NETWORK SECURITY USING MIKROTIK ROUTER OPERATING SYSTEM

BY

IDAHOSA PAUL MONDAY PSC0508648

DEPARTMENT OF MATHEMATICS STATISTICS WITH COMPUTER SCIENCE FACULTY OF PHYSICAL SCIENCES UNIVERSITY OF BENIN, BENIN CITY, EDO STATE. NIGERIA.

MAY, 2012
1

NETWORK SECURITY USING MIKROTIK ROUTER OPERATING SYSTEM

BY

IDAHOSA PAUL MONDAY PSC0508648

BEING A PROJECT SUBMITTED TO THE DEPARTMENT OF MATHEMATICS, FACULTY OF PHYSICAL SCIENCES, UNIVERSITY OF BENIN, BENIN CITY, EDO STATE, IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE AWARD OF BACHELOR OF SCIENCE (B.Sc HONS) IN STATISTICS WITH COMPUTER SCIENCE.

MAY, 2012.

CERTIFICATION It is certified that this work was carried out by Mr. Paul Monday Idahosa of the Department of Mathematics, University of Benin, Benin City.

-------------------------ASSO PROF. M.N.O. IKHILE Ag. Head of Department

--------------------------MRS. S. KONYEHA Supervisor

DATE:----------------------

DATE: ----------------------

DEDICATION I dedicate this work to God almighty, the creator and sole administrator of the whole universe who in His infinite mercy sustained and provided for me, may his name be praised forever. I also dedicate it to my late father Pa Joseph Idahosa, who set the ball of education rolling in my life before he departed this world may his soul rest in peace. Amen.

ACKNOWLEDGEMENT First and foremost, I have to acknowledge the wonderful and incomparable Almighty God who has made me complete my programme successfully, and kept me alive to acknowledge the people who have joined me in my academic pursuit. In the multitude of people there is an adornment of a king, but in the lack of population is the ruin of high official. With this in mind, I am most grateful to these my lecturers: I have to show my profound gratitude to my lecturer Dr. J .I. Mbegbu, our daddy Dr. A. O. Oduwale, and Dr. D. Okuonghae, who have been local parents to me. My sincere appreciation goes to my able, amiable and dynamic project supervisor Mrs. S. konyeha whose sound intellectual and constructive suggestions guided me to the actualization of this project work. I pray God continue to guide her and her family aright in their entire endeavours. Also I have to show my profound gratitude to my course adviser Mr. O. Izevbizua for his lovely advice throughout my years in this great department. Also to my enviable lecturers; Prof. S.M. Ogbowman, Prof. J. E .Osemwenkhae, Dr. A.A. Osagiede, Dr. N. Ekhosuehi, and the dynamic Ag. Head of Department, Asso. Prof. M.N Ikhile and many others, thanks to you all and God bless you. I wholeheartedly appreciate the unflinching support of my mother Mrs. Mary Idahosa who has not relented in praying for my success. I have to thank her for her endless care, patient, financial, spiritual and moral support in my six years of study. And

also my late Dad, Pa Joseph Idahosa who set the ball of education rolling in my life before he departed this world may his gentle soul rest in peace. Amen. Also to my wonderful siblings; Osaretin, Roselyn, Marian, Faith, Gabriel, Andrew and especially to my lovely sister Joy who was my heroine, May God bless you all. I must not fail to appreciate the support of my boss in the office, Mr. E. S. Omwanghe, for his understandings, my colleagues Mr. O. Eguavoen, Mr. J. Otabor whose intellectual guidance has brought success to my project work, and my other colleagues in the office, I thank you all. I also recognized my classmates who contributed to the success of this project work; Sunny , Osas (aka Don Coleon), Aunty Favour, Ailem Emwinghare, Dolapo, Ahmed, Victor, Theophilus, Anderson, Eddy, Emma, Ernest, Frank, Victor, Evelyn, Ese, Shedrach, Douglas, Obi, Wagna, Ochuko, Patience, Dano, Jonah, Owens, Nelson and my humble class rep Smart. Your efforts are noted. This section will remain incomplete without recognizing the support of my friend Amies, who has stood by me to make sure this project work come to a successful end, am indeed grateful. Also to my lovely friend Paulina for showing great concern, I say thank you to you all. Also a special thanks to my friend, Mr. Hector, who first gave me an insight to my project, and to the entire ICTU team Uniben for their assistance. Lastly, thanks to my friend Kingsley Odibo. I know I cannot thank you all enough but optimism abounds that God in his infinite mercy will continue to take care of you individually and collectively in Jesus name Amen and Amen.
6

