You are on page 1of 53

NETWORK SECURITY USING MIKROTIK ROUTER OPERATING SYSTEM

(A CASE STUDY OF INFORMATION AND COMMUNICATION TECHNOLOGY,


UMARU MUSA YAR’ADUA UNIVERSITY, KATSINA)

BY

MUHAMMAD SULAIMAN SABO

U1/13/CSC/1003

A PROJECT SUBMITTED TO THE DEPARTMENT OF MATHEMATICS &


COMPUTER SCIENCE, FACULTY OF NATURAL & APPLIED SCIENCE, UMARU
MUSA YAR’ADUA UNIVERSITY KATSINA, NIGERIA

IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE AWARD OF THE


BACHELOR OF SCIENCE (HONOURS) DEGREE IN COMPUTER SCIENCE

DECEMBER, 2017

i
DECLARATION
I, Muhammad Sulaiman Sabo, hereby declare that this project titled Network Security Using
Mikrotik Router Operating System has been carried out by me under the supervision of Mal.
Aisha K Umar. It has not been presented for award of any degree in any institution. All sources
of information are specifically acknowledged by means of references.

…………………………………. …..…………………………........

Sign Date

ii
APPROVAL
This research project “Network Security Using Mikrotik RouterOS”. It has been read and
approved by the supervisor as meeting the requirement of the department of Maths and
Computer Science, Umaru Musa Yar’adua University, Katsina for the award of Bachelor of
Science (B.Sc. Computer Science) degree.

……………………………………… ………...……………………

Mal. Aisha Kabir Umar Sign and Date

Project Supervisor

……………………………………… ………………………………

Mal. Aminu Aminu Mu’azu Sign and Date

Project Coordinator

………………………………………. ……………………………….

Dr. Ibrahim Lawal Kane Sign and Date

Head of Department

………………………………………. ……………………………...

External Examiner Sign and Date

iii
DEDICATION
This project work is dedicated to my dearly parents, Mr. and Mrs. Sabo Usman, especially my
wonderful mom whom has always being there for me and my lovely siblings.

iv
ACKNOWLEDGEMENT
First of all, I would like to thank almighty Allah, for his continues blessings, which always
strengthen me to complete this task efficiently. I am very much thankful for my supervisor Mal.
Aisha Kabir Umar, she provided me continuous guideline and encouragement throughout the
project work. She provided detailed feedback which helped me a lot for improving the quality of
the project and i really appreciated the support of my level adviser Mal. Aisha Mahmud Dan Ali,
may almighty Allah continuous blessing, protection and opening a good ways to them Amin. I
wish to thank my instructors and lecturers for their greatest support and guidance for
accomplishment of my goal in educational activities.
My special thanks to my mother and father, whose continuous prayers, care and love is the
constant source of support for me. Special thanks to my brothers who gave me confidence to
complete this big task. Special thanks to everybody which helped me for completing the project
study.

v
TABLE OF CONTENTS

Contents
TITLE PAGE……………………………………………………………………………………...i

DECLARATION ............................................................................................................................................... ii
APPROVAL .................................................................................................................................................... iii
DEDICATION ................................................................................................................................................. iv
ACKNOWLEDGEMENT ................................................................................................................................... v
TABLE OF CONTENTS.................................................................................................................................... vi
LIST OF FIGURES ........................................................................................................................................... ix
ABSTRACT...................................................................................................................................................... x
CHAPTER ONE ............................................................................................................................................... 1
1.1 INTRODUCTION ................................................................................................................................... 1
1.2 BACKGROUND OF STUDY .................................................................................................................... 1
1.3 PROBLEM STATEMENT ........................................................................................................................ 4
1.4 AIM AND OBJECTIVES.......................................................................................................................... 4
1.5 SIGNIFICANCE OF STUDY ..................................................................................................................... 4
1.6 RESEARCH QUESTIONS........................................................................................................................ 5
1.7 SCOPE AND LIMITATION ..................................................................................................................... 5
1.8 DEFINITION OF SOME TERMS ............................................................................................................. 5
1.9 CHAPTER SUMMARY ........................................................................................................................... 6
CHAPTER TWO .............................................................................................................................................. 7
LITERATURE REVIEW ..................................................................................................................................... 7
2.1 INTRODUCTION ................................................................................................................................... 7
2.2 HISTORICAL BACKGROUND ................................................................................................................. 7
2.3 SECURITY ............................................................................................................................................. 7
2.3.1 Data Security .................................................................................................................................... 8
2.3.2 Network Security ............................................................................................................................. 9
2.3.3 Virtual Private Network (VPN) ......................................................................................................... 9
2.4 THE ISO/OSI MODEL .......................................................................................................................... 10
2.4.1 The Network Layer ......................................................................................................................... 11

vi
2.4.2 The Transport Layer ....................................................................................................................... 11
2.4.3 The Presentation Layer .................................................................................................................. 11
2.4.4 The Application Layer..................................................................................................................... 11
2.5 IP ADDRESSES .................................................................................................................................... 12
2.5.1 Internet Protocol Version 4 (IPV4) ................................................................................................. 12
2.5.1.1 IP Address Classes ....................................................................................................................... 14
2.5.2 Internet Protocol Version 6 (IPV6) ................................................................................................. 16
2.6 COMMON NETWORK SECURITY ATTACKS ........................................................................................ 17
2.6.1 Eavesdropping................................................................................................................................ 17
2.6.2 Viruses ............................................................................................................................................ 17
2.6.3 Worms ............................................................................................................................................ 17
2.6.4 Trojans............................................................................................................................................ 17
2.6.5 Phishing .......................................................................................................................................... 18
2.6.6 IP Spoofing Attacks ........................................................................................................................ 18
2.6.7 Denial Of Service ............................................................................................................................ 18
2.7 MECHANISM FOR NETWORK SECURITY ............................................................................................ 18
2.7.1 Cryptographic System .................................................................................................................... 18
2.7.2 Firewall ........................................................................................................................................... 18
2.7.2.1 There are five basic types of Firewall ......................................................................................... 19
2.7.3 Intrusion Detection System (IDS) ................................................................................................... 19
2.7.4 Intrusion Prevention System (IPS) ................................................................................................. 20
2.7.5 Antivirus ......................................................................................................................................... 20
2.8 CHAPTER SUMMARY ......................................................................................................................... 20
RESEARCH METHODOLOGY ........................................................................................................................ 21
3.1 INTRODUCTION ................................................................................................................................. 21
3.2 AREA OF STUDY ................................................................................................................................. 21
3.3 METHODS OF DATA COLLECTION ..................................................................................................... 21
3.3.1 Interview ........................................................................................................................................ 21
3.3.2 Qualitative...................................................................................................................................... 22
3.3.3 Quantitative ................................................................................................................................... 22
3.3.4 Questionnaire ................................................................................................................................ 22
3.4 JUSTIFICATION OF THE CHOSEN METHOD........................................................................................ 23

