Flakfence

Project Title

Flakfence

Project Area of Specialization Cyber SecurityProject Summary

An increase in the complexity of networks and the advent of the internet has led to the networks becoming more and more susceptible to attacks. Securing the network has now become the top priority of any organization or household. Cyber-attacks and surveillance have made internet users privacy-conscious. Devices that are connected to the Internet are a vulnerable and potential target of a range of different threats. The attacks on the network have led to the loss of confidential information, critical data, and the spread of unwanted malware in networked computers. To overcome these attacks on networks and to avoid the risk of data breaches, there is a need for a system that is aware of the peculiarities and vulnerabilities that can be exploited and used against the state and individuals and be able to counteract them. A lot of such solutions exist in the market which is either too costly, too resource-intensive, or hard to configure for ordinary users.

Such solutions include:

Solutions	Cost
Firewalla	$169-418$
PF SENSE	$199-$699
Cisco ASA 5500-X	$400
Sonic Wall TZ	$300-$600
Fortinet FortiGate	$250-$2000

These widely used solutions come with some problems. They can not be configured by a common man. Firewalla is a simple plug and play device but that is too costly for a common man to afford. Therefore, a complete indigenous solution was required to counter growing threats of data breaches and insider attacks. Our product, ‘Flakfence’ will provide a solution to this problem. This device is controlled by the admin who sets up the policies. It would render network security by filtering incoming and outgoing network traffic based on a set of admin-defined rules. It would protect against a wide variety of network attacks, espionage, and infiltrations and would also offer an inbound and outbound firewall with intrusion detection (IDS) and prevention capabilities (IPS). The user will have an elaborated view of all connected devices along with network activities. It would also give the user complete control of the network he/she is connected to, from blocking web pages and cutting off access to unwanted devices. Moreover, the built-in VPN Server would allow the user to easily set up an encrypted connection from anywhere in the world to his home, thereby actively monitoring and detecting any suspicious connection. It would be a small hardware device that would give the detailed monitoring of connected device network flows, complete with alerts for abnormal activities.

Solutions

Firewalla

PF SENSE

Cisco ASA 5500-X

Sonic Wall TZ

Fortinet FortiGate

Project Objectives

1. Designing of an all-in-one, easy-to-use, and upgradable indigenous cyber security solution that makes use of IDS/IPS to monitor the network traffic.
2. This handy solution will institute parental control to surveil the children’s browsing activities and filter out unwanted content.
3. The proposed solution will address security concerns and trust issues of privacy-conscious people, private and public confidentially centered organizations, corporate offices, and security researchers.
4. The project, Flakfence, will open further avenues of research in the security and privacy domain as it can be further enhanced to make the product commercially viable.

Project Implementation Method

The client, requiring security for his/her network, connects the Flakfence device with the existing router via ethernet cable. S/He then install the android application, log in to connect the application with the device. Flakfence is a plug and play device so it does not need any configuration. 

The Flakfence device will start acting as an interceptor for all incoming and outgoing network traffic. It would later filter this traffic based on the network rules implemented by the administrator using the Flakfence Android application. These customized rules are based on the organization's network security policy. Flakfence would also log the network activity of all users and alarm the administrator in case of any violation of bypassing attempt. Simultaneously, the device will detect the intrusions in packets and alert the administrator if there are any intrusions and log the intrusions so the administrator can analyze them later.

Benefits of the Project

1. Flakfence would provide complete security to network users. It is an all-in-one solution for security-conscious people.
2. It is easy to use solution. A non-technical person can easily manage his network through Flakfence.
3. It comes with a smart GUI, which makes it easy to view network statistics and implement rules.
4. It would benefit privacy-conscious individuals, parents who are cautious about their child's internet access, private and government organizations, homes, offices, cafes, and hotels.
5. It is a handy, plug and play device at a low cost.

Technical Details of Final Deliverable

To establish an indigenous network security solution, we've made use of 

-Hardware:

• Mini PC

-Software

• Windows 10
• Kali Linux
• Raspbian
• Pycharm
• Android Studio
• Snort

-Programming Languages

• Python
• Java for Android
• Bash Scripting

-Database

• Firebase

-Networks

• Socket Programming TCP/IP
• Multi-threading
• Scapy

Final Deliverable of the Project HW/SW integrated systemCore Industry SecurityOther Industries Education , IT , Telecommunication Core Technology OthersOther TechnologiesSustainable Development Goals Industry, Innovation and InfrastructureRequired Resources

Elapsed time in (days or weeks or month or quarter) since start of the project	Milestone	Deliverable
Month 1	Literature Review	Comprehensive report highlighting knowledge and understanding of related solutions.
Month 2	Establishment of Gateway	Implementation of gateway between user and router to intercept the network traffic on virtual machine
Month 3	Rules Implementation	Blocked mac address, ports, protocols manually
Month 4	Establishment of Application	Established the UI of application, with a test run to block mac address through application
Month 5	Hardware Implementation	Implemented the gateway on raspberry pi
Month 6	Establishment of IDS	Established ids on machine to analyze and detect intrusions inside and outside of network
Month 7	Establishment of History log	Parse network packets to log network history and setting up database to display it on android application
Month 8	Establishment of VPN	Implementation of VPN to use app in remote ares
Month 9	Testing	Complete testing of system.
Month 10	Implementation on Hardware	Implementation of all scripts and modules on mini pc
Month 11	Security Testing/Validation	Testing of leaks and exploitations attempts being performed