ABSTRACT Network security has become more important to personal computer users, organizations, and the military. With the advent of the internet, security became a major concern and the history of security allows a better understanding of the emergence of security technology. The internet structure itself allowed for many security threats to occur. The architecture of the internet, when modified can reduce the possible attacks that can be sent across the network. Knowing the attack methods, allows for the appropriate security to emerge. Many businesses secure themselves from the internet by means of firewalls and encryption mechanisms. The businesses create an intranet to remain connected to the internet but secured from possible threats.

TABLE OF CONTENTS Title page i ii iii iv

CertificationDedication -

Acknowledgement Table of content Abstract -

CHAPTER ONE: INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Statement of problem Significant of Study Limitation of Study Network Some Popular Network 1.5.1 UUCP 1.5.2 Batch-oriented Processing 1.5.3 Network Security concepts 1.6 1.7 Mikrotik -

History of network security

CHAPTER TWO: LITERATURE REVIEW 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 Differentiating data security and security Security in different networks Internet -

Security timeline -

IPV4 and IPV6 Architectures IPV4 Architecture IPV6 Architecture -

Common Internet attack methods 2.7.1 Eavesdropping 2.7.2 Viruses 2.7.3 Worms 2.7.4 Trojans 2.7.5 Phishing 10

2.7.6 IP spoofing attack 2.7.7 Denial of services 2.8

Technology for internet security 2.8.1 Cryptographic systems 2.8.2 Firewall -

2.9

The three basic type of firewall -

2.11 Difference between IDS, IPS, firewall and Antivirus 2.11.1 IDS (Intrusion detection system) 2.11.2 IPS (Intrusion prevention system) 2.11.3Antivirus 2.11.4Firewall -

CHAPTER THREE: SYSTEM ANALYSIS AND DESIGN 3.0 3.1 Introduction Network Design -

3.1.1 Router OS installation - 3.1.2 Router configuration 3.1.3 Router firewall 3.1.4 Event Logging -

3.1.5 Bandwidth management 3.1.6 Queues 3.1.7 Torch -

3.1.8 Bandwidth test 3.2

Unified modeling language (UML) representation 3.2.1 Use case diagram -

11

CHAPTER FOUR: IMPLEMENTATION 4.0 4.1 4.2 4.3 Introduction -

Hardware requirements Software requirements -

System Implementation 4.3.1 Choice of router OS

4.4

Implementation - -

CHAPTER FIVE: SUMMARY, CONCLUSION, AND RECOMMENDATION 5.1 5.2 Summary -

conclusion and recommendation References Appendix -

12

CHAPTER ONE 1.0 INTRODUCTION Network security consists of the provisions and policies adopted by a network administrator to monitor and prevent unauthorized access, misuse, modification, or denial of service on a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their network. Network security covers a variety of computer networks, both public and private, which are used daily for transactions and communications among businesses, government agencies and individuals. Networks can be private (such as within a company) while others might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name (Simmonds, et al., 2004) The world is becoming more interconnected with the advent of the Internet and new networking technology. There is a large amount of personal, commercial, military, and government information on networking infrastructures worldwide.
13

Network security is becoming of great importance because of intellectual property that can be easily acquired through the internet. There are currently two fundamentally different networks, data networks and synchronous network comprised of switches. The internet is considered a data network. Since the current data network consists of computerbased routers, information can be obtained

by special programs, such as Trojan horses, planted in the routers. The synchronous network that consists of switches does not buffer data and therefore are not threatened by attackers. That is why security is emphasized in data networks, such as the internet, and other networks that link to the internet. Basically Mikrotik functions as a router, does bandwidth management and has authentication software. 1.1 MIKROTIK Mikrotik Ltd., known internationally as MikroTik, is a Latvian manufacturer of computer networking equipment. It sells wireless products and routers. The company was founded in 1995, with the intent to sell in the emerging wireless technology market. As of 2007, the company had more than 70 employees. The company's products are known as low-priced alternatives for expensive routers and Ethernet radio relay lines.

