network security using mikrotik router operating system
DESCRIPTION
Network security has become more important to personal computer users, organizations, and the military. With the advent of the internet, security became a major concern and the history of security allows a better understanding of the emergence of security technology. The internet structure itself allowed for many security threats to occur. The architecture of the internet, when modified can reduce the possible attacks that can be sent across the network. Knowing the attack methods, allows for the appropriate security to emerge. Many businesses secure themselves from the internet by means of firewalls and encryption mechanisms. The businesses create an “intranet” to remain connected to the internet but secured from possible threats.TRANSCRIPT
NETWORK SECURITY USING MIKROTIK ROUTER OPERATING SYSTEM
BY
IDAHOSA PAUL MONDAYPSC0508648
DEPARTMENT OF MATHEMATICS STATISTICS WITH COMPUTER SCIENCE FACULTY OF PHYSICAL
SCIENCES UNIVERSITY OF BENIN, BENIN CITY,EDO STATE. NIGERIA.
MAY, 2012
1
NETWORK SECURITY USING MIKROTIK ROUTER OPERATING SYSTEM
BY
IDAHOSA PAUL MONDAYPSC0508648
BEING A PROJECT SUBMITTED TO THE DEPARTMENT OF MATHEMATICS, FACULTY OF PHYSICAL
SCIENCES, UNIVERSITY OF BENIN, BENIN CITY, EDO STATE, IN PARTIAL FULFILLMENT OF THE
REQUIREMENT FOR THE AWARD OF BACHELOR OF SCIENCE (B.Sc HONS) IN STATISTICS WITH
COMPUTER SCIENCE.
MAY, 2012.
2
CERTIFICATION
It is certified that this work was carried out by Mr. Paul Monday Idahosa of the
Department of Mathematics, University of Benin, Benin City.
-------------------------- ---------------------------ASSO PROF. M.N.O. IKHILE MRS. S. KONYEHAAg. Head of Department Supervisor
DATE:---------------------- DATE: ----------------------
3
DEDICATION
I dedicate this work to God almighty, the creator and sole administrator of the
whole universe who in His infinite mercy sustained and provided for me, may his name
be praised forever. I also dedicate it to my late father Pa Joseph Idahosa, who set the ball
of education rolling in my life before he departed this world may his soul rest in peace.
Amen.
4
ACKNOWLEDGEMENT
First and foremost, I have to acknowledge the wonderful and incomparable
Almighty God who has made me complete my programme successfully, and kept me
alive to acknowledge the people who have joined me in my academic pursuit.
In the multitude of people there is an adornment of a king, but in the lack of
population is the ruin of high official. With this in mind, I am most grateful to these my
lecturers:
I have to show my profound gratitude to my lecturer Dr. J .I. Mbegbu, our daddy
Dr. A. O. Oduwale, and Dr. D. Okuonghae, who have been local parents to me.
My sincere appreciation goes to my able, amiable and dynamic project supervisor
Mrs. S. konyeha whose sound intellectual and constructive suggestions guided me to the
actualization of this project work. I pray God continue to guide her and her family aright
in their entire endeavours.
Also I have to show my profound gratitude to my course adviser Mr. O. Izevbizua
for his lovely advice throughout my years in this great department. Also to my enviable
lecturers; Prof. S.M. Ogbowman, Prof. J. E .Osemwenkhae, Dr. A.A. Osagiede, Dr. N.
Ekhosuehi, and the dynamic Ag. Head of Department, Asso. Prof. M.N Ikhile and many
others, thanks to you all and God bless you.
I wholeheartedly appreciate the unflinching support of my mother Mrs. Mary
Idahosa who has not relented in praying for my success. I have to thank her for her
endless care, patient, financial, spiritual and moral support in my six years of study. And
5
also my late Dad, Pa Joseph Idahosa who set the ball of education rolling in my life
before he departed this world may his gentle soul rest in peace. Amen.
Also to my wonderful siblings; Osaretin, Roselyn, Marian, Faith, Gabriel, Andrew
and especially to my lovely sister Joy who was my heroine, May God bless you all.
I must not fail to appreciate the support of my boss in the office, Mr. E. S.
Omwanghe, for his understandings, my colleagues Mr. O. Eguavoen, Mr. J. Otabor
whose intellectual guidance has brought success to my project work, and my other
colleagues in the office, I thank you all. I also recognized my classmates who contributed
to the success of this project work; Sunny , Osas (aka Don Coleon), Aunty Favour, Ailem
Emwinghare, Dolapo, Ahmed, Victor, Theophilus, Anderson, Eddy, Emma, Ernest,
Frank, Victor, Evelyn, Ese, Shedrach, Douglas, Obi, Wagna, Ochuko, Patience, Dano,
Jonah, Owens, Nelson and my humble class rep Smart. Your efforts are noted.
This section will remain incomplete without recognizing the support of my friend
Amies, who has stood by me to make sure this project work come to a successful end, am
indeed grateful. Also to my lovely friend Paulina for showing great concern, I say thank
you to you all.
Also a special thanks to my friend, Mr. Hector, who first gave me an insight to my
project, and to the entire ICTU team Uniben for their assistance. Lastly, thanks to my
friend Kingsley Odibo.
6
I know I cannot thank you all enough but optimism abounds that God in his
infinite mercy will continue to take care of you individually and collectively in Jesus
name – Amen and Amen.
7
ABSTRACT
Network security has become more important to personal computer users,
organizations, and the military. With the advent of the internet, security became a
major concern and the history of security allows a better understanding of the
emergence of security technology. The internet structure itself allowed for many
security threats to occur. The architecture of the internet, when modified can
reduce the possible attacks that can be sent across the network. Knowing the
attack methods, allows for the appropriate security to emerge. Many businesses
secure themselves from the internet by means of firewalls and encryption
mechanisms. The businesses create an “intranet” to remain connected to the
internet but secured from possible threats.
