Firewall and Internet Security - Research Proposal Example

?Firewall and Internet Security – A Research Proposal Research Question The advancements in technology and the growing pace of internet have almost pulled every individual on earth into the virtual world of cyber pace. As every day passes by, the rapidity with which internet grows has increased exponentially and as a result, the world is shrinking smaller and smaller. People living in extremities of the world could easily communicate just like they are doing it when they are in direct contact with each other. The distance is no more a matter of concern. Despite all the advantages of a networked world, the parallel increase in cyber threats has been an alarming factor. Information is the key to success of any individual or organization. When there is a threat to the security of such an important factor and the manner in which networked computers are hacked within seconds of time has put cyber security as one of the top priorities for technology developers. With the advent of these issues, the installation of firewalls has become a mandatory activity for every internet user. Every time a new level of security is proposed, a new mode of threat is ‘unearthed’ in this virtual world. So, as a precautionary measure, people protect themselves with having both personal as well as network firewalls. Although many kinds of research has been done on the levels of protection offered by network firewalls and personal firewalls, not much has been done on the perspective of providing a comparison between these two types of firewalls. (CHESWICK et. al, 2003) Continuing on these lines, the primary aim of this research is to examine the current literature comprehensively and produce a compare and contrast analysis of these two types of firewalls in regard to the increase in today's internet security. However, since the category of this itself provides a large scope for a complex and more time consuming analysis, the research question is further refined such that it focuses mainly on the following topic - why implementation of personal firewalls in every system in an enterprise is considered to be a difficulty when compared to the implementation of network firewalls. The reason that could be given for the choice of this topic is that irrespective of the number of advancements in firewall technologies, no proper solutions have been found yet, to understand the continued ignorance of affording personal firewalls to every system user in an enterprise instead of network firewalls, which are always considered as the preferred option. (Firewalls, 2003) Objectives of the research Based on the above research questions, the primary objectives of the research can be derived. The most common differences between personal and network firewalls (which are explained in the literature review section) are the architecture and design features, the working environment, technical features and other advantages and disadvantages of each type of firewall. Implementing a personal firewall seems to be a tougher task, as the configuration might not be similar for every system. This makes the process of implementation a difficult task. Each time a firewall is implemented; the system components and modules pose certain restrictions that in turn make the process tedious. The situation is entirely different in a network environment. Since the implementation is done on the network as a whole, the task of installing them in individual system is eradicated. In a network environment, the firewall controls the communication and network traffic. As the functions of a network firewall are composed of easier installation management process, it strikes a greater difference from that of a personal firewall. The disadvantage of a personal firewall strengthens the research question, as it indicates the importance of network firewalls. Hence, the analysis of the areas which were described above is considered to be the primary objectives of the research. Literature Review The progress of internet and development of technology has necessitated the need for security and protection. Critical data and information can be accessed anywhere in the world by any specialist or a hacker. Firewalls were introduced devices based on a set of rules with the notion of permitting or denying network transmissions, and protect the networks from unsolicited access while allowing valid communications to pass through. The firewall performs the critical function of securing our networks and protecting them from unauthorized messages and undesired material being filtered into our systems.