vii
3.5 NETWORK DESIGN ............................................................................................................................ 23
3.6 MIKROTIK .......................................................................................................................................... 24
3.7 HARDWARE REQUIREMENTS ............................................................................................................ 26
3.8 SOFTWARE REQUIREMENTS ............................................................................................................. 27
3.9 BANDWIDTH MANAGEMENT ............................................................................................................ 27
3.9.1 Queues ........................................................................................................................................... 27
3.9.2 Torch .............................................................................................................................................. 27
3.9.3 Bandwidth Test .............................................................................................................................. 28
3.10 CHAPTER SUMMARY ....................................................................................................................... 28
CHAPTER FOUR ........................................................................................................................................... 29
IMPLEMENTATION, TESTING AND RESULT ................................................................................................. 29
4.1 INTRODUCTION ................................................................................................................................. 29
4.2 ROUTER INSTALLATION ..................................................................................................................... 29
4.2.1 Router Configuration ..................................................................................................................... 29
4.2.2 Router Firewall ............................................................................................................................... 30
4.2.3 Event Logging ................................................................................................................................. 31
4.3 HOTSPOT CONFIGURATION .............................................................................................................. 33
4.4 SYSTEM IMPLEMENTATION .............................................................................................................. 34
4.4.1 Choice of Router OS ....................................................................................................................... 34
4.5 IMPLEMENTATION TECHNIQUE ........................................................................................................ 34
4.6 SYSTEM TESTING ............................................................................................................................... 35
4.7 RESULT .............................................................................................................................................. 35
4.8 CHAPTER SUMMARY ......................................................................................................................... 37
CHAPTER FIVE ............................................................................................................................................. 38
SUMMARY, CONCLUSION AND RECOMMENDATION ................................................................................. 38
5.1 INTRODUCTION ................................................................................................................................. 38
5.2 SUMMARY ......................................................................................................................................... 38
5.3 CONCLUSION ..................................................................................................................................... 38
5.4 RECOMMENDATION ......................................................................................................................... 39
REFERENCES ............................................................................................................................................ 40
APPENDIX A ............................................................................................................................................. 42

viii
LIST OF FIGURES
Figure 1.1: Honeypot diagram…………………………………………………………………….3

Figure 2.1: Organizational VPN Network………………..……………………………………….9

Figure 2.2: Network and Data Security based on OSI Model………………………………...…10

Figure 2.3: The ISO/OSI Model……………………………………………………………...….11

Figure 2.4: An IPv4 Address…………………………………………………………………….13

Figure 2.5: Class A IP Address………………………………………………………………….13

Figure 2.6: Class B IP Address………………………………………………………………….13

Figure 2.7: Class C IP Address………………………………………………………………….14

Figure 2.8: An IPv6 Address…………………………………………………………………….15

Figure 3.1: Layer 3 Switch Network Distribution……………………………………………….22

Figure 3.1.2: Configuring IP Address on Client System………………………………….……..40

Figure 3.1.3: Unauthorized Login………………………………………………………….…….41

Figure 3.1.4: Winbox Login……………………………………………………………………...42

Figure 3.2: Mikrotik RouterOS…………………………………………………………………..23

Figure 3.3: Network Connection of Mikrotik Router in Umyu Data Center…………………….24

Figure 3.4: MIS Router Configuration...………………………………………………………....41

Figure 3.5: NSA Router Configuration….……………………………………………………....41

Figure 4.1: Viewing Log………………………………………………………………………....33

Figure 4.2: Authorize Access…………………………………………………………………….34

Figure 4.3: Unauthorized Access…..…………………………………………………………….34

ix
ABSTRACT
Network security has become more important to personal computer users, organizations, and the
military. With the advent of the internet, security became a major concern and the history of
security allows a better understanding of the emergence of security technology. The internet
structure itself allowed for many security threats to occur. The architecture of the internet, when
modified can reduce the possible attacks that can be sent across the network. Knowing the attack
methods, allows for the appropriate security to emerge. Many businesses secure themselves from
the internet by means of firewalls and encryption mechanisms. This project is proposed to solve
the problems of Information and Communication Technology, Umaru Musa Yar’adua University
Katsina by the help of Mikrotik RouterOS.

x
CHAPTER ONE

1.1 INTRODUCTION

This chapter introduces the entire project. Accordingly, it is structured as follows; background of
the study, problem statement, aim and objectives, significance of the study, research questions,
scope and limitation, definition of terms and chapter summary.

1.2 BACKGROUND OF STUDY

The Directorate of Information and Communications Technology (DICT) was established in


April 2007 at the inception of the University as a Directorate under the office of the Vice
Chancellor. The idea of having an ICT Directorate at the inception is not far-fetched as it is
expected to facilitate achieving the University’s key mission of having an ICT driven institution.
The Directorate started with only two staff, but to date it has expanded to a team of twenty five
professionals with specialization across the various fields of Information Technology. It is
organized to form two functional units, the Management and Information System (MIS) and the
Network and System Administration (NSA) units. The Directorate serves as the local provider of
ICT services at the University with the MIS unit supporting all applications and systems used for
academic and non-academic purposes. On the other hand, the NSA unit handles the end to end
maintenance of the University’s network and hardware devices including the Fibre Optic, Local
Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN),
Wireless Distribution System Network, IP-phones, Core Network Elements, Computers and
peripherals and other IT devices.

However, the University is equipped with an ultra-modern Data Center located at the heart of the
University which serves as the hub of the Campus Fibre Optic Network. At inception, Fiber
Optic Cable was used to link the University Library, the three premier Faculties and the Senate
Building with the Data Center while each of these buildings were independently networked over
Local Area Network (LAN). In the year 2014, thirteen (13) new structures were integrated to the
Fiber Optic Network to achieve a 100% physical connectivity within the University. However,
from 2010 to date, the University gradually transformed from a wired network to a wireless

1
cloud community as a result of series of Wireless Distribution Systems deployed by the State
Government, the University, Nigerian Communications Commission and Nigtel Consultancy
Services among other notable ICT donors. The University’s internet service was over a C-Band
VSAT Satellite System on a shared 512kbps/2Mb bandwidth plan and was only accessible from
0900Hrs to 1600Hrs working days owing to insufficient power backup. However, by the year
2013 the University migrated from VSAT to a more robust internet service platform using
Fiber/Microwave over MTN Broadband. With this development, the University realized over
800% increase in the internet bandwidth used previously and was made to run 24/7 daily after
deploying sufficient hybrid power solution. Additional 5Mb dedicated internet bandwidth was
deployed by NCC as part of USPF Digital Acquisition Center Project to boost the internet
capacity of the University in October 2014.

Network security consists of the policies adopted by a network administrator to monitor and
prevent unauthorized access, misuse, modification, or denial of service on a computer network
and network-accessible resources. Network security involves the authorization of access to data
in a network, which is controlled by the network administrator. Users choose or are assigned an
ID and password or other authenticating information that allows them access to information and
programs within their network. Network security covers a variety of computer networks, both
public and private, which are used daily for transactions and communications among businesses,
government agencies and individuals. Networks can be private (such as within a company) while
others might be open to public access. Network security is involved in organizations, enterprises,
and other types of institutions. It secures the network, as well as protecting and overseeing
operations being done. The most common and simple way of protecting a network resource is by
assigning it a unique name (Simmonds, et al., 2004) The world is becoming more interconnected
with the advent of the Internet and new networking technology. There is a large amount of
personal, commercial, military, and government information on networking infrastructures
worldwide. In addition network security is becoming of great importance because of intellectual
property that can be easily acquired through the internet. There are currently two fundamentally
different networks, data networks and synchronous network comprised of switches. The internet
is considered a data network. Since the current data network consists of computer‐based routers,
information can be obtained by special programs, such as “Trojan horses,” planted in the routers.

2
The synchronous network that consists of switches does not buffer data and therefore are not
threatened by attackers. That is why security is emphasized in data networks, such as the
internet, and other networks that link to the internet. Basically Mikrotik functions as a router,
does bandwidth management and has authentication software.

