Beruflich Dokumente
Kultur Dokumente
BY
U1/13/CSC/1003
DECEMBER, 2017
i
DECLARATION
I, Muhammad Sulaiman Sabo, hereby declare that this project titled Network Security Using
Mikrotik Router Operating System has been carried out by me under the supervision of Mal.
Aisha K Umar. It has not been presented for award of any degree in any institution. All sources
of information are specifically acknowledged by means of references.
…………………………………. …..…………………………........
Sign Date
ii
APPROVAL
This research project “Network Security Using Mikrotik RouterOS”. It has been read and
approved by the supervisor as meeting the requirement of the department of Maths and
Computer Science, Umaru Musa Yar’adua University, Katsina for the award of Bachelor of
Science (B.Sc. Computer Science) degree.
……………………………………… ………...……………………
Project Supervisor
……………………………………… ………………………………
Project Coordinator
………………………………………. ……………………………….
Head of Department
………………………………………. ……………………………...
iii
DEDICATION
This project work is dedicated to my dearly parents, Mr. and Mrs. Sabo Usman, especially my
wonderful mom whom has always being there for me and my lovely siblings.
iv
ACKNOWLEDGEMENT
First of all, I would like to thank almighty Allah, for his continues blessings, which always
strengthen me to complete this task efficiently. I am very much thankful for my supervisor Mal.
Aisha Kabir Umar, she provided me continuous guideline and encouragement throughout the
project work. She provided detailed feedback which helped me a lot for improving the quality of
the project and i really appreciated the support of my level adviser Mal. Aisha Mahmud Dan Ali,
may almighty Allah continuous blessing, protection and opening a good ways to them Amin. I
wish to thank my instructors and lecturers for their greatest support and guidance for
accomplishment of my goal in educational activities.
My special thanks to my mother and father, whose continuous prayers, care and love is the
constant source of support for me. Special thanks to my brothers who gave me confidence to
complete this big task. Special thanks to everybody which helped me for completing the project
study.
v
TABLE OF CONTENTS
Contents
TITLE PAGE……………………………………………………………………………………...i
DECLARATION ............................................................................................................................................... ii
APPROVAL .................................................................................................................................................... iii
DEDICATION ................................................................................................................................................. iv
ACKNOWLEDGEMENT ................................................................................................................................... v
TABLE OF CONTENTS.................................................................................................................................... vi
LIST OF FIGURES ........................................................................................................................................... ix
ABSTRACT...................................................................................................................................................... x
CHAPTER ONE ............................................................................................................................................... 1
1.1 INTRODUCTION ................................................................................................................................... 1
1.2 BACKGROUND OF STUDY .................................................................................................................... 1
1.3 PROBLEM STATEMENT ........................................................................................................................ 4
1.4 AIM AND OBJECTIVES.......................................................................................................................... 4
1.5 SIGNIFICANCE OF STUDY ..................................................................................................................... 4
1.6 RESEARCH QUESTIONS........................................................................................................................ 5
1.7 SCOPE AND LIMITATION ..................................................................................................................... 5
1.8 DEFINITION OF SOME TERMS ............................................................................................................. 5
1.9 CHAPTER SUMMARY ........................................................................................................................... 6
CHAPTER TWO .............................................................................................................................................. 7
LITERATURE REVIEW ..................................................................................................................................... 7
2.1 INTRODUCTION ................................................................................................................................... 7
2.2 HISTORICAL BACKGROUND ................................................................................................................. 7
2.3 SECURITY ............................................................................................................................................. 7
2.3.1 Data Security .................................................................................................................................... 8
2.3.2 Network Security ............................................................................................................................. 9
2.3.3 Virtual Private Network (VPN) ......................................................................................................... 9
2.4 THE ISO/OSI MODEL .......................................................................................................................... 10
2.4.1 The Network Layer ......................................................................................................................... 11
vi
2.4.2 The Transport Layer ....................................................................................................................... 11
2.4.3 The Presentation Layer .................................................................................................................. 11
2.4.4 The Application Layer..................................................................................................................... 11
2.5 IP ADDRESSES .................................................................................................................................... 12
2.5.1 Internet Protocol Version 4 (IPV4) ................................................................................................. 12
2.5.1.1 IP Address Classes ....................................................................................................................... 14
2.5.2 Internet Protocol Version 6 (IPV6) ................................................................................................. 16
2.6 COMMON NETWORK SECURITY ATTACKS ........................................................................................ 17
2.6.1 Eavesdropping................................................................................................................................ 17
2.6.2 Viruses ............................................................................................................................................ 17
2.6.3 Worms ............................................................................................................................................ 17
2.6.4 Trojans............................................................................................................................................ 17
2.6.5 Phishing .......................................................................................................................................... 18
2.6.6 IP Spoofing Attacks ........................................................................................................................ 18
