Chapter 1: Introduction

Introduction

1.1 Background info:

Security in networks has become a problem these days. With the increased use of the
Internet for critical applications, networks are becoming hard and hard to secure.
Applications like Virtual private network for Remote Access and Site To Site have been
experiencing problems to secure their information being sent through from one network to
another network.

1.2 Problem Statement:

My Project is going to address securing VPNs for site to site and remote access. Companies
in our days are growing so fast that they will have more than one site of their organisation in
a year’s time. These companies then want the sites to communicate with each other sharing
the information which is important which has to be seen only by the sender and the
receiver. The problem then arises when packets sent are involved in attacks like
modification of message which alter the packets. These packets reach the receipt not in the
form they left the sender which is costing the company.

The other problem those companies are facing is that they want to secure VPNs for remote
access. Most people in this generation prefer to work while their at home, traveling, or
where ever there are in the world so remote access allows this to happen. Remote access
needs a lot of security as you will have to pass through a phrase of logging in to the network
so you are given access if the information you have entered is correct. The problem here is
that the hackers can hack into to your system to take information which they can use
against you or for their benefit. Attacks like masquerade and denial of service can be
experienced by the users of the remote access VPNs.

My solution to the two systems that l mentioned above will be using IPSecurity. IPSec are
protocols used to secure the packets travel from one network to another. This solution can
be implemented both on Ipv4 and Ipv6. Its main purpose was to work secure the ipv6 but
since it took too long to come into practise its main focus was then centred on ipv4. So my
solution will use IPSec to authenticate and encrypt the packets while they are being sent
from one network to another

1.3 Research Questions

1.3.1 Areas of concern

  This network is not secure at all which will one day put the company into jeopardy
as the information might be used against them or it might just be stolen for others
purposes which will endanger the company in the long run .
 Their concern is how should they secure the network at hand they are using because
they said this type is best when it comes to communication between site to site and
someone in an remote access
 They say that this once cost them a big customer in their line of work because a
message was sniffed so the customer did not like it when he heard it and called off
the deal , which was going to put them on the map
 Ever since the goal of the company is to secure the network and applications they
use to communication through the organisation.

1.3.2 Conditions that could be improved

 We need to improve on the Authentication being used at the moment so that no

unauthorised people will use our applications or network in our own cost or
endangering our communication.
 Encryption is also of paramount importance when it comes to securing and
application or network. We can share the key between the organisation, this can
be done through people meeting physically and exchange the key they will be
using to encrypt their packets or they can introduce a third party company which
can provide with encryption keys they will be using to send or get packets from
the organisation.

1.3.3 Difficulties that need to be eliminated

 Communicating without security in between.

 Some do not understand the technology being used because they were not taken
through how it is used which will make them communicate anyhow on the network.
 They have many security systems at once so the security manager is under a lot
pressure to secure them all. I think the manager should deal with one security
problem at a time to overcome the pressure on him.
 Access to data should not be given to everyone e.g. if a person wants to access data
in the data base of the organisation they should have an access pass to the data they
want to obtain. If they do not have the access pass to the level of data they want
then they will not have authority to get the information they want.

Questions seeking answers

 How are we going to secure the network and applications in the organisation? - we
are going to implement a solution through IPSEC
 This will protect the ip of the packet and protect the packets it self
  How is this going to help the company? – If the company has a secure network it
lessen the ability of them being attacked by intrudes.
1.4 Research Objectives :

Ip address planning

 We should have any IP plan of the ip address we are going to be using in the
organisation. If we know the ranger of ip address we want then will not have a
problem when it comes to managing them as a whole.
 This where we find the number sub networks and host we are going to need on sites
we have.

IP Security design and implementation

 On this level we will implement the IPSEC protocols we are going to be using in the
securing of the network and the applications we are going to be using.
 I am going to be using Authentication Header (AH) and Encapsulation Security
Payload (ESP). These protocols work hand in hand that is why l decided to use them
to implement security in this project.

VPN Deployment and implementation

Remote Access

 This is a user-to-network connection for the home, or from a mobile user wishing to
connect to a corporate private network from a remote location. This kind of VPN
permits secure, encrypted connections between a corporate private network and
remote users
 Authentication will be the main thing implemented here. So we will have to find
ways to use it in this network.

Site to site

It is used to make connections among fixed locations such as branch offices. This
kind of LAN-to-LAN VPN connection joins multiple remote locations through the
routers of the organisation into a single private network. Which allows the
organisation to communicate as one when send the information.
 Encryptions will go hand in hand with site to site because the packet needs to be
encrypted so that no one will be able to manipulate them.
1.5 Limitations:

 Schedule is looking at the time which will be spent doing the project at hand
depending with the availability of resources and money to buy the resources. With
 the pace am going l think l will be finished in four months’ time hope l will not get
distracted in the way that l will miss my schedule.
 Finding the right equipment to use for my project.
 Resistance from the workers when l implement the new security system to the
organisation.
 So far l have seen the equipment l want to use is going to be expensive, so they
organisation might say they do not money at moment meaning that l will have to
wait till they get the money.

