INTRODUCTION

Chapter 1
  Introduction

1.1 Objective
1.2 Scope
1.3 Overviews

The SRS establishes requirements for the Firewall system application software. This document
shall be used as a reference for the Software Design Document (SDD). This project is aimed to
facilitate the controlling of various computers from the viruses .As we know that in the present
IT world it’s a very difficult task to protect our computers.
Nowadays, security becomes more and more important. Firewall system is the solution to
enhance system security. Beside of basic password authorization, The Administrator will
generate a string and store it into the Firewall system and windows registry so as to start the
system.[1]

1.1 Objective:- 

In order to secure our corporate network, we must define our idea of a network
perimeter. We need to determine what things must be protected, develop a security
policy, and establish mechanisms to enforce the policy and methods we are going to
employ.
.
These mechanisms must come after our security policy is developed, not before. To
define a security mechanism that will protect our corporate site, in specific firewalls, and
to provide us with the prerequisites to implement it. Security policies vary from
organization, of course, but one issue that will set these policies aside will be platform for
what they are being developed. We must look closely at the platform we’ll be choosing,
as it will definitely define all future projects, level of security and consequently the
security policy being developed. That’s why a security policy must come first to
guarantee the success of the mechanisms that will be implemented.

As a LAN or web administrator, one already knows that the hardest part of connecting his
corporation to the Internet is not justifying the expense or effort, but convincing
management that it is safe to do so, especially at a large company. A firewall not only
adds real security, but also plays an important role as a security blanket for management
1.2 Scope :-

A firewall basically a protective device. If we are building a firewall, the first thing we need to
worry about is what we’re trying to protect. When we connect to the Internet, we’re putting three
things at risk:
A firewall is a system of hardware and software components designed to restrict access between
or among networks, most often between the Internet and a private Internet.

 The firewall is part of an overall security policy that creates a perimeter defense designed
to protect the information resources of the organization.
 A Firewall separates a protected network from an unprotected one, the Internet. A firewall is
a piece of software or hardware that filters all network traffic between our computer, home
network, or company network and the Internet. It is our position that everyone who uses the
Internet needs some kind of firewall protection.
 Data: the information kept on the computers
 Resources: the computers themselves
 Reputation
 Since this software deals with security hence it can be used for securing personal data.
 Can be used in colleges and universities for securing confidential data.
 Can be used in banks for safety deposits and securing account information

1.3 Overview:- 
Firewalls are network devices which enforce an organization's security policy. Since their
development, various methods have been used to implement firewalls. These methods fillter
network traffic at one or more of the seven layers of the.ISO network model, most commonly at
the application ,transport, and network, and data-link levels. In addition, researchers have
developed some newer methods, such as protocol normalization and distributed firewalls, which
have not yet been widely adopted.

Firewalls involve more than the technology to implement them. Specifying a set of filltering
rules, known as a policy, is typically complicated and error-prone. High-level languages have
been developed to simplify the task of correctly defining a firewall's policy. Once a policy has
been specified, the firewall needs to be tested to determine if it actually implements the policy
correctly.Little work exists in the area of firewall theory; however, this article summarizes what
exists. Because some data must be able to pass in and out of a firewall, in order for the protected
network to be useful, not all attacks can be stopped by firewalls. Some emerging technologies,
such as Virtual Private Networks (VPN) and peer-to-peer networking pose new challenges for
firewalls.

Our basic need and problem is to provide trusted and secure acess level to the user When we
connect to the Internet, we’re putting three things at risk: Data,the information kept on the
computers, Resources, the computers themselves, Reputation. So we basically need a protective
device.
We need a software whose basic task is to regulate some of the flow of traffic between computer
networks of different trust levels. Typical examples are the Internet, which is a zone with no
trust, and an internal network, which is a zone of higher trust.
 OVERALL
DESCRIPTION
 Chapter 2
The Overall Description
2.1 Product Perspective
2.1.1 System Interfaces
2.1.2 Hardware Interfaces
2.1.3 Software Interfaces
2.1.4 Communications Interfaces
2.1.5 Memory Constraints
2.1.6 Operations
2.2 Product Functions
2.3 User Characteristics
2.4 Constraints
2.5 Assumptions and Dependencies

 
2.1 Product Perspective:-

 Project status: - Independent

 Similar projects: - Firewall protector

 
2.1.1 System Interfaces:-

 256 MB RAM with 3-GB hard disk.

 Processor: - above P3
 Active Firewall

2.1.2 Hardware Interfaces:-

 A system with at least 1GB RAM and minimum 4 GB hard-disk.

