e-mail address: omnetmanual@gmail.com

Phone number: +91 9444856435
DEFENDER

How to Calculate Network Demilitarized Zone in omnet++

To calculate and evaluating a Network Demilitarized Zone (DMZ) in OMNeT++ encompasses mimicking the architecture and performance of a DMZ, which is a physical or logical sub network that splits an internal local area network (LAN) from untrusted external networks, like the internet. It is constructed to insert an extra layer of security to the internal network by showing services to the external network while protecting the internal network.

Step-by-Step Implementations:

  1. Understand the Role of a DMZ

A DMZ normally:

  • Hosts Public Services: Web servers, email servers, and DNS servers that want to be available from the internet are placed in the DMZ.
  • Isolates Internal Networks: Stops direct access to internal networks by filtering traffic through the DMZ.
  • Implements Firewalls: To manage and observe traffic among the DMZ, internal network, and external network by using firewalls.
  1. Set up a Network with a DMZ

Generate a network topology where a DMZ is placed among the external network like the internet and the internal network such as a corporate LAN in OMNeT++. The DMZ will usually be divided from both networks by firewalls.

Example: Define a Network with a DMZ in NED

network DMZNetwork {

submodules:

externalNetwork: ExternalNetwork;  // Represents the internet or external network

dmz: DMZ;                          // The DMZ containing public servers

internalNetwork: InternalNetwork;  // The internal network to be protected

firewall1: Firewall;               // Firewall between external network and DMZ

firewall2: Firewall;               // Firewall between DMZ and internal network

connections:

externalNetwork.out++ –> firewall1.in++;

firewall1.out++ –> dmz.in++;

dmz.out++ –> firewall2.in++;

firewall2.out++ –> internalNetwork.in++;

}

  1. Implement the DMZ Logic

In the DMZ, we can place public-facing servers like web servers that want to be available from the external network. The firewalls control and filter traffic among the external network, DMZ, and internal network.

Example: Implementing a Simple DMZ

#include <omnetpp.h>

using namespace omnetpp;

class DMZServer : public cSimpleModule {

private:

int requestsHandled = 0;

protected:

virtual void handleMessage(cMessage *msg) override {

// Handle incoming requests

requestsHandled++;

EV << “Request handled by DMZ server.” << endl;

// Simulate processing delay

simtime_t processingTime = par(“processingDelay”).doubleValue();

scheduleAt(simTime() + processingTime, msg);

}

virtual void finish() override {

recordScalar(“Requests Handled”, requestsHandled);

}

};

Define_Module(DMZServer);

  1. Simulate Traffic through the DMZ

Make traffic from the external network that targets services presented in the DMZ. The firewall would permit only specific kinds of traffic like HTTP, HTTPS to reach the DMZ servers, while blocking others.

Example: Traffic Simulation in the External Network

class ExternalNetworkNode : public cSimpleModule {

protected:

virtual void initialize() override {

// Start generating requests after a delay

scheduleAt(simTime() + par(“sendInterval”).doubleValue(), new cMessage(“httpRequest”));

}

virtual void handleMessage(cMessage *msg) override {

// Send the request to the DMZ server via the firewall

send(msg, “out”);

}

};

  1. Implement Firewall Filtering Rules

The firewalls should perform rules to filter traffic based on protocols, ports, or source/destination addresses. For example, a firewall might permit HTTP and HTTPS traffic but block all other kinds.

Example: Implementing Firewall Rules

class Firewall : public cSimpleModule {

private:

int packetsAllowed = 0;

int packetsBlocked = 0;

protected:

virtual void handleMessage(cMessage *msg) override {

// Apply filtering rules

if (isAllowed(msg)) {

packetsAllowed++;

send(msg, “out”);

} else {

packetsBlocked++;

EV << “Packet blocked by firewall.” << endl;

delete msg;  // Block the packet

}

}

bool isAllowed(cMessage *msg) {

// Implement your filtering rules here

// Example: Allow only HTTP/HTTPS traffic

return strcmp(msg->getName(), “httpRequest”) == 0;

}

virtual void finish() override {

// Record firewall performance metrics

recordScalar(“Packets Allowed”, packetsAllowed);

recordScalar(“Packets Blocked”, packetsBlocked);

}

};

Define_Module(Firewall);

  1. Monitor DMZ and Firewall Performance

We can watch several aspects of the DMZ and firewall performance, like:

  • Requests Handled by DMZ Servers: The number of legitimate requests that were managed by the servers in the DMZ.
  • Packets Allowed/Blocked by Firewalls: The efficiency of the firewall in filtering traffic.
  • Processing Delay: The time taken by the DMZ servers and firewalls to process requests.

Example: Monitoring DMZ and Firewall Metrics

class DMZServer : public cSimpleModule {

private:

int requestsHandled = 0;

simsignal_t processingDelaySignal;

protected:

virtual void initialize() override {

processingDelaySignal = registerSignal(“processingDelay”);

}

virtual void handleMessage(cMessage *msg) override {

requestsHandled++;

simtime_t startProcessing = simTime();

// Simulate processing delay

simtime_t processingTime = par(“processingDelay”).doubleValue();

scheduleAt(simTime() + processingTime, msg);

simtime_t endProcessing = simTime();

emit(processingDelaySignal, endProcessing – startProcessing);

}

virtual void finish() override {

recordScalar(“Requests Handled”, requestsHandled);

}

};

  1. Analyse the Effectiveness of the DMZ

Examine the effectiveness of the DMZ setup after running the simulation:

  • Security: Did the firewalls effectively block unauthorized access attempts to the internal network?
  • Efficiency: How well did the DMZ servers manage the incoming requests?
  • Traffic Management: Was legitimate traffic correctly routed to the DMZ, and was needless traffic blocked?
  1. Example Scenario

In the below example, the DMZ module encompasses public-facing servers that manage requests from the external network, while firewalls control traffic among the external network, DMZ, and internal network. The performance of the DMZ and firewalls is monitored through metrics like processing delay, packets blocked and packets allowed.

network DMZExample {

submodules:

externalNetwork: ExternalNetworkNode;

firewall1: Firewall;

dmzServer: DMZServer;

firewall2: Firewall;

internalNetwork: cModule;

connections:

externalNetwork.out++ –> firewall1.in++;

firewall1.out++ –> dmzServer.in++;

dmzServer.out++ –> firewall2.in++;

firewall2.out++ –> internalNetwork.in++;

}

  1. Post-Simulation Analysis

To observe the recorded metrics, like the number of packets allowed and blocked by the firewalls, requests managed by the DMZ servers, and the processing delay by using OMNeT++’s built-in analysis tools. This analysis will help to know how well the DMZ architecture is performing in terms of security and effectiveness.

In this setup, we are known and develop knowledge about how to implement Network Demilitarized zone using OMNeT++. We will offer further informations about this topic based on your requests.

We will help you with the Network Demilitarized Zone in the omnet++ tool for your project so drop us with your parameter details. We carry on network project performance based on your specifications.

Related Topics