Mikrotik Ltd. known internationally as MikroTik, is a Latvian manufacturer of computer


networking equipment. It sells wireless products and routers. The company was founded in 1995,
with the intent to sell in the emerging wireless technology market. As of 2007, the company had
more than 70 employees. The company's products are known as low-priced alternatives for
expensive routers and Ethernet radio relay lines.

Fig 1.1: Honeypot diagram

3
In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or
in some manner, counteract attempts at unauthorized use of information system. Generally, a
honeypot consists of data (for example, in a network site) that appears to be a legitimate part of
the site, but is actually isolated and monitored, and that seems to contain information or a
resource of value to attackers, who are then blocked. This is similar to police entrapment,
colloquially known as “baiting”, a suspect.

1.3 PROBLEM STATEMENT

With the advancement of technology, a lot of unauthorized persons are now able to access
network and files and cause harm to the files hence the need for more network security policy
through the use of Mikrotik routers.

Mikrotik RouterOS has very powerful firewall allows filter traffic by different attributes such as
source destination address, connection type or state and much more. Properly configured firewall
plays a key role in efficient and secure network infrastructure deployment.

1.4 AIM AND OBJECTIVES

This project aim is to protect illegal collection or stealing of data from unauthorized users within
the organization or outsiders.

1. To study network security

2. To study the ISO/OSI model

3. To study mikrotik routerOS

1.5 SIGNIFICANCE OF STUDY

I see network security as a challenge in the information technology sector. In our present world,
internet (networking) is virtually all about sharing file, email and other paramount information in
every organization, governments, bank, and various companies where a lot of unauthorized users
always try to bridge the transmission of information. The need for network security will also
continue to grow but I believe the technical solution will become increasingly difficult and

4
cumbersome to achieve and enforce. If a packet which may do something malicious to a remote
host never gets there, the remote host will be unaffected.

1.6 RESEARCH QUESTIONS

1. Why mikrotik security?

2. How does mikrotik work as network security?

3. How do I secure my network?

1.7 SCOPE AND LIMITATION

The scope of this project work lies within the Directorate of Information and Communication
Technology (DICT), Umaru Musa Yar’adua University, Katsina.

This project has a few limitations in order to keep the extent of this project work to a reasonable
size. Therefore, this work is limited to only the university Information and Communication
Technology department.

1.8 DEFINITION OF SOME TERMS

1. Firewall: is a piece of computer software intended to prevent unauthorized access to system


software or data

2. Internet: is a network that links computer networks all over the world by satellite and
telephone, connecting users with service networks such as e-mail and the World Wide Web

3. Honeypot: is a computer security mechanism set to detect, deflect or in some manner


counteract attempts at unauthorized use of information system

4. Network: is a system of two or more computers, terminals, and communications devices


linked by wires, cables or a telecommunications system in order to exchange data

5
1.9 CHAPTER SUMMARY

This chapter talks about the establishment of Directorate of Information and Communication
Technology (DICT) its’ mission and how fibre optic cables was used to transform the entire
network of the university from wired to wireless cloud community. It also highlights the
classification of network, way of protecting the network and what network security entails in
general.

6
CHAPTER TWO

LITERATURE REVIEW

2.1 INTRODUCTION
The literature to be reviewed here will act as the main element on which this research work
hinges. The literature will give a broader insight and appreciation of the research study. The
literature to be reviewed will also provide the researcher an in-depth understanding and facilities
sound judgments of the topic.

2.2 HISTORICAL BACKGROUND


The 1970s was a timeframe in information security history largely untouched by digital calamity,
but marked more so by the exploration of emerging telecommunications technology. The first
modern day hackers appeared as they attempted to circumvent the system and make free phone
calls, a practice that became known as "phreaking." Perhaps the most publicly well know
phreaker was John Draper, a.k.a. Captain Crunch, who helped pioneer the practice. Draper was
later arrested and convicted on charges related to his nefarious phreaking activities multiple
times. However, recent interest in security was fueled by the crime committed by Kevin Mitnick
(1979). He committed the largest computer‐related crime in U.S. history. The losses were eighty
million dollars in U.S. intellectual property and source code from a variety of companies. Since
then, information security came into the spotlight. Public networks are being relied upon to
deliver financial and personal information. Due to the evolution of information that is made
available through the internet, information security is also required to evolve. Due to Kevin
Mitnick’s offense, companies are emphasizing security for the intellectual property. Internet has
been a driving force for data security improvement. Internet protocols in the past were not
developed to secure themselves. Within the TCP/IP communication stack, security protocols are
not implemented. This leaves the internet open to attacks. Modern developments in the internet
architecture have made communication more secure.

2.3 SECURITY
Network security starts with authenticating the user, commonly with a username and a password.
Since this requires just one detail authenticating the user name i.e. the password, which is
something the user 'knows' this is sometimes termed one-factor authentication. With two-factor
7
authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM
card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used
(e.g. a fingerprint or retinal scan).

Once authenticated, a firewall enforces access policies such as what services are allowed to be
accessed by the network users. Though effective to prevent unauthorized access, this component
may fail to check potentially harmful content such as computer worms or Trojans being
transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) helps
detect and inhibit the action of such malware. An anomaly-based intrusion detection system may
also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and
other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing
files at strange times. Individual events occurring on the network may be logged for audit
purposes and for later high-level analysis.

Communication between two hosts using a network may be encrypted to maintain privacy.
Honeypots, essentially decoy network-accessible resources, may be deployed in a network as
surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate
purposes. Techniques used by the attackers that attempt to compromise these decoy resources are
studied during and after an attack to keep an eye on new exploitation techniques. Such analysis
may be used to further tighten security of the actual network being protected by the honeypot.

2.3.1 Data Security


Data security is the aspect of security that allows a client’s data to be transformed into
unintelligible data for transmission. Even if this unintelligible data is intercepted, a key is needed
to decode the message. This method of security is effective to a certain degree. Strong
cryptography in the past can be easily broken today. Cryptographic methods have to continue to
advance due to the advancement of the hackers as well. When transferring ciphertext over a
network, it is helpful to have a secure network. This will allow for the ciphertext to be protected,
so that it is less likely for many people to even attempt to break the code. A secure network will
also prevent someone from inserting unauthorized messages into the network. Therefore, hard
ciphers are needed as well as attack‐hard networks. Kartalopoulos, S. (2008)

8
2.3.2 Network Security
Network security refers to any activity designed to protect the usability and integrity of your
network and data. It includes both hardware and software technology. Effective network security
manages access to the network. It targets a variety of threats and stops them from entering or
spreading on your network. Network security combines multiple layers of defenses at the edge
and in the network. Each network layer implements policies and controls. Authorized users gain
access to network resources, but malicious actors are blocked from carrying out exploits and
threats.

2.3.3 Virtual Private Network (VPN)


A virtual private network (VPN) extends a private network across a public network, and enables
users to send and receive data across shared or public networks as if their computing devices
were directly connected to the private network. Applications running across the VPN may
therefore benefit from the functionality, security, and management of the private network.
VPNs may allow employees to securely access a corporate intranet while located outside the
office. They are used to securely connect geographically separated offices of an organization,
creating one cohesive network. Individual Internet users may secure their wireless transactions
with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers for the
purpose of protecting personal identity and location. However, some Internet sites block access
to known VPN technology to prevent the circumvention of their geo-restrictions.