2.6.7 Denial Of Service ............................................................................................................................ 18
2.7 MECHANISM FOR NETWORK SECURITY ............................................................................................ 18
2.7.1 Cryptographic System .................................................................................................................... 18
2.7.2 Firewall ........................................................................................................................................... 18
2.7.2.1 There are five basic types of Firewall ......................................................................................... 19
2.7.3 Intrusion Detection System (IDS) ................................................................................................... 19
2.7.4 Intrusion Prevention System (IPS) ................................................................................................. 20
2.7.5 Antivirus ......................................................................................................................................... 20
2.8 CHAPTER SUMMARY ......................................................................................................................... 20
RESEARCH METHODOLOGY ........................................................................................................................ 21
3.1 INTRODUCTION ................................................................................................................................. 21
3.2 AREA OF STUDY ................................................................................................................................. 21
3.3 METHODS OF DATA COLLECTION ..................................................................................................... 21
3.3.1 Interview ........................................................................................................................................ 21
3.3.2 Qualitative...................................................................................................................................... 22
3.3.3 Quantitative ................................................................................................................................... 22
3.3.4 Questionnaire ................................................................................................................................ 22
3.4 JUSTIFICATION OF THE CHOSEN METHOD........................................................................................ 23
vii
3.5 NETWORK DESIGN ............................................................................................................................ 23
3.6 MIKROTIK .......................................................................................................................................... 24
3.7 HARDWARE REQUIREMENTS ............................................................................................................ 26
3.8 SOFTWARE REQUIREMENTS ............................................................................................................. 27
3.9 BANDWIDTH MANAGEMENT ............................................................................................................ 27
3.9.1 Queues ........................................................................................................................................... 27
3.9.2 Torch .............................................................................................................................................. 27
3.9.3 Bandwidth Test .............................................................................................................................. 28
3.10 CHAPTER SUMMARY ....................................................................................................................... 28
CHAPTER FOUR ........................................................................................................................................... 29
IMPLEMENTATION, TESTING AND RESULT ................................................................................................. 29
4.1 INTRODUCTION ................................................................................................................................. 29
4.2 ROUTER INSTALLATION ..................................................................................................................... 29
4.2.1 Router Configuration ..................................................................................................................... 29
4.2.2 Router Firewall ............................................................................................................................... 30
4.2.3 Event Logging ................................................................................................................................. 31
4.3 HOTSPOT CONFIGURATION .............................................................................................................. 33
4.4 SYSTEM IMPLEMENTATION .............................................................................................................. 34
4.4.1 Choice of Router OS ....................................................................................................................... 34
4.5 IMPLEMENTATION TECHNIQUE ........................................................................................................ 34
4.6 SYSTEM TESTING ............................................................................................................................... 35
4.7 RESULT .............................................................................................................................................. 35
4.8 CHAPTER SUMMARY ......................................................................................................................... 37
CHAPTER FIVE ............................................................................................................................................. 38
SUMMARY, CONCLUSION AND RECOMMENDATION ................................................................................. 38
5.1 INTRODUCTION ................................................................................................................................. 38
5.2 SUMMARY ......................................................................................................................................... 38
5.3 CONCLUSION ..................................................................................................................................... 38
5.4 RECOMMENDATION ......................................................................................................................... 39
REFERENCES ............................................................................................................................................ 40
APPENDIX A ............................................................................................................................................. 42
viii
LIST OF FIGURES
Figure 1.1: Honeypot diagram…………………………………………………………………….3
ix
ABSTRACT
Network security has become more important to personal computer users, organizations, and the
military. With the advent of the internet, security became a major concern and the history of
security allows a better understanding of the emergence of security technology. The internet
structure itself allowed for many security threats to occur. The architecture of the internet, when
modified can reduce the possible attacks that can be sent across the network. Knowing the attack
methods, allows for the appropriate security to emerge. Many businesses secure themselves from
the internet by means of firewalls and encryption mechanisms. This project is proposed to solve
the problems of Information and Communication Technology, Umaru Musa Yar’adua University
Katsina by the help of Mikrotik RouterOS.
x
CHAPTER ONE
1.1 INTRODUCTION
This chapter introduces the entire project. Accordingly, it is structured as follows; background of
the study, problem statement, aim and objectives, significance of the study, research questions,
scope and limitation, definition of terms and chapter summary.
