AN ORGANIZED AND SECURED LOCAL AREA NETWORK

ON

NAVAL POST GRADUATE SCHOOL

DEPARTMENT LABORATORIES

A Case Study

Presented to the Department of Computer Engineering

In Partial Fulfillment for the SNA 214

System and Network Administration

University of San Carlos -Talamban Campus

Cebu City, Philippines

By:

Judy Ann N. Adalia

Stiffanny A. Ortega

September 24, 2014

Table of Contents

1

List of Contents . . . . . 1

Chapter I

Introduction . . . . . 2

1.2 Background of the study . . . . .

3

1.3 Present System Scenario . . . . .

4

1.4 Statement of the Problem . . . . .

5

1.5 Objective of the Study . . . . .

5

Chapter II

Review of Related Literature . . . . .

6-7

Chapter II

Methodology . . . . .

8-9

Chapter IV

Analysis and Discussions . . . . . 10

Chapter V

Conclusions & Recommendations . . . . .

11

Chapter VI.

References . . . . . 12

2

Chapter I

INTRODUCTION

Computer network or data network is a telecommunications network

that allows computers to exchange data. In computer networks, networked

computing devices pass data to each other along data connections. Data is

transferred in the form of packets. The connections (network links) between

nodes are established using either cable media or wireless media. The best-

known computer network is the Internet. Network computer devices that

originate, route and terminate the data are called network nodes. Nodes can

include hosts such as personal computers, phones, servers as well as

networking hardware. Two such devices are said to be networked together

when one device is able to exchange information with the other device,

whether or not they have a direct connection to each other. It also supports

applications such as access to the World Wide Web and shared use of

application and storage servers.

Networking, the technology of interconnecting computing devices so

information can flow between them, includes the design, deployment,

operation, and maintenance of computer networks using developed

components. This includes activities as simple as topology design to those as

complex as the configuration of services and protocols to enable an entire

intranet and the support of that environment. As the number of computing

devices in the network scales up, the task becomes more difficult, involving

design tradeoffs, performance considerations, and cost issues.

Systems administration includes the system design, installation,

configuration, operation, and support of computer system platforms from

mobile devices, servers, and large scale systems to the deployment of clouds

3

and the use of virtualization. This includes the specification and

implementation of all the hardware and software structures required to

support and deploy these environments.

These disciplines are also concerned with the security and privacy of

the information that is stored on these platforms and communicated over the

networks they are attached to. In today’s information-rich environment,

computer systems exist at the heart of a network and often work together to

provide services as well as repositories for information. Students will be able

to take all of this into consideration as they design and deploy secure system

and network solutions in support of an organization's strategic and tactical

goals.

1.2 Background of the study

The Naval Postgraduate School (NPS) is a fully accredited research

university operated by the United States Navy. Located in Monterey,

California, it grants master's degrees, engineer's degrees and doctoral

degrees. The school also offers research fellowship opportunities at the

postdoctoral level through the National Research Council research

associateship program. Over the course of the university's 100-year history,

the Naval Postgraduate School has established a superior level of academic

excellence. Throughout the institution's four schools, its comprehensive

institutes and several interdisciplinary centers and research groups are a

wide breadth of relevant disciplines tailored to the direct needs of national

and global security.

This study is all about establishing a secured and organized computer

network in Naval

Post Graduate School which implies the following possible actions: to protect

application programs from corruption and preventing proliferation of

“unauthorized” user files. Folder redirecting for the users to gain full access

to their folders and files with high confidentiality. User’s accounts will be

sorted out according to each departments they belong. Instructors can keep

track with their student’s files through their own mailing server. Hardware

4

equipment will be free from any malwares through disabling any external

port or connectors. Online malwares will be avoided too, through blocking

unnecessary sites that might be access by the students and filtering all the

data that may enter their Local Area Network.

Through these, confidentiality, integrity, and availability of information

will be highly secured and hardware equipment’s including applications

software will last a lifetime.

1.3 Present System Scenario

At the Naval Postgraduate School (NPS) Administrative Science

Department microcomputer network laboratories, protection of hardware

and software elements is a concern. Guidance has been given in several

Department of the Navy and Naval Postgraduate School Instructions on

physical security, risk assessment and Automated Data Processing (ADP)

security. The focus of these instructions is on large computer systems or

office automation networks with dedicated users where data integrity is the

most important issue. Applicability to an academic Local Area Network (LAN)

laboratory is different due to the unique environments in which they

operate. The labs operated by the Administrative Science Department are

set up to operate in an educational environment. They are used by, faculty

within the department for classroom instruction, the computer center

operations personnel for instruction purposes, and students of the school or

accomplishing assignments. The users of the labs are many and their

computing needs varied, thus creating the requirement for innovative

protection methods. Since maximizing availability of computing resources is

the goal of the Administrative Science networks, the laboratories operate

around the clock, seven days-a-week in an unsupervised environment.

