PRESENTED BY:
R. SRINIVASULU
CH. SHIVA RAM
K. MALLIKARJUNA
V. SUMAN KUMAR REDDY

---

[attachment=12470]
A MAIN PROJECT SEMINAR ON PACKET FILTERING FIREWALL USING NETFILTERS IN LINUX FOR ARM9
Aim of the project:
Network Security is a huge concern for enterprise networks.
Firewall is a machine which sits between public and private networks and block traffic based on configurable rules.
Linux kernel provides a mechanism to implement our own firewall using NETFILTERS.
So using this feasibility of Linux we create our own firewall and make it to block packets belonging to different protocols according to our commands.
Block Diagram of Project
Essentials of the project
The main components of the project are
ARM9 Processor.
Linux Operating System.
Firewall Module.
Internet(LAN/WAN/MAN).
ARM9 Processor Features
ARM stands for Advanced RISC Machine.
It is a 32 bit RISC microprocessor.
In 2005 about 98% of one billion total mobile phones sold contains ARM processor.
Offers very high performance with less power consumption.
The main features of ARM9 are:
5 stage pipeline .
Processor speed- 250 MHz
Harvard architecture
156 MIPS
Cache memory- 16KB
Supports Windows CE, Symbian OS, Linux, Palm OS and Android
Arm9 applications
Consumer Electronics
Networking
Automotives
Embedded
Why Linux???
Linux is freely distributable open source operating system.
It is Portable.
Follows monolithic kernel architecture.
Runs on most of the processors even on ARM.
Scalable, can run on super computer and also tiny devices.
Excellent Networking support.
Computer network
A Network is a series of points or nodes interconnected by communication paths.
There are 7 layers proposed by ISO and named as OSI/ISO reference layer. They are namely Physical, Data link, Network, Transport, Session, Presentation, Application.
Networks can be classified on the basis of spatial distances. They are
LAN
MAN
WAN
There are many protocols on which network operate few are TCP/IP, ICMP, HTTP etc.
On internet, the network breaks a message into parts of a certain size in bytes. These are called packets.
These packets consist of Sender’s IP address and Destination’s IP address.
All these packets travel through routers, switches, bridges, gateways which operate at respective layers.
Need for Security
When a device is connected to a network and begins communicating with it, it is taking a risk.
Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders.
Information Security focuses on protecting sensitive data from malware attacks using Data Loss Prevention(DLP) techniques.
Firewalls are used to provide the security to a system.
A firewall is a part of a computer system(OS) or network that is designed to block unauthorized access while permitting authorized communications.
A firewall’s basic task is to regulate some of the flow of traffic between computer networks of different trust levels.
What is packet filtering??
Packet filters act by inspecting the “packets” which represent the basic unit of data transfer between computers on the internet.
If a packet matches the packet filter’s set of rules, the packet filter will drop or reject the packet.
A packet filtering firewall examines the header of packet, to determine source, destination and type of protocol.
Packet filtering firewalls work on the first three layers of OSI reference model.
Packet filters follow a set of pre-defined or user defined rules and decide which packet to drop an which packet to accept.
If a rule is something like “drop all HTTP traffic” then all packets with HTTP header are dropped.
How does the project works???
In our project we insert the firewall into Linux kernel and run it on ARM9 board.
The actions such as Accept, Drop are to be taken with respect to the user defined rules based on
a) Protocol Type
b) IP address
c) Port numbers
First we assign a ip address and default gateway to our board and connect it in LAN.
If we wish to block the ICMP packets then the command can be given as
“./user_arm_firewall --protocol icmp”
When this command is executed our firewall gets activated and no icmp packets will be transferred or it can be regarded as icmp packets are dropped.
The same way we can implement on other protocols, port numbers ip addresses etc.
Advantages and Applications
Basic level security can be provided efficiently.
User can configure the rules to his choice.
Time management helps user to run firewall at his choice of time.
The power requirement of ARM processor is low.
This project uses Linux which gives flexibility to implement our own firewall.
Firewall is applied any system where basic security is concerned.
Provides complete action of user choice to select particular packets.
Time based applications are also been achieved to specify the activation of packets for the respective time periods.
Future scope
Firewall can be extended over applications like
Maintaining statistics of number of packets dropped/accepted.
Storage of dropped packets for future use.
It can be designed in such a way that it gets activated on its own for the time it is scheduled to.
conclusion
Packets are filtered by firewall using net filters and the basic security is been achieved using the firewall.
Linux kernel provides a mechanism to implement our own firewall. This mechanism is called "Netfilters".
Hence Packet filtering using Net filters can successfully be implemented on an ARM processor.
The firewall developed is free of cost and also provides the basic level of security.
Netfilters firewall can drop packets based on protocols like http, icmp and based on source and destination ip address, port numbers.
Hence the user can configure and derive many more applications.