However, the University is equipped with an ultra-modern Data Center located at the heart of the
University which serves as the hub of the Campus Fibre Optic Network. At inception, Fiber
Optic Cable was used to link the University Library, the three premier Faculties and the Senate
Building with the Data Center while each of these buildings were independently networked over
Local Area Network (LAN). In the year 2014, thirteen (13) new structures were integrated to the
Fiber Optic Network to achieve a 100% physical connectivity within the University. However,
from 2010 to date, the University gradually transformed from a wired network to a wireless
1
cloud community as a result of series of Wireless Distribution Systems deployed by the State
Government, the University, Nigerian Communications Commission and Nigtel Consultancy
Services among other notable ICT donors. The University’s internet service was over a C-Band
VSAT Satellite System on a shared 512kbps/2Mb bandwidth plan and was only accessible from
0900Hrs to 1600Hrs working days owing to insufficient power backup. However, by the year
2013 the University migrated from VSAT to a more robust internet service platform using
Fiber/Microwave over MTN Broadband. With this development, the University realized over
800% increase in the internet bandwidth used previously and was made to run 24/7 daily after
deploying sufficient hybrid power solution. Additional 5Mb dedicated internet bandwidth was
deployed by NCC as part of USPF Digital Acquisition Center Project to boost the internet
capacity of the University in October 2014.
Network security consists of the policies adopted by a network administrator to monitor and
prevent unauthorized access, misuse, modification, or denial of service on a computer network
and network-accessible resources. Network security involves the authorization of access to data
in a network, which is controlled by the network administrator. Users choose or are assigned an
ID and password or other authenticating information that allows them access to information and
programs within their network. Network security covers a variety of computer networks, both
public and private, which are used daily for transactions and communications among businesses,
government agencies and individuals. Networks can be private (such as within a company) while
others might be open to public access. Network security is involved in organizations, enterprises,
and other types of institutions. It secures the network, as well as protecting and overseeing
operations being done. The most common and simple way of protecting a network resource is by
assigning it a unique name (Simmonds, et al., 2004) The world is becoming more interconnected
with the advent of the Internet and new networking technology. There is a large amount of
personal, commercial, military, and government information on networking infrastructures
worldwide. In addition network security is becoming of great importance because of intellectual
property that can be easily acquired through the internet. There are currently two fundamentally
different networks, data networks and synchronous network comprised of switches. The internet
is considered a data network. Since the current data network consists of computer‐based routers,
information can be obtained by special programs, such as “Trojan horses,” planted in the routers.
2
The synchronous network that consists of switches does not buffer data and therefore are not
threatened by attackers. That is why security is emphasized in data networks, such as the
internet, and other networks that link to the internet. Basically Mikrotik functions as a router,
does bandwidth management and has authentication software.
3
In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or
in some manner, counteract attempts at unauthorized use of information system. Generally, a
honeypot consists of data (for example, in a network site) that appears to be a legitimate part of
the site, but is actually isolated and monitored, and that seems to contain information or a
resource of value to attackers, who are then blocked. This is similar to police entrapment,
colloquially known as “baiting”, a suspect.
With the advancement of technology, a lot of unauthorized persons are now able to access
network and files and cause harm to the files hence the need for more network security policy
through the use of Mikrotik routers.
Mikrotik RouterOS has very powerful firewall allows filter traffic by different attributes such as
source destination address, connection type or state and much more. Properly configured firewall
plays a key role in efficient and secure network infrastructure deployment.
This project aim is to protect illegal collection or stealing of data from unauthorized users within
the organization or outsiders.
I see network security as a challenge in the information technology sector. In our present world,
internet (networking) is virtually all about sharing file, email and other paramount information in
every organization, governments, bank, and various companies where a lot of unauthorized users
always try to bridge the transmission of information. The need for network security will also
continue to grow but I believe the technical solution will become increasingly difficult and
4
cumbersome to achieve and enforce. If a packet which may do something malicious to a remote
host never gets there, the remote host will be unaffected.
The scope of this project work lies within the Directorate of Information and Communication
Technology (DICT), Umaru Musa Yar’adua University, Katsina.
This project has a few limitations in order to keep the extent of this project work to a reasonable
size. Therefore, this work is limited to only the university Information and Communication
Technology department.
2. Internet: is a network that links computer networks all over the world by satellite and
telephone, connecting users with service networks such as e-mail and the World Wide Web
5
1.9 CHAPTER SUMMARY
This chapter talks about the establishment of Directorate of Information and Communication
Technology (DICT) its’ mission and how fibre optic cables was used to transform the entire
network of the university from wired to wireless cloud community. It also highlights the
classification of network, way of protecting the network and what network security entails in
general.
6
CHAPTER TWO
LITERATURE REVIEW
2.1 INTRODUCTION
The literature to be reviewed here will act as the main element on which this research work
hinges. The literature will give a broader insight and appreciation of the research study. The
literature to be reviewed will also provide the researcher an in-depth understanding and facilities
sound judgments of the topic.
2.3 SECURITY
Network security starts with authenticating the user, commonly with a username and a password.
Since this requires just one detail authenticating the user name i.e. the password, which is
something the user 'knows' this is sometimes termed one-factor authentication. With two-factor
7
authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM
card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used
(e.g. a fingerprint or retinal scan).