Traditional security protection methods were developed primarily for the

protection of shared data among network users where the data is vital to

organizational operations. This thesis is concerned with the protection of

network resources, both hardware and applications software which operate

in this "open" environment. Protecting application programs from corruption

5

and preventing the proliferation of "unauthorized" user files are the most

important security problems faced by lab management. Further complicating

the issue is the fact that the administration and upkeep of the Administrative

Science labs is done pro bono by faculty and students on a volunteer basis.

This limits the amount of "staff" available to perform routine tasks and

precludes the use of labor intensive security methods such as registering

each network user and assigning passwords.

1.4 Statement of the Problem

The purpose of this study is to protect the Network resources

specifically the hardware components and software applications in Naval Post

Graduate School due to the lack of security found on it that can easily be

attack by malwares.

Specific problems that the researcher aims to solve are the following:

1. Unorganized user’s accounts

2. Accessing unnecessary sites that are not related to their studies.

3. Unsafe inserting of external drives

4. Indirect communications between instructors and students.

5. Unsecured network

1.5 Objective of the Study

The objective of the study is to give changes to the Naval Post Graduate

School and to give protection to the hardware components and software

applications in Naval Post Graduate School. The ultimate goal is to implement

and develop a Naval Post Graduate School that enables strong, and fully

6

secured network resources. Specifically to solve the problems are the

following:

1. To create active directory that organizes the different users and

the administration.

2. Using proxy server to blocked the unnecessary sites.

3. Disabling of external ports or connectors.

4. Create mail server within a LAN that allows students and

instructors to exchange messages.

5. Using highly secured firewall to help screen out hackers, viruses,

and worms that try to reach their computer over the Internet.

Chapter II

REVIEW OF RELATED LITERATURE

Network security has become more important to personal computer

users, organizations, and the military. With the advent of the internet,

security became a major concern and the history of security allows a better

understanding of the emergence of security technology. The internet

structure itself allowed for many security threats to occur. The architecture of

the internet, when modified can reduce the possible attacks that can be sent

across the network. Knowing the attack methods, allows for the appropriate

security to emerge. Many businesses secure themselves from the internet by

means of firewalls and encryption mechanisms. The businesses create an

“intranet” to remain connected to the internet but secured from possible

threats. The entire field of network security is vast and in an evolutionary

stage. The range of study encompasses a brief history dating back to

internet’s beginnings and the current development in network security. In

order to understand the research being performed today, background

knowledge of the internet, its vulnerabilities, attack methods through the

7

internet, and security technology is important and therefore they are

reviewed. (Daya, 2013)

The Local Area Network (LAN) is a technology that has evolved to meet

the needs of automating short distance communication at high speeds of

operation and relatively low error rates. They are a particular form of data

communications that optimize hardware and software to support the sharing

of devices and information. Not only do LANs support personal computer

workstations but they are also being used in conjunction with minicomputer

and mainframe networks as well as wide area networks (WANs). Today, LANs

have emerged as a useful technology loaded with immediate practicality and

a promising future. The mere sharing of expensive resources such as laser

printers and high capacity, high-speed mass storage devices among many

users is a direct economic benefit to management and equates to significant

savings. Businesses realize the importance of local area networks in their

daily activities and recognize that networking is desirable for optimum

company effectiveness. Local area networks have expanded to global

proportions and the technology has exceeded the tasks it was originally

acquired to perform. In these days of fast-moving technologies, compatibility

issues have become important. (ESPIRITU, September, 2005)

A firewall can only affect this to a certain extent. Nor can a firewall handle

traffic through encrypted channels. A personal firewall can, generally

speaking, provide a certain portion of the protection that is needed. By

preventing general access to the hardware and also controlling outgoing

traffic, we create a form of basic protection at network/session level, which at

all events is a decent base. Knowledge of the basic Internet technology is

very widespread. There is a great need for norms concerning the

characteristics which software and systems are to have when delivered, and

also for these norms to include directions on the use of different functions,

e.g. operative systems. A description of a standard environment for domestic

Internet connections may be needed, with a view to indicating and tackling

security questions. In addition, general knowledge is needed concerning risks

and protection, as well as tools giving the user support for upgrading system

security and permitting the maintenance of a level of security. This works up

8

to a certain level. It is unrealistic, however, to suppose that we will be able to

get users very interested in security issues generally and, above all, get them

sufficiently interested to learn to carry out security promotion measures

themselves. The fact is that the majority will never understand enough to be

able to configure an operative system. A security plan is needed which will

correspond to the risk panorama and protection needs of a normal

household. (The Observatory for Information Security PM 1:20)

Chapter III

METHODOLOGY

The following are the methods that will be used during the implementations.

3.1 Install Windows Server 2003 for the server and Windows Xp for the

clients.