Fig 2.1: Organizational VPN Network

9
2.4 THE ISO/OSI MODEL
Curtin, M. (1997) pointed out that the International Standards Organization (ISO) Open Systems
Interconnect (OSI) Reference Model defines seven layers of communications types, and the
interfaces among them. Each layer depends on the services provided by the layer below it, all the
way down to the physical network hardware, such as the computer's network interface card, and
the wires that connect the cards together. An easy way to look at this is to compare this model
with something we use daily: the telephone. In order for you and me to talk when we are out of
earshot, we need a device like a telephone. (In the ISO/OSI model, this is at the application
layer.) The telephones, of course, are useless unless they have the ability to translate the sound
into electronic pulses that can be transferred over wire and back again. (These functions are
provided in layers below the application layer.) Finally, we get down to the physical connection:
both must be plugged into an outlet that is connected to a switch that is part of the telephone
system's network of switches. If I place a call to you, I pick up the receiver, and dial your
number. This number specifies which central office to which to send my request, and then which
phone from that central office to ring. Once you answer the phone, we begin talking, and our
session has begun. Conceptually, computer networks function exactly the same way.

Fig 2.2: Network and Data Security based on OSI Model

10
2.4.1 The Network Layer
This final media layer governs the routing, control, and addressing of data and traffic on the
network. A major threat to application security in this layer is IP address or packet spoofing,
where data packets originating from malicious sources are disguised so that they appear to come
from legitimate addresses within the network. Route and anti-spoofing filters in conjunction with
strongly configured firewalls can best provide security in this layer.

2.4.2 The Transport Layer


This first host layer is a logical zone in which the transfer of data sequences of various lengths
occurs. Smooth data flows with error control and measures ensuring segmentation and
desegmentation are the mark of a strong transport layer protocol such as TCP or Transmission
Control Protocol. Security here is dependent on limiting access to the transmission protocols and
their underlying information, together with strong firewall protection.

2.4.3 The Presentation Layer


This logical or host layer uses a number of conversion methods to standardize data to and from
various local formats, as information is transferred from the application layer to the network.
Input from users (which should have been cleaned up before it passes on to functions) should be
segregated from program control functions, to avoid malicious inputs that might lead to system
crashes or exploits.

2.4.4 The Application Layer


The final host layer is the one closest to the end user and the one which presents potential
intruders with the biggest attack surface. The application layer includes the user interface and
various other critical functions, and if successfully exploited entire networks may be shut down
in a Denial of Service attack, user data may be stolen, and individual applications may fall under
an intruder’s control. Secure application development practices are the safest way to guarantee
that applications are able to sanitize user input, detect malicious activity, and securely handle and
transfer sensitive information.

11
Fig 2.3: The ISO/OSI model

2.5 IP ADDRESSES
An internet protocol address (IP address) is a numerical label assigned to each device connected
to a computer network that uses the internet protocol for communication. An IP address serves
two principal functions: host or network interface identification and location addressing.
IPv4 was design in 1980 to replace the NCP protocol on the ARPANET. The IPv4 displayed
many limitations after two decades. The IPv6 protocol was designed with IPv4’s shortcomings in
mind. IPv6 is not a superset of the IPv4 protocol; instead it is a new design. Andress J. (2005)

2.5.1 Internet Protocol Version 4 (IPV4)


According to Andress, the protocol contains a couple aspects which caused problems with its
use. These problems do not all relate to security. They are mentioned to gain a comprehensive
understanding of the internet protocol and its shortcomings. The causes of problems with the
protocol are:

12
1. Address Space
2. Routing
3. Configuration
4. Security
5. Quality of Service
The IPv4 architecture has an address that is 32 bits wide. Andress J. (2005).
According to Satillo, S. (2006) the IPv4 limits the maximum number of computers that can be
connected to the internet. The 32 bit address provides for a maximum of two billions computers
to be connected to the internet. The problem of exceeding that number was not foreseen when
the protocol was created. The small address space of the IPv4 facilitates malicious code
distribution. Routing is a problem for this protocol because the routing tables are constantly
increasing in size. The maximum theoretical size of the global routing tables was 2.1 million
entries. Methods have been adopted to reduce the number of entries in the routing table. This is
helpful for a short period of time, but drastic change needs to be made to address this problem.
The TCP/IP‐based networking of IPv4 requires that the user supplies some data in order to
configure a network. Some of the information required is the IP address, routing gateway
address, subnet mask, and DNS server. The simplicity of configuring the network is not evident
in the IPv4 protocol. The user can request appropriate network configuration from a central
server. This eases configuration hassles for the user but not the network’s administrators.
Andress, J. (2005).
The lack of embedded security within the IPv4 protocol has led to the many attacks seen today.
Mechanisms to secure IPv4 do exist, but there are no requirements for their use. IPsec is a
specific mechanism used to secure the protocol. IPsec secures the packet payloads by means of
cryptography. IPsec provides the services of confidentiality, integrity, and authentication.
This form of protection does not account for the skilled hacker who may be able to break the
encryption method and obtain the key. Andress J. (2005). When internet was created, the quality
of service (QoS) was standardized according to the information that was transferred across the
network. The original transfer of information was mostly text‐based. As the internet expanded
and technology evolved, other forms of communication began to be transmitted across the
internet. The quality of service for streaming videos and music are much different than the

13
standard text. The protocol does not have the functionality of dynamic QoS that changes based
on the type of data being communicated. Andress J. (2005)

Fig 2.4: An IPv4 Address

2.5.1.1 IP Address Classes


The Internet community originally defined five address classes to accommodate networks of
varying sizes. Microsoft TCP/IP supports class A, B, and C addresses assigned to hosts. The
class of address defines which bits are used for the network ID and which bits are used for the
host ID. It also defines the possible number of networks and the number of hosts per network.
The IP address classes are as follow;
1. Class A
Class A addresses are assigned to networks with a very large number of hosts. The high-order bit
in a class A address is always set to zero. The next seven bits (completing the first octet)
complete the network ID. The remaining 24 bits (the last three octets) represent the host ID. This
allows for 126 networks and 16,777,214 hosts per network. The first Network ID is 1.0.0.0 and
the last is 126.0.0.0 Figure 2.5 illustrates the structure of class A addresses.

Fig 2.5: Class A IP Address


2. Class B
Class B addresses are assigned to medium-sized to large-sized networks. The two high-order bits
in a class B address are always set to binary 1 0. The next 14 bits (completing the first two

14
octets) complete the network ID. The remaining 16 bits (last two octets) represent the host ID.
This allows for 16,384 networks and 65,534 hosts per network. The first Network ID is 128.0.0.0
and the last is 191.255.0.0 Figure 2.6 illustrates the structure of class B addresses.

Fig 2.6: Class B IP Address


3. Class C
Class C addresses are used for small networks. The three high-order bits in a class C address are
always set to binary 1 1 0. The next 21 bits (completing the first three octets) complete the
network ID. The remaining 8 bits (last octet) represent the host ID. This allows for 2,097,152
networks and 254 hosts per network. The first Network ID is 192.0.0.0 and the last is
255.255.255.0 Figure 2.7 illustrates the structure of class C addresses.

Fig 2.7: Class C IP Address


4. Class D
Class D addresses are reserved for IP multicast addresses. The four high-order bits in a class D
address are always set to binary 1 1 1 0. The remaining bits are for the address that interested
hosts recognize. Microsoft supports class D addresses for applications to multicast data to
multicast-capable hosts on an internetwork.
5. Class E
Class E is an experimental address that is reserved for future use. The high-order bits in a class E
address are set to 1111.

