Date post: | 25-Jul-2015 |
Category: |
Engineering |
Upload: | jude-rainer |
View: | 59 times |
Download: | 1 times |
AN ORGANIZED AND SECURED LOCAL AREA NETWORK
ON
NAVAL POST GRADUATE SCHOOL
DEPARTMENT LABORATORIES
A Case Study
Presented to the Department of Computer Engineering
In Partial Fulfillment for the SNA 214
System and Network Administration
University of San Carlos -Talamban Campus
Cebu City, Philippines
By:
Judy Ann N. Adalia
Stiffanny A. Ortega
September 24, 2014
Table of Contents
1
List of Contents . . . . . 1
Chapter I
Introduction . . . . . 2
1.2 Background of the study . . . . .
3
1.3 Present System Scenario . . . . .
4
1.4 Statement of the Problem . . . . .
5
1.5 Objective of the Study . . . . .
5
Chapter II
Review of Related Literature . . . . .
6-7
Chapter II
Methodology . . . . .
8-9
Chapter IV
Analysis and Discussions . . . . . 10
Chapter V
Conclusions & Recommendations . . . . .
11
Chapter VI.
References . . . . . 12
2
Chapter I
INTRODUCTION
Computer network or data network is a telecommunications network
that allows computers to exchange data. In computer networks, networked
computing devices pass data to each other along data connections. Data is
transferred in the form of packets. The connections (network links) between
nodes are established using either cable media or wireless media. The best-
known computer network is the Internet. Network computer devices that
originate, route and terminate the data are called network nodes. Nodes can
include hosts such as personal computers, phones, servers as well as
networking hardware. Two such devices are said to be networked together
when one device is able to exchange information with the other device,
whether or not they have a direct connection to each other. It also supports
applications such as access to the World Wide Web and shared use of
application and storage servers.
Networking, the technology of interconnecting computing devices so
information can flow between them, includes the design, deployment,
operation, and maintenance of computer networks using developed
components. This includes activities as simple as topology design to those as
complex as the configuration of services and protocols to enable an entire
intranet and the support of that environment. As the number of computing
devices in the network scales up, the task becomes more difficult, involving
design tradeoffs, performance considerations, and cost issues.
Systems administration includes the system design, installation,
configuration, operation, and support of computer system platforms from
mobile devices, servers, and large scale systems to the deployment of clouds
3
and the use of virtualization. This includes the specification and
implementation of all the hardware and software structures required to
support and deploy these environments.
These disciplines are also concerned with the security and privacy of
the information that is stored on these platforms and communicated over the
networks they are attached to. In today’s information-rich environment,
computer systems exist at the heart of a network and often work together to
provide services as well as repositories for information. Students will be able
to take all of this into consideration as they design and deploy secure system
and network solutions in support of an organization's strategic and tactical
goals.
1.2 Background of the study
The Naval Postgraduate School (NPS) is a fully accredited research
university operated by the United States Navy. Located in Monterey,
California, it grants master's degrees, engineer's degrees and doctoral
degrees. The school also offers research fellowship opportunities at the
postdoctoral level through the National Research Council research
associateship program. Over the course of the university's 100-year history,
the Naval Postgraduate School has established a superior level of academic
excellence. Throughout the institution's four schools, its comprehensive
institutes and several interdisciplinary centers and research groups are a
wide breadth of relevant disciplines tailored to the direct needs of national
and global security.
This study is all about establishing a secured and organized computer
network in Naval
Post Graduate School which implies the following possible actions: to protect
application programs from corruption and preventing proliferation of
“unauthorized” user files. Folder redirecting for the users to gain full access
to their folders and files with high confidentiality. User’s accounts will be
sorted out according to each departments they belong. Instructors can keep
track with their student’s files through their own mailing server. Hardware
4
equipment will be free from any malwares through disabling any external
port or connectors. Online malwares will be avoided too, through blocking
unnecessary sites that might be access by the students and filtering all the
data that may enter their Local Area Network.
Through these, confidentiality, integrity, and availability of information
will be highly secured and hardware equipment’s including applications
software will last a lifetime.
1.3 Present System Scenario
At the Naval Postgraduate School (NPS) Administrative Science
Department microcomputer network laboratories, protection of hardware
and software elements is a concern. Guidance has been given in several
Department of the Navy and Naval Postgraduate School Instructions on
physical security, risk assessment and Automated Data Processing (ADP)
security. The focus of these instructions is on large computer systems or
office automation networks with dedicated users where data integrity is the
most important issue. Applicability to an academic Local Area Network (LAN)
laboratory is different due to the unique environments in which they
operate. The labs operated by the Administrative Science Department are
set up to operate in an educational environment. They are used by, faculty
within the department for classroom instruction, the computer center
operations personnel for instruction purposes, and students of the school or
accomplishing assignments. The users of the labs are many and their
computing needs varied, thus creating the requirement for innovative
protection methods. Since maximizing availability of computing resources is
the goal of the Administrative Science networks, the laboratories operate
around the clock, seven days-a-week in an unsupervised environment.