 Active Firewall.
 Processor:- above P3

 
2.1.3 Software Interfaces:-
Development:-

 IDE-2008 Visual Studio.

 Operating system: - Window-XP.

Deployment:-

 Dot net Framework 3.5 version.

 Operating system: - Window-XP.

 
2.1.4 Communications Interfaces:-
The Firewall system with its LAN file communicates with the Operating System of the
computer.

2.1.5 Memory Constraints:-

 During development:-
 Primary Memory: - 128 Mb, efficiently
 Secondary Memory: - 512Mb

 
2.1.6 Operations:-

 Provides security to the system.

 Creates administrator.
 Provide privilege.
 Lock/unlock the website.
 Reassign the password file.
 Register new user.

2.2 Product Functions:-

 Provides security to system.

 Lock the website when Firewall is active.
 Unlock the website when the Firewall is off again.
2.3 User Characteristics:-

 User must be aware of using Computer System.

 User must have a little knowledge about protect the Firewall.
 User must be aware of the use of Firewall.

 
2.4 Constraints:- 

 Interface to other applications is that the Firewall system makes an interface with the
Operating system of the computer.
 Safety and security considerations are that the user must take care of the Firewall system.

2.5 Assumptions and Dependencies:-

Assumptions

 User must have Window-XP operating system installed in his/her PC.

 User must know how to create Firewall protection.

Dependencies
The only main dependency of this software is the user name and password, without the user
name and password will not be able to start the Firewall system.

[][][][]
 SPECIFIC
REQUIREMENTS

Chapter 3
Specific Requirements
 3.0 External interface requirements
3.1 Performance Requirements
3.2 Design Constraints
3.3 Software system attributes
3.3.1 Reliability
3.3.2 Availability
3.3.3 Security
3.3.4 Maintainability
3.3.5 Portability
3.4 Organizing the Specific Requirements 
3.4.1 System Mode
3.4.2 Feature

3.0 External Interfaces:- 

 Name of item : - Internet

 Description of purpose :- Until and unless we do not connect
. Internet the Firewall system will not start.
 Source of input :- Active Internet
 Destination of output :- System starts and displays in screen.
 Timing :- Normal boot time (approx 10-12 sec.).
 Window formats :- Window-XP

3.1 Performance Requirements:-

 The number of simultaneous users to be supported : - 1(Single user)

 Amount and type of information to be handled : - 2 (Username and Password)

3.2 Design Constraints:-

  Firewall system shall be a 32 bit Windows application.
 The application shall be implemented using Visual Studio2008.
 The user interface shall be implemented using Framework 3.5.
 All definable options shall have default values supplied by the application.
 The application shall display error messages to the user when an error is detected during
login.
 No error condition shall cause the application to exit prematurely.

3.3 Software System Attributes:-

 
3.3.1 Reliability:-
This software is reliable because all the privileges provided to the user will be same as that to
administrator.
 
3.3.2 Availability:-
This software is every time available. It can be used anytime without any circumstances e.g.
(Say 24*7).
 
3.3.3 Security:-
This software is secure because the password and username of the administrator is only known to
him only. It remains unknown to others as well as the password of the system cannot be cracked
since the correct password entered.
 
3.3.4 Maintainability:-
This software is easy to maintain because of its cost .it requires less maintenance cost and hence
it is economic .Also it do not require any other software for its operation.

3.3.5 Portability:-
This software is portable. It does not require any specific need to look upon. This software can
easily been moved since it takes less space and totally depends on the Internet and system for its
function and operation.
 
3.4 Organizing the Specific Requirements:-
 
3.4.1 System Mode:-
At a time this software can only perform on a single system. Hence the system mode of this
system is single mode. 

3.4.2 Feature:-

 Provides security to the system.