14

1.2

STATEMENT OF PROBLEM With the advancement of technology, a lot of unauthorized persons are now

able to access network and files and cause harm to the files hence the need for more network security policy through the use of Mikrotik routers 1.3 SIGNIFICANCE OF STUDY Computer Network security is a complicated subject, historically only tackled by well-trained and experienced people. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. 1.4 LIMITATION OF STUDY In the course of study, it was not easy to get funds to procure mikrotik license, a personal computer with two LAN cards and other hardware components needed to implement my work. Materials were not readily available because a lot of people who could make research are yet to be aware of it. 1.5 HISTORY OF NETWORK SECURITY Recent interest in security was fueled by the crime committed by Kevin Mitnick (1979). He committed the largest computerrelated crime in U.S. history. The losses were eighty million dollars in U.S. intellectual property and source code from a variety of companies. Since then, information security came into the spotlight. Public networks are being relied upon to deliver financial and personal
15

information. Due to the evolution of information that is made available through the internet, information security is also required to evolve. Due to Kevin Mitnicks offense, companies are emphasizing security for the intellectual property. Internet has been a driving force for data security improvement. Internet protocols in the past were not developed to secure themselves. Within the TCP/IP communication stack, security protocols are not implemented. This leaves the internet open to attacks. Modern developments in the internet architecture have made communication more secure.

1.6

COMPUTER NETWORK A computer network, often simply referred to as a network, is a collection of

hardware components and computers interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. 1.7 SOME POPULAR NETWORKS Over the last 25 years or so, a number of networks and network protocols have been defined and used. There are two types of network: Public and private networks. Anyone can connect to either of these networks, or they can use any of the networks to connect their own hosts (computers) together, without connecting
16

to the public networks. Each type takes a very different approach to providing network services. 1.7.1 UUCP UUCP (Unix-to-Unix CoPy) was originally developed to connect Unix (surprise!) hosts together. UUCP has since been ported to many different architectures, including PCs, Macs, Amigas, Apple IIs, VMS hosts, everything else you can name, and even some things you can't. Additionally, a number of systems have been developed around the same principles as UUCP. 1.7.2 Batch-oriented processing. UUCP and similar systems are batch-oriented systems: everything that they have to do is added to a queue, and then at some specified time, everything in the queue is processed. 1.8 Network security Network security starts with authenticating the user, commonly with a username and a password. Since this requires just one detail authenticating the user name i.e. the password, which is something the user 'knows' this is sometimes termed one-factor authentication. With two-factor authentication, something the user 'has' is also used (e.g. a security token or 'dongle', an ATM card, or a mobile phone); and with three-factor authentication, something the user 'is' is also used (e.g. a fingerprint or retinal scan).
17

Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) helps detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high-level analysis. Communication between two hosts using a network may be encrypted to maintain privacy. Honeypots, essentially decoy network-accessible resources, may be deployed in a network as surveillance and early-warning tools, as the honeypots are not normally accessed for legitimate purposes. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis may be used to further tighten security of the actual network being protected by the honeypot.