1.6 Underlying Assumptions :

 I hope that all the resource l need will be provided to me in time which will make me
finish the project in the time l have set for myself, like l stated above l think my
project will take me about four months to complete it. My hope is that l will be done
and it will be successful as l want it to be
 I also assume that l will cover all the aspects l want to, these include authenticating
and encrypting the network which the organisation will be using.
 I want the project to be successful that it will be hard for the intruders to achieve
their goals of stealing the information of the organisation
 The company will have internet connectivity on all the sites l want to connect
through site to site and remote access
 They also have in house network and internet access.
1.7 Feasibility Study

1.7.1 Market feasibility

 In simple words it determines whether a project can sustain in a specific market or

not as well as whether it is capable of generating financial surplus for the firm or not.
 The technology l want to introduce can sustain in the market and it can also
generate surplus because the data integrity of the organisation will be only for the
eyes of the firm only.
 In our days for a firm to rise to the top they have skills and secrets which must be
kept to them and this technology will allow that, it is going to be secure that it will be
close to impossible to penetrate through the security.

1.7.2 Technical feasibility

  Technical feasibility study is the complete study of the project in terms of input,
processes, output, fields, programs and procedures. It is a very effective tool for long
term planning and trouble shooting. The technical feasibility study should most
essentially support the financial information of an organization
 The study here is going to help the firm and see if they can afford the technology at
hand.
 The equipment am going to mention are the ones which am going to need to make
my project complete.
 The equipment l looked for is the best l could find for the job, when l searched
around l wanted durability, high processing speed and bigger ROMs because what l
want to do is going to need much power to run the technology.

 Here we are going to need the following to implement our technology in our future
network.
 Routers
 Switches
 VPN appliances
 Authentication server
 Firewall
 Web server
 FTP server
 SMTP server

The above materials are going to help in the project; these materials will secure our
technology we want to use. Without the above materials our project might be hard
or even close to impossible because they are the ones which give our network some
life into it.

1.7.3 Financial feasibility

 Is the degree to which a project or change is financially possible and attractive. This
can be estimated using several common methods
 My proposal is attractive because my project is not going to be expensive compared
to as what people might think it is going to be, l looked around for the best
equipment like l said in the technical study yet not expensive.
  When l did my research on the materials l needed l also had to look at their prices so
that l know how much money l should estimate which can be used on the whole
project.
 l looked for equipment with moderate prices but at the sometime my goal was to
find equipment that will be able to held the type of pressure in the network which
will be used.
 I will state the prices of the equipment l have found so far
 Router -Alfa Wi-Fi Camp Pro R368A = $ 139
 Switch – 24 port Linksys LGS = $ 89
 VPN Firewall Appliance – HP F100 S-E = $ 500
 FTP Server = $ 500

1.8 Significance of Study : (defending my project)

 Security is everything when it comes to information technology today.

 I think when people want to start a business in information technology they should
first look at how they are going to secure their information in the future.
 When l was looking at my project l searched for the best ways to secure networks
they use in their firm.
 Virtual Private Networks are the best when it comes to transmitting packets over
the network, but for them to be the best you want they have to be secured.
 So l can came with the best solution l could find to secure the technology which is
going to be IPSEC.
 IPSEC deals with the authentication and encryption of the ip address and the packets
being send weather from site to site or remote access.
 IPSEC is the big deal when it comes securing a network.
 It also so not that complex to implement in a system being already being used, which
can save time.
 Gone are the days we had to worry that are our packet going to reach the
destination safely, IPSEC takes care of it all.
 IPSEC will secure the VPNs in a way that if you do not work at the firm you are not
able to use that network.
 Employees will get used to it in no time, because it is user friendly and straight
forward.
1.9 Chapter overview:

 My project is going to be in Securing Network Connected Applications.

 The applications which are going to be secured are VPNs for site to site and remote
access.
 The organisation needs to secure their network of site to site because they have
many sites and they all have to communicate with each other.
 It also uses remote access because most of their workers work while their home or
in remote places. So the packets they need to be secure from sender to receiver.
 Am going to introduce IPSEC in the network which is going to be used.

1.10 Conclusion :

 With all being said l have reached a decision that security is going to be of
paramount important when it comes to the network at hand.
 The security am going to implement is going to provide end to end encryption and
authentication weather for site to site or remote access.
 In the security system l will use IPSEC protocol. l will implement the following
protocols under IPSEC authentication and encryption.
 So my security system has to protect transfer of data from site to site that it cannot
be altered along the way. It will also make sure that a person accessing the network
from a remote area is given permission to access data the data in the private
network if they have entered the right credentials to login to the network.
 Remote access will also have levels of data meaning you will only access the type of
data which is on your level; this will all be configured in the login credentials you are
given by the security administrator. Commented [CT1]: You started on a good note