15
2.5.2 Internet Protocol Version 6 (IPV6)
When IPv6 was being developed, emphasis was placed on aspects of the IPv4 protocol that
needed to be improved. The development efforts were placed in the following areas:
1. Routing and addressing
2. Multi‐protocol architecture
3. Security architecture
4. Traffic control
The IPv6 protocol’s address space was extended by supporting 128 bit addresses. With 128 bit
addresses, the protocol can support up to 3.4 *(10) ^38 machines. The address bits are used less
efficiently in this protocol because it simplifies addressing configuration.
The IPv6 routing system is more efficient and enables smaller global routing tables. The host
configuration is also simplified. Hosts can automatically configure themselves. This new design
allows ease of configuration for the user as well as network administrator.
The security architecture of the IPv6 protocol is of great interest. IPsec is embedded within the
IPv6 protocol. IPsec functionality is the same for IPv4 and IPv6. The only difference is that IPv6
can utilize the security mechanism along the entire route the quality of service problem is
handled with IPv6. The internet protocol allows for special handling of certain packets with a
higher quality of service. From a high‐level view, the major benefits of IPv6 are its scalability
and increased security. IPv6 also offers other interesting features that are beyond the scope of
this paper. It must be emphasized that after researching IPv6 and its security features, it is not
necessarily more secure than IPv4. The approach to security is only slightly better, not a radical
improvement. Andress J.(2005)

Fig 2.8: An IPv6 Address

16
2.6 COMMON NETWORK SECURITY ATTACKS
Adeyinka, O. (2008) suggested that Common internet attacks methods are broken down into
categories. Some attacks gain system knowledge or personal information, such as eavesdropping
and phishing. Attacks can also interfere with the system’s intended function, such as viruses,
worms and trojans. The other form of attack is when the system’s resources are consumes
uselessly, these can be caused by denial of service (DoS) attack. Other forms of network
intrusions also exist, such as land attacks, smurf attacks, and teardrop attacks. These attacks are
not as well-known as DoS attacks, but they are used in some form or another even if they aren’t
mentioned by name.

2.6.1 Eavesdropping
Interception of communications by an unauthorized party is called eavesdropping. Passive
eavesdropping is when the person only secretly listens to the networked messages. On the other
hand, active eavesdropping is when the intruder listens and inserts something into the
communication stream. This can lead to the messages being distorted. Sensitive information can
be stolen this way. Adeyinka, O. (2008)

2.6.2 Viruses
Viruses are self‐replication programs that use files to infect and propagate. Once a file is opened,
the virus will activate within the system. Adeyinka, O. (2008)

2.6.3 Worms
A worm is similar to a virus because they both are self‐replicating, but the worm does not require
a file to allow it to propagate. There are two main types of worms, mass‐mailing worms and
networkaware worms. Mass mailing worms use email as a means to infect other computers.
Network‐aware worms are a major problem for the Internet. A network‐aware worm selects a
target and once the worm accesses the target host, it can infect it by means of a Trojan or
otherwise. Adeyinka, O. (2008)

2.6.4 Trojans
Trojans appear to be benign programs to the user, but will actually have some malicious purpose.
Trojans usually carry some payload such as a virus Adeyinka, O. (2008)

17
2.6.5 Phishing
Phishing is an attempt to obtain confidential information from an individual, group, or
Organization. Phishers trick users into disclosing personal data, such as credit card numbers,
online banking credentials, and other sensitive information. Marin, G.A. (2005)

2.6.6 IP Spoofing Attacks


Spoofing means to have the address of the computer mirror the address of a trusted computer in
order to gain access to other computers. The identity of the intruder is hidden by different means
making detection and prevention difficult. With the current IP protocol technology, IP spoofed
packets cannot be eliminated Adeyinka, O. (2008).

2.6.7 Denial Of Service


Denial of Service is an attack when the system receiving too many requests cannot return
communication with the requestors. The system then consumes resources waiting for the
handshake to complete. Eventually, the system cannot respond to any more requests rendering it
without service. Marin, G.A. (2005)

2.7 MECHANISM FOR NETWORK SECURITY


Internet threats will continue to be a major issue in the global world as long as information is
accessible and transferred across the Internet. Different defense and detection mechanisms were
developed to deal with these attacks.

2.7.1 Cryptographic System


Cryptography is a useful and widely used tool in security engineering today. It involved the use
of codes and ciphers to transform information into unintelligible data.

2.7.2 Firewall
A firewall is a typical border control mechanism or perimeter defense. The purpose of a firewall
is to block traffic from the outside, but it could also be used to block traffic from the inside. A
firewall is the front line defense mechanism against intruders. It is a system designed to prevent
unauthorized access to or from a private network. Firewalls can be implemented in both
hardware and software, or a combination of both Adeyinka, O. (2008)

18
2.7.2.1 There are five basic types of Firewall
1. Packet-filtering firewalls operate at the router and compare each packet received to a set of
established criteria (such as allowed IP addresses, packet type, port number, etc.) before being
either dropped or forwarded.

2. Circuit-level gateways monitor the TCP handshaking going on between the local and remote
hosts to determine whether the session being initiated is legitimate whether the remote system is
considered "trusted." They don't inspect the packets themselves, however.

3. Stateful inspection firewalls, on the other hand, not only examine each packet, but also keep
track of whether or not that packet is part of an established TCP session. This offers more
security than either packet filtering or circuit monitoring alone, but exacts a greater toll on
network performance.

4. Application-level gateways (proxies) combine some of the attributes of packet-filtering


firewalls with those of circuit level gateways. They filter packets not only according to the
service for which they are intended (as specified by the destination port), but also by certain
other characteristics such as HTTP request string. While application-level gateways provide
considerable data security, they can dramatically impact network performance.

5. Multilayer inspection firewalls combine packet filtering with circuit monitoring, while still
enabling direct connections between the local and remote hosts, which are transparent to the
network. They accomplish this by relying on algorithms to recognize which service is being
requested, rather than by simply providing a proxy for each protected service. Multilayer
firewalls work by retaining the status (state) assigned to a packet by each firewall component
through which it passes on the way up the protocol stack. This gives the user maximum control
over which packets are allowed to reach their final destination, but again affects network
performance, although generally not so dramatically as proxies do.

2.7.3 Intrusion Detection System (IDS)


There are basically two types of IDS, Network IDS and Host IDS. Network IDS will generally
capture all traffic on the network, while Host IDS will capture traffic for individual Host.

19
2.7.4 Intrusion Prevention System (IPS)
IPS solutions are focused on identifying and blocking attack traffic. It can actually be a Cisco
router. When the IPS detects a problem, the IPS itself can prevent the traffic from entering the
network.

2.7.5 Antivirus
They will capture attempted Infections of Files or email. The general infection will be a Trojan
or Virus/Malware. It detects the infections in the system and heals it depending on the updated
version.

2.8 CHAPTER SUMMARY


This chapter discusses about the literature review, OSI Model, data and network security and
also the common network security attack and their mechanism.

20
CHAPTER THREE

RESEARCH METHODOLOGY

3.1 INTRODUCTION
Research methodology refers to the procedure used to explore research for suitable means. These
methods are used to gather and collect data depending on the type of data used. Method of data
collection is the process or procedure through which the researcher followed in other to gather
the necessary data created for the accomplishment off the entire research objectives. Therefore,
this chapter focused on the methodology and methods of ensuring efficient way of producing
kind of information in the study area.

3.2 AREA OF STUDY


The work should concentrate on the area of study in order to have focus and to ensure that the
research come up with a comprehensive report that describe the basic information needed, to
trace the emergence of Network Security in Directorate Of Information and Communication
Technology (DICT) Umaru Musa Yar’adua University Katsina.

