KWAME NKRUMAH UNIVERSITY OF SCIENCE AND TECHNOLOGY COLLEGE OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE AN IMPROVED COMPUTER NETWORK ACCESS CONTROL USING FREE BSD PFSENSE A CASE STUDY OF UMaT LOCAL AREA NETWORK A THESIS SUBMITTED IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN INFORMATION TECHNOLOGY BY AKPAH SYLVESTER (BSc. INFORMATION TECHNOLOGY) AUGUST 2015 i TABLE OF CONTENTS PAGE DECLARATION ....................................................................................................... vi DEDICATION .......................................................................................................... vii ACKNOWLEDGEMENTS .................................................................................... viii ABSTRACT ............................................................................................................... ix LIST OF FIGURES ................................................................................................... x LIST OF TABLES .................................................................................................. xiv ABBREVIATIONS .................................................................................................. xv CHAPTER ONE ........................................................................................................ 1 INTRODUCTION ...................................................................................................... 1 1.0 Statement of the Problem ............................................................................................... 1 1.1 Objectives of the Thesis ................................................................................................. 3 1.3 Research Methodology .................................................................................................. 3 1.4 Scope of the Thesis ......................................................................................................... 4 1.5 Thesis Organization ........................................................................................................ 4 CHAPTER TWO ....................................................................................................... 5 REVIEW OF RELATED LITERATURE ............................................................... 5 2.1 Local Area Network (LAN) .......................................................................................... 5 2.2 Institute of Electrical and Electronics Engineers (IEEE) .......................................... 6 ii 2.3 The IEEE 802.3 Standards for LAN ............................................................................ 7 2.3.1 10Base-T ....................................................................................................................... 7 2.3.2 100Base-T ..................................................................................................................... 8 2.3.3 Gigabit Ethernet ........................................................................................................... 9 2.3.4 How the Ethernet Works .......................................................................................... 10 2.3.5 IEEE 802.3 Standard Relationship to the OSI Model .......................................... 12 2.3.6 IEEE 802.3 Physical Media of Ethernet Network................................................. 13 2.3.7 Data Transmission ..................................................................................................... 15 2.3.8 Advantages and Disadvantages of the IEEE 802.3 Standard .............................. 17 2.3.9 Attacks on LANs ....................................................................................................... 19 2.3.10 Types of Attacks on LANs ..................................................................................... 19 2.4 Network Security .......................................................................................................... 22 2.4.1 Network Access Control (NAC) ............................................................................. 23 2.4.2 Components of NAC Architecture .......................................................................... 26 2.5 Access Control Models ................................................................................................ 30 2.5.1 Mandatory Access Control (MAC) ......................................................................... 30 2.5.2 Discretionary Access Control (DAC) ..................................................................... 31 2.5.3 Role-Based Access Control (RBAC) ...................................................................... 31 2.6 Functions of Network Access Control ....................................................................... 32 2.7 Access Control with IEEE 802.1X ............................................................................. 36 iii 2.7.1 Categorization of the 802.1X Authentication Process .......................................... 38 2.7.2 Attacks in 802.1x Protocol ....................................................................................... 39 2.7.3 Extensible Authentication Protocol (EAP) ............................................................ 40 CHAPTER THREE ................................................................................................. 49 METHODOLOGY ................................................................................................... 49 3.1 Study Area ..................................................................................................................... 49 3.2 UMaT Network Infrastructure .................................................................................... 50 3.3 Tools Used for Performing Analysis on the UMaT LAN ....................................... 55 3.4 Machine Setup to be the Main Firewall ..................................................................... 55 3.4.1 Hard Specifications ................................................................................................... 56 3.4.2 Software Requirement: ............................................................................................. 56 3.4.3 pfSense Software ....................................................................................................... 57 3.4.4 Steps involved in pfSense installation and Configuration ................................... 58 3.5 Squid Proxy Server ....................................................................................................... 64 3.5.1 Steps Involved in Squid Proxy Server Installation ............................................... 65 3.6 SquidGuard .................................................................................................................... 70 3.6.1 Steps involved in squidGuard Installation ............................................................. 71 3.7 Squid Analysis Resource Generator (SARG) ........................................................... 74 3.7.1 Steps Involved in SARG Installation ...................................................................... 75 3.8 Active Directory ............................................................................................................ 77 iv 3.8.1 Stakeholders of the UMaT Internet Community ................................................... 77 3.8.2 Steps Involved in Creating Organizational Units .................................................. 78 3.8.3 Steps in Creating Staff User Credentials ................................................................ 80 3.8.4 Steps in Creating Student User Credentials ........................................................... 82 CHAPTER FOUR .................................................................................................... 85 TESTING THE SYSTEM AND DISCUSSION OF RESULTS .......................... 85 4.1 Testing the Existing UMaT LAN ................................... Error! Bookmark not defined. 4.1.2 Results of the Existing System ................................................................................ 85 4.2 Testing the Enhanced UMaT LAN ............................................................................. 86 4.2.1 Results and Discussion of Squid Proxy Server ..................................................... 86 4.2.2 Results and Discussion of SquidGuard................................................................... 91 4.2.3 Results and Discussion of Squid Analysis Report Generator (SARG) .............. 94 4.3 Proposed Solution for UMaT LAN ............................................................................ 96 CHAPTER FIVE .................................................................................................... 101 CONCLUSIONS AND RECOMMENDATIONS ............................................... 101 5.1 Conclusions ................................................................................................................. 101 5.2 Recommendations ....................................................................................................... 102 REFERENCES ....................................................................................................... 104 APPENDIX ............................................................................................................. 109 v DECLARATION I hereby declare that this submission is my own work towards the MSc and that, to the best of my knowledge, it contains no material previously published by another