). 1. In all wired condition (without firewall, with firewall and finally with VPN: FTP [5] is allowed through the firewall with additional proxy server latency. Though this latency is a very insignificant part of the difference between the FTP download response times for local and remote FTP clients; most of the difference still based on the different distances to the server and different number of hops on the route. IP Processing Delay graph of firewall node indicates two concentration value ranges, where the high one contains the processing delays of the datagram’s that also experienced additional proxy server latency. The datagram’s with low delays have just experienced routing delays and maybe queuing delays if the server was busy initially. ANALYSS: If we consider the peak of the graph from Fig 2. We judge that the down load response time in the case of FTP application, under the firewall protected LAN for wired network without firewall is highest (.20) and wired network with VPN (.149) and finally in case of wired network with firewall is (.136).

B. Wireless Parameter[7] Throughout of the configuration of the wireless network of the type IEEE 802.11b passes at the same moment by the Configuration applied to the machines which are connected to it (wireless Router and Access Point), but also by certain parameters. We are going to detail at first the configuration of the wireless local area network applied to machines as follows. The wireless LAN group characteristics are: the limit of RTS (Request to send) is 2347 bytes, the data transfer rating is 11 Mbps, the technique of spreading of spectra is DSSS (Direct Sequence Spread Spectrum)[4], and the power of emission is 1 mw,the power limit at reception is 7.33 x10-14 W, the short retry limit is 7, the long retry limit is 4, the bandwidth is 22 MHz, the channel is chosen in an unpredictable way, the size of the superior buffer is 256 Kbytes, the maximum waiting time at the reception is 500 ms. B.1 Access Point: Access point has been parametrized such as an Ethernet router-802.11b under the shape of the model "WLAN_eth_router". So the value of the parameter "Access Point Functionality" is fixed to Enabled this time. Naturally, the model of this bridge was modified to use the new model of layer MAC [5] which separates the statistics of Access Point of those of the stations. Router having two interfaces, Ethernet interface to 100 Mbps and air interface of the type IEEE 802.11b.

282

Fig 6. FTP Received in all condition (wired and wireless) for Traffic Received (bytes/sec).

ANALYSIS: From Fig 6. We analyze that in case of Wired network the VPN is best option because initially is lower than without firewall but as time increases it leads with others. But in WLAN Without firewall is best (for FTP Application).

Fig 2. Down load Response time in Firewall protected local LAN (Without firewall, with firewall, with VPN).

Fig 7. HTTP Received in all condition (wired and wireless) for Traffic Received (bytes/sec).

Fig 3. Down load Response time on FTP Client (Without firewall, with firewall, with VPN).

ANALYSIS: From Fig 7. For HTTP Application we had seen that the Traffic Received is better in both condition (firewall and VPN) than without firewall (Wired and Wireless). V.

CONCLUSION

In this paper we analyze that which network is more secure by different application. In the case of FTP application the Wired and Wireless both are able to received data with and without security yes its true in case of wired network it’s leading. But in case of HTTP Application Data received in security condition is higher than without security (Nearly Zero).So we conclude that in case of HTTP security application our model is Highly Preferred for WLAN because they provided high throughput with high security.

Fig 4. FTP Received in the case of Traffic Received (bytes/sec).

From Fig 3.Shows that the Down Response time (sec) in all scenarios is near about same (.34) because this response time is from out side the Firewall Protected LAN.

ANALYSIS:

VI REFERENCES

2. In all wireless condition (without firewall, with firewall and finally with VPN). ANALYSIS: From Fig4. We judge that the FTP Traffic Received in case of WLAN with Firewall is highest than rest of two. In case of WLAN with firewall and with VPN is same.

[1]

G. Eason,VBB Sabine Kébreau, Barbu Constantinescu, Samuel Pierre “A New Security Approach for WLAN” pp. 1801-1804, May 2006. [2] IEEE Std. 802.11, “IEEE Standard for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification,” Edition 1999, ISO/IEC 8802-11: 1999. [3] ShahnazKouhbor,“PhysicalSecurityEnhancement in Wireless LAN Systems”pp.733-738, 2007 [4] Acharya, M., T. Sharma, D. Thuente, D. Sizemore, “Intelligent Jamming in 802.11b Wireless Networks”, OPNETWORK 2004, August (2004) 110,Paper number 1689. [5] R. Negi and Arjunan Rajeswaran, “DoS analysis of reservation based MAC protocols,” Tech. Memo Carnegie Mellon Univ., Feb, (2003) 3632-3636. [6] W. Xu, T. Wood, W. Trappe, and Y. Zhang, “Channel Surfing and Spatial Retreats: Defenses against Wireless Denial of Service,” in 2004 ACM Workshop on Wireless Security, October, (2004) 403-404. [7] IEEE Std 802.11b-1999/Cor 1-2001 Standard for wireless LAN medium access control (MAC) and physical layer (PHY) specifications, 2001. [8] http://www.opnet.com/products/opnet-products.html. [9] http://www.opnet.com/products/modeler/home-1 html. [10] Ahmadi, M.R.; Satti, M.M.; “A security solution for Wireless Local Area Network (WLAN)” 18-20 Nov. 2007 Page(s):1 – 6.

Fig 5. HTTP Received in the case of Traffic Received (bytes/sec).

ANALYSIS: From Fig 5 We judge that for the HTTP application the Traffic Received in WLAN with firewall and WLAN with VPN is higher then WLAN without firewall.

283