IN DISTRIBUTED SYSTEM
Group Members :
Siti Mazuin binti Mohd. Suki – GS14549
Nurafzan binti Muslim – GS14550
Hairani binti Ghazali – GS14548
TABLE OF CONTENT :
Term and definition
Introduction to Firewall
3.0 VIRTUAL PRIVATE NETWORK (VPN)
Introduction to VPN
Security in Distributed System
In a distributed system, clients send request to access
data managed by servers, which involves sending
information in messages over a network.
The challenge is to send sensitive information in a
message over a network in a secure manner.
Security not just concealing the contents of messages,
it also involves knowing for sure the identity of the user
or other agent on whose behalf a message was sent.
Client / server / resources
A SIMPLE NETWORK DIAGRAM A SIMPLE
distributed NETWORK DIAGRAM
We are focusing ONLY on :
WHAT IS FIREWALL ?
To control who / how / when / why / where someone /
something gets in and out of your network.
The main principle; the firewall is one which exists to
BLOCK traffic, and to PERMIT traffic.
It allows ONLY specific kind of messages from the
internet to flow in & out of internal network
- It usually involves hardware and software combination,
used to protect a network from unwelcome traffic
- To block unauthorized and unwanted access to or from a
WHY FIREWALL IS NEEDED?
- When internet access becomes part of business
facilities, therefore it is very important to use firewall.
-To protect the network, firewall can be installed as a
frontline protection from unauthorized access, hacking,
viruses, DOS attack (denial-of-service) etc.
- For example, some firewalls permit only e-mail traffic
to enter the network from elsewhere, this helps protect
the network against attacks made to other network
resources, such as sensitive files, databases and
4 LEVEL OF FIREWALL
LEVEL 1 A basic firewall usually installed on a router
and it does basic packet filtering of incoming
LEVEL 2 A dedicated firewall device does packet
filtering and maybe at some state- a full
LEVEL 3 A dedicated firewall device and it provides
application gateway proxy firewall
LEVEL 4 A dedicated firewall device that provides a
combination of application gateway proxy
firewall and full packet filtering capabilities
CHOOSING A FIREWALL
There are some factors to be considered :
Level of security, reliability, scalability needed
The budget and cost
The architecture (LAN/WAN)
Consistency of the network
Remote user and offices
Applications in use
Technical ability of administrator..etc
PROTOCOL OF FIREWALL
-Firewall can supports multiple protocol such as
HTTP, FTP, DNS, SMTP, POP3.
- Some firewall can add new protocol when it is
needed in the future at anytime
PROTECTION BY FIREWALL
a) To protect against unauthenticated logins from
the outside world
b) Provide logging and auditing function ; where
provide summaries about types and amount of traffic
that passed through it..etc
WHAT CAN’T A FIREWALL PROTECT
a)Medium storage as USB flash drive, CD and
DVD can be used effectively to export and
b)Classified data and top secret data should be
isolated from the rest of the corporate network
before the firewall is implemented
c) It also cannot protect against the traitors in
the network or an industrial spy.
Personal Firewall Software
BlackICE PC Protection
McAfee Personal Firewall Plus
Norton Personal Firewall
Sygate Personal Firewall
Tiny Personal Firewall
WHAT IS DMZ ?
- DMZ ( Demilitarized Zone) is an area within the
- Often a single machine in DMZ is allowed access
to both internal and external computers.
VIRTUAL PRIVATE NETWORK
What is VPN ?
VPN is a private data network that’s makes use of
public telecommunication infrastructure, maintaining
privacy through the use of a tunneling protocol and
A VPN can be contrasted with a system of owned or
leased lines that can only be used by one company.
The main purpose of a VPN is to give the company the
same capabilities as private leased lines at much lower
cost by using the shared public infrastructure. Phone
companies have provided private shared resources for
voice message for over a decade.
What is VPN ? (continue)
A VPN makes it possible to have the same protected
sharing of public resources for data.
VPN uses for secure data communications from one
location to another utilizing the public Internet as the
VPN use encryption/decryption to secure the data
while travelling over a public network (Internet). If the
data is captured while it transit the encryption provides
extreme difficulty in reading this data. Thus making the
data captured virtually useless.
