Network security and the NPS Internet firewall

• Main Author: Schively, Jody L.
• Other Authors: Shimeall, Timothy
• Language: en_US
• Published: Monterey, California. Naval Postgraduate School 2013
• Online Access: http://hdl.handle.net/10945/30578

As the Naval Postgraduate School's (NPS) computer network continues to incorporate computers with a wide variety of security holes, it is vital that an Internet firewall be installed to provide perimeter security for NPS from the Internet. NPS has had systems compromised by unauthorized individuals who have gained access via the Internet. The approach taken by this thesis was to analyze the type of Internet firewalls available and chose a design that provides the protection required at NPS while maintaining the Internet functionality desired. After choosing the appropriate type of firewall, it was tested for functionality and performance. The functionality test successfully validated that the bootp, netwall, tftp, sunrpc, and nfsd packets could he blocked while other network services remained functional. The performance testing process first monitored existing traffic to and from the BARRNET and DDN routers. The second step determined the firewall's performance with a well known network measurement tool, New Test TCP/IP (ntrcp). The existing data rates to and from the Intemet are on average 438 kilobjis per second and the nttcp tests showed that the firewall could run at 600 kilobits per second. These results validated that the firewall could maintain the data rates currently required to the Internet. This thesis resulted in a firewall, obtained from Texas A&M, that can be installed and used to improve the network security between the NPS network and the Internet. This firewall runs on a PC and would be located between the NPS network and the BARRNKr and DDN routers. This would result in a perimeter of security for the NPS network, to assist in the ever growing need for network security.