Exploring the use of Iptables as an Application Layer Firewall

  • PDF / 1,087,462 Bytes
  • 9 Pages / 595.276 x 790.866 pts Page_size
  • 65 Downloads / 260 Views

DOWNLOAD

REPORT


ORIGINAL CONTRIBUTION

Exploring the use of Iptables as an Application Layer Firewall Nikita Gandotra1



Lalit Sen Sharma1

Received: 9 October 2019 / Accepted: 2 October 2020  The Institution of Engineers (India) 2020

Abstract Application layer attacks pose as a grievous threat to the valuable information stored at Web servers for its illegitimate access. These attacks exploit certain protocols being used by an application of the targeted server, and at network level, these can only be intercepted by reading the contents of the packets before they reach the victim machine. This paper explores the use of Iptables for mitigating such application layer attacks, namely SQL injection, Cross-Site Scripting (XSS), HTTP Flood, FTP Flood and FTP Bounce attacks. The signature keywords used for articulating these attacks were first identified, and then, the new customized Iptables rules were laid for detection and mitigation of these attacks. The Iptables rules were tested on an experimental setup in a real network, and it was found that these rules could successfully detect the attack with the system performance degradation of only about 1% and therefore are easy to implement for configuring a lightweight security solution for application servers. Keywords Linux firewall  Iptables  SQL Injection  XSS  HTTP Flood, FTP flood  FTP Bounce

Introduction Application layer attacks are serious threats to information security and services provided by the Web servers connected to the Internet. The servers are continuously being & Nikita Gandotra [email protected] Lalit Sen Sharma [email protected] 1

Department of Computer Science and IT, University of Jammu, Jammu, India

targeted by intruders by exploiting certain application layer protocols for breaching the security of valuable information and thereby making it vulnerable to illegitimate access. These attacks are harder to identify and mitigate at network level and can only be intercepted by reading the contents of the packets before they reach the victim machine. In order to provide protection to the servers, firewalls are usually deployed as these form the first line of defense without restricting the information exchange with the outside world. An Application Layer Firewall can process information at network layer, transport layer, session layer and application layer of the OSI reference model. These provide greater control over traffic than packet-filtering firewalls [1]. It filters ingress and outgress traffic based on its rules laid by the network administrator [2]. Initially, it was believed deploying a firewall could degrade the performance of the network, but authors in [3] proved that filtering of unwanted traffic by firewall can increase network performance noticeably. Similarly, in [4] it was reported that link utilization and throughput are improved with deployment of firewalls. Thus, firewall does not only improve the network security but also improves the quality of service both in terms of availability and performance. Iptables is a powerful open sour