 Creates administrator.
 Provide privilege.
 Lock/unlock the Website..
 Reassign the password file
 CHANGE
MANAGEMENT
PROCESS
 Chapter 4
Change Management Process

As the software is in the initial prospective view. Hence this will require modifications. thus as
the client want to make modifications he/she can make an call or for beneficiary he can send us
an E-mail regarding what changes has to be made.

The mail should be sending to the developer so that he can avail the regarding changes as
required by the client.
 SYSTEM
OVERVIEW

Chapter 5
 System Overview

5.0 Data Flow Diagram

The system overview is stated as:-

The process determines whether the inbound or outbound traffic should be allowed or denied.
This was dilated for the necessary activities and tasks needed in the creation of the proposed
software based firewall system.

5.0 Data Flow Diagram:-

A data flow diagram (DFD) is a graphical representation of the "flow" of data through
an information system. DFDs can also be used for the visualization of data processing (structured
design).
On a DFD, data items flow from an external data source or an internal data store to an internal
data store or an external data sink, via an internal process.

Level 0:-
Level 1:-
 DESIGN
CONSIDERATION

Chapter 6
 Design Considerations

6.0.1 Assumptions and Dependencies

6.0.2 General Constraints
6.0.3 Goals and Guidelines

6.0.4 Development Methods

6.0.1 Assumptions and Dependencies

Assumptions

 User must have Window-XP operating system installed in his/her PC.

 User must know how to protect pc from the virus.

Dependencies

The only main dependency of this software is the Firewall system.

6.0.2 General Constraints

 Firewall system shall be a 32 bit Windows application.

 The application shall be implemented using Visual Studio2008.
 The user interface shall be implemented using Framework 3.5.
 All definable options shall have default values supplied by the application.
 The application shall display error messages to the user when an error is detected during
login.
 No error condition shall cause the application to exit prematurely.
 Interface to other applications is that the Firewall system makes an interface with the
Operating system of the computer.
6.0.3 Goals and Guidelines

 The Goal of this software is to provide security constraints. The use of this software makes the
user secure from any intruder’s brute force attack.
 This software is easy to use and needs low maintenance.
 To provide the people in your organization with access to the WWW without
allowing the entire world to peak in;
 To erect a barrier between an untrusted piece of software,your organization’s public Web
server, and the sensitive information that resides on your private network

The possible guidelines which are being referred during the orientation of this software will be as
follows:-

 The coding rules are being followed.

 Statements are commented after every class declaration so as to make user understand about the
code.

6.0.4. Development Methods

The Iterative Model is used for developing this software. It is because Iterative and Incremental
development is at the heart of a cyclic software development process developed in response to the
weaknesses of the waterfall model. It starts with an initial planning and ends with deployment with the cyclic
interactions in between. Iterative and incremental development is essential parts of the Rational Unified
Process.
ARCHITECURAL
CONCEPT
 Chapter 7

System Architecture

7.0.1 Uses-Case Diagram

7.0.2 Process flow diagram

This software has been inspires by the software “FIREWALL PROTECTOR” which has the
capability to lock and unlock the site using Firewall system device. Hence the same phenomena
are used in our project with a little variation.
The basic motive of our software is to secure the PC from the unauthorized access and this can
only be done through system start-up process must be handled by the admin through a Firewall
system.
The Input of this software will be the user-id and password of the Administrator and the output
will be the lock the unauthorized site of the system.
To have a better view over the mechanism and functionality of the modules Use-case Diagram
and Process Flow Diagram are provided.

7.0.1 Uses-Case Diagram:-

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram

defined by and created from a Use-case analysis. Its purpose is to present a graphical overview
of the functionality provided by a system in terms of actors, their goals (represented as use
cases), and any dependencies between those use cases.
The main purpose of a use case diagram is to show what system functions are performed for
which actor. Roles of the actors in the system can be depicted.
Use-Case Diagram
7.0.2 Process flow diagram: -
A process flow diagram (PFD) is a diagram commonly used in engineering to indicate the
general flow of plant processes and equipment. The PFD displays the relationship between major
equipment of a plant facility and does not show minor details such as piping details and
designations.

UNMATCHED
 Process Flow Diagram

POLICIES AND
TECTICS
 Chapter 8
Policies and Tactics

 The coding is strictly followed as per IEEE standards.