3.3 METHODS OF DATA COLLECTION


The instrument used for data collection consisted of interview schedules and observations. But
the main instrument was the interview. It contains a series of questions constructed by researcher
using an opened ended format for the affected members within the information and
communication technology unit. Research and Reading are the basic tools that are very important
in any research findings, these allowed the student to perceive/acquire more data from existing
documents. Some materials that I used during this project work include Journals, textbooks and
the internet to find relevant information at websites of references.

3.3.1 Interview
An interview is a conversation where questions are asked and answers are given. In common
parlance, the word "interview" refers to a one-on-one conversation with one person acting in the
role of the interviewer and the other in the role of the interviewee. The interviewer asks
questions, the interviewee responds, with participants taking turns talking. Interviews usually
involve a transfer of information from interviewee to interviewer, which is usually the primary

21
purpose of the interview, although information transfers can happen in both directions
simultaneously. One can contrast an interview which involves bi-directional communication with
a one-way flow of information, such as a speech or oration. Interviews usually take place face to
face and in person, although modern communications technologies such as the Internet have
enabled conversations to happen in which parties are separated geographically, such as with
videoconferencing software, and of course telephone interviews can happen without visual
contact. Questions are generally open-ended.

3.3.2 Qualitative
It is text-based information that provides descriptive details, often collected from
interviews, focus group or observations. It involves the identification and exploration of a
number of mutually related variables that give an inside in human behavior. The data
collected is in the form of narration.

3.3.3 Quantitative
Quantitative research methods are used to quantify the size, distribution and association of
certain variables in a study. “How many?” ‘How significant’ are important question. It
involves numeric information that is subject to statistical analysis. Structured
questionnaires that enable the researcher to quantify pre or post categorized answers to
questions are an example of quantification research technique. The answer to the question
can be counted and expressed numerically.

3.3.4 Questionnaire
A written questionnaire also referred to as self-administered, questionnaire is a data
collection tools in which written questions are presented that are to be answered by the
respondents in written form. A written questionnaire can be administered in different ways
such as:

1. Sending questionnaire by mail

2. Hand delivering of questionnaire to respondents and collecting them later

3. Gathering all or part of the respondent to one place at a time or giving written instruction
and letting the respondents fill out the questionnaire

22
3.4 JUSTIFICATION OF THE CHOSEN METHOD
Like any other research project, especially the technical one, data collection is one of the
most important parts of the project. In this regard, the interview system of data collection
was used.

1. It is a fast method of collection of data as information is obtained one on one

2. It provides first-hand information

3. It is cheap compared to other of data collection

4. It gives accurate information

3.5 NETWORK DESIGN


The university network has a router (i.e Mikrotik) that has connectivity with the Internet Service
Providers located in the core layer (Data Center) with serial interfaces via a switch. The router is
connected to a layer 3 switch that serves as the distribution layer of the network. Each serial
Interface of the switch is used to connect to each of the faculties via fiber cable. There is a fiber
optic cable which is used to link the University Library, the three premier Faculties and the
Senate Building with the Data Center while each of these buildings were independently
networked over Local Area Network (LAN). The network implementation for this system is a
Local Area Network (LAN). The layout was designed using Cisco packet tracer 6.3. Users in this
network are assigned IP addresses (Ipv4) which identify them on the layer 3 of the OSI model. In
order to ensure security, the IP addressing is made static as against Dynamic Host Control
Protocol (DHCP) addressing which dynamically allocates IP addresses. This method could be
less secure since the IP addresses cannot be monitored as to which system uses which address.
The IP addresses used are 192.168.0.0 and 192.168.1.0 which are network addresses. A network
address is used to represent a network by means of a subnet mask. The subnet mask used in the
network is 255.255.255.0 which means all devices can take IP addresses from this range
192.168.0.1 – 192.168.0.254 in the case of network 192.168.0.0 and devices can take IP
addresses from this range 192.168.0.1 – 192.168.0.254 in the case of network 192.168.1.0. The
class of address used is class C address and also a private address. Private addresses are used

23
within a local area network but when the computers are to be represented on the Wide Area
Network, a process called Network address translation is carried out by the internet service
provider to represent the hosts with the public address on the internet. The cables used in
connecting the systems are Ethernet straight through cables. Straight through cables are used in
connecting devices to switches. All the devices in the LAN are connected to the switch which
serves as a network link to all the devices provided they are all bearing the network address. The
other cabling method is the cross over cable which is used in connecting similar devices together
such as a router and the PC, switch to switch or hub to switch. The cables are connected to the
network interface cards of the devices using RJ45 pin outs. Todd Lammle, 2008. As shown in
Figure 3.1.

Fig 3.1: Layer 3 Switch Network Distribution

3.6 MIKROTIK
MikroTik Router OS is a Linux-based operating system Installed on the MikroTik’s proprietary
hardware (Router BOARD), or on standard x86-based computers (our personal computers), it

24
turns the computer into a network router and implements various additional features, such as
firewalling, virtual private network (VPN) service and client, bandwidth shaping and quality of
service, wireless access point functions and other commonly used features when interconnecting
networks. The system is also able to serve as a captive-portal-based hotspot system. The
operating system is licensed in increasing service levels, each releasing more of the available
Router OS features. A Microsoft Windows application called Winbox provides a graphical user
interface for the Router OS configuration and monitoring, but Router OS also allows access via
FTP, telnet, and secure shell (SSH). An application programming interface is available for direct
access from applications for management and monitoring. This Router OS supports many
applications used by Internet service providers, for example OSPF, BGP, Multiprotocol Label
Switching (VPLS/MPLS) and also it features routing, firewall, bandwidth management, wireless
access point, backhaul link, hotspot gateway and VPN server. The Router OS also supports
Internet Protocol Version 4 (IPv4) as well as Internet Protocol Version 6 (IPv6).

Fig 3.2: Mikrotik RouterOS

25
Fig 3.3: Network Connection of Mikrotik Router in Umyu Data Center

The above diagram is the physical appearance of the network of Umaru Musa Yar’adua
University showing in particular the case study area (i.e. Information and Communication
Technology) using cisco packet tracer version 6.3.

The network diagram illustrates above shows how the network is been designed, and how
connection is made between various sections and departments right from the server room to
some local host around.

3.7 HARDWARE REQUIREMENTS


1. An Intel compatible Pentium III computer or a higher version.

2. A 256MB or higher of Random Access Memory (RAM). (Determines speed of the router
processing)

3. Network Interface Cards.

4. CD-ROM Drive on proposed router system for Router OS installation.

5. Keyboard, Monitor and Mouse

26
6. Network cables (Straight through and cross over)

3.8 SOFTWARE REQUIREMENTS


The list of required software is as listed below:

1. Mikrotik Router OS

2. Windows Operating system

3. Windows XP operating system.

4. Winbox for GUI access to the router

5. Cisco Packet Tracer 6.3

3.9 BANDWIDTH MANAGEMENT


Bandwidth management is the process of measuring and controlling the communications (traffic,
packets) on a network link, to avoid filling the link to capacity or overfilling the link, which
would result in network congestion and poor performance of the network. Bandwidth
management is measured in bits per second (bit/s) or bytes per second (B/s).

3.9.1 Queues
This functionality of the router is very important in the management of Network usage. The
Queue option provides a tabular arrangement of all users accessing the network with their
individual bandwidth usage (Measured basically in bits per second [b/s])

The administrator has the option of setting the maximum and minimum bandwidth usage for a
particular resource. Our version of Mikrotik OS (V.29) has the ability to allow unlimited
download and upload in the network so he could restrict network usage by setting the uplink and
downlink to low values.

