Global ETD Search

11	LATENCY AND THROUGHPUT COMPARISON BETWEEN IPTABLES AND NFTABLES AT DIFFERENT FRAME AND RULE-SET SIZES / LATENS- OCH GENOMSTRÖMNIGSJÄMFÖRELSE MELLAN IPTABLES OCH NFTABLES VID OLIKA RAM- OCH REGELUPPSÄTTNINGSSTORLEKAR Jonsson, Tomas January 2018 (has links) Firewalls are one of the most common security tools used in computer networks. Its purpose is to prevent unwanted traffic from coming in to or out of a computer network. In Linux, one of the most common server operating system kernels available, iptables has been the go-to firewall for nearly two decades but a proposed successor, nftables, is available. This project compared latency and throughput performance of both firewalls with ten different rule-set sizes and seven different frame sizes using both linear look-ups and indexed data structures. Latency was measured through the round-trip time of ICMP packets while throughput was measured by generating UDP traffic using iPerf3. The results showed that, when using linear look-ups, nftables performs worse than iptables when using small frame sizes and when using large rule-sets. If the frame size was fairly large and rule-set fairly small, nftables was often performed slightly better both in terms of latency and in terms of throughput. When using indexed data structures, performance of both firewalls was very similar regardless of frame size or rule-set size. Minor, but statistically significant, differences were found both in favour of and against nftables, depending on the exact parameters used. / Brandväggar är en av de vanligaste säkerhetsverktygen som används i datornätverk. Dess syfte är att förhindra oönskad trafik att komma in på eller lämna ett datornätverk. I Linux, en av de vanligaste operativsystemkärnorna som används i serversystem, har iptables varit den rekommenderade brandväggen i nästan två årtionden men en tänkt ersättare, nftables, är tillgänglig. Detta projektet jämförde latens och genomströmning för båda brandväggarna med tio olika storlekar på regeluppsättning samt sju olika ramstorlekar genom både linjära regeluppslag och indexerade datastrukturer. Latens mättes genom tur- och returtid för ICMP-paket medan genomströmning mättes genom att generera UDP-trafik med iPerf3. Resultaten visade att, när linjära regeluppslag användes, nftables presterade sämre än iptables när små ramstorlekar användes samt när stora regeluppsättningar användes. Om ramstorleken var relativt stor samt regeluppsättningen relativt liten presterade nftables något bättre än iptables både i fråga om latens och i fråga om genomströmning. När indexerade datastrukturer användes var prestandan för bägge brandväggarna jämförbar oavsett ramstorlek eller storlek på regeluppsättning. Mindre, men statistiskt signifikanta, skillnader fanns både till nftables för- och nackdel, beroende på vilka parametrar som användes. Firewall Iptables Nftables Latency Throughput Performance Brandvägg Iptables Nftables Latens Genomströmning Prestanda Computer and Information Sciences Data- och informationsvetenskap
12	Content Based Packet Filtering In Linux Kernel Using Deterministic Finite Automata Bilal, Tahir 01 September 2011 (has links) (PDF) In this thesis, we present a content based packet filtering Architecture in Linux using Deterministic Finite Automata and iptables framework. New generation firewalls and intrusion detection systems not only filter or inspect network packets according to their header fields but also take into account the content of payload. These systems use a set of signatures in the form of regular expressions or plain strings to scan network packets. This scanning phase is a CPU intensive task which may degrade network performance. Currently, the Linux kernel firewall scans network packets separately for each signature in the signature set provided by the user. This approach constitutes a considerable bottleneck to network performance. We implement a content based packet filtering architecture and a multiple string matching extension for the Linux kernel firewall that matches all signatures at once, and show that we are able to filter network traffic by consuming constant bandwidth regardless of the number of signatures. Furthermore, we show that we can do packet filtering in multi-gigabit rates. QA Computer Software 76.75-76.765
13	BANDWIDTH AGGREGATION OF MOBILE BROADBAND LINKS ON RASPBERRY PI BASED ACCESS POINT Chrast, Lukas, Knaperek, Jozef, Kovalcik, Marek January 2014 (has links) This thesis is concerned with the usability of Raspberry Pi as the access point in the mobilebroadband network environment. The first part of the thesis is dedicated to Raspberry Pi itself;hardware required to set up WLAN and WAN; and to the analysis of suitable solutions forbandwidth aggregation, particularly the load balancing of mobile broadband connections andtheir aggregation into one logical link. The second part deals with the implementation of thesesolutions and subsequently with their testing and verification. The evaluation of results gives aninteresting outcome. Load balancing has proven to be resilient and feasible solution forbandwidth aggregation in the mobile broadband network environment where the speed, packetloss and jitter are of main concern. The second scenario, where the connections are bundled intoone logical link, has turned out to give variable results. Its performance is susceptible to thechanges in the mobile broadband network as the packets across the links in the bundle alternatein the round-robin fashion. WiFi Linux Raspberry Pi Point-to-Point Protocol load balancing iptables