[attachment=12760]
ABSTRACT
The ARM processor, unlike many other processors, was designed within a single company to meet its particular requirements for product development. One of the reasons the ARM was designed as a small-scale processor was that the resources to design it were not sufficient to allow the creation of a large and complex device. While ARM was developed as a custom device for a highly specific purpose, the team designing it felt that the best way to produce a good custom chip was to produce a chip with good all-round performance.ARM as a controller is used for arcade computer games, high-speed data communications, videophones, fuzzy logic controllers, and test equipment.
Everything on the Internet involves packets. Each packet carries the information that will help it get to its destination -- the sender's IP address, the intended receiver's IP address, something that tells the network how many packets this e-mail message has been broken into and the number of this particular packet. The packets carry the data within the protocols that the Internet uses: Transmission Control Protocol/Internet Protocol (TCP/IP). When a device connects to a network and begins communicating with it, it is taking a risk. Access to the Internet involves the risk of exposing sensitive data, securing these increasingly popular devices comes as a challenge. Security is provided by ways like Cryptography, Firewall, etc. Here, we are providing the security by firewall.
Any Firewall prevents unauthorized use and access to your device, its job is to carefully analyze data entering and exiting the device based on user configurations and ignore information that comes from suspicious location. This Firewall uses Packet Filtering
to examine the header of packet, to determine source, destination and the type of protocol. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be accepted or dropped. A rule can be something like "block all http traffic”. So packets with http protocol header will be dropped by the firewall. Linux kernel provides a mechanism to implement our own firewall with the basic level of security. This mechanism is called "Net filters".
ENVIRONMENT/TOOLS:
Programming Language: 'C'
Target Operating System: Linux
Host Operating System: Linux
Target: i386,PC’s.
1. INTRODUCTION
1.1 EMBEDDED SYSTEM
Embedded System is a system used to perform one specific operation “repeatedly” and “endlessly” within a given “time frame”.
1.1.1 Characteristics
a) An embedded system is a computer system designed to perform one dedicated functions often with real-time computing constraints.
b) It is embedded as part of a complete device often including hardware and mechanical parts. By contrast, a general-purpose computer, such as a personal computer, is designed to be flexible and to meet a wide range of end-user needs.
c) Embedded systems are controlled by one or more main processing cores that is typically either a microcontroller or a digital signal processor (DSP).
d) One common design style uses a small system module, perhaps the size of a business card, holding high density chips such as an ARM-based System-on-a-chip processor and peripherals, like external flash memory for storage.
The module vendor will usually provide boot software and make sure there is a selection of operating systems, usually including Linux and some real time choices. Some also have real-time performance constraints that must be met, for reasons such as safety and usability; others may have low or no performance requirements, allowing the system hardware to be simplified to reduce costs. Embedded systems are not always standalone devices.
Many embedded systems consist of small, computerized parts within a larger device that serves a more general purpose. For example, an embedded system in an automobile provides a specific function as a subsystem of the car itself.
The program instructions written for embedded systems are referred to as firmware, and are stored in read-only memory or Flash memory chips. They run with limited computer hardware resources: little memory, small or non-existent keyboard and/or screen.
1.2 TYPES OF EMBEDDED SYSTEMS
Embedded systems are of two types they are:
1) Low level ES
2) High level ES
1) Low level ES
• Low level ES can be used without OS.
• Machine Dependent(H/W).
• Less Flexible/Scalable due to H/W and S/W constraints.
• Difficult to Debug.
• Less IT firms to target with.
2) High level ES
a) High level ES can be used with OS.
b) Machine Independent (H/W).
c) More Flexible/Scalable due to adequate.
d) H/W and S/W.
e) Easy to Debug.
f) More IT firms can be targeted.
1.2.1 A Short list of embedded systems in our daily life
a) Modems
b) MPEG decoders
c) Network cards
d) Network switches/routers
e) On-board navigation
f) Pagers
g) Photocopiers
h) Point-of-sale systems
i) Portable video games
j) Printers
k) Satellite phones
l) Scanners
m) Smart ovens/dishwashers
n) Speech recognizers
o) Stereo systems
p) Teleconferencing systems
q) Televisions
r) Temperature controllers
s) Theft tracking systems
t) TV set-top boxes
u) VCR's, DVD players
v) Video game consoles
1.3 ARM PROCESSOR
ARM stands for Advanced RISC Machines. As of 2009, ARM processors account for approximately 90% of all embedded 32-bit RISC processors. ARM processors are used extensively in consumer electronics, including PDAs, mobile phones, digital media and music players, hand-held game consoles, calculators and computer peripherals such as hard drives and router. As of 2007, about 98 percent of the more than one billion mobile phones sold each year use at least one ARM processor. The ARM architecture is licensable. ARM processors are developed by ARM and by ARM licensees.
Prominent examples of ARM Holdings ARM processor families include the ARM7, ARM9 etc. The ARM architecture has the best MIPS to Watts ratio in the industry; the smallest CPU die size; all the necessary computing capability coupled with low power consumption of which a highly flexible and customizable set of processors are available with options to choose from, all at a low cost. ARM processor features include, Load/store architecture, an orthogonal instruction set, mostly single-cycle execution, a 6x32-bit register, enhanced power-saving design. The small size, low cost, and low power usage leads to one of the most common uses for an ARM processor today, embedded applications.
Embedded environments like cell phones or PDAs (Personal Digital Assistants) require those benefits that this architecture provides. Sure, there has to be a trade-off between performance, cost, and size. But, the ARM fits into this category nicely. It has very small die size, its performance, although not on the cutting edge, is more than adequate for the tasks at hand, and most importantly, it is cheap and low in power consumption.