8
TABLE OF CONTENTS
Title page - - - - - - - - - - i
Certification- - - - - - - - - - ii
Dedication - - - - - - - - - - iii
Acknowledgement - - - - - - - - iv
Table of content - - - - - - - - -
Abstract - - - - - - - - - -
CHAPTER ONE: INTRODUCTION
1.1 Statement of problem
1.2 Significant of Study
1.3 Limitation of Study
1.4 Network
1.5 Some Popular Network
1.5.1 UUCP
1.5.2 Batch-oriented Processing
1.5.3 Network Security concepts
1.6 Mikrotik - - - - - - - - -
1.7 History of network security - - - - - -
9
CHAPTER TWO: LITERATURE REVIEW
2.0 Differentiating data security and security - - - -
2.1 Security in different networks - - - - - -
2.2 Internet - - - - - - - - -
2.3 Security timeline - - - - - - - -
2.4 IPV4 and IPV6 Architectures - - - - - -
2.5 IPV4 Architecture - - - - - - - -
2.6 IPV6 Architecture - - - - - - - -
2.7 Common Internet attack methods
2.7.1 Eavesdropping - - - - - - - -
2.7.2 Viruses - - - - - - - - -
2.7.3 Worms - - - - - - - -
2.7.4 Trojans - - - - - - - -
2.7.5 Phishing - - - - - - - -
2.7.6 IP spoofing attack - - - - - - -
2.7.7 Denial of services - - - - - - -
2.8 Technology for internet security - - - - -
2.8.1 Cryptographic systems - - - - - -
2.8.2 Firewall - - - - - - - -
2.9 The three basic type of firewall - - - - -10
2.11 Difference between IDS, IPS, firewall and Antivirus - -
2.11.1 IDS (Intrusion detection system) - - - -
2.11.2 IPS (Intrusion prevention system) - - - -
2.11.3Antivirus - - - - - - - -
2.11.4Firewall - - - - - - - -
CHAPTER THREE: SYSTEM ANALYSIS AND DESIGN
3.0 Introduction
3.1 Network Design - - - - - - - -
3.1.1 Router OS installation - - - - - - - -
3.1.2 Router configuration - - - - - - -
3.1.3 Router firewall - - - - - - - -
3.1.4 Event Logging - - - - - - - - -
3.1.5 Bandwidth management - - - - - - -
3.1.6 Queues - - - - - - - - -
3.1.7 Torch - - - - - - - - - -
3.1.8 Bandwidth test - - - - - - - -
3.2 Unified modeling language (UML) representation - - - -
3.2.1 Use case diagram - - - - - - - -
11
CHAPTER FOUR: IMPLEMENTATION
4.0 Introduction - - - - - - - - -
4.1 Hardware requirements - - - - - - -
4.2 Software requirements - - - - - - -
4.3 System Implementation - - - - - - -
4.3.1 Choice of router OS - - - - - -
4.4 Implementation - - - - - - - - -
CHAPTER FIVE: SUMMARY, CONCLUSION, AND
RECOMMENDATION
5.1 Summary - - - - - - - - -
5.2 conclusion and recommendation - - - - -
References - - - - - - - - -
Appendix - - - - - - - - -
12
CHAPTER ONE
1.0 INTRODUCTION
Network security consists of the provisions and policies adopted by a
network administrator to monitor and prevent unauthorized access, misuse,
modification, or denial of service on a computer network and network-accessible
resources. Network security involves the authorization of access to data in a
network, which is controlled by the network administrator. Users choose or are
assigned an ID and password or other authenticating information that allows them
access to information and programs within their network. Network security covers
a variety of computer networks, both public and private, which are used daily for
transactions and communications among businesses, government agencies and
individuals. Networks can be private (such as within a company) while others
might be open to public access. Network security is involved in organizations,
enterprises, and other types of institutions. It secures the network, as well as
protecting and overseeing operations being done. The most common and simple
way of protecting a network resource is by assigning it a unique name (Simmonds,
et al., 2004)
The world is becoming more interconnected with the advent of the Internet
and new networking technology. There is a large amount of personal, commercial,
military, and government information on networking infrastructures worldwide. 13
Network security is becoming of great importance because of intellectual property
that can be easily acquired through the internet. There are currently two
fundamentally different networks, data networks and synchronous network
comprised of switches. The internet is considered a data network. Since the current
data network consists of computer‐based routers, information can be obtained by
special programs, such as “Trojan horses,” planted in the routers. The synchronous
network that consists of switches does not buffer data and therefore are not
threatened by attackers. That is why security is emphasized in data networks, such
as the internet, and other networks that link to the internet. Basically Mikrotik
functions as a router, does bandwidth management and has authentication
software.
1.1 MIKROTIK
Mikrotik Ltd., known internationally as MikroTik, is a Latvian manufacturer
of computer networking equipment. It sells wireless products and routers. The
company was founded in 1995, with the intent to sell in the emerging wireless
technology market. As of 2007, the company had more than 70 employees. The
company's products are known as low-priced alternatives for expensive routers and
Ethernet radio relay lines.
14
1.2 STATEMENT OF PROBLEM
With the advancement of technology, a lot of unauthorized persons are now
able to access network and files and cause harm to the files hence the need for
more network security policy through the use of Mikrotik routers
1.3 SIGNIFICANCE OF STUDY
Computer Network security is a complicated subject, historically only
tackled by well-trained and experienced people. However, as more and more
people become ``wired'', an increasing number of people need to understand the
basics of security in a networked world.
1.4 LIMITATION OF STUDY
In the course of study, it was not easy to get funds to procure mikrotik
license, a personal computer with two LAN cards and other hardware components
needed to implement my work. Materials were not readily available because a lot
of people who could make research are yet to be aware of it.
1.5 HISTORY OF NETWORK SECURITY
Recent interest in security was fueled by the crime committed by Kevin
Mitnick (1979). He committed the largest computer‐related crime in U.S. history.
The losses were eighty million dollars in U.S. intellectual property and source code
from a variety of companies. Since then, information security came into the
spotlight. Public networks are being relied upon to deliver financial and personal 15
information. Due to the evolution of information that is made available through the
internet, information security is also required to evolve. Due to Kevin Mitnick’s
offense, companies are emphasizing security for the intellectual property. Internet
has been a driving force for data security improvement. Internet protocols in the
past were not developed to secure themselves. Within the TCP/IP communication
stack, security protocols are not implemented. This leaves the internet open to
attacks. Modern developments in the internet architecture have made
communication more secure.
1.6 COMPUTER NETWORK
A computer network, often simply referred to as a network, is a collection of
hardware components and computers interconnected by communication channels
that allow sharing of resources and information. Where at least one process in one
device is able to send/receive data to/from at least one process residing in a remote
device, then the two devices are said to be in a network.
1.7 SOME POPULAR NETWORKS
Over the last 25 years or so, a number of networks and network protocols
have been defined and used. There are two types of network: Public and private
networks. Anyone can connect to either of these networks, or they can use any of
the networks to connect their own hosts (computers) together, without connecting 16
to the public networks. Each type takes a very different approach to providing
network services.
1.7.1 UUCP
UUCP (Unix-to-Unix CoPy) was originally developed to connect Unix
(surprise!) hosts together. UUCP has since been ported to many different
architectures, including PCs, Macs, Amigas, Apple IIs, VMS hosts, everything else
you can name, and even some things you can't. Additionally, a number of systems
have been developed around the same principles as UUCP.
1.7.2 Batch-oriented processing.
UUCP and similar systems are batch-oriented systems: everything that they
have to do is added to a queue, and then at some specified time, everything in the
queue is processed.
1.8 Network security
Network security starts with authenticating the user, commonly with a
username and a password. Since this requires just one detail authenticating the user
name —i.e. the password, which is something the user 'knows'— this is sometimes
termed one-factor authentication. With two-factor authentication, something the
user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile
phone); and with three-factor authentication, something the user 'is' is also used
(e.g. a fingerprint or retinal scan).17
Once authenticated, a firewall enforces access policies such as what services
are allowed to be accessed by the network users. Though effective to prevent
unauthorized access, this component may fail to check potentially harmful content
such as computer worms or Trojans being transmitted over the network. Anti-virus
software or an intrusion prevention system (IPS) helps detect and inhibit the action
of such malware. An anomaly-based intrusion detection system may also monitor
the network and traffic for unexpected (i.e. suspicious) content or behavior and
other anomalies to protect resources, e.g. from denial of service attacks or an
employee accessing files at strange times. Individual events occurring on the
network may be logged for audit purposes and for later high-level analysis.