Once authenticated, a firewall enforces access policies such as what services are allowed to be
accessed by the network users. Though effective to prevent unauthorized access, this component
may fail to check potentially harmful content such as computer worms or Trojans being
transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) helps
detect and inhibit the action of such malware. An anomaly-based intrusion detection system may
also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and
other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing
files at strange times. Individual events occurring on the network may be logged for audit
purposes and for later high-level analysis.
Communication between two hosts using a network may be encrypted to maintain privacy.
Honeypots, essentially decoy network-accessible resources, may be deployed in a network as
surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate
purposes. Techniques used by the attackers that attempt to compromise these decoy resources are
studied during and after an attack to keep an eye on new exploitation techniques. Such analysis
may be used to further tighten security of the actual network being protected by the honeypot.
8
2.3.2 Network Security
Network security refers to any activity designed to protect the usability and integrity of your
network and data. It includes both hardware and software technology. Effective network security
manages access to the network. It targets a variety of threats and stops them from entering or
spreading on your network. Network security combines multiple layers of defenses at the edge
and in the network. Each network layer implements policies and controls. Authorized users gain
access to network resources, but malicious actors are blocked from carrying out exploits and
threats.
9
2.4 THE ISO/OSI MODEL
Curtin, M. (1997) pointed out that the International Standards Organization (ISO) Open Systems
Interconnect (OSI) Reference Model defines seven layers of communications types, and the
interfaces among them. Each layer depends on the services provided by the layer below it, all the
way down to the physical network hardware, such as the computer's network interface card, and
the wires that connect the cards together. An easy way to look at this is to compare this model
with something we use daily: the telephone. In order for you and me to talk when we are out of
earshot, we need a device like a telephone. (In the ISO/OSI model, this is at the application
layer.) The telephones, of course, are useless unless they have the ability to translate the sound
into electronic pulses that can be transferred over wire and back again. (These functions are
provided in layers below the application layer.) Finally, we get down to the physical connection:
both must be plugged into an outlet that is connected to a switch that is part of the telephone
system's network of switches. If I place a call to you, I pick up the receiver, and dial your
number. This number specifies which central office to which to send my request, and then which
phone from that central office to ring. Once you answer the phone, we begin talking, and our
session has begun. Conceptually, computer networks function exactly the same way.
10
2.4.1 The Network Layer
This final media layer governs the routing, control, and addressing of data and traffic on the
network. A major threat to application security in this layer is IP address or packet spoofing,
where data packets originating from malicious sources are disguised so that they appear to come
from legitimate addresses within the network. Route and anti-spoofing filters in conjunction with
strongly configured firewalls can best provide security in this layer.
11
Fig 2.3: The ISO/OSI model
2.5 IP ADDRESSES
An internet protocol address (IP address) is a numerical label assigned to each device connected
to a computer network that uses the internet protocol for communication. An IP address serves
two principal functions: host or network interface identification and location addressing.
IPv4 was design in 1980 to replace the NCP protocol on the ARPANET. The IPv4 displayed
many limitations after two decades. The IPv6 protocol was designed with IPv4’s shortcomings in
mind. IPv6 is not a superset of the IPv4 protocol; instead it is a new design. Andress J. (2005)
12
1. Address Space
2. Routing
3. Configuration
4. Security
5. Quality of Service
The IPv4 architecture has an address that is 32 bits wide. Andress J. (2005).
According to Satillo, S. (2006) the IPv4 limits the maximum number of computers that can be
connected to the internet. The 32 bit address provides for a maximum of two billions computers
to be connected to the internet. The problem of exceeding that number was not foreseen when
the protocol was created. The small address space of the IPv4 facilitates malicious code
distribution. Routing is a problem for this protocol because the routing tables are constantly
increasing in size. The maximum theoretical size of the global routing tables was 2.1 million
entries. Methods have been adopted to reduce the number of entries in the routing table. This is
helpful for a short period of time, but drastic change needs to be made to address this problem.
The TCP/IP‐based networking of IPv4 requires that the user supplies some data in order to
configure a network. Some of the information required is the IP address, routing gateway
address, subnet mask, and DNS server. The simplicity of configuring the network is not evident
in the IPv4 protocol. The user can request appropriate network configuration from a central
server. This eases configuration hassles for the user but not the network’s administrators.
Andress, J. (2005).
The lack of embedded security within the IPv4 protocol has led to the many attacks seen today.
Mechanisms to secure IPv4 do exist, but there are no requirements for their use. IPsec is a
specific mechanism used to secure the protocol. IPsec secures the packet payloads by means of
cryptography. IPsec provides the services of confidentiality, integrity, and authentication.
This form of protection does not account for the skilled hacker who may be able to break the
encryption method and obtain the key. Andress J. (2005). When internet was created, the quality
of service (QoS) was standardized according to the information that was transferred across the
network. The original transfer of information was mostly text‐based. As the internet expanded
and technology evolved, other forms of communication began to be transmitted across the
internet. The quality of service for streaming videos and music are much different than the
13
standard text. The protocol does not have the functionality of dynamic QoS that changes based
on the type of data being communicated. Andress J. (2005)
14
octets) complete the network ID. The remaining 16 bits (last two octets) represent the host ID.