What is VPN ? (continue)
VPN allow businesses to take advantage of
the internet and affordable broadband
transmissions for secure, private communication
between partners, remote offices, telecommuters
and traveling employees.
Low cost, tunneled connection with rich VPN services,
like IPSec encryption and QoS to ensure reliable
Cost saving over Frame Relay and leased lines
Extends WANs to business partners
Safe L3 security
Remote Access VPN
Secure, scalable, encrypted tunnels across a public
network, client software
Cost saving over toll-free number expenditures
VPN Technologies :
There are 3 VPN technologies
Companies who use trusted VPNs do so because they
want to know that their data is moving over set of
paths that has specified properties and is controlled
by one ISPs.
This allow customer to use their own private IP
addressing schemes, and possibly to handle their
The customer trust that the paths will be maintained
according to an agreement, and that people whom the
customer does not trust (such as an attacker) cannot
either change the paths of any part of the VPN or
insert traffic on the VPN. They also must trust their
The main reason that company use Secure VPNs is so
that they can transmit sensitive information over the
internet without needing to worry about who might see it.
Everything that goes over a secure VPN is encrypted to
such a level that even if someone captured a copy of the
traffic, they could not read the traffic even if they used
hundered of millions of dollar worth of computers.
Further, using a secure VPN allows the company to
know that an attacker cannot alter the content of their
transmissions, such as by changing the value of financial
Secure VPNs (continue)
Secure VPNs are particularly valuable for
remote acces where a user is connected to the
Internet at a location not controlled by the
network administrator, such as from hotel
room, airport kiosk, or home.
Secure VPNs provide security but no assurance of
Trusted VPNs provide assurance of properties of
paths such as QoS but no security from
Because of these strengths and weaknesses, Hybrid
VPNs have started to appear, although the list of
scenarios where they are desired is still evolving.
Happened is when a company already has a trusted
VPN in place and some parts of the company also
need security over part of the VPN.
VPN can be used for secure data
communication for traveling users, branch/remote
offices or business partner communication.
There are some scenarios where VPN
technology can bring outstanding benefits:
Mobile Users (MUVPN)
a) Mobile User VPN Deployment
MUVPN allows telecommuters or traveling employees
to access the corporate network while maintaining privacy
MUVPN encrypts sessions, preventing eavesdropping.
Another common problem that can occur with remote
users is the deposit of malicious code on their laptops
while they are outside the company firewall.
A good MUVPN solution must be integrated with anti-
virus software on the laptop, making it less susceptible to
b) Branch Office VPN Deployment
Many businesses require communication
between geographically separated offices.
Branch offices communication often contain
the types of critical data exchanged inside the
VPN ensures confidential connection between
c) Extranet VPN Deployment
Using VPN technology, separate business entities who
work closely (for example, a medial lab and a hospital)
can safely share information about their mutual business,
without giving each other access to the rest of their
Extranet installation resemble branch offices
installation but use very restrictive rule sets for data
The rule set are imperative for secure extranet
implementation, since each entity is opening part of its
network to the other.
Most VPNs rely on tunneling to create a private
network that reaches across the internet.
Essentially, tunneling is the process of placing an
entire packet within another packet and sending it over
The protocol of the outer packet is understood by the
network and both points, called tunnel interfaces,
where the packet enters and exits the network.
Tunneling has amazing implications for VPNs. For
Example, you can place a packet that uses a protocol
not supported on the internet (such as NetBeui ) inside
an IP packet and send it safely over the internet.
You also could put a packet that uses a private (non-
routable) IP address inside a packet that uses a globally
unique IP address to extend a private network over the
Tunneling requires three different protocols :
Carrier protocol - The protocol used by the network
information is traveling over.
Encapsulating protocol - The protocol ( GRE, IPSec,
L2TP ) that is wrapped around the original data.
Passenger protocol – the original data (IPX, NetBeui,
Benefit Of VPN
Extended geographic connectivity
Reduce operational cost versus traditional WAN
Reduce transit time and transportation cost for remote
Simplify network topology
Provide global network opportunities
Provide telecommuter support
Provide broadband networking compatibility
Provide faster ROI (return on investment) than