Communication between two hosts using a network may be encrypted to
maintain privacy. Honeypots, essentially decoy network-accessible resources, may
be deployed in a network as surveillance and early-warning tools, as the honeypots
are not normally accessed for legitimate purposes. Techniques used by the
attackers that attempt to compromise these decoy resources are studied during and
after an attack to keep an eye on new exploitation techniques. Such analysis may
be used to further tighten security of the actual network being protected by the
honeypot.
18
CHAPTER TWO
LITERATURE REVIEW
2.0 DIFFERENTIATING DATA SECURITY AND NETWORK SECURITY
Data security is the aspect of security that allows a client’s data to be
transformed into unintelligible data for transmission. Even if this unintelligible
data is intercepted, a key is needed to decode the message. This method of security
is effective to a certain degree. Strong cryptography in the past can be easily
broken today. Cryptographic methods have to continue to advance due to the
advancement of the hackers as well. When transferring ciphertext over a network,
it is helpful to have a secure network. This will allow for the ciphertext to be
protected, so that it is less likely for many people to even attempt to break the
code. A secure network will also prevent someone from inserting unauthorized
messages into the network. Therefore, hard ciphers are needed as well as attack‐
hard networks. Kartalopoulos, S. (2008)
19
Figure 1: Based on the OSI model, data security and network
Kartalopoulos, S. (2008)
2.1 SECURITY IN DIFFERENT NETWORKS
According to Tyson (2011), the businesses today use combinations of
firewalls, encryption, and authentication mechanisms to create “intranets” that are
connected to the internet but protected from it at the same time.
Intranet is a private computer network that uses internet protocols. Intranets differ
from "Extranets" in that the former are generally restricted to employees of the
organization while extranets can generally be accessed by customers, suppliers, or
other approved parties. It does not necessarily have to be any access from the
organization's internal network to the Internet itself. When such access is provided
20
it is usually through a gateway with a firewall log with user authentication,
encryption of messages, and often makes use of virtual private networks (VPNs).
Although intranets can be set up quickly to share data in a controlled environment,
that data is still at risk unless there is tight security. The disadvantage of a closed
intranet is that vital data might not get into the hands of those who need it.
Intranets have a place within agencies. But for broader data sharing, it might be
better to keep the networks open, with these safeguards:
1. Firewalls that detect and report intrusion attempts
2. Sophisticated virus checking at the firewall
3. Enforced rules for employee opening of email attachments
4. Encryption for all connections and data transfers
5. Authentication by synchronized, timed passwords or security certificates.
It was mentioned that if the intranet wanted access to the internet, virtual private
networks are often used. Intranets that exist across multiple locations generally run
over separate leased lines or a newer approach of VPN can be utilized. VPN is a
private network that uses a public network (usually the Internet) to connect remote
sites or users together. Instead of using a dedicated, real‐world connection such as
leased line, a VPN uses "virtual" connections routed through the Internet from the
company's private network to the remote site or employee. Figure 2 is a graphical
representation of an organization and VPN network (Tyson, 2011)21
Figure 2: Organizational VPN Network
Tyson, J. (2011)
Source: http://www.howstuffworks.com/vpn.htm
2.2 INTERNET
The Internet is the world's largest network of networks . When you want to
access the resources offered by the Internet, you don't really connect to the
Internet; you connect to a network that is eventually connected to the Internet
backbone, a network of extremely fast (and incredibly overloaded!) network
components. This is an important point: the Internet is a network of networks - not
a network of hosts. Curtin, M. (1997)
A simple network can be constructed using the same protocols such
22
that the Internet uses without actually connecting it to anything else. Such a basic
network is shown in figure 3.
Figure 3: A Simple Local Area Network
I might be allowed to put one of my hosts on one of my employer's
networks. We have a number of networks, which are all connected together on a
backbone, which is a network of our networks. Our backbone is then connected to
other networks, one of which is to an Internet Service Provider (ISP) whose
backbone is connected to other networks, one of which is the Internet backbone.
If you have a connection ``to the Internet'' through a local ISP, you are actually
connecting your computer to one of their networks, which is connected to another,
and so on. To use a service from my host, such as a web server, you would tell
your web browser to connect to my host. Underlying services and protocols would
send packets (small datagram) with your query to your ISP's network, and then a
network they're connected to, and so on, until it found a path to my employer's
backbone, and to the exact network my host is on. My host would then respond
appropriately, and the same would happen in reverse: packets would traverse all of
23
the connections until they found their way back to your computer, and you were
looking at my web page. Curtin, M. (1997).
Simmonds, et al. (2004) observed that Security management for networks is
different for all kinds of situations. A home or small office may only require basic
security while large businesses may require high-maintenance and advanced
software and hardware to prevent malicious attacks from hacking and spamming.
2.3 SECURITY TIMELINE
Several key events contributed to the birth and evolution of computer and
network security. The timeline can be started as far back as the 1930s. Polish
cryptographers created an enigma machine in 1918 that converted plain messages
to encrypted text. In 1930, Alan Turing, a brilliant mathematician broke the code
for the Enigma. Securing communications was essential in World War II. In the
1960s, the term “hacker” is coined by a couple of Massachusetts Institute of
Technology (MIT) students. The Department of Defense began the ARPANet,
which gains popularity as a conduit for the electronic exchange of data and
information.(www.redhat.com/docs/manuals/enterprise/RHEL‐4‐Manual/security‐
guide/ch‐sgs‐ov.html). This paves the way for the creation of the carrier network
known today as the Internet. During the 1970s, the Telnet protocol was developed.
This opened the door for public use of data networks that were originally restricted
to government contractors and academic researchers.24
(www.redhat.com/docs/manuals/enterprise/RHEL‐4‐Manual/security‐guide/ch‐
sgs‐ov.html.)
During the 1980s, the hackers and crimes relating to computers were
beginning to emerge. The 414 gang are raided by authorities after a nine‐day
cracking spree where they break into top‐secret systems. The Computer Fraud and
Abuse Act of 1986 was created because of Ian Murphy’s crime of stealing
information from military computers. A graduate student, Robert Morris, was
convicted for unleashing the Morris Worm to over 6,000 vulnerable computers
connected to the Internet. Based on concerns that the Morris Worm ordeal could be
replicated, the Computer Emergency Response Team (CERT) was created to alert
computer users of network security issues. In the 1990s, Internet became public
and the security concerns increased tremendously. Approximately 950 million
people use the internet today worldwide .
(www.redhat.com/docs/manuals/enterprise/RHEL‐4‐Manual/security‐guide/ch‐sgs‐ov.html).