This allows for 16,384 networks and 65,534 hosts per network. The first Network ID is 128.0.0.0
and the last is 191.255.0.0 Figure 2.6 illustrates the structure of class B addresses.
15
2.5.2 Internet Protocol Version 6 (IPV6)
When IPv6 was being developed, emphasis was placed on aspects of the IPv4 protocol that
needed to be improved. The development efforts were placed in the following areas:
1. Routing and addressing
2. Multi‐protocol architecture
3. Security architecture
4. Traffic control
The IPv6 protocol’s address space was extended by supporting 128 bit addresses. With 128 bit
addresses, the protocol can support up to 3.4 *(10) ^38 machines. The address bits are used less
efficiently in this protocol because it simplifies addressing configuration.
The IPv6 routing system is more efficient and enables smaller global routing tables. The host
configuration is also simplified. Hosts can automatically configure themselves. This new design
allows ease of configuration for the user as well as network administrator.
The security architecture of the IPv6 protocol is of great interest. IPsec is embedded within the
IPv6 protocol. IPsec functionality is the same for IPv4 and IPv6. The only difference is that IPv6
can utilize the security mechanism along the entire route the quality of service problem is
handled with IPv6. The internet protocol allows for special handling of certain packets with a
higher quality of service. From a high‐level view, the major benefits of IPv6 are its scalability
and increased security. IPv6 also offers other interesting features that are beyond the scope of
this paper. It must be emphasized that after researching IPv6 and its security features, it is not
necessarily more secure than IPv4. The approach to security is only slightly better, not a radical
improvement. Andress J.(2005)
16
2.6 COMMON NETWORK SECURITY ATTACKS
Adeyinka, O. (2008) suggested that Common internet attacks methods are broken down into
categories. Some attacks gain system knowledge or personal information, such as eavesdropping
and phishing. Attacks can also interfere with the system’s intended function, such as viruses,
worms and trojans. The other form of attack is when the system’s resources are consumes
uselessly, these can be caused by denial of service (DoS) attack. Other forms of network
intrusions also exist, such as land attacks, smurf attacks, and teardrop attacks. These attacks are
not as well-known as DoS attacks, but they are used in some form or another even if they aren’t
mentioned by name.
2.6.1 Eavesdropping
Interception of communications by an unauthorized party is called eavesdropping. Passive
eavesdropping is when the person only secretly listens to the networked messages. On the other
hand, active eavesdropping is when the intruder listens and inserts something into the
communication stream. This can lead to the messages being distorted. Sensitive information can
be stolen this way. Adeyinka, O. (2008)
2.6.2 Viruses
Viruses are self‐replication programs that use files to infect and propagate. Once a file is opened,
the virus will activate within the system. Adeyinka, O. (2008)
2.6.3 Worms
A worm is similar to a virus because they both are self‐replicating, but the worm does not require
a file to allow it to propagate. There are two main types of worms, mass‐mailing worms and
networkaware worms. Mass mailing worms use email as a means to infect other computers.
Network‐aware worms are a major problem for the Internet. A network‐aware worm selects a
target and once the worm accesses the target host, it can infect it by means of a Trojan or
otherwise. Adeyinka, O. (2008)
2.6.4 Trojans
Trojans appear to be benign programs to the user, but will actually have some malicious purpose.
Trojans usually carry some payload such as a virus Adeyinka, O. (2008)
17
2.6.5 Phishing
Phishing is an attempt to obtain confidential information from an individual, group, or
Organization. Phishers trick users into disclosing personal data, such as credit card numbers,
online banking credentials, and other sensitive information. Marin, G.A. (2005)
2.7.2 Firewall
A firewall is a typical border control mechanism or perimeter defense. The purpose of a firewall
is to block traffic from the outside, but it could also be used to block traffic from the inside. A
firewall is the front line defense mechanism against intruders. It is a system designed to prevent
unauthorized access to or from a private network. Firewalls can be implemented in both
hardware and software, or a combination of both Adeyinka, O. (2008)
18
2.7.2.1 There are five basic types of Firewall
1. Packet-filtering firewalls operate at the router and compare each packet received to a set of
established criteria (such as allowed IP addresses, packet type, port number, etc.) before being
either dropped or forwarded.
2. Circuit-level gateways monitor the TCP handshaking going on between the local and remote
hosts to determine whether the session being initiated is legitimate whether the remote system is
considered "trusted." They don't inspect the packets themselves, however.
3. Stateful inspection firewalls, on the other hand, not only examine each packet, but also keep
track of whether or not that packet is part of an established TCP session. This offers more
security than either packet filtering or circuit monitoring alone, but exacts a greater toll on
network performance.
