MSc Thesis Defense by:  Manan Patel

 

Date:  January 8, 2020

 

Time:  9:30 am- 11:30 am

 

Location: Lambton Tower Room 3105

 

In today’s era of digitalization, everything is accessible remotely through smaller devices than ever. This brings lot of concerns, security being at the top of the list for the organizations providing services to the public. The organization has to provide updated services every single time and at the same point, has to make sure that an intruder cannot get through the core of the organization which is the inside private network or LAN. If an organization provides mail and web services to their customers on daily basis, putting their servers within the local area network opens up the vulnerability to be directly accessible by an outsider from the untrusted network like internet which will then just be the matter of skills and powerful machines to manipulate the whole system. Thus, the organization has to make some changes to their network like creating the Demilitarized Zone or DMZ. DMZ provides an extra layer between the inside and outside network making it difficult to get the access of the trusted network. The concept is, all the public facing servers which provides distinguish services to the customers should be kept outside of LAN and within the DMZ. So, every time when the remote user requests for the service through internet, it will be rerouted directly to the DMZ rather than local area network. This provides enhanced security to small or medium scale organizations as they cannot afford costly security equipment available in the industry. The approach presented is to check whether the network with DMZ can sustain the DDoS attack generated using the python script better than the network without DMZ or not. The network is emulated using GNS3 runs on the VMWare workstation pro to keep the host system isolated from the attacking vectors. Kali Linux virtual machine is used to resemble the attacker. Policies have been applied on Cisco ASA to mitigate the effect of DDoS attack and results are compared before and after applying the policy. Results are analyzed using Wireshark for better understanding of packet transmission through the network.

 

 

 

 

 

Internal Reader: Dr. Jianguo Lu

 

External Reader: Dr. Myron Hlynka

 

Advisor: Dr. Saeed Samet

 

Chair: TBD