14	Comparative Analysis of Iptables and Shorewall AHMAD, MUHAMMAD ZEESHAN January 2012 (has links) The use of internet has increased over the past years. Many users may not have good intentions. Some people use the internet to gain access to the unauthorized information. Although absolute security of information is not possible for any network connected to the Internet however, firewalls make an important contribution to the network security. A firewall is a barrier placed between the network and the outside world to prevent the unwanted and potentially damaging intrusion of the network. This thesis compares the performance of Linux packet filtering firewalls, i.e. iptables and shorewall. The firewall performance testing helps in selecting the right firewall as needed. In addition, it highlights the strength and weakness of each firewall. Both firewalls were tested by using the identical parameters. During the experiments, recommended benchmarking methodology for firewall performance testing is taken into account as described in RFC 3511. The comparison process includes experiments which are performed by using different tools. To validate the effectiveness of firewalls, several performance metrics such as throughput, latency, connection establishment and teardown rate, HTTP transfer rate and system resource consumption are used. The experimental results indicate that the performance of Iptables firewall decreases as compared to shorewall in all the aspects taken into account. All the selected metrics show that large numbers of filtering rules have a negative impact on the performance of both firewalls. However, UDP throughput is not affected by the number of filtering rules. The experimental results also indicate that traffic sent with different packet sizes do not affect the performance of firewalls. / Muhammad Zeeshan Ahmad: +46-700228942 Linux Iptables Firewall Performance Comparison of Linux Firewalls Computer Sciences Datavetenskap (datalogi)
15	Performance Evaluations of Cisco ASA and Linux iptables Firewall Solutions Xu, Junjie, Su, Wenhui January 2013 (has links) A firewall is an essential component to provide network security and traffic control. It is widely used to prevent illegal accesses to private or corporate networks from external unsafe source like Internet. Firewalls are basically classified into two types, hardware firewalls and software firewalls. Hardware-based is a single external hardware to a system, but software-based is installed on a computer inside a system. Two such firewalls, Cisco ASA 5505 and Linux iptables are implemented and practical evaluated theirs performance. The performance test in this paper work primarily focuses on Network layer, and the main parameters include Throughput, Latency, and Concurrent Sessions. Different performance monitoring tools are also introduced in this paper. As a network layer firewall, the most impressive feature is through inspecting the packets to manage the traffic from the higher Layer 4-7 of OSI (Open Systems Interconnection) model, which inevitably has a certain impact on the performance. The bottleneck of the whole network is determined by what extent the impact is. The primary objective of this thesis is through analyzing the test reports to evaluate the two type firewalls’ performance. Thus the results reported in this paper gives some ideas to new firewall customers about what aspects should be considered before selecting a suitable firewall product. Firewall Performance Cisco iptables Computer Engineering Datorteknik Other Computer and Information Science Annan data- och informationsvetenskap
16	Metody zabezpečení IP PBX proti útokům a testování odolnosti / Securing IP PBX against attacks and resistance testing Kakvic, Martin January 2014 (has links) This diploma thesis focuses on attacks on PBX Asterisk, FreeSWITCH and Yate in LTS versions. In this work was carried out two types of attacks, including an attack DoS and the attack Teardown. These attacks were carried out using two different protocols, SIP and IAX. During the denial of service attack was monitored CPU usage and detected if its possible to establish call and whether if call can be processed. The Security of PBX was build on two levels. As a first level of security there was used linux based firewall netfilter. The second level of security was ensured with protocols TLS and SRTP.
