Secure Private Servers with Multi Tier Firewalls

The Concept of my IS is to protect and secure our private Servers from the public Network and also from the other internal private network. Proposing virtual interfaces on the firewall and these interfaces are assigned in different ZONES termed as DMZs. Creating greater number of VLANs within a Zone will secure the Servers from compromising due to the other compromised server. By distributing in multiple subnets we can have more secure architecture i.e. like the outer most subnets are proposed as DMZs. Middle subnets should be served as transaction subnets where the system needs to support complex web applications placed in the DMZs, now the third or back-end subnet would be the private network that is trusted network.
Keywords: ACL, VLANs, WAN, LAN, DMZ, CTL, ATM, SMS
INTRODUCTION
It is really important to understand the security needs of any financial organization. Firewall plays a very important role in network security. Firewalls are deployed to defend the network. They are usually placed on first and second line of defense. By deploying a firewall in a network we can restrict the traffic that is entering in the network and also traversing through different zones. But all these things depend upon the proper design and the placement of firewall in a network.
In Three-tier deployment architecture is the deployment of multiple subnet between the private network and the internet separated by firewall. Each subsequent has more specific filtering rules to restrict the traffic only from the trusted sources.
Generally in old trends firewalls were deployed in two Tier firewall architecture in which the private network is secure from the public network by defining the two separate interfaces but here I am proposing Firewall architecture in a Multiple Tier architecture manner.
Now a day’s Applications are created in form of modules that generally resides on different machines or servers and are structured or you can say housed in different groups so as to secure and maintain segregations.
Like if security is breached on one module it won’t harm the other one. In other words if a Server is compromised other may possible be safe.
The outer most subnets are proposed as DMZs. Middle subnets should be served as transaction subnets where the system needs to support complex web applications placed in the DMZs, now the third or back-end subnet would be the private network that is trusted network.
This architecture is most secure but however it is also the most complex to design and implement. Like the Database Server that contains client’s account details is more sensitive and require more protection and security than the Web servers that is used for the Front-end.
The Concept of my Independent Study is to protect and secure our private traffic from the public Network. This can be done by creating different subnets and restrict them according to the needs. For creating different subnets we require different interfaces physically or virtually on the firewall device. If you use physical interfaces for the devices it limits to the number of ports available on the devices. As general we usually don’t have that much physical interface available on the device as we require so I would propose to create virtual interfaces on the firewall. Now these interfaces are assigned in different ZONES termed as DMZs. This limitation can be overcome by creating different Virtual interfaces on that device and assigned them in appropriate zones.
So that as more number of VLANs are created more security can be achieved by assigning different Servers in different VLANs.
Defining Firewall
The purpose of firewall is to monitor, examine and control the network traffic to protect the Network devices and system that are critical for any financial organization. Firewall first lookup the policies for the traffic passing through it and drops the packets that don’t meet the policy statements.
Firewall provides filtering of unwanted/ non legitimate traffic from the outside world as well as from the inside network also.
Firewalls are designed to block illegal unauthorized access and it only allows the traffic that is permitted in the policy defined.
Transmission of each packet is checked first, firewall contains some rules/ policies in it and each rule has some action against it either permit or deny.
Firewalls are available in both hardware and software form. The basic purpose of firewall is to protect our private network from internet and unauthorized access and to protect our private network.
Two-Tier Three-Tier Or multiple tier
The idea of providing this tier base architecture is to secure multi-tier application environment. There is no specific definition of two-tier or three-tier firewall. They came from different ideas like the term tier refers to the number of interfaces available on the firewall.
A two-tier firewall contains two interfaces each assigned to a different zone like:

Don't use plagiarized sources. Get Your Custom Essay on
Secure Private Servers with Multi Tier Firewalls
Just from $13/Page
Order Essay

Inside/ Private network/ Trusted
Outside/ Un-trusted network
A three-tier firewall generally having three zones like:
Inside/ Private network/ Trusted
Outside/ Untrusted network
A DMZ (Demilitarized zone)

