REPORT FILE

MICRO-PROJECT
SUBJECT : NETWORK FORENSICS (4360705)

SEMESTER :- 6TH

DEPARTMENT
COMPUTER ENGINEERING

TOPIC

Firewall implementation in Cisco

Packet Tracer
Created by,
Pankaj Baria(216300307039)
Awsaf Shaikh(216300307016)

1|Pa ge
Vision of our Institute
To nurture young minds by imparting quality technical education to meet
ever changing industrial challenges and societal needs.

Mission of our Institute

• Developing technically and ethically competent manpower to
accept new challenges through conducive teaching environment.
• Strengthen industry institute interaction.
• Up-gradation of institutional resources to cope up with latest
technical developments.
• Enhancing the employability skills of rural youth.

Vision of Department

To prepare competent rural youth by catering soft skills and

technical expertise in computer field, through conductive learning
environment.

Mission of Department
• To implant professional attitude, moral values, technical expertise
and innovative capabilities.
• To prepare skilled computer engineers for specialized careers
along with higher studies.
• To enhance liaison with industry and academia for maximum
exchange of knowledge and skill

2|Pa ge
 ABSTRACT

The increasing complexity of networks, and the need to make them

more open due to the growing emphasis on and attractiveness of
the Internet as a medium for business transactions, mean that
networks are becoming more and more exposed to attacks, both
from without and from within. The search is on for mechanisms and
techniques for the protection of internal networks from such
attacks. One of the protective mechanisms under serious
consideration is the firewall. A firewall protects a network by
guarding the points of entry to it. Firewalls are becoming more
sophisticated by the day, and new features are constantly being
added, so that, in spite of the criticisms made of them and
developmental trends threatening them, they are still a powerful
protective mechanism. This article provides an overview of
firewall technologies

3|Pa ge
Acknowledgement
We would like to express our gratitude to our guide Guided By :
Mr. PARESHKUMAR PATEL as well as our
H.O.D Mr.S.R.SOLANKI who gave us golden opportunity to do this
project on this topic Firewall We Would also like to thank our
classmates and Specially to our classmates Who helped us in our
Project. We Would also like to Think our parents Who supported us
Throughout the semester.

Pankaj Baria(216300307039)
Awsaf Shaikh (216300307005)

4|Pa ge
❖ Introduction:-
Today's networks change and develop on a regular basis to
adapt to new business situations, such as reorganisations,
acquisitions, outsourcing, mergers, joint ventures, and
strategic partnerships, and the increasing degree to which
internal networks are connected to the Internet. The increased
complexity and openness of the network thus caused makes
the question of security more complicated than hitherto, and
necessitates the development of sophisticated security
technologies at the interface between networks of different
security domains, such as between Intranet and Internet or
Extranet. The best way of ensuring interface security is the use
of a firewall.

• All traffic from inside to outside, and vice-versa, must

pass through it.
• Only authorised traffic, as defined by the local security
policy, is allowed to passthrough it.
• The firewall itself is immune to penetration

5|Pa ge
 Figure 1: Firewall Schematics

6|Pa ge
❖Firewalls: Basic Approaches and Limitations :
Firewalls are critical components of network security, serving as
barriers between internal networks and external threats. They
employ various approaches to regulate and monitor traffic, each with
its strengths and limitations.

1. Packet Filtering:
This method examines individual data packets based on
predefined rules. It filters packets by inspecting headers for source
and destination addresses, ports, and protocol types. While
efficient and suitable for basic security needs, packet filtering can
be vulnerable to IP spoofing attacks and lacks the ability to inspect
packet contents beyond headers.

2.Stateful Inspection (Stateful Firewall):

Unlike packet filtering, stateful inspection maintains a record of
active connections, enabling it to make more informed decisions
about which packets to allow or deny. By tracking the state of
connections, it enhances security by analyzing packet contents
beyond headers. However, it may introduce latency due to the
additional processing required to maintain connection states.

3.Proxy Firewalls:
Proxy firewalls act as intermediaries between internal and
external networks, handling requests on behalf of clients. They
7|Pa ge
 establish separate connections with both parties, inspecting and
filtering traffic at the application layer. While offering strong
security by scrutinizing packet contents and effectively hiding
internal network details, proxy firewalls can degrade performance
due to the overhead of processing each connection.

4.Next-Generation Firewalls (NGFW):

NGFWs combine traditional firewall functionalities with
advanced features such as intrusion prevention, deep packet
inspection, and application awareness. By examining traffic at
multiple layers of the OSI model, NGFWs provide comprehensive
protection against modern threats. However, their complexity and
resource requirements may pose challenges for implementation
and management.