On any day, there are approximately 225 major incidences of a security
breach. These security breaches could also result in monetary losses of a large
degree. Investment in proper security should be a priority for large organizations as
well as common users.
25
2.4 IPV4 AND IPV6 ARCHITECTURES
IPv4 was design in 1980 to replace the NCP protocol on the ARPANET.
The IPv4 displayed many limitations after two decades. The IPv6 protocol was
designed with IPv4’s shortcomings in mind. IPv6 is not a superset of the IPv4
protocol; instead it is a new design. Andress J. (2005)
2.4.1 IPV4 ARCHITECTURE
According to Andress, the protocol contains a couple aspects which caused
problems with its use. These problems do not all relate to security. They are
mentioned to gain a comprehensive understanding of the internet protocol and its
shortcomings. The causes of problems with the protocol are:
1. Address Space
2. Routing
3. Configuration
4. Security
5. Quality of Service
The IPv4 architecture has an address that is 32 bits wide. Andress J. (2005).
According to Satillo, S. (2006) the IPv4 limits the maximum number of computers
that can be connected to the internet. The 32 bit address provides for a maximum
of two billions computers to be connected to the internet. The problem of
26
exceeding that number was not foreseen when the protocol was created. The small
address space of the IPv4 facilitates malicious code distribution.
Routing is a problem for this protocol because the routing tables are
constantly increasing in size. The maximum theoretical size of the global routing
tables was 2.1 million entries. Methods have been adopted to reduce the number of
entries in the routing table. This is helpful for a short period of time, but drastic
change needs to be made to address this problem.
The TCP/IP‐based networking of IPv4 requires that the user supplies some
data in order to configure a network. Some of the information required is the IP
address, routing gateway address, subnet mask, and DNS server. The simplicity of
configuring the network is not evident in the IPv4 protocol. The user can request
appropriate network configuration from a central server. This eases configuration
hassles for the user but not the network’s administrators. Andress, J. (2005).
The lack of embedded security within the IPv4 protocol has led to the many
attacks seen today. Mechanisms to secure IPv4 do exist, but there are no
requirements for their use. IPsec is a specific mechanism used to secure the
protocol. IPsec secures the packet payloads by means of cryptography. IPsec
provides the services of confidentiality, integrity, and authentication.
This form of protection does not account for the skilled hacker who may be able to
break the encryption method and obtain the key. Andress J. (2005). When internet 27
was created, the quality of service (QoS) was standardized according to the
information that was transferred across the network. The original transfer of
information was mostly text‐based. As the internet expanded and technology
evolved, other forms of communication began to be transmitted across the internet.
The quality of service for streaming videos and music are much different than the
standard text. The protocol does not have the functionality of dynamic QoS that
changes based on the type of data being communicated. Andress J. (2005)
2.4.2 IPV6 ARCHITECTURE
When IPv6 was being developed, emphasis was placed on aspects of the
IPv4 protocol that needed to be improved. The development efforts were placed in
the following areas:
1. Routing and addressing
2. Multi‐protocol architecture
3. Security architecture
4. Traffic control
The IPv6 protocol’s address space was extended by supporting 128 bit addresses.
With 128 bit addresses, the protocol can support up to 3.4 *(10) ^38 machines. The
address bits are used less efficiently in this protocol because it simplifies
addressing configuration.
28
The IPv6 routing system is more efficient and enables smaller global routing
tables. The host configuration is also simplified. Hosts can automatically configure
themselves. This new design allows ease of configuration for the user as well as
network administrator.
The security architecture of the IPv6 protocol is of great interest. IPsec is
embedded within the IPv6 protocol. IPsec functionality is the same for IPv4 and
IPv6. The only difference is that IPv6 can utilize the security mechanism along the
entire route the quality of service problem is handled with IPv6. The internet
protocol allows for special handling of certain packets with a higher quality of
service. From a high‐level view, the major benefits of IPv6 are its scalability and
increased security. IPv6 also offers other interesting features that are beyond the
scope of this paper. It must be emphasized that after researching IPv6 and its
security features, it is not necessarily more secure than IPv4. The approach to
security is only slightly better, not a radical improvement. Andress J.(2005)
2.5 COMMON INTERNET ATTACK METHODS
Adeyinka, O. (2008) suggested that Common internet attacks methods are
broken down into categories. Some attacks gain system knowledge or personal
information, such as eavesdropping and phishing. Attacks can also interfere with
the system’s intended function, such as viruses, worms and trojans. The other form
of attack is when the system’s resources are consumes uselessly, these can be 29
caused by denial of service (DoS) attack. Other forms of network intrusions also
exist, such as land attacks, smurf attacks, and teardrop attacks. These attacks are
not as well known as DoS attacks, but they are used in some form or another even
if they aren’t mentioned by name.
2.5.1 EAVESDROPPING
Interception of communications by an unauthorized party is called
eavesdropping. Passive eavesdropping is when the person only secretly listens to
the networked messages. On the other hand, active eavesdropping is when the
intruder listens and inserts something into the communication stream. This can
lead to the messages being distorted. Sensitive information can be stolen this way.
Adeyinka, O. (2008)
2.5.2 VIRUSES
Viruses are self‐replication programs that use files to infect and propagate.
Once a file is opened, the virus will activate within the system. Adeyinka, O.
(2008)
2.5.3 WORMS
A worm is similar to a virus because they both are self‐replicating, but the
worm does not require a file to allow it to propagate. There are two main types of
worms, mass‐mailing worms and networkaware worms. Mass mailing worms use
30
email as a means to infect other computers. Network‐aware worms are a major
problem for the Internet. A network‐aware worm selects a target and once the
worm accesses the target host, it can infect it by means of a Trojan or otherwise.
Adeyinka, O. (2008)
2.5.4 TROJANS
Trojans appear to be benign programs to the user, but will actually have
some malicious purpose. Trojans usually carry some payload such as a virus
Adeyinka, O. (2008)
2.5.5 Phishing
Phishing is an attempt to obtain confidential information from an individual,
group, or Organization. Phishers trick users into disclosing personal data, such as
credit card numbers, online banking credentials, and other sensitive information.
Marin, G.A. (2005)
2.5.6 IP SPOOFING ATTACKS
Spoofing means to have the address of the computer mirror the address of a
trusted computer in order to gain access to other computers. The identity of the
intruder is hidden by different means making detection and prevention difficult.
With the current IP protocol technology, IP spoofed packets cannot be eliminated
Adeyinka, O. (2008).
2.5.6 DENIAL OF SERVICE31
Denial of Service is an attack when the system receiving too many requests
cannot return communication with the requestors. The system then consumes
resources waiting for the handshake to complete. Eventually, the system cannot
respond to any more requests rendering it without service. Marin, G.A. (2005)
2.6 TECHNOLOGY FOR INTERNET SECURITY
Internet threats will continue to be a major issue in the global world as long
as information is accessible and transferred across the Internet. Different defense
and detection mechanisms were developed to deal with these attacks.
