This project is read-only.

Sections

About The Developer Features Developer's Blog

Current Snapshot

homeagain_0_2_1.jpg

Project Description

A firewall supplement created for the average user to track his or her computer's activity while away. Traffic is not blocked. It is instead cataloged. Algorithms are then applied to recorded traffic to generate suggested actions for the user upon return.

Introduction

The Internet has become almost a living being—growing, learning, evolving. However, like all other living beings, the Internet also suffers flaws. Much like how we humans fall prey to infectious bacteria and viruses, this collective network of computing devices also may fall to similar tactics. As members of the human population interact with each other, communicable diseases flow between. Similarly, when computing devices communicate among the Internet, the safety of those devices is jeopardized. When we sneeze, we cover our mouth for the comfort of others, but what can a computer do? The purpose of this project, in few words, is to help cover the mouth of infected computers.

Importance

Many users tend to choose not to install sufficient protection for their computer because it seems complicated to install and configure or they are unaware of the problem entirely. This proposed program will negate the first reason through a different type of algorithm. Although the second problem can not directly be solved, it is believed that by accomplishing the first that word-of-mouth may spread the idea of this new protection to those still in the dark.
Firewall software currently available is rather successful at protecting one's computer from the outside world. This is restricting, however. Many users of firewalls must regularly turn the settings off so that they may complete basic tasks. The way most of these firewall programs work is by blocking inbound traffic on many ports on the computer's network connections. The problem with this technique is that, by blocking these ports, many legitimate programs are unable to correctly function.
The proposed project will work differently than current firewalls. The first major difference is that no traffic is blocked. This allows all legitimate programs to work correctly at all times. Rather, the traffic coming from and going to the computer is cataloged. This feature is significant in that it allows far better ease-of-use for the end user.
Further, conventional firewalls use a white-list type of program blocking. This means that only those programs who have been given permission by the firewall to move traffic across the network connection are allowed. The proposed program will instead use a black-list type of program blocking. This will allow all programs to work correctly until the user decides to block the program from communicating over the network connection. This will further raise the ease-of-use of the program.

Project Activity

As discussed, this program will moderate the interaction between the computer and it's user. More specifically, the program will make the user aware of actions the computer takes which the user may not know. This will, in effect, help to capture and control the threat of zombie computers and therefore unauthorized distributed networking including denial of service attacks and propagation of spam.
The development of the main program will rely on the Visual Studio 2005 environment using a majority of C# code. The majority of the program facilities are incorporated in the capturing and sorting of information traveling over the network interfaces. The way the program will work is that the user is presented with a “home” screen which displays information about their computer's actions. When the user leaves their computer they will set this “home” screen to behave in a different manner. It is then that the program will capture information including source and destination ip addresses and ports and the process which is participating in that communication.
When the user returns, they return to the “home” screen which is then updated to display possible unauthorized communication which occurred while they were away. The user is given the option to state whether each process which communicated is an authorized or unauthorized program. In the future, a different algorithm will be applied to authorized programs based on the destination of the communication. Further, all traffic made by unauthorized programs is automatically red flagged and displayed prominently on the “home” screen. Recommendations may possibly be given on removal of unauthorized programs, but this will probably take more research than is in the scope of this project.
The networking aspects of this project beyond the actual capture include communication with a central server. This central server will use SQL server 2005 in order to maintain a database of users' computer actions. The user may choose to allow specific information about their computers actions to be uploaded to the server for them to view from another computer, or possibly interact with other programs including a small widget which will be discussed. This information is accessed via a web browser through a password-protected interface developed under Visual Web Developer using ASP.NET 2.0. The user may also choose to not allow any of the information about their computer to be shared or to only be shared for specific uses.
Because information about unauthorized traffic will be collected by the central server, unsafe processes can be determined by placing specific rules in creating a list of what will be called hive-unauthorized processes (HUP). If particular processes are flagged as unauthorized by many users, those processes will be added to the HUP. Further, the developer and authorized users may manually add known unsafe processes to this list. The HUP can then be downloaded by the main program and be automatically used in identifying unsafe processes.
The widget which will possibly accompany this project will be designed using the Yahoo Widget Engine. It will simply show a representation of the remote computer's actions including various levels displayed as a different visual cue. These levels include such actions as safe traffic, unknown traffic, user-unauthorized traffic, and hive-unauthorized traffic.

Target Market

The target market for this program is everyone with a computer running Microsoft Windows that is allowed access to a network including the Internet. This is extremely broad, but accurate. Those users with technical savvy will enjoy the advanced features of process blocking and the ability to help others through the HUP. Those users who are less familiar with computers or the dangerous aspects of the Internet will enjoy the incredible ease of creating a safe environment for their computer to interact with the Internet.
The user will expect that this software will provide sufficient observational information about their computer for them to eliminate possible threats to their computer's safety. They will more than likely use this program in a home setting in order to observe their computer while away. The business uses for this program are possible, but rather limited in this iteration. A future version of the program with further networking features could be created which makes more sense in the business setting, allowing a central manager to administer the installation and configuration of the software on networked machines.

Useful Resources

http://www.tamirgal.com/home/dev.aspx?Item=SharpPcap

http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx

http://antivirus.about.com/od/whatisavirus/a/zombiepc.htm

http://www.ironport.com/company/ironport_pr_2006-06-28.html

Last edited Apr 9, 2007 at 11:46 PM by ctotty, version 8