Following testing will be performed:-

Black Box Testing: - Black-box testing is a method of software testing that tests the functionality of an
application as opposed to its internal structures or workings (see white-box testing). Specific
knowledge of the application's code/internal structure and programming knowledge in general is not
required. Test cases are built around specifications and requirements, i.e., what the application is
supposed to do. It uses external descriptions of the software, including specifications, requirements,
and designs to derive test cases. These tests can be functional or non-functional, though usually
functional. [8]

It is classified as:-

Equivalence class partitioning: - Equivalence partitioning (also called Equivalence Class

Partitioning or ECP) is a software testing technique that divides the input data of a software unit into
partitions of data from which test cases can be derived. In principle, test cases are designed to cover
each partition at least once. This technique tries to define test cases that uncover classes of errors,
thereby reducing the total number of test cases that must be developed.

Boundary value analysis: - Boundary value analysis is a software testing technique in which tests are
designed to include representatives of boundary values. Values on the edge of an equivalence
partition or at the smallest value on either side of an edge. The values could be either input or output
ranges of a software component. Since these boundaries are common locations for errors that result in
software faults they are frequently exercised in test cases.

White box testing: - White-box testing is a method of testing software that tests internal structures or
workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing
an internal perspective of the system, as well as programming skills, are required and used to design
test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate
outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT).[9]
Integration testing: - Integration testing (sometimes called Integration and Testing, abbreviated
"I&T") is the phase in software testing in which individual software modules are combined and tested
as a group. It occurs after unit testing and before system testing. Integration testing takes as its
input modules that have been unit tested, groups them in larger aggregates, applies tests defined in an
integration test plan to those aggregates, and delivers as its output the integrated system ready
for system testing .

 Big bang: - In this approach, all or most of the developed modules are coupled together to form
a complete software system or major part of the system and then used for integration testing.
The Big Bang method is very effective for saving time in the integration testing process.
However, if the test cases and their results are not recorded properly, the entire integration
process will be more complicated and may prevent the testing team from achieving the goal of
integration testing.

System testing: - System testing of software or hardware is testing conducted on a complete, integrated
system to evaluate the system's compliance with its specified requirements. System testing falls within
the scope of black box testing, and as such, should require no knowledge of the inner design of the
code or logic.

Now to maintain the software following points will be considered:-

In engineering, maintainability is the ease with which a product can be maintained in order to:

 correct defects
 meet new requirements
 make future maintenance easier, or
 cope with a changed environment
DETAILED DESIGN
 Chapter 9

Detailed System Design

The packet filtering systems route packets between internal and external hosts, but they do it
relationally. They allow or block certain types of packets in a way that reflects a site’s own
security as shown in Figure. The type of router Firewall used in a package filtering firewall is
known as a screening router.

Every packet has a set of headers containing certain information. This information is highly
essential to the router and it includes; IP source address, IP destination address,Protocol (whether
the packet is a TEP, UDP, or ICMP packet, TCP or UDP source port, TCP or UDP destination
port, and ICMP message type.Most of the existing firewall systems are implemented on
hardware, that is, they are hardware based. Because of the hardware platform, the firewalls have
the following shortcomings: they are very expensive; being hardware based, most of the firewall
requires extensive configuration procedure.
Network administrators are specially trained to handle the firewall system; each vendor has
specific configuration procedures for their firewall systems.The implication of this is that the
knowledge in one firewall system may not be applicable in another system; most of the hardware
based firewall system cannot be upgraded. The limitations of the hardware based firewall are
reasons for our adoption and the implementation of software based approach to firewall
development.
History:Firewalls have existed since about 1987, and several surveys and histories have already
been written. However, none of them provide both the depth and breadth of this survey, nor do
they focus on the peer-reviewed literature describing firewall technology.

In [1994], Alec Muffett wrote a paper which provided an excellent review of the firewall policies
and architectures of the time. This paper was aimed at people considering implementing a
firewall, describing the technologies which they might select, their tradeoffs, and how to
maintain a firewall. One section of the Internet standards document RFC 1636 [Braden et al.
1994] is about the status of firewalls as of February, 1994. In this section, they discuss the
problem of false security that a firewall often provides to an organization behind one.They also
review the concepts of application- and transport-level proxies, as well as simple packet filtering.