2.6.1 CRYPTOGRAPHIC SYSTEMS
Cryptography is a useful and widely used tool in security engineering today.
It involved the use of codes and ciphers to transform information into unintelligible
data.
2.6.2 FIREWALL
A firewall is a typical border control mechanism or perimeter defense. The
purpose of a firewall is to block traffic from the outside, but it could also be used
to block traffic from the inside. A firewall is the front line defense mechanism
against intruders. It is a system designed to prevent unauthorized access to or from
a private network. Firewalls can be implemented in both hardware and software, or
a combination of both Adeyinka, O. (2008)
2.7 There are three basic types of Firewall
32
Method Description Advantages Disadvantages
NAT Network Address Translation (NAT)
places private IP subnetworks behind
one or a small pool of public IP
addresses, masquerading all requests
to one source rather than several. The
Linux kernel has built-in NAT
functionality through the Netfilter
kernel subsystem.
· Can be configured
transparently to
machines on a LAN ·
Protection of many
machines and services
behind one or more
external IP addresses
simplifies administration
duties · Restriction of
user access to and from
the LAN can be
configured by opening
and closing ports on the
NAT firewall/gateway
· Cannot prevent
malicious activity once
users connect to a
service outside of the
firewall
Packet
Filter
A packet filtering firewall reads each
data packet that passes through a
LAN. It can read and process packets
by header information and filters the
packet based on sets of programmable
rules implemented by the firewall
administrator. The Linux kernel has
built-in packet filtering functionality
through the Netfilter kernel
subsystem.
Customizable through
the iptables front-end
utility · Does not require
any customization on the
client side, as all network
activity is filtered at the
router level rather than
the application level ·
Since packets are not
transmitted through a
proxy, network
performance is faster
due to direct connection
from client to remote
host
Cannot filter packets for
content like proxy
firewalls · Processes
packets at the protocol
layer, but cannot filter
packets at an
application layer ·
Complex network
architectures can make
establishing packet
filtering rules difficult,
especially if coupled
with IP masquerading
or local subnets and
DMZ networks
Proxy Proxy firewalls filter all requests of a Gives administrators · Proxies are often
33
certain protocol or type from LAN
clients to a proxy machine, which then
makes those requests to the Internet
on behalf of the local client. A proxy
machine acts as a buffer between
malicious remote users and the
internal network client machines.
control over what
applications and
protocols function
outside of the LAN ·
Some proxy servers can
cache frequently-
accessed data locally
rather than having to use
the Internet connection
to request it. This helps
to reduce bandwidth
consumption · Proxy
services can be logged
and monitored closely,
allowing tighter control
over resource utilization
on the network
application-specific
(HTTP, Telnet, etc.), or
protocol-restricted
(most proxies work with
TCP-connected services
only) · Application
services cannot run
behind a proxy, so your
application servers
must use a separate
form of network
security · Proxies can
become a network
bottleneck, as all
requests and
transmissions are
passed through one
source rather than
directly from a client to
a remote service
Ingham, Kenneth; Forrest, Stephanie (2002)
2.8 The ISO/OSI Reference Model
Curtin, M. (1997) pointed out that the International Standards Organization
(ISO) Open Systems Interconnect (OSI) Reference Model defines seven layers of
communications types, and the interfaces among them. (See Figure 4) Each layer
depends on the services provided by the layer below it, all the way down to the
physical network hardware, such as the computer's network interface card, and the
34
wires that connect the cards together. An easy way to look at this is to compare this
model with something we use daily: the telephone. In order for you and me to talk
when we are out of earshot, we need a device like a telephone. (In the ISO/OSI
model, this is at the application layer.) The telephones, of course, are useless unless
they have the ability to translate the sound into electronic pulses that can be
transferred over wire and back again. (These functions are provided in layers
below the application layer.) Finally, we get down to the physical connection: both
must be plugged into an outlet that is connected to a switch that is part of the
telephone system's network of switches. If I place a call to you, I pick up the
receiver, and dial your number. This number specifies which central office to
which to send my request, and then which phone from that central office to ring.
Once you answer the phone, we begin talking, and our session has begun.
Conceptually, computer networks function exactly the same way.
35
Figure 4: The ISO/OSI Reference Model
2.11 Difference between IDS, IPS, Firewall & Antivirus
2.11.1(Intrusion Detection system) IDS
There are basically 2 types of IDS, Network IDS and Host IDS.
Network IDS will Generally Capture all Traffic on the network. while
Host will Capture Traffic for Individual Host
IDS detects attempted attacks using Signature and Patterns much like an Anti
Virus App will. it's purpose is to analyze the traffic that goes through it and detects
possible intrusions to the system.
2.11.2IPS (Intrusion Prevention System)
IPS solutions are focused on identifying and blocking attack traffic. It can
actually be a Cisco router. When the IPS detects a problem, the IPS itself can
prevent the traffic from entering the network.
2.11.3 AntiVirus:
They will capture attempted Infections of Files or email. The general
infection will be a Trojan and/or Virus/Malware. It detects the infections in the
system and heals it depending on the updated version.
2.11.4 Firewall:
36
According to Karl, B. (2008), Firewalls can be sophisticated. Firewall will
scan TCP/IP packets based on Source and Destination then check again a list
(ACL) and block/Allow traffic accordingly, some firewalls can provide Layer 7
Traffic Scanning (Deep Packet Inspection) for instance rules can be setup for
Applications. It is a network device that in it's basic form separates the internal
network from the external network. It allows internal users to go out, but prevents
any one from outside the internal network to go in.
Al‐Salqan, Y (1997) stated that the trend towards biometrics could have
taken place a while ago, but it seems that it isn’t being actively pursued. Many
security developments that are taking place are within the same set of security
technology that is being used today with some minor adjustments.
37
CHAPTER THREE
SYSTEM ANALYSIS AND DESIGN
3.0 INTRODUCTION
MikroTik Router OS is a Linux-based operating system Installed on the
MikroTik’s proprietary hardware (Router BOARD), or on standard x86-based
computers (our personal computers), it turns the computer into a network router
and implements various additional features, such as firewalling, virtual private
network (VPN) service and client, bandwidth shaping and quality of service,
wireless access point functions and other commonly used features when
interconnecting networks. The system is also able to serve as a captive-portal-
based hotspot system. The operating system is licensed in increasing service levels,
each releasing more of the available Router OS features. A Microsoft Windows
application called Winbox provides a graphical user interface for the Router OS
configuration and monitoring, but Router OS also allows access via FTP, telnet,
and secure shell (SSH). An application programming interface is available for
direct access from applications for management and monitoring.
38
This Router OS supports many applications used by Internet service providers, for
example OSPF, BGP, Multiprotocol Label Switching (VPLS/MPLS). The Router
OS also supports Internet Protocol Version 4 (IPv4) as well as Internet Protocol
Version 6 (IPv6).