Server, clients and user’s password=p@ssw0rd

3.2 Installations and configurations of: Windows Server 2003 features.

3.2.1 DHCP Server

IP address for the server = 172.192.1.2

IP address for the gateway =172.192.1.1

IP address pool = 172.192.1.5 – 172.192.1.254

3.2.2 DNS Server

9

Domain name= navalpgs.local

IP address =172.192.1.2

3.2.3 WEB Server

New Zone Name= navalpgs.com

IP address =172.192.1.2

3.2.4 FTP Server

IP address= 172.192.1.2

Name = ftp://navalpgs.com

3.2.5 Mail Server

3.2.6 Proxy Server

3.2.7 Firewall

3.3 User’s accounts and profile organizations.

3.3.1 Folder Redirection

3.3.2 Group Policy

3.4 Installations of necessary application software.

3.4.1 MS Office

3.4.2 Anti-Virus

3.4.3 Others educational application software related to the students

studies.

4.1 Local Area Network of Naval Post Graduate School

10

4.2 Network Topology of Naval Post Graduate Sc

Chapter IV

ANALYSIS AND DISCUSSIONS

This study further analyzes the importance of the implementation of

the services in windows server 2003 for the improvement of Naval Post

Graduate School. Windows server 2003 brings the best features which are

suited to the needs of improving technologies as of today. It can establish

secure-connected infrastructures. It is easy to manage and use for the

student’s convenience. The following windows server features were used are

11

DHCP server which gives dynamic IP Addresses to the clients, DNS (Domain

Name System) which resolves IP addresses to a specific domain name to

refrain typing hassle, Active Directory which holds all users and profiles

within a domain, FTP (File Transfer Protocol) which is used to transfer data

from one computer to another through a network, firewall which separates a

secure area from a less secure area and to control communications between

the two, Mail Server which allows users to send message from one computer

to another, and web server which gives a specific site to the users. There are

many things that helps server to be organize one of which is Group policy

which provides an organizational unit for the users. It can also be a member

of a user profile. Secondly, folder redirection which helps administrators to

easily locate whatever text file or anything that has been saved by the clients

on their documents or even on their network drive.

Chapter V

CONCLUSIONS AND RECOMMENDATIONS

One of the advantages of an organized local area networks is that they

are scalable: more clients and servers can be added to the system without

changing the network significantly. These centralized networks are easier to

manage, to administer, and to secure. The files can be stored on a central

computer (the file server) allowing data to be shared throughout an

12

organization. It can be backed up more easily when they are all on a central

fileserver rather than when they are scattered across a number of

independent workstations. The networks also allow security to be established,

ensuring that the network users may only have access to certain files and

applications they have owned and users can access their files from any

laboratories. Software and resources can be centrally managed and the

network versions of software often allow for their speedy installation on

workstations from the file server. Having a secure network can protect both

individual computers and corporate networks from hostile intrusion from the

Internet, but must be understood to be used correctly because Internet can

expose critical or confidential data to malicious attack from anywhere in the

world. So, users who connect their computers to the Internet must be aware

of these dangers, their implications and how to protect their data and their

critical systems. Through this study, Naval Post Graduate School will have an

organized and well-secured computer network that would be beneficial to the

students, and the school itself.

5.1 Elaborately, researchers recommended the following for the future

researchers:

1. Network devices compatibility to the increasing demand of

technologies.

2. Bigger space for storage devices.

3. A more secure computer networks with the help of updated strong

firewall.

Chapter VI

REFERENCES

13

Alfini, Richard Ralph. Personal Computer Local Area Network Security in an

Academic Environment. Retrieved from https://www.hsdl.org/?

view&did=17223 .

Swedish ICT Commission. (2002). Basic protection in computer hardware

and software. Retrieved from

http://www.itkommissionen.se/dynamaster/file_archive/020214/6cb9b653c94

cab9ae7963032585c371f/Rapport%20Grundsskydd%20engelska.pdf .

Heather, Eric Rusten. & Hudson, E. HARDWARE, NETWORKING, SOFTWARE,

AND CONNECTIVITY. Retrieved From

http://www.ictinedtoolkit.org/usere/library/tech_for_ed_chapters/06.pdf .

Bruce Sanderson MVP How to configure Windows Server 2003 SP1 firewall for

a Domain Controller

Retrieved From http://support.microsoft.com/kb/555381.

Samanderson1234.http://www.answers.com/Q/

How_do_you_configure_proxy_using_windows_2003_server .

Microsoft. (2013). Install or Uninstall Roles, Role Services, or Features

Retrieved from http://technet.microsoft.com/en-us/library/hh831809.aspx .

Zilora, Stephen. (2012). Networking and Systems Administration BS.

Retrieved from http://www.rit.edu/programs/networking-and-systems-

administration-1 .