Overview

Workshop in Information Security:

Building a Firewall within the Linux Kernel

0368-3500-40, Spring 2013

Lecturer: Eran Tromer
Teaching assistant: Ariel Haviv
Advisor: Assaf Harel
Time: Thursday 10:00-12:00
Place: Schreiber 008

Course overview
Firewalls control and monitor access to networks, and are found in every organization and personal computer. Emerging as an Israeli innovation two decades ago, modern firewalls perform sophisticated packet analysis tasks at a very high throughput.

In this workshop we will study the basic design of firewalls, and recreate the basic firewall functionality using just elementary building blocks of the GNU/Linux operating system. We will extend the Linux kernel with packet analysis capabilities, interface it with userspace programs, and experiment with using this firewall for blocking real-world attacks.

The workshop's goals:

  • Become familiar with the Linux kernel, and how to extend it using kernel modules.
  • Understand the TCP/IP protocol, and how it is processed in the Linux kernel.
  • Understand concepts in packet inspection and parsing, and rule-based enforcement.
  • Introduction to network attack techniques, detection and prevention.
  • Gain experience in designing and implementing a modular system.

This workshop is offered in cooperation with industry experts from Check Point, offering a unique exposure to industry's capabilities and needs, and an opportunity for a real-world impact.

The workshop projects will be done in teams of up to 2 students. The assignments will be interesting and cool, but expect intensive and challenging work, and lots of self-learning. The projects will be completed and reported by the end of the semester, and there will be milestones and evaluations to ensure progress during the semester. Students will be expected to read and learn on their own any concepts and systems that are unfamiliar and needed in order to carry out the project successfully.

Prerequisites:

  • Operating systems (0368.2162)
  • Software Project (0368.2161).

Recommended:

  • Communication Networks (0368-3030)
  • Any information security course

General FAQ