3.9.2 Torch
Like the name implies, torch is used in viewing something closely. If an administrator want to
view in details the network access. It shows the ports of access. The very common ports of
access are 443 for secured sites (Secured hypertext transfer Protocol) (https), 80 for basic http,
21 for file transfer protocol and 23 for telnet. It also shows the source and destination addresses

27
of access in the network showing the Upload and Download rate. The administrator can decide to
torch to see based on ports, protocol , source or destination address the network usage and can
then know what each user is accessing only on a protocol, port and address basis.

3.9.3 Bandwidth Test


The average performance of the router can be verified using the bandwidth test option accessed
from the winbox. After inputting the authentication, the user is able to view the average uplink
and downlink performance of the router on the network. From our test we found and average of
459/383 of Uplink and downlink respectively. This is quite impressive, but depending on the
load of the network the bandwidth is shared among the users just like a wide road getting
congested.

3.10 CHAPTER SUMMARY


This chapter described the research methodology adopted in this project exercise ranges from the
introduction about the methodology, area of study, method of data collection, justification of the
chosen method, network design, mikrotik, software and hardware requirement and lastly chapter
summary.

28
CHAPTER FOUR

IMPLEMENTATION, TESTING AND RESULT

4.1 INTRODUCTION
This chapter presents the RouterOS Installation, Configuration and Hardware/Software
requirement for the Network Security System.

4.2 ROUTER INSTALLATION


The mikrotik router OS is installed from a compact disk in the CD drive of the chosen computer.
Installing the router OS on the computer automatically makes it a router. First the computer was
booted and setup was entered to configure the boot options. The computer was set to boot from
the CD drive which contained the router OS. On booting, the router OS provided the option of
wiping out old configuration present in the hard disk or leaving it. The option to wipe out old
configuration was chosen giving the router a fresh start. Old data was wiped out and the packages
to be installed were presented. Using the available options, the desired packages were chosen and
installed. The router rebooted and was set to use.

4.2.1 Router Configuration


To support the network design presented in fig 3.3. The first interface of the router was
configured using the IP address 192.168.0.2 and a subnet mask of 255.255.255.0 (/24) and the
second with 10.0.52.0 and a subnet mask of 255.255.252.0. The router was logged into using
admin as the user name and an empty password. Configuring the IP address is the first necessary
configuration before it can be interacted with from another system (the administrator system
using cwinbox.

MiKrotik Login: Admin

Password:

[admin@MikroTik] IP address add

Address: 192.168.0.2/24

Interface: ether1

29
[admin@MikroTik] IP address print.

[admin@MikroTik] IP address add

Address: 192.168.1.2/24

Interface: ether2

[admin@MikroTik] IP address print

Ether1 is the interface for accessing the router from the local area network and all the computers
in the network thus follow such addressing pattern. Ether2 is the interface for connecting the file
server. The file server is on another network subnet which is connected to this Ether2 interface of
the router. The very first computer to be configured other than the router is the administrator’s
computer which takes 192.168.0.2/24. The file server containing the ICT data takes
192.168.1.254.

The clients are assigned the addresses 192.168.1.11 and 192.168.1.12. The addresses
192.168.1.13 -192.168.1.253 are free addresses for other computers in the LAN.

4.2.2 Router Firewall


The Mikrotik router has a firewall resource that enables it act as a firewall between devices in a
network. To ensure this action, the network is designed such that the router comes in between the
file server and the other clients since it has 2 ethernet ports, the file server containing company
data is put on Ether2 while the clients as well as the administrator are put on Ether1.

Configuring the firewall to restrict access to the file server was achieved using the following
code: [admin@MikroTik] >/IP firewall address-list add list=authorized address=192.168.0.2/32

[admin@MikroTik] >/IP firewall address-list add list=authorized address=192.168.0.3/32

[admin@MikroTik] > /IP firewall address-list print

Flags: X - disabled, D - dynamic

# LIST ADDRESS

0 authorized 192.168.0.2

30
1 authorized 192.168.0.3
Thus the only authorized IP addresses with access to the file server -192.168.1.254 are
192.168.0.2 and 192.168.0.3.

4.2.3 Event Logging


Various system events and status information can be logged. Logs can be saved in local routers
file, displayed in console, sent to an email or to a remote server running a syslog daemon. The log
of the firewall activities has to be set to be taken each time there is an operation. This is done
using the following code:

[admin@MikroTik] system logging> add topics=firewall action=memory

[admin@MikroTik] system logging> print

Flags: X - disabled, I - invalid

# TOPICS ACTION PREFIX

0 info memory

1 error memory

2 warning memory

3 critical echo

4 firewall memory

[admin@MikroTik] system logging

Viewing the Log of operations is the focus of an intrusion detection system. A log shows details
of an event such as the date and time of an event, what the event is and who performed such an
event. The mikrotik router log is viewed as thus:

To view the local logs:

[admin@MikroTik] > log print

TIME MESSAGE

31
Oct/24/2014 08:20:36 log configuration changed by admin

Oct/24/2014 08:20:36 log configuration changed by admin

Oct/24/2014 08:20:36 log configuration changed by admin

Oct/24/2014 08:20:36 log configuration changed by admin

Oct/24/2014 08:20:36 log configuration changed by admin

Oct/24/2014 08:20:36 log configuration changed by admin

-- [Q quit|D dump]

To monitor the system log:

[admin@MikroTik] > log print follow

TIME MESSAGE

Apr/30/2016 08:20:36 log configuration changed by admin

Apr/30/2016 08:30:34 log configuration changed by admin

Apr/30/2016 08:30:51 log configuration changed by admin

Apr/30/2016 08:25:59 log configuration changed by admin

Apr/30/2016 08:25:59 log configuration changed by admin

Apr/30/2016 08:30:05 log configuration changed by admin

Apr/30/2016 08:30:05 log configuration changed by admin

Apr/30/2016 08:35:56 system started

Apr/30/2016 08:35:57 isdn-out1: initializing...

Apr/30/2016 08:35:57 isdn-out1: dialing...

Apr/30/2016 08:35:58 Prism firmware loading: OK

32
Apr/30/2016 08:37:48 user admin logged in from 10.1.0.60 via telnet

-- Ctrl-C to quit. New entries will appear at bottom showing the current logs for effective
monitoring.

In such an intrusion detection system, the log has to be monitored at all times just as a security
camera has to be focused at all times but all events can be logged for future access in case of a
security breach.

4.3 HOTSPOT CONFIGURATION


The Mikrotik hotspot provides internet access to subscribers by means of a login interface.
Subscribers could be connected wirelessly or with wires to the network but to have internet
access, they will be required to enter a login name and password. Setting up a hotspot in a
mikrotik router entails the following.

1. Give the mikrotik internet connectivity by connecting one of its interfaces to your internet
source and assigning IP addresses to both ends either by DHCP( Dynamic Host control Protocol)
or statically.

2. The other interface of the router which is directed to client use could be set up as a DCHP
server so as to facilitate automatic assigning of IP addresses to network hosts.

3. Next the router is configured to hand out DNS server address to the clients and is the address
of the internet connection source.

4. Internet connectivity on the router has to be verified by pinging an address e.g. 8.8.8.8 which
is google.com server.

5. Next the wireless adapter needs to be configured and IP address set. If you are using a LAN
card the IP address will still be set but it will be connected to a D-link to provide connection to
the other wired hosts

6. The next step is to open the hotspot setup page and set the interface to the WLAN or Ethernet
interface you are setting it up on. You can set up hotspot on more than one interface.

