الفهرس | Only 14 pages are availabe for public view |
Abstract The open nature of the Internet makes it is increasingly important for the businesses and non-businesses organizations to pay a great attention to the security of their networks, in order to achieve strong protection for their sensitive and valuable resources. The technologies and procedures used should guarantee; Confidentiality, Integrity, Availability, authentication, and authorization which are the main functional elements of the network security. Security attacks main objects are trying to destroy a system or disrupt normal system or network behavior by taking an advantage of vulnerabilities. The suitable network security technology must be selected to prevent and mitigate any security attacks that violate the network security policy, and to meet the network performance requirements. This thesis presents a survey on some network security technologies and procedures, and compares their impact on the various network performance parameters. Firewall is a hardware or software solution implemented within the network to enforce security policy by controlling network access (in and out). Virtual Private Network (VPN) is a private network that uses a public network (usually the Internet) to connect remote sites or users together in a secure manner. Virtual Local Area Network (VLAN) is a logical grouping of network computing devices without regard to their physical location. The thesis proposes some network management modules that enhance some of the network performance parameters that affected negatively by implementing these technologies. Parallel firewalls modules (VLANs based, traffic direction filtering based, load balancing filtering based) limit the delay caused by application proxy firewall’s full inspection process, improve the response time of HTTP server, and moreover they enhance the network availability. A Demilitarized Zone (DMZ) module that is implemented with VPNs enhances the Database query response time and other parameters affected by VPNs, and moreover provides more protection to the privateIII network. Fortunately the most performance parameters improved due to partitioning local network into VLANs. A great agreement found between the results obtained practically and a simulation results related to VLANs and network performance. Key Words Network Security, Security Policy, Attacks, Firewalls, Parallel Firewalls, Load Balancing, Virtual Local Area Networks (VLANs), Virtual Private Networks (VPNs), Demilitarized Zone (DMZ), Network Performance, Availability, Private Network Protection. |