Design And Simulation Of Secure Virtual Private Network (VPN) Over An Open Network (internet) Infrastructure
ABSTRACT
The world has changed a lot in the last couple of decades. Instead of simply dealing with local or regional concerns, many businesses now have to think about global markets and logistics. Many companies have facilities spread out across the country or around the world, and there is one thing that all of them need, a way to maintain cost effective, fast, secure and reliable communications wherever their offices are. Virtual Private Network (VPN) allows computer or network to connect to each other over the internet securely. In the old style of communication basically with telephone it does not allow free flow of message transfer, but with internet and VPN it’s free flow of data transfer and also makes it secure. How do i ensure the safe passage of data across a shared infrastructure? The answer is to deploy a secured Virtual Private Network (VPN).
CHAPTER ONE INTRODUCTION
This is the information age where we no longer have to commute physically from one place to another to complete a set of tasks or to gather pieces of information. Nothing will work in the absence of communication. Communication provides a vehicle for conveying information and for expressing to others what has been perceived (Lewis, 2006). Everything can be done virtually with a mouse click on an online host. In a way, everything we do in our daily lives is related in one way or another to information access. This has made information sharing almost mandatory and indispensable. These days, a customer can retrieve and compare products or services information promptly online, anytime, anywhere. For competitive reasons, organizations that provide this information have to make the information readily available online.
In other words, the concept of a shared infrastructure is undisputedly important. A shared infrastructure is none other than a public network which provides connectivity to multiple autonomous computer systems in order to communicate and share resources. At present, the biggest public network is the Internet, which has over 100,000 routes and is still growing rapidly. As more and more companies link up their corporate network to the Internet, we are faced with an inevitable issue-information security. Sharing information on a public network also implies giving access and visibility to everyone who wants to retrieve these data. What if the person who has the accessibility and visibility to the information decides to create havoc? Some of the general threat types that are posed by malicious hackers include eavesdropping, denial of service, unauthorized access, data manipulation, masquerade, session replay, and session hijacking.
The Les Cours Sonou University Benin (LCS) is an Institution that does not have any secure and reliable communications infrastructure that connects their institutions. The Virtual Private Network (VPN) WANs connect the sites via dedicated point-to-point links. This means that multiple independent circuits have to terminate at the corporate network egress, making the deployment non-scalable and difficult to maintain.
VPNs extend the classic WAN by replacing the physical point-to-point links with logical point-to-point links sharing a common infrastructure, allowing all the traffic to be aggregated into a single physical connection. This scenario results in potential bandwidth and cost savings at the network egress. Because campuses no longer need to maintain a private network, and because a VPN itself is cheaper to own and offers significant cost savings over private WANs, operation costs are reduced.
VPNs provide an alternative WAN infrastructure that can replace or augment commercial private networks that use leased-line or frame relay/ATM networks. There are two ways business clients can implement and manage their VPNs. They can either roll out their own VPNs and manage them internally, or outsource the VPN management to their service providers for a total VPN package that is tailored to their particular business needs. Last but not the least, from the service providers’ perspective, VPNs are a fundamental building block in delivering new value-added services that benefit their business clients as well as themselves. In this instance, the service providers deploy the VPNs for their clients, and the clients need only subscribe to the service providers for the VPN services (Mason,2002)
1.2Statement Of The Problem
The present network infrastructure in LES COURS SONOU UNIVERSITY, BENIN does not allow good student-lecturer interaction. It only allows processing and registration activities which isalso done manually. In addition to the fact that the services mentioned cannot be accessed when the staff and student leave the premises of the university campus.
1.3 Aim Of The Study
The aim of this project is to design and simulatea reliable and securevirtual privatenetwork (VPN) communication system for LES COURS SONOU UNIVERSITY, BENIN.
1.4 Objectives Of The Study
The objective of this secure virtual private network (VPN) over an open network is to include the following:
1.5 Scope Of The Study
This scope of the design and demonstration of a secure virtual private network should cover the following features in LCS.
1.6 Significance Of The Study
This project enlightens readers and would serve as bedrock for computer network and information control in a computer Network environment. As for a well-designed VPN, the project has the following significance:
And the following features are incorporate:
1.7 Limitations Of The Study
The design of Secure VPN is an enterprise network Project that leverages the use of enterprise facilities and network infrastructures available to the institution. In this project most of these facilities are not present. This research ought to cover a wide area but unable to do so due to the following limitations (Bradley Mitchell, 1988).
Finance: The cost of acquiring network equipment is high, and as students, we were unable to afford all the financial requirements of the research study.
Time: The period of time allowed for this project was small. A project of this nature need more time for complete investigation and research to be conducted. More so, studies and examinations are being combined which does not allow complete dedication to the project. Therefore the following may not be achieved in this academic project.