18

CHAPTER TWO LITERATURE REVIEW 2.0 DIFFERENTIATING DATA SECURITY AND NETWORK SECURITY Data security is the aspect of security that allows a clients data to be transformed into unintelligible data for transmission. Even if this unintelligible data is intercepted, a key is needed to decode the message. This method of security is effective to a certain degree. Strong cryptography in the past can be easily broken today. Cryptographic methods have to continue to advance due to the advancement of the hackers as well. When transferring ciphertext over a network, it is helpful to have a secure network. This will allow for the ciphertext to be protected, so that it is less likely for many people to even attempt to break the code. A secure network will also prevent someone from inserting unauthorized messages into the network. Therefore, hard ciphers are needed as well as attack hard networks. Kartalopoulos, S. (2008)

19

Figure 1: Based on the OSI model, data security and network Kartalopoulos, S. (2008) 2.1 SECURITY IN DIFFERENT NETWORKS According to Tyson (2011), the businesses today use combinations of firewalls, encryption, and authentication mechanisms to create intranets that are connected to the internet but protected from it at the same time. Intranet is a private computer network that uses internet protocols. Intranets differ from "Extranets" in that the former are generally restricted to employees of the organization while extranets can generally be accessed by customers, suppliers, or other approved parties. It does not necessarily have to be any access from the organization's internal network to the Internet itself. When such access is provided it is usually through a gateway with a firewall log with user authentication,
20

encryption of messages, and often makes use of virtual private networks (VPNs). Although intranets can be set up quickly to share data in a controlled environment, that data is still at risk unless there is tight security. The disadvantage of a closed intranet is that vital data might not get into the hands of those who need it. Intranets have a place within agencies. But for broader data sharing, it might be better to keep the networks open, with these safeguards: 1. Firewalls that detect and report intrusion attempts 2. Sophisticated virus checking at the firewall 3. Enforced rules for employee opening of email attachments 4. Encryption for all connections and data transfers 5. Authentication by synchronized, timed passwords or security certificates. It was mentioned that if the intranet wanted access to the internet, virtual private networks are often used. Intranets that exist across multiple locations generally run over separate leased lines or a newer approach of VPN can be utilized. VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, realworld connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee. Figure 2 is a graphical representation of an organization and VPN network (Tyson, 2011)

21

Figure 2: Organizational VPN Network Tyson, J. (2011) Source: http://www.howstuffworks.com/vpn.htm

2.2

INTERNET The Internet is the world's largest network of networks . When you want to

access the resources offered by the Internet, you don't really connect to the Internet; you connect to a network that is eventually connected to the Internet backbone, a network of extremely fast (and incredibly overloaded!) network components. This is an important point: the Internet is a network of networks - not a network of hosts. Curtin, M. (1997)

A simple network can be constructed using the same

22

protocols such that the Internet uses without actually connecting it to anything else. Such a basic network is shown in figure 3.

Figure 3: A Simple Local Area Network I might be allowed to put one of my hosts on one of my employer's networks. We have a number of networks, which are all connected together on a backbone, which is a network of our networks. Our backbone is then connected to other networks, one of which is to an Internet Service Provider (ISP) whose backbone is connected to other networks, one of which is the Internet backbone. If you have a connection ``to the Internet'' through a local ISP, you are actually connecting your computer to one of their networks, which is connected to another, and so on. To use a service from my host, such as a web server, you would tell your web browser to connect to my host. Underlying services and protocols would send packets (small datagram) with your query to your ISP's network, and then a network they're connected to, and so on, until it found a path to my employer's backbone, and to the exact network my host is on. My host would then respond appropriately, and the same would happen in reverse: packets would traverse all of the connections until they found their way back to your computer, and you were looking at my web page. Curtin, M. (1997).
23

Simmonds, et al. (2004) observed that Security management for networks is different for all kinds of situations. A home or small office may only require basic security while large businesses may require high-maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming. 2.3 SECURITY TIMELINE Several key events contributed to the birth and evolution of computer and network security. The timeline can be started as far back as the 1930s. Polish cryptographers created an enigma machine in 1918 that converted plain messages to encrypted text. In 1930, Alan Turing, a brilliant mathematician broke the code for the Enigma. Securing communications was essential in World War II. In the 1960s, the term hacker is coined by a couple of Massachusetts Institute of Technology (MIT) students. The Department of Defense began the ARPANet, which gains popularity as a conduit for the electronic exchange of data and information.(www.redhat.com/docs/manuals/enterprise/RHEL4 Manual/securityguide/chsgsov.html). This paves the way for the creation of the carrier network known today as the Internet. During the 1970s, the Telnet protocol was developed. This opened the door for public use of data networks that were originally restricted to government contractors and academic researchers. (www.redhat.com/docs/manuals/enterprise/RHEL4Manual/security guide/chsgsov.html.)
24

