Degree Project Proposal
Enhancing Network Security: Analyzing Firewall Limitations and Implementing Mitigation Strategies
Date: March 06, 2025
Prepared by: Nji Rodney
Program: B.Tech Computer Engineering
Institution: College of Technology Buea
1. Introduction
Firewalls are a cornerstone of network security, yet they exhibit critical limitations that leave systems
vulnerable to modern threats. This project aims to identify key firewall shortcomings, propose practical
solutions, and demonstrate their effectiveness through a proof-of-concept (PoC) implementation. By
addressing these gaps, the project seeks to enhance network security practices and contribute to academic
and practical understanding in cybersecurity.
2. Project Scope
Objective
Analyze major limitations of firewalls and develop actionable mitigation strategies.
Demonstrate solutions via a simulated network environment.
Focus Areas
Encrypted traffic inspection.
Zero-day exploit detection.
Firewall misconfiguration prevention.
Deliverables
Research paper (15-25 pages).
Functional PoC with test results.
Presentation (10-15 slides, 15-minute talk).
3. Methodology
Phase 1: Research & Planning (Weeks 1-4)
Goal: Establish a theoretical foundation and define project scope.
Activities:
Review literature (IEEE, ACM, Verizon DBIR, vendor whitepapers).
Select 3-4 limitations based on impact and feasibility.
Output: Literature review and problem statement.
Phase 2: Solution Design (Weeks 5-8)
�Goal: Map limitations to solutions and design a test environment.
Activities:
Propose tools:
Encrypted Traffic: SSL decryption with pfSense.
Zero-Day Exploits: Sandboxing with Snort/ClamAV.
Misconfiguration: Rule audit script (Python).
Design network topology (1 firewall, 2-3 devices, 1 attacker VM).
Output: Design document with architecture diagrams.
Phase 3: Implementation (Weeks 9-14)
Goal: Build and test the PoC.
Activities:
Set up virtual lab (VirtualBox/GNS3).
Configure:
pfSense firewall.
Kali Linux attacker VM (encrypted packets, malware sim).
Target VM (Ubuntu/Windows).
Test scenarios:
Send encrypted malicious traffic; verify decryption.
Simulate zero-day exploit; test sandbox.
Misconfigure firewall; audit with script.
Output: Working PoC with logs and screenshots.
Phase 4: Analysis & Results (Weeks 15-17)
Goal: Evaluate solution effectiveness.
Activities:
Measure: detection rates, latency, CPU load.
Analyze with Wireshark, Python scripts, Excel charts.
Compare against baseline (no solutions).
Output: Results section with tables and graphs.
Phase 5: Documentation & Presentation (Weeks 18-20)
Goal: Compile findings and present.
Activities:
Write paper: Intro, literature, methodology, results, conclusion, future work.
�Create slides; rehearse demo (live or recorded).
Output: Final report and presentation deck.
4. Tools & Resources
Software
Firewall: pfSense (open-source).
IPS/Sandbox: Snort, ClamAV.
Analysis: Wireshark, Python (scripting).
Simulation: GNS3, Cisco Packet Tracer.
Hardware
Laptop: 8GB RAM, 4-core CPU (for VMs).
Optional: Cloud credits (AWS Educate, Google Cloud).
Learning Resources
Cybrary, TryHackMe (firewall basics).
Cisco Networking Academy (Packet Tracer access).
5. Challenges & Mitigations
Time Constraints: Limit to 2-3 limitations if needed; prioritize core tests.
Complexity: Start with one limitation, scale up as feasible.
Resource Access: Use open-source tools; avoid live network tests.
Ethics: Restrict testing to lab environment.
6. Academic Contribution
Novelty
Explore AI-driven misconfiguration detection (e.g., basic ML model with scikit-learn).
Evaluation
Benchmark against NIST 800-41 firewall guidelines.
Future Work
Scale to enterprise-grade NGFWs.
Investigate quantum-resistant firewall designs.
7. Timeline (20 Weeks)
Weeks 1-4: Research + scope definition.
Weeks 5-8: Solution design + lab setup.
Weeks 9-14: Implementation + testing.
Weeks 15-17: Analysis + results.
�Weeks 18-20: Documentation + presentation.
8. Significance
Practical Value: Hands-on PoC builds portfolio-worthy skills.
Relevance: Addresses a critical cybersecurity need; aligns with industry demand.
Flexibility: Adaptable to undergrad (basic PoC) or grad-level (AI integration) goals.
9. Next Steps
Refine focus based on advisor feedback.
Secure tools/resources (e.g., VM software, cloud credits).
Begin literature review and lab setup.
End of Document
Notes for Use
Formatting: Add bold/italic headings, adjust spacing, and insert your name/institution in a header/footer.
Customization: Swap tools or limitations based on your access/expertise (e.g., use Sophos instead of pfSense
if available).
Submission: Check your program’s guidelines—some require abstracts or budgets
