Exploring the use of Iptables as an Application Layer Firewall
- PDF / 1,087,462 Bytes
- 9 Pages / 595.276 x 790.866 pts Page_size
- 65 Downloads / 258 Views
ORIGINAL CONTRIBUTION
Exploring the use of Iptables as an Application Layer Firewall Nikita Gandotra1
•
Lalit Sen Sharma1
Received: 9 October 2019 / Accepted: 2 October 2020 The Institution of Engineers (India) 2020
Abstract Application layer attacks pose as a grievous threat to the valuable information stored at Web servers for its illegitimate access. These attacks exploit certain protocols being used by an application of the targeted server, and at network level, these can only be intercepted by reading the contents of the packets before they reach the victim machine. This paper explores the use of Iptables for mitigating such application layer attacks, namely SQL injection, Cross-Site Scripting (XSS), HTTP Flood, FTP Flood and FTP Bounce attacks. The signature keywords used for articulating these attacks were first identified, and then, the new customized Iptables rules were laid for detection and mitigation of these attacks. The Iptables rules were tested on an experimental setup in a real network, and it was found that these rules could successfully detect the attack with the system performance degradation of only about 1% and therefore are easy to implement for configuring a lightweight security solution for application servers. Keywords Linux firewall Iptables SQL Injection XSS HTTP Flood, FTP flood FTP Bounce
Introduction Application layer attacks are serious threats to information security and services provided by the Web servers connected to the Internet. The servers are continuously being & Nikita Gandotra [email protected] Lalit Sen Sharma [email protected] 1
Department of Computer Science and IT, University of Jammu, Jammu, India
targeted by intruders by exploiting certain application layer protocols for breaching the security of valuable information and thereby making it vulnerable to illegitimate access. These attacks are harder to identify and mitigate at network level and can only be intercepted by reading the contents of the packets before they reach the victim machine. In order to provide protection to the servers, firewalls are usually deployed as these form the first line of defense without restricting the information exchange with the outside world. An Application Layer Firewall can process information at network layer, transport layer, session layer and application layer of the OSI reference model. These provide greater control over traffic than packet-filtering firewalls [1]. It filters ingress and outgress traffic based on its rules laid by the network administrator [2]. Initially, it was believed deploying a firewall could degrade the performance of the network, but authors in [3] proved that filtering of unwanted traffic by firewall can increase network performance noticeably. Similarly, in [4] it was reported that link utilization and throughput are improved with deployment of firewalls. Thus, firewall does not only improve the network security but also improves the quality of service both in terms of availability and performance. Iptables is a powerful open sour
Data Loading...