17	Mapování síťových prefixů v IPv6 / IPv6 Network Prefix Translation Ježek, Lukáš January 2012 (has links) This master thesis deals with testing network prefix translation algorithm in IPv6. It tests existing implementation. This implementations are compared with each other. Some implementations end with error compilation. There are two options how to deal with this problem, it might be repaired or the port to the new kernel is created. Performance is tested with Spirent hardware packet generator.
18	Intelligente Firewall-Strategien zum Management von Peer-to-Peer-Datenverkehr Friedrich, Eicke 20 October 2017 (has links) Die vorliegende Arbeit untersucht Möglichkeiten, die Nutzung von Peer-to-Peer (kurz P2P) Tauschbörsen im Universitätsnetzwerk zu kontrollieren. Neben einer Einführung in Grundbegriffe und Methoden von P2P-Tauschbörsen werden verschiedene Ansätze zum unterbinden und einschränken solcher Filesharingtools mittels einer Firewall diskutiert. Um eine Einbindung in ein bestehendes Netzwerk möglichst transparent zu gestalten, wurde ein Linux-Rechner benutzt, der als Bridge fungierte. Es wird insbesondere auf die derzeit beliebten P2P Netzwerke Gnutella, FastTrack, eDonkey und Overnet eingegangen. Als Firewall wird der weit verbreitete Paketfilter iptables verwendet, welcher derzeit den meisten Linuxdistributionen (S.u.S.E., RedHat,...) beiliegt. Im Rahmen dieser Diplomarbeit entstand die iptables Erweiterung IPP2P, welche ebenfalls vorgestellt werden soll. Desweiteren soll mit Hierachical Token Bucket (HTB) eine QoS-Erweiterung für Linux vorgestellt und benutzt werden, um die Bandbreite des identifizierten Datenverkehrs zu formen. HTB zeichnet sich durch eine vergleichsweise einfache Installation und Handhabung aus. Firewall, IPP2P, iptables, Linux info:eu-repo/classification/ddc/000 ddc:000
19	Linux 2.4 Netfilter/iptables Schreiber, Alexander 12 June 2000 (has links) Der vorliegende Vortrag gibt einen Ueberblick ueber den neuen Kernel-Firewall von Linux 2.4, das Netfilter/iptables System. Es werden die Moeglichkeiten des neuen Systems erlaeutert sowie die Vergleiche mit den Vorgaengern praesentiert. info:eu-repo/classification/ddc/004 ddc:004 Netzwerk Linux Netfilter iptables Firewalling
20	Evaluation of the CSF Firewall / Utvärdering av CSF brandväggen Mudhar, Ahmad January 2013 (has links) The subject of web server security is vast, and it is becoming bigger as time passes by. Every year, researches, both private and public, are adding to the number of possible threats to the security of web servers, and coming up with possible solutions to them. A number of these solutions are considered to be expensive, complex, and incredibly time-consuming, while not able to create the perfect web to challenge any breach to the server security. In the study that follows, an attempt will be made to check whether a particular firewall can ensure a strong security measure and deal with some security breaches or severe threat to an existing web server. The research conducted has been done with the CSF Firewall, which provides a suit of scripts that ensure a portal’s security through a number of channels. The experiments conducted under the research provided extremely valuable insights about the application in hand, and the number of ways the CSF Firewall can help in safety of a portal against Secured Shell (SSH) attacks, dedicated to break the security of it, in its initial stages. It further goes to show how simple it is to actually detect the prospective attacks, and subsequently stop the Denial of Service (DoS) attacks, as well as the port scans made to the server, with the intent of breaching the security, by finding out an open port. By blocking the IP Addresses of the attackers dedicated to such an act, preventing them from creating nuisance, the CSF Firewall has been able to keep alien intrusions away from the server. It also aids in creating a secure zone for the server, to continue smoothly, while alerting the server administrators of the same, and gives them an opportunity to check those threatening IPs, and the time of attack, makes sure that the server administrators stay alert in the future, and is able to keep an eye on such attacks. In doing this, the experiment adds valuable data in the effective nature of the CSF Firewall. CSF Firewall Iptables Firewall Web server Security SPI Configserver Security & Firewall SYN-flood DoS attack Port Scan Exploit checks Firewall notifications SSH attacks Computer Sciences Datavetenskap (datalogi)

Search results