( VACCA, ELLIS & ELLIS, 2005) Firewall technology needs to be installed strategically, ideally where the intranet meets the public internet, whereby it can ensure security, monitor and audit traffic and be able to trace any security breaches. There are three basic approaches that firewalls implement to protect networks: packet filtering, application proxy and circuit proxy. Packet filtering is the very basic approach, efficient and fast as the firewall just identifies the packet header, checks the IP address and grants or denies access. The circuit proxy goes a step ahead and replaces the original address with the destination address to the ones it grants access, which may not be always a good method. The application proxy approach is more advanced than the other two as it goes onto understand the application protocol and data and then decides to grant or deny access. Firewall devices have been categorized as personal and network firewalls. Personal firewall can be broadly defined as an application that manages network traffic to and from a personal computer, allowing or denying communications based on the acceptable norms of the security policy They are typically designed for personal computers or single user devices, so they protect only that computer on which they are installed. Every time the user Image source: Computer security for everyone, 2010 connects to the internet, the personal firewall will prompt the user to ensure that the security policy is updated and regulated. They also prompt moment they detect minor security breach or any form of unauthorised intrusions, immediately terminating or blocking the connectivity. Most popular personal firewalls are: Norton 360, Comodo Firewall Pro, ClearOS and Kaspersky Internet Solutions amongst many others. (GONCALVES, 2000) Network firewalls are implemented for entire networks especially in all organizations that involve usage of over thousands of computers and share critical data every minute. They are incorporated by organizations to keep out intruders, maintain information security, explicitly protect data resources from malware, and prevent data loss by implementing data loss prevention (DLP) techniques. Network firewalls are usually of two types: 1. Appliance based like Cisco PIX, Juniper’s Netscreen and Nokia firewalls and 2. Software based like Microsoft ISA server, Checkpoint’s NGX and Linux based IPTables. (ZWICKY, COOPER & CHAPMAN, 2000) Network security starts with the user being authenticated and then the firewall comes into play, by enforcing access policies and effective prevention of unauthorized access. It starts monitoring the network traffic and tracks all abnormal behavior and any anomalies to ensure data protection and confidentiality. Image source: Secmanager, 2010. With the advancement of technology, the firewalls have been improvised a lot and today they built-in intrusion detection and prevention capabilities. (NOONAN, & DUBRAWSKY, 2006) Proposed Research Methodology There are several types of research methodologies that can be incorporated with this research. The different methods followed in this research are described below. Conducting Interviews The first and foremost method that could be included in performing the research is analyzing the information obtained through several interviews conducted to personnel from different sectors of this technical area. The important factors that need to be taken care of while performing this method are: The technical qualifications of interviewed people and their experience The number of people interviewed and allocation time for each interview. (CRESWELL, 2003) First, the time allocated to this method should be used acutely in order to obtain accurate results. For example, one can fix on the number of people to be interviewed, the time for which they are interviewed and accordingly the questions can be set. Secondly, the qualification of the people who are interviewed and their experience related to this field plays a crucial role. For example, questions related to identifying the disadvantages of performing the installation of personal firewalls in enterprise systems can only be accurately answered by people who are from security management and network enterprises like Cisco and Netapp. These organizations could have people who are experts related to this field and the information obtained from them may prove extremely beneficial. (ERWIN, GENDIN & KLEIMAN, 1994) Surveys Surveys are the next best option for gathering data in relation to this research. Irrespective of the benefits of conducting personal interviews the information gathered, although accurate, may not be ubiquitous or in other words, the contents may not be prevalently accepted. So for areas with relation to such information, information that varies according to person can be collected and a unanimous decision may be reached only through the help of surveys. Some of the key factors that need to be considered while creating the research questionnaire for this research are given below: Identification of the question to be asked and the answers that are expected for each question Strategizing the questions in such a way that the questions are short and concise and are arranged in an ordered manner. Publicizing the questionnaire to as many numbers of people as possible with the help of various resources. (JACKSON, 2008) Performing practical experiments In order to cross verify and understand the reasons behind the differences between these two types of firewalls, experimental research is conducted. With a group of 8 to 10 computers, the research is conducted in the same set of environments for both personal and networked firewalls.