M.Sc. Tezi Görüntüleme

      Deployment of e-business and Internet banking via computer networks resulted a quest for security among local network and internet users. Local area networks (LAN) are preferred to share data and resources but increasing number of attacks to computer systems that hold strategic information demand network traffic filtering on routers connecting corporate LANs to Internet. It becomes easier to access information as the number of computers attached to Internet increase. But the threat caused by fast growth of Internet is inevitable. Illegal access, modification, distrubution and misuse of strategic information by hackers cause many services to stop for some time or cause substantial damage. Numerous software and hardware were developed to remedy security problems. But these products are either inadequate to secure the network or lack the performance needed.

      Network security by means of packet filtering is implemented in this study. The reasons for developing security mechanism based on packet filtering is explained, modelled and coded in C++ for portability. Both network interfaces are set to promiscious mode in order to listen, process and forward packets to other network interface if rule tables let the packet pass through. There are seperate rules and tables for TCP, UDP and ICMP protocols. There exist two alternatives in filtering; default deny where all packets except allowed types are considered as potential threat is dropped, and default allow where all packets except denied types are considered as harmless and passed through. Instead of adopting the first or the second alternative, TCP and UDP packets were filtered by the first and second rules respectively. Also, packets from certain applications or hosts where both alternatives would fail are specified and denied or allowed for that port or address.

      Keywords: Network Security, Protokols