Date of Award

1-17-2020

Publication Type

Master Thesis

Degree Name

M.Sc.

Department

Computer Science

Keywords

Cisco ASA, DDoS attack, Demilitarized Zone-DMZ, GNS3, Network Security, Wireshark

Supervisor

Saeed Samet

Rights

info:eu-repo/semantics/openAccess

Abstract

In today’s era of digitalization, everything is accessible remotely through smaller devices than ever. This brings a lot of concerns, security being at the top of the list for the organizations providing services to the public. The organization has to provide updated services every single time and at the same point, has to make sure that an intruder cannot get through the core of the organization which is the inside private network or LAN. If an organization provides mail and web services to their customers on daily basis, putting their servers within the local area network opens up the vulnerability to be directly accessible by an outsider from the untrusted network like the internet which will then just be the matter of skills and powerful machines to manipulate the whole system. Thus, the organization has to make some changes to their networks like creating the Demilitarized Zone or DMZ. DMZ provides an extra layer between the inside and outside network making it difficult to get access to the trusted network. The concept is, all the public-facing servers which provide distinguished services to the customers should be kept outside of LAN and within the DMZ. So, every time when the remote user requests for the service through the internet, it will be rerouted directly to the DMZ rather than LAN. The approach presented is to check whether the network with DMZ can sustain the DDoS attack generated using the python script better than the network without DMZ or not. The network is emulated using GNS3 to keep the host system isolated from the attacking vectors. Kali Linux virtual machine is used to resemble the attacker. Results are analyzed using Wireshark.

Share

COinS