Design and Research of Firewall System of Communication Department Based on Network Information Technology

In the past, the structure of traditional firewalls was similar to that of checkpoints, and the design structure was relatively simple. At the same time, it is also convenient for subsequent maintenance. As an isolation technology, it can be accessed by people with consistent identity information. But for some relatively high-level data information, using traditional firewalls, foreign intruders can easily obtain relevant information. This article chooses to use the working mechanism of network information technology, and then analyzes the hardware structure of the firewall based on the IPX2400 processor. Finally, a preliminary design of a firewall system for the communications department based on the IPX2400 processor is implemented, and its packet filtering function is realized.

FWS: Analyzing, maintaining and transcompiling firewalls

Firewalls are essential for managing and protecting computer networks. They permit specifying which packets are allowed to enter a network, and also how these packets are modified by IP address translation and port redirection. Configuring a firewall is notoriously hard, and one of the reasons is that it requires using low level, hard to interpret, configuration languages. Equally difficult are policy maintenance and refactoring, as well as porting a configuration from one firewall system to another. To address these issues we introduce a pipeline that assists system administrators in checking if: (i) the intended security policy is actually implemented by a configuration; (ii) two configurations are equivalent; (iii) updates have the desired effect on the firewall behavior; (iv) there are useless or redundant rules; additionally, an administrator can (v) transcompile a configuration into an equivalent one in a different language; and (vi) maintain a configuration using a generic, declarative language that can be compiled into different target languages. The pipeline is based on IFCL, an intermediate firewall language equipped with a formal semantics, and it is implemented in an open source tool called FWS. In particular, the first stage decompiles real firewall configurations for iptables, ipfw, pf and (a subset of) Cisco IOS into IFCL. The second one transforms an IFCL configuration into a logical predicate and uses the Z3 solver to synthesize an abstract specification that succinctly represents the firewall behavior. System administrators can use FWS to analyze the firewall by posing SQL-like queries, and update the configuration to meet the desired security requirements. Finally, the last stage allows for maintaining a configuration by acting directly on its abstract specification and then compiling it to the chosen target language. Tests on real firewall configurations show that FWS can be fruitfully used in real-world scenarios.

MARKETING STRATEGIES AND TOOLS FOR ENTERING THE CHINESE MARKET

The article reveals the features of the application of marketing strategies in the market of the People's Republic of China. The Chinese market is significantly different from the European, American and Russian ones, moreover, this consumer segment is least disclosed in the works of Russian authors. Despite the fact that the great Chinese firewall system imposes some restrictions on the dissemination of foreign information within China and thus restricts access to this market, there are ways and methods available to Russian businesses. Some of them are described in this article and represent a full-fledged system consisting of both trading platforms and marketing tools. The scope of application of the research results is the foreign trade of Russian small and medium-sized businesses in the Asia-Pacific region.

Development of an Improved Network Security System using Firewall for Securing Organisational Data

It is eminent that the Internet is far from being secure. Insecure networks have caused organizations to lose lots of money as a result of data loss or data corruption, and even worse, some organizations have also lost their reputation hence reduce the client’s confidence. Therefore, this research focused on the development of an improved network security system using a firewall that can secure both the internal and external network of an organization. The system was developed using both packet filtering and proxy server architectures to prevent unauthorized connection or access to the organization server or resources thereby reducing the risk of attacks to the network and loss of organizational data. The system was implemented using PHP and python programming languages and the backend was developed using MySQL as the database server; HTML, CSS, and JavaScript for the frontend layout. The implementation of this firewall system includes a monitoring admin interface from where most activities within the private network can be monitored and also this system can prevent or deny the unauthorized request of services either by an intruder from an external network or personnel within the network. Based on the findings of this study, the developed system is recommended for any organization that depends on computer networks for the running of their daily activities.

Smart Intrusion Detection System Comprised of Machine Learning and Deep Learning

In the present world, digital intruders can exploit the vulnerabilities of a network and are capable to collapse even a country. Attack in Estonia by digital intruders, attack in Iran's nuclear plant and intrusion of spyware in smart phone depicts the efficiency of attackers. Furthermore, centralized firewall system is not enough for ensuring a secured network. Hence, in the age of big data, where availability of data is huge and computation capability of PC is also high, there machine learning and network security have become two inseparable issues. In this thesis, KDD Cup’99 intrusion detection dataset is used. Total 3, 11,030 numbers of records with 41 features are available in the dataset. For finding the anomalies of the network four machine learning methods are used like Classification and Regression Tree (CART), Random Forest, Naive Bayes and Multi-Layer Perception. Initially all 41 features are used to find out the accuracy. Among all the methods, Random Forest provides 98.547% accuracy in intrusion detection which is maximum, and CART shows maximum accuracy (99.086%) to find normal flow of data. Gradually selective 15 features were taken to test the accuracy and it was found that Random Forest is still efficient (accuracy 98.266%) in detecting the fault of the network. In both cases MLP found to be a stable method where accuracy regarding benign data and intrusion are always close to 95% (93.387%, 94.312% and 95.0075, 93.652% respectively). Finally, an IDS model is proposed where Random Forest of ML method and MLP of DL method is incorporated, to handle the intrusion in a most efficient manner.

Performance Analysis Of Firewall As Virtualized Network Function On VMware ESXi Hypervisor

Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then use its software to be run on high specification server. It helps reduce vendor lock-in and help create a multiplatform network function environment. It has a lot of benefits compared to a traditional network. One of them is it can reduce the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the management of hardware. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed because if an attack occurs on the network it will interfere with existing network components. This paper focuses on analyzing the performance of two firewall system, pfSense, and FortiGate. Both firewalls will run on the VMware ESXi hypervisor. It aims to determine the firewall performance comparison in normal conditions without attacks and under SYN DoS attacks. We also evaluate firewall failover capabilities. Based on the results of testing obtained that overall FortiGate has better performance. It has better ability in handling DoS SYN attack because it has lower throughput performance degradation and better FTP performance compare to pfSense. We conclude that FortiGate has best performance compare with pfSense