Comps home page

2023-24 Sign Up Form

FAQ

---

2023–24 Projects:

Free Geek Pricing

Quotes in Context

Ultimetrics

Photo Life

Productivity Dashboard

Intuitive Display Filters for Wireshark

Fairness in Clustering: A Study in Replication

Integer Linear Programming: What? Why? How?

DNA Sequence Alignment with the Burrows Wheeler Transform

Hackable machines for pen-testing practice

That’s still a stop sign!: Adversarial examples and machine learning

Can you explain your answer?: Making sense of machine learning models

Safe Reinforcement Learning

---

Comps Projects, 2023-24

Comps Projects, 2022-23

Comps Projects, 2021-22

Comps Projects, 2020-21

Comps Projects, 2019-20

Comps Projects, 2018-19

Comps Projects, 2017-18

Comps Projects, 2016-17

Comps Projects, 2015-16

Comps Projects, 2014-15

Comps Projects, 2013-14

Comps Projects, 2012-13

Comps Projects, 2011-12

Comps Projects, 2010-11

Comps Projects, 2009-10

Comps Projects, 2008-09

Comps Projects, 2007-08

Comps Projects, 2006-07

Comps Projects, 2005-06

Comps Projects, 2004-05

Comps Projects, 2003-04

A "smart" firewall

Final Results

     Final Documentation

Background

Organizations spend a lot of time and money trying to keep the "right" types of data traffic flowing while keeping the "rogue" traffic out. Balancing the needs of the people in an organization with the needs of secure computing is a difficult challenge. Firewalls are one way to restrict the traffic flow into and out of an organization's computer network. Firewalls examine incoming traffic and filter out certain types of traffic based on various criteria: IP address, port number, patterns in the actual data portion of packets, etc.

Much time and energy has been spent on building effective firewalls. One key design decision in building a firewall is in updating the firewall's rule set. How does a firewall handle new types of traffic, or old types of traffic masquerading as "unknown" traffic (i.e., peer-to-peer traffic that uses port 80, the http port)? How does it balance security and openness/access?

The Project

In this project, you will combine your knowledge of computer networking with your knowledge of computer security to develop a software-based firewall for the Carleton network. The firewall should apply rules to traffic both entering and leaving Carleton's network. In addition, the firewall should be able to "learn" new rules on the fly through its observations of incoming network traffic patterns.

Your tasks will include:

1. Designing the firewall's rule format and the initial rule set.
2. Determining how rules are implemented and updated.
3. What strategies the firewall will use: port blocking, application signatures, etc.
4. Designing a mechanism the firewall can use to "learn" new rules as it sees new traffic patterns.
5. Testing the firewall on both a "closed" network and a "live" network.
6. Publishing your results on a web page and writing documentation for whatever software you create.

Links

TCP state diagram, from W. Richard Steven's books.

References

D.B. Chapman. "Network (In)Security Through IP Packet Filtering.". Proceedings of the Third USENIX UNIX Security Symposium, Baltimore, MD, September 1992.

W. Cheswick, S. Bellovin, and A. Rubin. Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edition. Boston: Addison-Wesley, 2003. (available in the library)

S. Bellovin. "A Look Back at 'Security Problems in the TCP/IP Protocol Suite'." 20th Annual Computer Security Applications Conference, December 2004.

R. Russell. Linux IPCHAINS-HOWTO. The Linux Documentation Project, 2000.