5. Multilayer inspection firewalls combine packet filtering with circuit monitoring, while still
enabling direct connections between the local and remote hosts, which are transparent to the
network. They accomplish this by relying on algorithms to recognize which service is being
requested, rather than by simply providing a proxy for each protected service. Multilayer
firewalls work by retaining the status (state) assigned to a packet by each firewall component
through which it passes on the way up the protocol stack. This gives the user maximum control
over which packets are allowed to reach their final destination, but again affects network
performance, although generally not so dramatically as proxies do.
19
2.7.4 Intrusion Prevention System (IPS)
IPS solutions are focused on identifying and blocking attack traffic. It can actually be a Cisco
router. When the IPS detects a problem, the IPS itself can prevent the traffic from entering the
network.
2.7.5 Antivirus
They will capture attempted Infections of Files or email. The general infection will be a Trojan
or Virus/Malware. It detects the infections in the system and heals it depending on the updated
version.
20
CHAPTER THREE
RESEARCH METHODOLOGY
3.1 INTRODUCTION
Research methodology refers to the procedure used to explore research for suitable means. These
methods are used to gather and collect data depending on the type of data used. Method of data
collection is the process or procedure through which the researcher followed in other to gather
the necessary data created for the accomplishment off the entire research objectives. Therefore,
this chapter focused on the methodology and methods of ensuring efficient way of producing
kind of information in the study area.
3.3.1 Interview
An interview is a conversation where questions are asked and answers are given. In common
parlance, the word "interview" refers to a one-on-one conversation with one person acting in the
role of the interviewer and the other in the role of the interviewee. The interviewer asks
questions, the interviewee responds, with participants taking turns talking. Interviews usually
involve a transfer of information from interviewee to interviewer, which is usually the primary
21
purpose of the interview, although information transfers can happen in both directions
simultaneously. One can contrast an interview which involves bi-directional communication with
a one-way flow of information, such as a speech or oration. Interviews usually take place face to
face and in person, although modern communications technologies such as the Internet have
enabled conversations to happen in which parties are separated geographically, such as with
videoconferencing software, and of course telephone interviews can happen without visual
contact. Questions are generally open-ended.
3.3.2 Qualitative
It is text-based information that provides descriptive details, often collected from
interviews, focus group or observations. It involves the identification and exploration of a
number of mutually related variables that give an inside in human behavior. The data
collected is in the form of narration.
3.3.3 Quantitative
Quantitative research methods are used to quantify the size, distribution and association of
certain variables in a study. “How many?” ‘How significant’ are important question. It
involves numeric information that is subject to statistical analysis. Structured
questionnaires that enable the researcher to quantify pre or post categorized answers to
questions are an example of quantification research technique. The answer to the question
can be counted and expressed numerically.
3.3.4 Questionnaire
A written questionnaire also referred to as self-administered, questionnaire is a data
collection tools in which written questions are presented that are to be answered by the
respondents in written form. A written questionnaire can be administered in different ways
such as:
3. Gathering all or part of the respondent to one place at a time or giving written instruction
and letting the respondents fill out the questionnaire
22
3.4 JUSTIFICATION OF THE CHOSEN METHOD
Like any other research project, especially the technical one, data collection is one of the
most important parts of the project. In this regard, the interview system of data collection
was used.
23
within a local area network but when the computers are to be represented on the Wide Area
Network, a process called Network address translation is carried out by the internet service
provider to represent the hosts with the public address on the internet. The cables used in
connecting the systems are Ethernet straight through cables. Straight through cables are used in
connecting devices to switches. All the devices in the LAN are connected to the switch which
serves as a network link to all the devices provided they are all bearing the network address. The
other cabling method is the cross over cable which is used in connecting similar devices together
such as a router and the PC, switch to switch or hub to switch. The cables are connected to the
network interface cards of the devices using RJ45 pin outs. Todd Lammle, 2008. As shown in
Figure 3.1.
3.6 MIKROTIK
MikroTik Router OS is a Linux-based operating system Installed on the MikroTik’s proprietary
hardware (Router BOARD), or on standard x86-based computers (our personal computers), it
24
turns the computer into a network router and implements various additional features, such as
firewalling, virtual private network (VPN) service and client, bandwidth shaping and quality of
service, wireless access point functions and other commonly used features when interconnecting
networks. The system is also able to serve as a captive-portal-based hotspot system. The
operating system is licensed in increasing service levels, each releasing more of the available
Router OS features. A Microsoft Windows application called Winbox provides a graphical user
interface for the Router OS configuration and monitoring, but Router OS also allows access via
FTP, telnet, and secure shell (SSH). An application programming interface is available for direct
access from applications for management and monitoring. This Router OS supports many
applications used by Internet service providers, for example OSPF, BGP, Multiprotocol Label
Switching (VPLS/MPLS) and also it features routing, firewall, bandwidth management, wireless
access point, backhaul link, hotspot gateway and VPN server. The Router OS also supports
Internet Protocol Version 4 (IPv4) as well as Internet Protocol Version 6 (IPv6).