3.1 NETWORK DESIGN
The network implementation for this system is a Local Area Network
(LAN). The layout was designed using Cisco packet tracer 5.2. Users in this
network are assigned IP addresses (Ipv4) which identify them on the layer 3 of the
OSI model. In order to ensure security, the IP addressing is made static as against
DHCP (Dynamic Host Control Protocol) addressing which dynamically allocates
IP addresses. This method could be less secure since the IP addresses cannot be
monitored as to which system uses which address.
The IP addresses used are 192.168.0.0 and 192.168.1.0 which are network
addresses. A network address is used to represent a network by means of a subnet
mask. The subnet mask used in the network is 255.255.255.0 which means all
devices can take IP addresses from this range 192.168.0.1 – 192.168.0.254 in the
case of network 192.168.0.0 and devices can take IP addresses from this range
192.168.0.1 – 192.168.0.254 in the case of network 192.168.1.0. .
The class of address used is class C address and also a private address.
Private addresses are used within a local area network but when the computers are 39
to be represented on the Wide Area Network, a process called Network address
translation is carried out by the internet service provider to represent the hosts with
the public address on the internet.
The cables used in connecting the systems are Ethernet straight through
cables. Straight through cables are used in connecting devices to switches. All the
devices in the LAN are connected to the switch which serves as a network link to
all the devices provided they are all bearing the network address. The other cabling
method is the cross over cable which is used in connecting similar devices together
such as a router and the PC, switch to switch or hub to switch. The cables are
connected to the network interface cards of the devices using RJ45 pin outs. Todd
Lammle, 2008.
40
Fig 3.1 Network Design for the Network Security System
3.1.1 ROUTER OS INSTALLATION
The mikrotik router OS is installed from a compact disk in the CD drive of
the chosen computer. Installing the router OS on the computer automatically makes
it a router. First the computer was booted and setup was entered to configure the
boot options. The computer was set to boot from the CD drive which contained the
41
router OS. On booting, the router OS provided the option of wiping out old
configuration present in the hard disk or leaving it. The option to wipe out old
configuration was chosen giving the router a fresh start. Old data was wiped out
and the packages to be installed were presented. Using the available options, the
desired packages were chosen and installed. The router rebooted and was set to use.
3.1.2 ROUTER CONFIGURATION
To support the network design presented in fig 3.2. The first interface of the
router was configured using the IP address 192.168.0.1 and a subnet mask of
255.255.255.0 (/24) and the second with 192.168.1.1 and a subnet mask of
255.255.255.0. The router was logged into using admin as the user name and an
empty password. Configuring the IP address is the first necessary configuration
before it can be interacted with from another system (the administrator system
using cwinbox.
MiKrotik Login: Admin
Password:
[admin@MikroTik] IP address add
Address: 192.168.0.1/24
Interface: ether1
[admin@MikroTik] IP address print.
[admin@MikroTik] IP address add42
Address: 192.168.1.1/24
Interface: ether2
[admin@MikroTik] IP address print
Ether1 is the interface for accessing the router from the local area network
and all the computers in the network thus follow such addressing pattern. Ether2 is
the interface for connecting the file server. The file server is on another network
subnet which is connected to this Ether2 interface of the router. The very first
computer to be configured other than the router is the administrator’s computer
which takes 192.168.0.2/24. The file server containing the company data takes
192.168.1.254.
The clients are assigned the addresses 192.168.0.3 and 192.168.0.4. . The
addresses 192.168.0.5 -192.168.0.253 are free addresses for other computers in the
LAN.
3.1.3 ROUTER FIREWALL
The Mikrotik router has a firewall resource that enables it act as a firewall
between devices in a network. To ensure this action, the network is designed such
that the router comes in between the file server and the other clients since it has 2
ethernet ports, the file server containing company data is put on Ether2 while the
clients as well as the administrator are put on Ether1.43
Configuring the firewall to restrict access to the file server was achieved using the
following code: [admin@MikroTik] >/IP firewall address-list add list=authorized
address=192.168.0.2/32
[admin@MikroTik] >/IP firewall address-list add list=authorized
address=192.168.0.3/32
[admin@MikroTik] > /IP firewall address-list print
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 authorized 192.168.0.2
1 authorized 192.168.0.3
Thus the only authorized IP addresses with access to the file server -
192.168.1.254 are 192.168.0.2 and 192.168.0.3.
3.1.4 EVENT LOGGING
Various system events and status information can be logged. Logs can be
saved in local routers file, displayed in console, sent to an email or to a remote
server running a syslog daemon. The log of the firewall activities has to be set to be
taken each time there is an operation. This is done using the following code:
[admin@MikroTik] system logging> add topics=firewall action=memory
[admin@MikroTik] system logging> print
Flags: X - disabled, I - invalid44
# TOPICS ACTION PREFIX
0 info memory
1 error memory
2 warning memory
3 critical echo
4 firewall memory
[admin@MikroTik] system logging
Viewing the Log of operations is the focus of an intrusion detection system.
A log shows details of an event such as the date and time of an event, what the
event is and who performed such an event. The mikrotik router log is viewed as
thus:
To view the local logs:
[admin@MikroTik] > log print
TIME MESSAGE
dec/24/2003 08:20:36 log configuration changed by admin
dec/24/2003 08:20:36 log configuration changed by admin
dec/24/2003 08:20:36 log configuration changed by admin
dec/24/2003 08:20:36 log configuration changed by admin
dec/24/2003 08:20:36 log configuration changed by admin
dec/24/2003 08:20:36 log configuration changed by admin45
-- [Q quit|D dump]
To monitor the system log:
[admin@MikroTik] > log print follow
TIME MESSAGE
apr/30/2012 08:20:36 log configuration changed by admin
apr/30/2012 08:30:34 log configuration changed by admin
apr/30/2012 08:30:51 log configuration changed by admin
apr/30/2012 08:25:59 log configuration changed by admin
apr/30/2012 08:25:59 log configuration changed by admin
apr/30/2012 08:30:05 log configuration changed by admin
apr/30/2012 08:30:05 log configuration changed by admin
apr/30/2012 08:35:56 system started
apr/30/2012 08:35:57 isdn-out1: initializing...
apr/30/2012 08:35:57 isdn-out1: dialing...
apr/30/2012 08:35:58 Prism firmware loading: OK
apr/30/2012 08:37:48 user admin logged in from 10.1.0.60 via telnet
-- Ctrl-C to quit. New entries will appear at bottom showing the current logs for
effective monitoring.
46
In such an intrusion detection system, the log has to be monitored at all times
just as a security camera has to be focused at all times but all events can be logged
for future access in case of a security breach.