Use the DMZ zone to host the servers that needs to be accessed from the outside world. It plays a vital role for any organization in which a lot of business services depends on the internet. Like e-commerce based services and also a lot of Banks are giving Internet banking facilities to their customer these days and by implementing such kind of architecture and adopting such recommendations in our network we can improve the availability and security.
Email servers, web servers and DNS servers are some of the servers that needs to be accessed publically from the outside network so they needs some extra security and protection.
Now let’s see the other usage of tier based architecture. Here tier does not mean the interfaces a firewall have but the layers of firewall you provide. In such kind of deployment a firewall is needed at each tier. Like one firewall for outside public network, one for the DMZ and one for you private network.
Multi tier applications over view
Now a days applications are designed in multiple logical tiers, software engineers has segregated the major functional areas into logical groupings that can be design, implemented and run independently of each other. Like if we take an example of a web-based application following tiers may possibly present there.

Presentation
Middleware
Data

Presentation
This tier directly interacts with the users that are coming from the internet. This tier is closest to internet. Such kind of publically accessed services are generally implemented using web, DNS and email servers.
The purpose of these servers is to present the application in front of user. This tier handles the interaction between users coming from public network and back-end components.
Middleware
In this tier such components are placed that performs business logic of the application in response to the queries requested by the servers hosted in presentation layer on behalf of internet users.
Data
In Data Tier core servers such as database servers, directory servers that contain confidential database are placed. This tier contains most confidential data of bank like account information of users and customer record.
The workflow of a web-based multi-tier application can be like this.
Users from the internet generate a request to web server via web browser.
The request is then processed by web server and being sent to middleware tire.
Then the middleware component interacts with the database servers for the requested query.
After processing the query the request is being responded to the web server then the web server relays the result to the internet user directly.
By using this methodology there is no such direct communication between the public user and the core database servers.
Explaing firewall deployment using single subnet
After segregating the segments into groups it help us to analyze the risk and exposure of the devices over public network that how we restrict the direct interaction of critical servers from the internet users. The acceptable amount of risk on each of the server vary from case to case so there are reasons behind to create different kind of zones and VLANs and put these servers in the relevant zones and VLANs and which security level is needed by each server.
An example of Internet banking application that works on different servers. Different types of servers are playing different roles in the overall workflow of this application. The server that is playing the role of FRONT-end server doesn’t require such strict level of security policy as compare to the server on which customer account information exist(Core Database server).
But in single subnet methodology all the servers are place behind the firewall and same security level is provided to each server either web server or bank’s database server. They all will be equally protected from the threats both from internet users and from the locally compromised server.
Explaing single firewall deployment with multiple SUBNETS
Deploying firewall in such manner that using physical and virtual interfaces of the firewall to create different subnets. Segregate the network into particular logical tiers create different subnet and inside each subnet each tier will provide more strict level of security than using single subnet. In this type of deployment the outer most tiers (presentation tier) only interacts with middle one (middleware Tier) and middleware tier only interacts with inner most tier (data tier) only.
Proposing Solution to a Financial Organization
In the proposed design the internet facing routers are serving as perimeter routers and acting as first line of defense. Routers are working in High availability mode.
After that two firewalls performing second line of defense to the Servers, these firewall contains all the Zones and VLANs on it. Rules will be created here. Application flow control will be handling at this level.
Both of the Firewalls are working in a high availability mode providing backup to each other. In case of physical interface or logical interface failure or the whole device failure network will be run smoothly.
These Firewalls are then connected to Layer two switches using gigabit interfaces. Servers will be terminating on the same switches or if needed on other switches.
Layer two trunks will be created between the switches as well in order to cater the case of device or interface failure.
Spanning tree would be configured on the switches in order to avoid loop between the switches and provide contingency.
The basic theme is to create different zones according to the relevant security levels. Following zones should be created on the firewall.