25
Fig 3.3: Network Connection of Mikrotik Router in Umyu Data Center
The above diagram is the physical appearance of the network of Umaru Musa Yar’adua
University showing in particular the case study area (i.e. Information and Communication
Technology) using cisco packet tracer version 6.3.
The network diagram illustrates above shows how the network is been designed, and how
connection is made between various sections and departments right from the server room to
some local host around.
2. A 256MB or higher of Random Access Memory (RAM). (Determines speed of the router
processing)
26
6. Network cables (Straight through and cross over)
1. Mikrotik Router OS
3.9.1 Queues
This functionality of the router is very important in the management of Network usage. The
Queue option provides a tabular arrangement of all users accessing the network with their
individual bandwidth usage (Measured basically in bits per second [b/s])
The administrator has the option of setting the maximum and minimum bandwidth usage for a
particular resource. Our version of Mikrotik OS (V.29) has the ability to allow unlimited
download and upload in the network so he could restrict network usage by setting the uplink and
downlink to low values.
3.9.2 Torch
Like the name implies, torch is used in viewing something closely. If an administrator want to
view in details the network access. It shows the ports of access. The very common ports of
access are 443 for secured sites (Secured hypertext transfer Protocol) (https), 80 for basic http,
21 for file transfer protocol and 23 for telnet. It also shows the source and destination addresses
27
of access in the network showing the Upload and Download rate. The administrator can decide to
torch to see based on ports, protocol , source or destination address the network usage and can
then know what each user is accessing only on a protocol, port and address basis.
28
CHAPTER FOUR
4.1 INTRODUCTION
This chapter presents the RouterOS Installation, Configuration and Hardware/Software
requirement for the Network Security System.
Password:
Address: 192.168.0.2/24
Interface: ether1
29
[admin@MikroTik] IP address print.
Address: 192.168.1.2/24
Interface: ether2
Ether1 is the interface for accessing the router from the local area network and all the computers
in the network thus follow such addressing pattern. Ether2 is the interface for connecting the file
server. The file server is on another network subnet which is connected to this Ether2 interface of
the router. The very first computer to be configured other than the router is the administrator’s
computer which takes 192.168.0.2/24. The file server containing the ICT data takes
192.168.1.254.
The clients are assigned the addresses 192.168.1.11 and 192.168.1.12. The addresses
192.168.1.13 -192.168.1.253 are free addresses for other computers in the LAN.
Configuring the firewall to restrict access to the file server was achieved using the following
code: [admin@MikroTik] >/IP firewall address-list add list=authorized address=192.168.0.2/32
# LIST ADDRESS
0 authorized 192.168.0.2
30
1 authorized 192.168.0.3
Thus the only authorized IP addresses with access to the file server -192.168.1.254 are
192.168.0.2 and 192.168.0.3.
0 info memory
1 error memory
2 warning memory
3 critical echo
4 firewall memory
Viewing the Log of operations is the focus of an intrusion detection system. A log shows details
of an event such as the date and time of an event, what the event is and who performed such an
event. The mikrotik router log is viewed as thus:
TIME MESSAGE
31
Oct/24/2014 08:20:36 log configuration changed by admin
-- [Q quit|D dump]
TIME MESSAGE
32
Apr/30/2016 08:37:48 user admin logged in from 10.1.0.60 via telnet
-- Ctrl-C to quit. New entries will appear at bottom showing the current logs for effective
monitoring.
In such an intrusion detection system, the log has to be monitored at all times just as a security
camera has to be focused at all times but all events can be logged for future access in case of a
security breach.
1. Give the mikrotik internet connectivity by connecting one of its interfaces to your internet
source and assigning IP addresses to both ends either by DHCP( Dynamic Host control Protocol)
or statically.
2. The other interface of the router which is directed to client use could be set up as a DCHP
server so as to facilitate automatic assigning of IP addresses to network hosts.
3. Next the router is configured to hand out DNS server address to the clients and is the address
of the internet connection source.
4. Internet connectivity on the router has to be verified by pinging an address e.g. 8.8.8.8 which
is google.com server.
5. Next the wireless adapter needs to be configured and IP address set. If you are using a LAN
card the IP address will still be set but it will be connected to a D-link to provide connection to
the other wired hosts
6. The next step is to open the hotspot setup page and set the interface to the WLAN or Ethernet
interface you are setting it up on. You can set up hotspot on more than one interface.