33
7. Next the Network address for access is set which then generates the pool of addresses to be
assigned to hosts

8. Another step is to decide if SSL certificates will be used or not if they are to be used, then they
must be uploaded at this point of the configuration

9. The SMTP (Simple mail Transfer Protocol) is set

10. The DNS is set to the address of the internet connection end

11. The DNS name is set to administrator’s choice as this is what appears on the web browser on
attempt to access the web. E.g. ubtech.com

12. The username and password for the administrator is set. This can be changed later.

13. The hotspot setup is now complete.

4.4 SYSTEM IMPLEMENTATION


For the implementation of a network security system, the following steps are needed:

1. Router OS installation: system engineer must install the Router OS effectively.

2. Hardware and software needed to operate the system must be readily available.

3. File preparation: The file server needs to be installed and file into it.

4. System testing and evaluation: The system is tested by using wrong usernames and passwords
and trying access by unauthorized hosts and then the log is viewed.

4.4.1 Choice of Router OS


The Mikrotik Router OS was chosen as the OS for this setup due to its ease of use and low cost.
It also readily has the features needed to implement network security. Cisco routers are very
costly and would require the physical routers but mikrotik router OS could simply be installed
into the computer and this makes it a router.

4.5 IMPLEMENTATION TECHNIQUE


The Network has been fully configured to enhance a more secured network by configuring
firewalls on the mikrotik router as discussed in chapter three. The network is now set for

34
implementation. Data files have been kept in the file server which is on the 192.168.1.0 network
separated by the router from the 192.168.0.0 network. The users with access granted to the file
server are 192.168.0.2 and 192.168.0.3.
1. Authorized access: A user with a valid username and password logs into the router from the
winbox environment. The user also accesses the file server across the router and the log is taken.
2. Unauthorized access: A user without a valid username and password is used to attempt login.
A user from an IP address not permitted access to the file server is also used to attempt login and
the log is also taken
3. Viewing Log: The administrator has access to viewing the log of both operations. He logs into
the router through the winbox using the username admin and password assigned. Next he clicks
on log and all the operations with the time of event is displayed.

4.6 SYSTEM TESTING


The system was tested with an authorized user that has been authenticated with a username and
password. He logs into the network kat different times to access the file server which were
successful. An unauthorized user also tried to log into the network but access was denied. The
logs of both the authorized and the unauthorized were taken.

4.7 RESULT
The record of logs of both the authorized and the unauthorized was seen by the administrator
who monitors and prevent network intrusion. The system worked as expected.

35
Fig 4.1: Viewing Log

Fig 4.2: Authorize Access

36
Fig 4.3 Unauthorized Access

4.8 CHAPTER SUMMARY


This chapter shows how the router is been installed, configured, router firewall and also the
event logging, bandwidth management, hotspot configuration, implementation technique, system
testing and result.

37
CHAPTER FIVE

SUMMARY, CONCLUSION AND RECOMMENDATION

5.1 INTRODUCTION
This chapter consist the summary, conclusion, recommendation, reference and appendix of the
project.

5.2 SUMMARY
This work has been able to demonstrate network security using mikrotik routers operating
system. Then, clients in the intranet both authorized and unauthorized tried to access a file server
and logs were taken and seen by the administrator who has the ability to enable or disable any
user.

5.3 CONCLUSION
Network security is an important field that is increasingly gaining attention as the internet
expands. The security threats and internet protocol were analyzed to determine the necessary
security technology. The security technology is mostly software based, but many common
hardware devices are used. The current development in network security is not very impressive.
Originally it was assumed that with the importance of the network security field, new approaches
to security, both hardware and software, would be actively researched. It was a surprise to see
most of the development taking place in the same technologies being currently used. The
embedded security of the new internet protocol IPv6 may provide many benefits to internet
users. Although some security issues were observed, the IPv6 internet protocol seems to evade
many of the current popular attacks. Combined use of IPv6 and security tools such as firewalls,
intrusion detection, and authentication mechanisms will prove effective in guarding intellectual
property for the near future. The network security field may have to evolve more rapidly to deal
with the threats further in the future.

38
5.4 RECOMMENDATION
What is going to drive the Internet security is the set of applications more than anything else. The
future will possibly be that the security is similar to an immune system. The immune system
fights off attacks and builds itself to fight tough enemies. Similarly, the network security will be
able to function as an immune system. As the network grows and more computers are added to
the university’s network system, it is recommended that more sophisticated security system
should be develop to ensure that the network user’s personal computers are secured.

The following recommendation if adapted and implemented will certainly boost the network
security standard:-

1. Adapting this design and implement it on real life bases.

2. Upgrading the present stand-alone networks with a unified network.

3. Implementing a suitable network security measures that will defend the network against an
attack.

39
REFERENCES

1. Adeyinka, O. (2008). Internet Attack Methods and Internet Security Technology, Modeling &
Simulation.

2. Andress, J. (2005). IPv6 the next internet protocol, Available at:


www.usenix.com/publications/login/2005-04/pdfs/andress0504.pdf

3.Computer network definition: Accessed (24-Aug-2017)


http://en.wikipedia.org/wiki/computer_network

4. Curtin, M. (1997). Introduction to Network Security Available at:

http://www.interhack.net/plus/network-security. Accessed (14 Sept 2017)

5. Dr. La Jolla, CA Regents of the University of California discussed How firewalls work:

http://blink.ucsd.edu/technology/security/firewall/

6. Improving Security, http://www.cert.org/tech_tips, 2006.

7. Internet History Timeline, www3.baylor.edu/~Sharon_P_Johnson/etg/inthistory.h

8. J.P. Holbrook, J.K. Reynolds. Site Security Handbook RFC 1244

9. Kartalopoulos, S. (2008). Data Security and Network Security, Communications ICC 08.
International Conference.

10. Landwehr, C.E, Goldschlag, D.M, Security Issues in network with Internet access,
Proceedings of the IEEE, vol.85, no. 12, pp. 2034-2051, Dec 1997

11. Manual/security-guide/ch-sgs-ov.html

12. Marin,G.A(2005). Network security basics, Security & Privacy, IEEE, vol.3, no.6, pp. 68-72.

40
13. Molva, R. (1999). Internet Security Architecture in Computer Networks & ISDN Systems
Journal, vol. 31 pp. 787-804.

14. Robert G. Ferrell (2002). Network Device Security http://searchsecurity.techtarget.com

15. Security Overview, www.redhat.com/docs/manuals/enterprise/RHEL-4-

16. S.M. Bellovin (1989). Security Problems in the TCP/IP Protocol Suite. Computer
Communication Review, Vol. 19, No. 2, pp. 32-48.

17. Sotillo, S. (2006). East Carolina University, IPv6 security issues:

www.infosecwriters.com/text_resources/pdf/IPv6_SSotillo.pdf

18. Tyson, J. (2011). How Virtual Private Networks work. Accessed (24-Aug-2017)

http://www.howstuffworks.com/vpn.htm

19. Warfield, M. Security Implications of IPv6, Internet Security Systems White Paper,
documents.iss.net/whitepapers/IPv6.pdf

20. http://www.umyu.edu.ng/index.php/2017-03-24-22-08-32/2017-03-25-16-39-20

21. www.mikrotik.com

22. Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, Address Allocation for


Private internet. RFC 1918

41
APPENDIX A

Fig 3.1.2 Configuring Ip address on Client systems

Fig 3.1.4 Winbox Login

42
Fig 3.4: MIS Router Configuration

Fig 3.5: NSA Router Configuration

43