Traditional security protection methods were developed primarily for the
protection of shared data among network users where the data is vital to
organizational operations. This thesis is concerned with the protection of
network resources, both hardware and applications software which operate
in this "open" environment. Protecting application programs from corruption
5
and preventing the proliferation of "unauthorized" user files are the most
important security problems faced by lab management. Further complicating
the issue is the fact that the administration and upkeep of the Administrative
Science labs is done pro bono by faculty and students on a volunteer basis.
This limits the amount of "staff" available to perform routine tasks and
precludes the use of labor intensive security methods such as registering
each network user and assigning passwords.
1.4 Statement of the Problem
The purpose of this study is to protect the Network resources
specifically the hardware components and software applications in Naval Post
Graduate School due to the lack of security found on it that can easily be
attack by malwares.
Specific problems that the researcher aims to solve are the following:
1. Unorganized user’s accounts
2. Accessing unnecessary sites that are not related to their studies.
3. Unsafe inserting of external drives
4. Indirect communications between instructors and students.
5. Unsecured network
1.5 Objective of the Study
The objective of the study is to give changes to the Naval Post Graduate
School and to give protection to the hardware components and software
applications in Naval Post Graduate School. The ultimate goal is to implement
and develop a Naval Post Graduate School that enables strong, and fully
6
secured network resources. Specifically to solve the problems are the
following:
1. To create active directory that organizes the different users and
the administration.
2. Using proxy server to blocked the unnecessary sites.
3. Disabling of external ports or connectors.
4. Create mail server within a LAN that allows students and
instructors to exchange messages.
5. Using highly secured firewall to help screen out hackers, viruses,
and worms that try to reach their computer over the Internet.
Chapter II
REVIEW OF RELATED LITERATURE
Network security has become more important to personal computer
users, organizations, and the military. With the advent of the internet,
security became a major concern and the history of security allows a better
understanding of the emergence of security technology. The internet
structure itself allowed for many security threats to occur. The architecture of
the internet, when modified can reduce the possible attacks that can be sent
across the network. Knowing the attack methods, allows for the appropriate
security to emerge. Many businesses secure themselves from the internet by
means of firewalls and encryption mechanisms. The businesses create an
“intranet” to remain connected to the internet but secured from possible
threats. The entire field of network security is vast and in an evolutionary
stage. The range of study encompasses a brief history dating back to
internet’s beginnings and the current development in network security. In
order to understand the research being performed today, background
knowledge of the internet, its vulnerabilities, attack methods through the
7
internet, and security technology is important and therefore they are
reviewed. (Daya, 2013)
The Local Area Network (LAN) is a technology that has evolved to meet
the needs of automating short distance communication at high speeds of
operation and relatively low error rates. They are a particular form of data
communications that optimize hardware and software to support the sharing
of devices and information. Not only do LANs support personal computer
workstations but they are also being used in conjunction with minicomputer
and mainframe networks as well as wide area networks (WANs). Today, LANs
have emerged as a useful technology loaded with immediate practicality and
a promising future. The mere sharing of expensive resources such as laser
printers and high capacity, high-speed mass storage devices among many
users is a direct economic benefit to management and equates to significant
savings. Businesses realize the importance of local area networks in their
daily activities and recognize that networking is desirable for optimum
company effectiveness. Local area networks have expanded to global
proportions and the technology has exceeded the tasks it was originally
acquired to perform. In these days of fast-moving technologies, compatibility
issues have become important. (ESPIRITU, September, 2005)
A firewall can only affect this to a certain extent. Nor can a firewall handle
traffic through encrypted channels. A personal firewall can, generally
speaking, provide a certain portion of the protection that is needed. By
preventing general access to the hardware and also controlling outgoing
traffic, we create a form of basic protection at network/session level, which at
all events is a decent base. Knowledge of the basic Internet technology is
very widespread. There is a great need for norms concerning the
characteristics which software and systems are to have when delivered, and
also for these norms to include directions on the use of different functions,
e.g. operative systems. A description of a standard environment for domestic
Internet connections may be needed, with a view to indicating and tackling
security questions. In addition, general knowledge is needed concerning risks
and protection, as well as tools giving the user support for upgrading system
security and permitting the maintenance of a level of security. This works up
8
to a certain level. It is unrealistic, however, to suppose that we will be able to
get users very interested in security issues generally and, above all, get them
sufficiently interested to learn to carry out security promotion measures
themselves. The fact is that the majority will never understand enough to be
able to configure an operative system. A security plan is needed which will
correspond to the risk panorama and protection needs of a normal
household. (The Observatory for Information Security PM 1:20)
Chapter III
METHODOLOGY
The following are the methods that will be used during the implementations.