3.1.5 Bandwidth Management
3.1.5.1 Queues
This functionality of the router is very important in the management of
Network usage. The Queue option provides a tabular arrangement of all users
accessing the network with their individual bandwidth usage (Measured basically
in bits per second [b/s])
The administrator has the option of setting the maximum and minimum bandwidth
usage for a particular resource. Our version of Mikrotik OS (V.29) has the ability
to allow unlimited download and upload in the network so he could restrict
network usage by setting the uplink and downlink to low values. (See Fig 3.2.5.1
in Appendix)
3.1.5.2 Torch
Like the name implies, torch is used in viewing something closely. If an
administrator want to view in details the network access. It shows the ports of
access. The very common ports of access are 443 for secured sites (https(Secured
hypertext transfer Protocol)), 80 for basic http, 21 for file transfer protocol and 23
for telnet. (See Appendix Fig 3.2.5.2). It also shows the source and destination
47
addresses of access in the network showing the Upload and Download rate. The
administrator can decide to torch to see based on ports, protocol , source or
destination address the network usage and can then know what each user is
accessing only on a protocol, port and address basis.
3.1.5.3 Bandwidth Test
The average performance of the router can be verified using the bandwidth
test option accessed from the winbox. After inputting the authentication, the user is
able to view the average uplink and downlink performance of the router on the
network. From our test we found and average of 459/383 of Uplink and downlink
respectively. This is quite impressive, but depending on the load of the network the
bandwidth is shared among the users just like a wide road getting congested. (see
Fig 3.2.5.3 in Appendix)
3.2 UNIFIED MODELLING LANGUAGE (UML) REPRESENTATION
The Unified Modeling Language (UML) analysis of the proposed system
was done using case diagram
3.2.1 Use Case Diagram
A use case diagram visually represents what happens when an actor interacts
with a system. It captures the functional aspects of a system. More specifically, it
captures the business processes carried out in the system. As you discuss the
functionality and processes of the system, you discover significant characteristics 48
of the system that you model in the use case diagram. Due to the simplicity of use
case diagrams, and more importantly, because they are shorn of all technical
jargon, use case diagrams are a great storyboard tool for user meetings. Use case
diagrams have another important use. Use case diagrams define the requirements of
the system being modeled and hence are used to write test scripts for the modeled
system.
In the intrusion detection system, the main actors are the clients and the
administrator. The client goes through the operations which is logged for the
administrators view.
Use cases: A use case describes a sequence of actions that provide
something of measurable value to an actor and is drawn as a horizontal
ellipse.
Actors: An actor is a person, organization, or external system that
plays a role in one or more interactions with the system.
System boundary boxes (optional): A rectangle is drawn around the
use cases, called the system boundary box, to indicate the scope of
system. Anything within the box represents functionality that is in scope
and anything outside the box is not in scope.
User49
User
Figure 3.2: The use case diagram for the Design of a Network Security System
3.3 HOTSPOT CONFIGURATION
The Mikrotik hotspot provides internet access to subscribers by means of a
login interface. Subscribers could be connected wirelessly or with wires to the
network but to have internet access, they will be required to enter a login name and
password. Setting up a hotspot in a mikrotik router entails the following.
1. Give the mikrotik internet connectivity by connecting one of its interfaces to
your internet source and assigning IP addresses to both ends either by
DHCP( Dynamic Host control Protocol) or statically. 50
Winbox Login/ Network Access
Authentication / Routing by Microtik
Router router
Authorized Access to Router Resource
/Configuration
Router Directs traffic to the
resource /accepts configuration
Log of all events for access by the administrator Administrator
2. The other interface of the router which is directed to client use could be set
up as a DCHP server so as to facilitate automatic assigning of IP addresses
to network hosts.
3. Next the router is configured to hand out DNS server address to the clients
and is the address of the internet connection source.
4. Internet connectivity on the router has to be verified by pinging an address
e.g. 8.8.8.8 which is google.com server.
5. Next the wireless adapter needs to be configured and IP address set. If you
are using a LAN card the IP address will still be set but it will be connected
to a D-link to provide connection to the other wired hosts
6. The next step is to open the hotspot setup page and set the interface to the
WLAN or Ethernet interface you are setting it up on. You can set up hotspot
on more than one interface.
7. Next the Network address for access is set which then generates the pool of
addresses to be assigned to hosts
8. Another step is to decide if SSL certificates will be used or not if they are to
be used, then they must be uploaded at this point of the configuration
9. The SMTP (Simple mail Transfer Protocol) is set
10.The DNS is set to the address of the internet connection end
51
11.The DNS name is set to administrator’s choice as this is what appears on the
web browser on attempt to access the web. E.g. ubtech.com
12.The username and password for the administrator is set. This can be changed
later.
13.The hotspot setup is now complete.
52
CHAPTER FOUR
IMPLEMENTATION, TESTING AND RESULT
4.0 INTRODUCTION
This chapter presents the hardware required for the Network security system
in section 4.1. In section 4.2, software required is presented. Section 4.3 presents
the design and specification and section 4.4 presents the implementation technique
and documentation of the system.
4.1 HARDWARE REQUIREMENTS
a. An Intel compatible Pentium III computer or a higher version.
b. A 256MB or higher of Random Access Memory (RAM). (Determines
speed of the router processing)
c. Network Interface Cards.
d. CD-ROM Drive on proposed router system for Router OS installation.
e. Keyboard, Monitor and Mouse
f. Network cables (Straight through and cross over)
4.2 SOFTWARE REQUIREMENTS
The list of required software is as listed below:
a. Mikrotik Router OS
b. Windows Operating system
c. Windows XP operating system.53
d. Winbox for GUI access to the router
e. Cisco Packet Tracer 5.2
4.3 SYSTEM IMPLEMENTATION
For the implementation of a network security system, the following steps are
needed:
a. Router OS installation: system engineer must install the Router OS
effectively.
b. Hardware and software needed to operate the system must be readily
available.
c. File preparation: The file server needs to be installed and files
into it.
d. System testing and evaluation: The system is tested by using wrong
usernames and passwords and trying access by unauthorized hosts and
then the log is viewed.
4.3.1 CHOICE OF ROUTER OS
The Mikrotik Router OS was chosen as the OS for this setup due to its ease
of use and low cost. It also readily has the features needed to implement network
security. Cisco routers are very costly and would require the physical routers but
mikrotik router OS could simply be installed into the computer and this makes it a
router. 54
4.4 IMPLEMENTATION TECHNIQUE
The Network has been fully configured to enhance a more secured network
by configuring firewalls on the mikrotik router as discussed in chapter three. The
network is now set for implementation. Data files have been kept in the file server
which is on the 192.168.1.0 network separated by the router from the 192.168.0.0
network. The users with access granted to the file server are 192.168.0.2 and
192.168.0.3.
a. Authorized access: A user with a valid username and password logs
into the router from the winbox environment. The user also accesses the file
server across the router and the log is taken. (see Appendix A)
b. Unauthorized access: A user without a valid username and password
is used to attempt login. A user from an IP address not permitted access to
the file server is also used to attempt login and the log is also taken
c. Viewing Log: The administrator has access to viewing the log of both
operations. He logs into the router through the winbox using the username
admin and password assigned. Next he clicks on log and all the operations
with the time of event is displayed. (see Appendix A)
55
SYSTEM TESTING
The system was tested with an authorized user that has been authenticated
with a username and password. He logs into the network at different times to
access the file server which were successful. An unauthorized user also tried to log
into the network but access was denied. The logs of both the authorized and the
unauthorized were taken.