A review of firewalls and their technology appeared in Spectrum [Lodin and Schuba 1998]. This
paper is an excellent description of firewalls and their technology at the time it was written. Also
in [1998], Rik Farrow wrote a firewall product analysis which was related to the CSI _rewall
comparison for that year. This analysis is aimed at management and people just arriving at
firewalls, and provides them with the background information they would need to talk with a
firewall vendor intelligently.

Survey:
A brief description of our designed software based firewall system for network security is as
follows. The software firewall system has the following description; it accepts inbound network
traffic and analysis the following: IP source address, Protocol destination address, Protocol (TCP
or UDP), and ICMP message type. We applied the policy table probe on the traffic information.
The results of the probe were passed into the underlying firewall algorithm that initiated the
decision making process. Given figure is the flow chart for the firewall algorithm.
 Figure :Firewall System Flowchart

The process determines whether the inbound or outbound traffic should be allowed or denied.
This was dilated for the necessary activities and tasks needed in the creation of the proposed
software based firewall system.
CONCLUSIONS
 Chapter 10

Conclusions

Information security has become an important concept in any organizations due to the
fact that an unprotected information system can be exposed to danger in a network as a
result of penetration tools at the disposal of hackers and crackers. Therefore, there was
need to ensure adequate protection of internal network from hackers. To achieve this,
there are so many tools at the disposal of the network administrator and the security
administrator, which include; IPS (Inclusion Prevention System),

Firewall Security System and the IDS (Inclusion Detection System). This work
focused on the firewall system that filtered what goes in and comes out of the network. It
had the ability to block an unauthorized traffic and allow authorized traffic using the IP
(Internet Protocol) table. The firewall algorithm was implemented using Java
programming language, which was based on java security architecture.

It also utilizes the concept of socket programming which enables network

communication over the internet. The limitation of this work was the inability of the
system to track traffic from dial-up connections. We therefore recommend that future
work on this software should solve the problem of tracking down traffic from dial-up
connections. The system supports 70 concurrent connections at a time and this can also
be improved upon in future software development.
DEFINITIONS
&
REFERENCES
Definitions, Acronyms, and Abbreviations:-  

Definitions:-
• A firewall is a system of hardware and software components designed to restrict access
between or among networks, most often between the Internet and a private Internet.
• The firewall is part of an overall security policy that creates a perimeter defense designed
to protect the information resources of the organization.

A Firewall separates a protected network from an unprotected one, the Internet. A

firewall is a piece of software or hardware that filters all network traffic between our
computer, home network, or company network and the Internet. It is our position that
everyone who uses the Internet needs some kind of firewall protection.

• Two goals:
– To provide the people in your organization with access to the WWW without
allowing the entire world to peak in;
– To erect a barrier between an untrusted piece of software,your organization’s
public Web server, and the sensitive information that resides on your private
network.
• Basic idea:
– Impose a specifically configured gateway machine between the outside world and
the site’s inner network.
– All traffic must first go to the gateway, where software decide whether to allow or
reject.
References:-

1. . Kurose J. F., Ross K. IV (20th) Computer Networking: A Top-Dgon Approach, A

2. Press Publication New York. lejpt.academicdirect.org
3. Tamarch D. Network traffic control and management, Boston Massachusetts, 2006.
4. Snikart R. Control Techniques for network traffic, Car bridge University press, 2007.
5. Megn S. P. The Mathematics of network traffic Control-firewall perspective, Birkhauser
publishers, Germany, 2007.
6. Dick P. Application of firewall to network security, Pensuin Books, New York, 2001.
7. Pius B. An effective security control prevent an authorized network traffic, Journal of
8. information technology, New York, 2003

Web

1. http://en.wikipedia.org/wiki/Iterative_and_incremental_development
2. http://en.wikipedia.org/wiki/Black-box_testing
3. http://en.wikipedia.org/wiki/White-
box_testinghttp://www.developerfusion.com/article/84338/making-usb-c-
friendly/http://www.codeproject.com/KB/system/usbeject.aspx

Books Referred:-

1. C# 2008 Programming Black Book.

2. Beginners in C# by Murach.