1.8 Definition Of The Study
LEASED LINES: These are usually referred to as a point-to-point or dedicated connection.
ROUTER: A Network layer mechanism, either software or hardware, using one or more metrics to decide on the best path to use for transmission of network traffic.
SWITCH: Is a computer network device that connects devices together on a computer network, by using packet switching to receive, process and forward data to the destination device…
ATM: Asynchronous Transfer Mode: The international standard, identified by fixed-length 53-byte cells, for transmitting cells in multiple service systems, such as voice, video, or data. Transit delays are reduced because the fixed-length cells permit processing to occur in the hardware.
ATM is designed to maximize the benefits of high-speed transmission media, such as SONET, E3, and T3
BANDWIDTH: The rate of data transfer, bit rate or throughput, measured in bits per second (bit/s).
Class A Network: Part of the Internet Protocol hierarchical addressing scheme. Class A networks have only 8 bits for defining networks and 24 bits for defining hosts and subnets on each network.
Class B Network: Part of the Internet Protocol hierarchical addressing scheme. Class B networks have 16 bits for defining networks and 16 bits for defining hosts and subnets on each network.
Class C Network: Part of the Internet Protocol hierarchical addressing scheme. Class C networks have 24 bits for defining networks and only 8 bits for defining hosts and subnets on each network.
COLLISION DOMAIN: The network area in Ethernet over which frames that have collided will be detected. Collisions are propagated by hubs and repeaters, but not by LAN switches, routers, or bridges.
DHCP:(Dynamic Host Configuration Protocol): DHCP is a network protocol that enables a server to automatically assign an IP address t o a computer from a defined range of numbers configured for a given network.
IP address: Often called an Internet address; this is an address uniquely identifying any device (host) on the Internet (or any TCP/IP network). Each address consists of four octets (32 bits), represented as decimal numbers separated by periods (a format known as "dotted-decimal"). Every address is made up of a network number, an optional sub network number, and a host number.
LAN:(local area network): Broadly, any network linking two or more computers and related devices within a limited geographical area (up to a few kilometers). LANs are typically high-speed, low-error networks within a company. Cabling and signaling at the Physical and Data Link layers of the OSI are dictated by LAN standards. Ethernet, FDDI, and Token Ring are among the most popular LAN technologies
NIC:(Network Interface Card): An electronic circuit board placed in a computer. The NIC provides network communication to a LAN.
PING:(Packet Internet Groper): A Unix-based Internet diagnostic tool, consisting of a message sent to test the accessibility of a particular device on the IP network. The term’s acronym reflects the underlying metaphor of submarine sonar. Just as the sonar operator sends out a signal and waits to hear it echo ("ping") back from a submerged object, the network user can ping another node on the network and wait to see if it responds
PPP:(Point-to-Point Protocol): The protocol most commonly used for dial-up Internet access, superseding the earlier SLIP. Its features include address notification, authentication via CHAP or PAP, support for multiple protocols, and link monitoring.
Routed Protocol: Routed protocols (such as IP and IPX) are used to transmit user data through an internet work. By contrast, routing protocols (such as RIP, IGRP, and OSPF) are used to update routing tables between routers.
Routing: The process of forwarding logically addressed packets from their local sub network towards their ultimate destination.
Subnet Address: The portion of an IP address that is specifically identified by the subnet mask as the sub network. See also: IP address, sub network, and subnet mask
Subnet Mask: Also simply known as mask, a 32-bit address mask used in IP to identify the bits of an IP address that are used for the subnet address. Using a mask, the router does not need to examine all 32 bits, only those indicated by the mask
OSI reference model: (Open Systems Interconnection reference model): A conceptual model defined by the International Organization for Standardization (ISO), describing how any combination of devices can be connected for the purpose of communication. The OSI model divides the task into seven functional layers, forming a hierarchy with the applications at the top and the physical medium at the bottom, and it defines the functions each layer must provide.
WAN (Wide Area Network): Is a designation used to connect LANs together across a DCE (data communication equipment) network. Typically, a WAN is a leased line or Dial-up connection across a PSTN network. Examples of WAN protocols includes Frame Relay, PPP, ISDN, and HDLC
Intranet: computer network within organization: A network of computers, especially one using World Wide Web conventions, accessible only to authorized users such as those within a company.
Internet: The Global "network of Networks" a network that links computer networks all over the world by satellite and telephone, connecting users with service networks such as e-mail and the World Wide Web
Encryption: The conversion of information into scrambled form that effectively disguises it to prevent unauthorized access.
Firewall: A barrier purposefully erected between any connected public networks and private network, made up of a router or access server or several routers or access servers that uses access lists and other methods to ensure the security of the private network.
VPN: (virtual private network): A method of encrypting point-to-point logical connections across a public network, such as the Internet. This allows secure communications across a public network