RESULT
The record of logs of both the authorized and the unauthorized was seen by
the administrator who monitors and prevent network intrusion. The system worked
as expected.
56
57
58
CHAPTER 5
SUMMARY
This work has been able to demonstrate network security using mikrotik
routers operating system. Then, clients in the intranet - both authorized and
unauthorized tried to access a file server and logs were taken and seen by the
administrator who has the ability to enable or disable any user.
5.1 CONCLUSION AND RECOMMENDATION
Network security is an important field that is increasingly gaining attention
as the internet expands. The security threats and internet protocol were analyzed to
determine the necessary security technology. The security technology is mostly
software based, but many common hardware devices are used. The current
development in network security is not very impressive.
Originally it was assumed that with the importance of the network security
field, new approaches to security, both hardware and software, would be actively
researched. It was a surprise to see most of the development taking place in the
same technologies being currently used. The embedded security of the new internet
protocol IPv6 may provide many benefits to internet users. Although some security
issues were observed, the IPv6 internet protocol seems to evade many of the
current popular attacks. Combined use of IPv6 and security tools such as firewalls,
intrusion detection, and authentication mechanisms will prove effective in 59
guarding intellectual property for the near future. The network security field may
have to evolve more rapidly to deal with the threats further in the future.
what is going to drive the Internet security is the set of applications more
than anything else. The future will possibly be that the security is similar to an
immune system. The immune system fights off attacks and builds itself to fight
tougher enemies. Similarly, the network security will be able to function as an
immune system.
60
REFERENCES
Adeyinka, O., "Internet Attack Methods and Internet Security Technology," Modeling & Simulation, 2008.AICMS 08. Second Asia International Conference on, vol., no., pp.77‐82, 13‐15 May 2008
Al‐Salqan, Y.Y., "Future trends in Internet security,"Distributed Computing Systems, 1997., Proceedings of the Sixth IEEE Computer Society Workshop on Future Trends of , vol., no., pp.216‐217, 29‐31 Oct 1997.
Andress J., “IPv6: the next internet protocol,”(2005), Available at: www.usenix.com/publications/login/2005‐ 04/pdfs/andress0504.pdf .Accessed (27 April 2012)
Curtin ,M. “Introduction to Network Security”Available at: http://www.interhack.net/pubs/network‐security. Accessed (28 April 2012)
Dr. La Jolla, CA 92093 (858) 534-2230 Copyright ©2012 Regents of the University of California discussed ‘How firewalls work’:
(http://blink.ucsd.edu/technology/security/firewall/) ("Intranet.)" Wikipedia, The Free Encyclopedia. Jun 2008, 10:43 UTC. Wikimedia Foundation, Inc. 2 Jul 2008<http://en.wikipedia.org/w/index.php?title=Intranet&ol did=221174244>.
Improving Security, http://www.cert.org/tech_tips, 2006.
“Internet History Timeline,”www3.baylor.edu/~Sharon_P_Johnson/etg/inthistory.h
J.P. Holbrook, J.K. Reynolds. ``Site Security Handbook.'' RFC 1244.
Jun 2008, 10:43 UTC. Wikimedia Foundation, Inc. July 2008
Kartalopoulos, S. V., "Differentiating Data Security and Network Security," Communications, 2008. ICC '08.IEEE International Conference on, pp.1469‐1473, 19‐23 May 2008.
61
Landwehr, C.E.; Goldschlag, D.M., "Security issues in networks with Internet access," Proceedings of theIEEE, vol.85, no.12, pp.2034‐2051, Dec 1997"Intranet." Wikipedia, The Free Encyclopedia.Manual/security‐guide/ch‐sgs‐ov.html.
Molva, R., Institut Eurecom,“Internet Security Architecture,” in Computer Networks & ISDN SystemsJournal, vol. 31, pp. 787‐804, April 1999.
M. Curtin, ``Snake Oil Warning Signs: Encryption Software to Avoid.'' USENET <sci.crypt> Frequently Asked Questions File. ] Dowd, P.W.; McHenry, J.T., "Network security: it's time to take it seriously," Computer, vol.31, no.9, pp.24‐ Sep 1998
Marin, G.A., "Network security basics," Security &Privacy, IEEE , vol.3, no.6, pp. 68‐72, Nov.‐Dec. 2005.
S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989.
“Security Overview,”www.redhat.com/docs/manuals/enterprise/RHEL‐4‐
Sotillo, S., East Carolina University, “IPv6 security issues,” August 2006,www.infosecwriters.com/text_resources/pdf/IPv6_SSotillo.pdf.
Tyson, J., ”How Virtual private networks work,” http://www.howstuffworks.com/vpn.htm . Accessed (24-5-2012)
Warfield M., “Security Implications of IPv6,” Internet Security Systems White Paper, documents.iss.net/whitepapers/IPv6.pdf.
Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, ``Address Allocation for Private Internets.'' RFC 1918.
62
Computer network definition http://en.wikipedia.org/wiki/Computer_network
accessed (24-5-2012)
63
APPENDIX A: INTERFACES
Fig 3.1.2 Configuring Ip address on Client systems
Fig 3.1.3 Unauthorized Login
64
Fig 3.1.4 Winbox Login
User List
65
Fig 3.1.4: Router Firewall
Router Logging
66
Fig 3.1.5.1 Using Queue
67
Fig3.1.5.2 Using Torch
68
Fig.3.3. 1 Setting DHCP on the internet interface of the router
69
Fig 3.3.2 Setting DNS request granting
Fig 3.3.3 Verifying Internet Connectivity on Router
70
Fig 3.3.4 Enabling the WLAN card if its to be used
Fig 3.3.5 Setting the Hotspot
71
Fig 3.3.6 Choosing the Interface for the Hotspot Access
Fig 3.3.7 Setting the Network
72
Fig 3.3.8 Setting the pool of addresses for clients
Fig 3.3.9 Secure Shell Certificate option
73
Fig 3.4.0 SMTP (Simple Mail Transfer Protocol) – none selected
Fig 3.4.1 Domain Name Service Setup
74
Fig 3.4.2 Setting the Dns Name
Fig 3.4.3 Setting the first username and password
75
Fig 3.4.4 Setting DHCP on the internet interface of the router
Fig 3.4.5 Setting DNS request granting
76
Fig 3.4.6 Verifying Internet Connectivity on
Fig 3.4.7 Enabling the WLAN card if its to be used
77
Fig 3.4.8 Setting the Hotspot
Fig 3.4.9 Choosing the Interface for the Hotspot Access
78
Fig 3.5.0 Setting the Network
Fig 3.5.1 Setting the pool of addresses for clients
79
Fig.3.5.2 Secure Shell Certificate option
Fig 3.5.3 SMTP (Simple Mail Transfer Protocol) – none selected
80
Fig 3.5.4 Domain Name Service Setup
Fig 3.5.5 Setting the Dns Name
81
Fig 3.5.6 Setting the first username and password
Fig 3.5.7 Hotspot Completed
82
83