Firewall and IPsec Security Protocols: Assignment 2 Resit, UWL

Verified

Added on 2023/01/13

AI Summary

This report delves into the critical aspects of network security, focusing on firewalls and the IPsec protocol suite. The first part examines the goals of a firewall, emphasizing the importance of traffic filtering and network protection. It then explores the configuration of packet filter rule sets within a firewall, tailored to specific policy requirements, including email and web traffic management within a DMZ. The report also addresses anonymity and privacy concerns when accessing controversial websites, proposing the use of a proxy to conceal IP addresses and protect user data. The second part of the report analyzes the IPsec protocol suite, specifically examining replay attacks and the role of sequence numbers and anti-reply windows. It differentiates between Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols, highlighting their respective security services and exploring the transport and tunnel modes of ESP. Finally, the report investigates the compatibility of IPsec using AH in transport mode when one of the machines is behind a Network Address Translation (NAT) box.

Assignment 2 Resit
VPN & Firewall
Name: Nicolae Grecu
LSST ID: H1809144
UWL ID: 21394816
1. Firewalls are one of the important security devices for networks. It is a
device that filters all traffic between a protected or “inside” network and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

a less trustworthy or “outside” network. Write a report that explores the
following questions.
Part (a)
Explain goals that a firewall has, where one goal should not overlap with
another.
 All the traffic from outside to inside and vice versa, passes through the
fire wall
- Multiple levels of firewalls or distributed firewalls
 Only authorized traffic as defined by the local security policy will be
allowed to pass
 The firewall itself is immune to penetration.
- if not designed or installed properly, it can be compromised, in
which case will provide an false sense of security
Part (b)
Figure Q3: An example of firewall configuration
Figure Q3 illustrates a common network topography in which firewall provides
a protective barrier between an untrusted Internet and internal networks
including the DMZ (demilitarized zone) network. Design suitable packets filter
2

rule sets to be implemented on the Firewall to satisfy the following policy
requirements:
Emails may be sent using SMTP in
both directions through the firewall,
but it must be relayed via the DMZ
mail gateway. External email must be
destined for the DMZ mail server
Allow all the email to pass to DMZ
using SMTP in both ways through the
firewall.
Users inside may retrieve their email
from the DMZ mail gateway using
POP3.
Users outside may retrieve their
emails from the DMZ email gateway,
but only if they use the secure POP3
protocol
Web requests Web requests (both
insecure and secure) are allowed
from any internal user out through the
firewall but must be replayed via the
DMZ web proxy.
both insecure and secure) are
allowed from anywhere on the
Internet to the DMZ Web server
(Note that each rule shall include the following fields: Rule ID, Direction
(inbound or outbound), Source IP, Source Port, Destination IP, Destination
Port, Action)
Part (c)
3

Suppose you want to visit a controversial Web site (for example, a political
activist site) and you (1) don't want to reveal your IP address to the Web site,
(2) don't want your local ISP (which may be your home or office ISP) to know
that you are visiting the site, and (3) don't want your local ISP to see the data
you are exchanging with the site. Discuss how to achieve these anonymity
and privacy requirements with a proxy.
2. IP Security protocol suite (IPsec) was designed to address
fundamental shortcomings of the Internet protocols such as being
subject to spoofing, eavesdropping, and session hijacking. Write a
report that addresses the following questions.
Part (a)
The sequence number within an IPsec packet is to address the replay attacks.
Explain how it works by considering the anti-reply window.
Part (b)
Authentication Header (AH) and Encapsulating Security Payload (ESP) are
the two most popular protocols in IPSec protocol suite. Explain the difference
between the two protocols with respect to how to provide each security
service. Also explain what is the difference between transport mode and
tunnel mode in the context of EPS.
Part (c)
Can IPsec using AH be used in transport mode if one of the machines is
behind a network address translation (NAT) box? Investigate and elaborate
your answer.
4