33
7. Next the Network address for access is set which then generates the pool of addresses to be
assigned to hosts
8. Another step is to decide if SSL certificates will be used or not if they are to be used, then they
must be uploaded at this point of the configuration
10. The DNS is set to the address of the internet connection end
11. The DNS name is set to administrator’s choice as this is what appears on the web browser on
attempt to access the web. E.g. ubtech.com
12. The username and password for the administrator is set. This can be changed later.
2. Hardware and software needed to operate the system must be readily available.
3. File preparation: The file server needs to be installed and file into it.
4. System testing and evaluation: The system is tested by using wrong usernames and passwords
and trying access by unauthorized hosts and then the log is viewed.
34
implementation. Data files have been kept in the file server which is on the 192.168.1.0 network
separated by the router from the 192.168.0.0 network. The users with access granted to the file
server are 192.168.0.2 and 192.168.0.3.
1. Authorized access: A user with a valid username and password logs into the router from the
winbox environment. The user also accesses the file server across the router and the log is taken.
2. Unauthorized access: A user without a valid username and password is used to attempt login.
A user from an IP address not permitted access to the file server is also used to attempt login and
the log is also taken
3. Viewing Log: The administrator has access to viewing the log of both operations. He logs into
the router through the winbox using the username admin and password assigned. Next he clicks
on log and all the operations with the time of event is displayed.
4.7 RESULT
The record of logs of both the authorized and the unauthorized was seen by the administrator
who monitors and prevent network intrusion. The system worked as expected.
35
Fig 4.1: Viewing Log
36
Fig 4.3 Unauthorized Access
37
CHAPTER FIVE
5.1 INTRODUCTION
This chapter consist the summary, conclusion, recommendation, reference and appendix of the
project.
5.2 SUMMARY
This work has been able to demonstrate network security using mikrotik routers operating
system. Then, clients in the intranet both authorized and unauthorized tried to access a file server
and logs were taken and seen by the administrator who has the ability to enable or disable any
user.
5.3 CONCLUSION
Network security is an important field that is increasingly gaining attention as the internet
expands. The security threats and internet protocol were analyzed to determine the necessary
security technology. The security technology is mostly software based, but many common
hardware devices are used. The current development in network security is not very impressive.
Originally it was assumed that with the importance of the network security field, new approaches
to security, both hardware and software, would be actively researched. It was a surprise to see
most of the development taking place in the same technologies being currently used. The
embedded security of the new internet protocol IPv6 may provide many benefits to internet
users. Although some security issues were observed, the IPv6 internet protocol seems to evade
many of the current popular attacks. Combined use of IPv6 and security tools such as firewalls,
intrusion detection, and authentication mechanisms will prove effective in guarding intellectual
property for the near future. The network security field may have to evolve more rapidly to deal
with the threats further in the future.
38
5.4 RECOMMENDATION
What is going to drive the Internet security is the set of applications more than anything else. The
future will possibly be that the security is similar to an immune system. The immune system
fights off attacks and builds itself to fight tough enemies. Similarly, the network security will be
able to function as an immune system. As the network grows and more computers are added to
the university’s network system, it is recommended that more sophisticated security system
should be develop to ensure that the network user’s personal computers are secured.
The following recommendation if adapted and implemented will certainly boost the network
security standard:-
3. Implementing a suitable network security measures that will defend the network against an
attack.
39
REFERENCES
1. Adeyinka, O. (2008). Internet Attack Methods and Internet Security Technology, Modeling &
Simulation.
5. Dr. La Jolla, CA Regents of the University of California discussed How firewalls work:
http://blink.ucsd.edu/technology/security/firewall/
9. Kartalopoulos, S. (2008). Data Security and Network Security, Communications ICC 08.
International Conference.
10. Landwehr, C.E, Goldschlag, D.M, Security Issues in network with Internet access,
Proceedings of the IEEE, vol.85, no. 12, pp. 2034-2051, Dec 1997
11. Manual/security-guide/ch-sgs-ov.html
12. Marin,G.A(2005). Network security basics, Security & Privacy, IEEE, vol.3, no.6, pp. 68-72.
40
13. Molva, R. (1999). Internet Security Architecture in Computer Networks & ISDN Systems
Journal, vol. 31 pp. 787-804.
16. S.M. Bellovin (1989). Security Problems in the TCP/IP Protocol Suite. Computer
Communication Review, Vol. 19, No. 2, pp. 32-48.
www.infosecwriters.com/text_resources/pdf/IPv6_SSotillo.pdf
18. Tyson, J. (2011). How Virtual Private Networks work. Accessed (24-Aug-2017)
http://www.howstuffworks.com/vpn.htm
19. Warfield, M. Security Implications of IPv6, Internet Security Systems White Paper,
documents.iss.net/whitepapers/IPv6.pdf
20. http://www.umyu.edu.ng/index.php/2017-03-24-22-08-32/2017-03-25-16-39-20
21. www.mikrotik.com
41
APPENDIX A
42
Fig 3.4: MIS Router Configuration
43