8|Pa ge
❖ Limitations:
1.Encrypted Traffic:
Firewalls face difficulties inspecting encrypted traffic, as
they cannot analyses encrypted contents without decryption
keys. This limitation hampers their ability to detect threats
hidden within encrypted communications.

2.Application Awareness:
While NGFWs boast application awareness, they may
struggle to accurately identify and control increasingly
complex and dynamic applications, leading to potential
gaps in security coverage.

3.Scalability:
As network traffic volume grows, firewalls may struggle to
handle the increased load efficiently, potentially leading to
performance bottlenecks and degraded user experience.

4.Zero-Day Threats:
Firewalls rely on predefined rules and signatures to detect
and mitigate threats. As a result, they may be susceptible to
zero-day attacks that exploit vulnerabilities unknown to
security vendors.

9|Pa ge
 ❖ Types of Firewall:

1. Web Application Firewalls :

These are specifically designed to protect web applications
from a variety of attacks such as cross-site scripting (XSS),
SQL injection, and other common web exploits. They operate
by monitoring and analysing HTTP traffic between a web
application and the Internet.

2. Network Segmentation Firewalls :

These firewalls are used to divide a network into multiple
segments or subnetworks for security purposes. They control
the flow of traffic between these segments based on predefined
rules, thus limiting the impact of security breaches and
10 | P a g e
 preventing unauthorized access to sensitive areas of the
network.

3. Database Firewalls :
As the name suggests, these firewalls are focused on
protecting databases from unauthorized access, SQL injection
attacks, and other threats. They monitor database traffic and
enforce access controls based on predefined security policies
to ensure that only authorized users and applications can
interact with the database.

4. Cloud-based Firewalls :
These firewalls are deployed in cloud environments to protect
cloud infrastructure, applications, and data from various
threats. They operate similarly to traditional network firewalls
but are specifically designed to secure cloud-based resources
and provide additional features such as scalability, elasticity,
and integration with cloud platforms.

5. Next-Generation Firewalls:
NGFWs combine traditional firewall capabilities with
advanced security features such as intrusion detection and
prevention, application awareness, SSL inspection, and more.
They offer deeper visibility into network traffic and
application behaviour, allowing organizations to better
identify and respond to emerging threats in real-time.

11 | P a g e
 ❖ Steps to Configure and Verify Firewall in Cisco
Packet Tracer:
Step 1: First, open the Cisco packet tracer desktop and
select the devices:
S.NO Device Model Name Quantity
1. PC PC 1
2. server PT-Server 1
3. switch PT-Switch 1

IP Addressing Table:

S.NO Device IPv4 Address Subnet Mask

1. Server 1.0.0.1 255.0.0.0
2. PC0 1.0.0.2 255.0.0.0
3. PC1 1.0.0.3 255.0.0.0
4. PC2 1.0.0.4 255.0.0.0

12 | P a g e
• Then we, create a network topology as shown below the image.

13 | P a g e
Step 2: Configure the PCs (hosts) and server with IPv4 address and
Subnet Mask according to the IP addressing table given above.

14 | P a g e
Step 3: Configuring the firewall in a server and blocking packets
and allowing web browser
• First, Deny the ICMP protocol and set remote IP to 0.0.0.0 and
Remote wildcard mask to 255.255.255.255.
• Then, allow the IP protocol and set remote IP to 0.0.0.0 and Remote
wildcard mask to 255.255.255.255.

15 | P a g e
16 | P a g e
Step 4: Verifying the network by pinging the IP address of any PC.

• Check the web browser by entering the IP address in the URL.

• Click on PC2 and go to desktop then web browser.

17 | P a g e
18 | P a g e
 ❖ Conclusion

In conclusion, implementing firewalls in a Cisco Packet

Tracer project offers significant advantages in terms of
network security and management. By incorporating
various types of firewalls such as web application firewalls,
network segmentation firewalls, database firewalls, cloud-
based firewalls, and next-generation firewalls,
organizations can create a robust defines strategy against a
wide range of cyber threats.

These firewalls provide granular control over network

traffic, ensuring that only authorized users and applications
can access resources while blocking malicious activities and
unauthorized access attempts. Additionally, they offer
features such as intrusion detection and prevention,
application awareness, and SSL inspection, which enhance
the overall security posture of the network.

Furthermore, deploying firewalls in a Packet Tracer project

allows network administrators to gain hands-on experience
in configuring, managing, and troubleshooting firewall
devices in a simulated environment before deploying them
in a production network. This helps improve their skills and
readiness to handle real-world security challenges
effectively.

19 | P a g e