(KOTHARI, 2008) In the first set of experiments, the group of computers is installed with personal firewalls in a connected environment and their performance is monitored. Similarly, the group of computers is monitored with a network firewall and the results are evaluated. Based on the results obtained from these two experiments, the collected data through surveys and interviews are compared and evaluated. (MCBURNEY & WHITE, 2009) Ethical issues and Potential outcomes During all stages of research, the possibilities of ethical issues propping up are always high. More than performing the research, the many chances of ethical issues popping up comes during the time of preparing the thesis or during report generation. With the advent of technologies and the wealth of information present in the virtual world, it would not be a very hard issue to find out the details of any information from the report that is not properly referenced and that is taken from other sources. So, the first important and the most critical ethical issue that needs to be taken care of while doing the research would be the plagiarism issues. In any country, plagiarism in any form is considered to be a very serious issue that can be charged even as a criminal offence. Even ideas or thoughts, if not the words taken from the other resources need to be properly referenced. Efforts are made in this research to properly reference all kinds of data obtained even if it is any idea from other sources. The transcripts of interviews and copies of the surveys would be presented along with the report of the research. (THOMAS, NELSON & SILVERMAN, 2010) The second critical issue that needs to be taken care of while performing the research is fabrication of data. Under no circumstances, the results of experiments done during the research should be altered to make it satisfy the proposed hypothesis. Such acts could prove to be an offense and may reduce the hypothesis to null if someone cross verifies and disproves the theory. (MCNEILL & CHAPMAN, 2005) So, caution must be taken that no data collected, irrespective of whether it is totally deviated from the expected result should be included in the derivation of the hypothesis. Instead, measures are taken to analyze factors that would ensure the reason behind such variations in the data and efforts are put to the maximum to justify such deviations. Overall, it could be said that the desire to achieve success and the passion of working should be totally disregarded and the research factors should always be looked from a birds’ eye view. The quotes of people obtained through their interviews are taken into consideration directly and no alterations are done to those views. Similarly, the questions asked in the survey are set in a standard format and the same sets of questionnaire are asked to all the people. (THOMAS, NELSON & SILVERMAN, 2010) Another ethical issue that is taken care of during the research time is the timeline in which the data is collected. Since firewalls as a technology is constantly on the rise and constantly innovating, it is important to understand the timeframe in which the research was conducted and they are published according to those timelines or periods. For example, with respect to firewalls, only packet filters were in use during the time of its introduction. If any research data collected during that timeline is used in this research, then it provides totally erroneous data in reference to current technologies. Hence, it is important to understand and analyze from which period the resource information is taken and to mention the same during the presentation of the research results. (CHENEY, 1993) Conclusion The reason behind the choice of the research question has been articulated along with an explanation behind the selection of the objectives. Based on the research question, the current literatures were reviewed to identify the results of the recent research and to understand the concepts better before proceeding with the research. The proposed research methodology included methods like conducting interviews, surveys and practical experiments. The process of conducting such methods and the important parameters that needs to be taken care of while conducting the research has been established. Finally, the ethical issues that may arise while preforming this research have been outlined. References CHENEY, D. 1993. Ethical issues in research, University Pub. Group. THOMAS, J., NELSON, J. & SILVERMAN, S. 2010. Research Methods in Physical Activity, Human Kinetics. CRESWELL, J. W. 2003. Research design: qualitative, quantitative, and mixed method approaches, Sage Publications. ERWIN, E., GENDIN, S. & KLEIMAN, L. 1994. Ethical Issues in Scientific Research: An Anthology, Garland. MCBURNEY, D. H. & WHITE, T. L. 2009. Research Methods, Cengage Learning. MCNEILL, P. & CHAPMAN, S. 2005. Research methods, Routledge. KOTHARI, D. C. R. 2008. Research methodology: methods and techniques, New Age International (P) Ltd. JACKSON, S. L. 2008. Research methods: a modular approach, Thomson Wadsworth. CHESWICK, W. R., BELLOVIN, S. M. & RUBIN, A. D. 2003. Firewalls and Internet security: repelling the wily hacker, Addison-Wesley. 2003. Firewalls: The Complete Reference, McGraw-Hill Education (India) Pvt Ltd. VACCA, J. R., ELLIS, S. & ELLIS, S. R. 2005. Firewalls: jumpstart for network and systems administrators, Elsevier Digital. ZWICKY, E. D., COOPER, S. & CHAPMAN, D. B. 2000. Building Internet firewalls, O'Reilly. GONCALVES, M. 2000. Firewalls: a complete guide, McGraw-Hill. NOONAN, W. & DUBRAWSKY, I.2006. Firewall Fundamentals, Pearson Education. Firewalls. 2010. [Online]. Available at: http://www.intelligentedu.com/computer_security_for_everyone/12-firewalls.html [Accessed 18 April, 2011] Secmanager. 2010. Network Firewalls. [Online]. Available at: http://www.secmanager.com/how_to_configure_pix_firewall_part2 [Accessed 18 April, 2011] Read More