Internet Access Zone
Public Access Zone
Trusted Sever Zone
Business Access Zone

Internet Access Zone
The router on which internet link is terminating should be assigned in this zone. Strict rulebase /policies would be implemented.
Public Access Zone
The VLANs that need to be accessed from the internet by any mean would be assigned in this Zone. Different VLANs are created in this zone.
Like Internet Banking Front end server, and Email servers.
Trusted Sever Zone
Core Business Application and other critical financial Application’s VLANs are assigned in this zone. These servers are critical servers and very strict policies would be implemented for these servers. Only legitimate traffic would be permitted between the zones and within the zones between the VLANs. Following are some example of VLANs that would be created in this zone.
Core Business Application VLAN, Internet banking DB VLAN, ATM PHEONIX VLAN, CTL VLAN
Business Access Zone
These are the extranets or you can say external connectivity between the Bank and the other corporate entities. Like NADRA, UFONE
This zone is used to host the servers for the following VLANs like i.e. NADRA, SWIFT VLAN, UFONE VLAN, SMS VLAN, 1-Link VLAN, Central Banking servers.
Explaining Traffic Flow between different zones / within the zones between the VLANs
Internet banking application is design to work in multi tier architecture. Clients coming from the internet will first hit the front-end servers which are publically available, that’s why these servers are placed in Public Access Zone.
Then restricted policies are implemented between Public Access Zone and Transition Server Zone. Only these servers can send request for communication to Transition Server zone’s VLANs.
Then only these servers will communicate with the Trusted Zone’s VLANs.
Only these transition application servers will communicate with Bank’s Core Database Servers.
This model is beneficial for the bank so as to secure Bank’s critical servers. There is no direct communication between outside network like internet users and core business servers.
Conclusion
For any financial organization Security is an indispensable concern. Core Business servers needs to protected not just from the Outside public world but also from the Inside entities. For this a proper Network design should be implemented in which the placement and role of the firewall is very important. The Solution proposed in this independent study is how the applications that are working in multiple tiers can be secured properly and by segregating each type of application in separate zone you can restrict the non legitimate traffic from the other zone and also within the zone by creating different types of VLANs, this restrict the intra zone unwanted traffic. By using this methodology traffic flow can be control much more tightly without the need of creating as number of zones as equal to number of VLANs. This tightly controlled traffic flow will restrict the interaction between each tier. In short this methodology will restrict inter-zone traffic and inter-zone traffic as well.

Find Out How UKEssays.com Can Help You!
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.
View our services

Any traffic like intra-zone or inter-zone should be first lookup in the access control policy if it exists then communication will occur else the packets would be just dropped. The Caveat of using this methodology can be bottleneck occurrence due to traffic load between the zones and within the zones, every traffic should be passed first through firewall but to overcome this issue deploy the firewall and switch in a manner using gigabit interface trunks between them and also calculate the inter-zone and intra-zone traffic by traffic analyzers and if needed built bundles between Firewall and Switches. And moving in such manner will help us to protect our network and not to compromise on security. Lastly I would say that this Independent Study provides recommendations and secure model and cost effective solution for Multi-Tier environments.
 

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

image

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

image

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

  • Most Qualified Writer $10FREE
  • Plagiarism Scan Report $10FREE
  • Unlimited Revisions $08FREE
  • Paper Formatting $05FREE
  • Cover Page $05FREE
  • Referencing & Bibliography $10FREE
  • Dedicated User Area $08FREE
  • 24/7 Order Tracking $05FREE
  • Periodic Email Alerts $05FREE
image

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

  • On-time Delivery
  • 24/7 Order Tracking
  • Access to Authentic Sources
Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

image

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

Categories
All samples
Essay (any type)
Essay (any type)
The Value of a Nursing Degree
Undergrad. (yrs 3-4)
Nursing
2
View this sample

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate
image

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

See How We Helped 9000+ Students Achieve Success

image

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

  • Clear elicitation of your requirements.
  • Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

  • Proactive analysis of your writing.
  • Active communication to understand requirements.
image
image

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

  • Thorough research and analysis for every order.
  • Deliverance of reliable writing service to improve your grades.
Place an Order Start Chat Now
image

Order your essay today and save 30% with the discount code Happy