3.1 Install Windows Server 2003 for the server and Windows Xp for the
clients.
Server, clients and user’s password=p@ssw0rd
3.2 Installations and configurations of: Windows Server 2003 features.
3.2.1 DHCP Server
IP address for the server = 172.192.1.2
IP address for the gateway =172.192.1.1
IP address pool = 172.192.1.5 – 172.192.1.254
3.2.2 DNS Server
9
Domain name= navalpgs.local
IP address =172.192.1.2
3.2.3 WEB Server
New Zone Name= navalpgs.com
IP address =172.192.1.2
3.2.4 FTP Server
IP address= 172.192.1.2
Name = ftp://navalpgs.com
3.2.5 Mail Server
3.2.6 Proxy Server
3.2.7 Firewall
3.3 User’s accounts and profile organizations.
3.3.1 Folder Redirection
3.3.2 Group Policy
3.4 Installations of necessary application software.
3.4.1 MS Office
3.4.2 Anti-Virus
3.4.3 Others educational application software related to the students
studies.
4.1 Local Area Network of Naval Post Graduate School
10
4.2 Network Topology of Naval Post Graduate Sc
Chapter IV
ANALYSIS AND DISCUSSIONS
This study further analyzes the importance of the implementation of
the services in windows server 2003 for the improvement of Naval Post
Graduate School. Windows server 2003 brings the best features which are
suited to the needs of improving technologies as of today. It can establish
secure-connected infrastructures. It is easy to manage and use for the
student’s convenience. The following windows server features were used are
11
DHCP server which gives dynamic IP Addresses to the clients, DNS (Domain
Name System) which resolves IP addresses to a specific domain name to
refrain typing hassle, Active Directory which holds all users and profiles
within a domain, FTP (File Transfer Protocol) which is used to transfer data
from one computer to another through a network, firewall which separates a
secure area from a less secure area and to control communications between
the two, Mail Server which allows users to send message from one computer
to another, and web server which gives a specific site to the users. There are
many things that helps server to be organize one of which is Group policy
which provides an organizational unit for the users. It can also be a member
of a user profile. Secondly, folder redirection which helps administrators to
easily locate whatever text file or anything that has been saved by the clients
on their documents or even on their network drive.
Chapter V
CONCLUSIONS AND RECOMMENDATIONS
One of the advantages of an organized local area networks is that they
are scalable: more clients and servers can be added to the system without
changing the network significantly. These centralized networks are easier to
manage, to administer, and to secure. The files can be stored on a central
computer (the file server) allowing data to be shared throughout an
12
organization. It can be backed up more easily when they are all on a central
fileserver rather than when they are scattered across a number of
independent workstations. The networks also allow security to be established,
ensuring that the network users may only have access to certain files and
applications they have owned and users can access their files from any
laboratories. Software and resources can be centrally managed and the
network versions of software often allow for their speedy installation on
workstations from the file server. Having a secure network can protect both
individual computers and corporate networks from hostile intrusion from the
Internet, but must be understood to be used correctly because Internet can
expose critical or confidential data to malicious attack from anywhere in the
world. So, users who connect their computers to the Internet must be aware
of these dangers, their implications and how to protect their data and their
critical systems. Through this study, Naval Post Graduate School will have an
organized and well-secured computer network that would be beneficial to the
students, and the school itself.
5.1 Elaborately, researchers recommended the following for the future
researchers:
1. Network devices compatibility to the increasing demand of
technologies.
2. Bigger space for storage devices.
3. A more secure computer networks with the help of updated strong
firewall.
Chapter VI
REFERENCES
13
Alfini, Richard Ralph. Personal Computer Local Area Network Security in an
Academic Environment. Retrieved from https://www.hsdl.org/?
view&did=17223 .
Swedish ICT Commission. (2002). Basic protection in computer hardware
and software. Retrieved from
http://www.itkommissionen.se/dynamaster/file_archive/020214/6cb9b653c94
cab9ae7963032585c371f/Rapport%20Grundsskydd%20engelska.pdf .
Heather, Eric Rusten. & Hudson, E. HARDWARE, NETWORKING, SOFTWARE,
AND CONNECTIVITY. Retrieved From
http://www.ictinedtoolkit.org/usere/library/tech_for_ed_chapters/06.pdf .
Bruce Sanderson MVP How to configure Windows Server 2003 SP1 firewall for
a Domain Controller
Retrieved From http://support.microsoft.com/kb/555381.
Samanderson1234.http://www.answers.com/Q/
How_do_you_configure_proxy_using_windows_2003_server .
Microsoft. (2013). Install or Uninstall Roles, Role Services, or Features
Retrieved from http://technet.microsoft.com/en-us/library/hh831809.aspx .
Zilora, Stephen. (2012). Networking and Systems Administration BS.
Retrieved from http://www.rit.edu/programs/networking-and-systems-
administration-1 .