During the 1980s, the hackers and crimes relating to computers were beginning to emerge. The 414 gang are raided by authorities after a nineday cracking spree where they break into topsecret systems. The Computer Fraud and Abuse Act of 1986 was created because of Ian Murphys crime of stealing information from military computers. A graduate student, Robert Morris, was convicted for unleashing the Morris Worm to over 6,000 vulnerable computers connected to the Internet. Based on concerns that the Morris Worm ordeal could be replicated, the Computer Emergency Response Team (CERT) was created to alert computer users of network security issues. In the 1990s, Internet became public and the security concerns increased tremendously. Approximately 950 million people use the internet today worldwide .
(www.redhat.com/docs/manuals/enterprise/RHEL4Manual/securityguide/chsgsov.html).

On any day, there are approximately 225 major incidences of a security breach. These security breaches could also result in monetary losses of a large degree. Investment in proper security should be a priority for large organizations as well as common users.

2.4

IPV4 AND IPV6 ARCHITECTURES

25

IPv4 was design in 1980 to replace the NCP protocol on the ARPANET. The IPv4 displayed many limitations after two decades. The IPv6 protocol was designed with IPv4s shortcomings in mind. IPv6 is not a superset of the IPv4 protocol; instead it is a new design. Andress J. (2005) 2.4.1 IPV4 ARCHITECTURE According to Andress, the protocol contains a couple aspects which caused problems with its use. These problems do not all relate to security. They are mentioned to gain a comprehensive understanding of the internet protocol and its shortcomings. The causes of problems with the protocol are: 1. Address Space 2. Routing 3. Configuration 4. Security 5. Quality of Service The IPv4 architecture has an address that is 32 bits wide. Andress J. (2005). According to Satillo, S. (2006) the IPv4 limits the maximum number of computers that can be connected to the internet. The 32 bit address provides for a maximum of two billions computers to be connected to the internet. The problem of exceeding that number was not foreseen when the protocol was created. The small address space of the IPv4 facilitates malicious code distribution.
26

Routing is a problem for this protocol because the routing tables are constantly increasing in size. The maximum theoretical size of the global routing tables was 2.1 million entries. Methods have been adopted to reduce the number of entries in the routing table. This is helpful for a short period of time, but drastic change needs to be made to address this problem. The TCP/IPbased networking of IPv4 requires that the user supplies some data in order to configure a network. Some of the information required is the IP address, routing gateway address, subnet mask, and DNS server. The simplicity of configuring the network is not evident in the IPv4 protocol. The user can request appropriate network configuration from a central server. This eases configuration hassles for the user but not the networks administrators. Andress, J. (2005). The lack of embedded security within the IPv4 protocol has led to the many attacks seen today. Mechanisms to secure IPv4 do exist, but there are no requirements for their use. IPsec is a specific mechanism used to secure the protocol. IPsec secures the packet payloads by means of cryptography. IPsec provides the services of confidentiality, integrity, and authentication. This form of protection does not account for the skilled hacker who may be able to break the encryption method and obtain the key. Andress J. (2005). When internet was created, the quality of service (QoS) was standardized according to the information that was transferred across the network. The original transfer of
27

information was mostly textbased. As the internet expanded and technology evolved, other forms of communication began to be transmitted across the internet. The quality of service for streaming videos and music are much different than the standard text. The protocol does not have the functionality of dynamic QoS that changes based on the type of data being communicated. Andress J. (2005) 2.4.2 IPV6 ARCHITECTURE When IPv6 was being developed, emphasis was placed on aspects of the IPv4 protocol that needed to be improved. The development efforts were placed in the following areas: 1. Routing and addressing 2. Multiprotocol architecture 3. Security architecture 4. Traffic control The IPv6 protocols address space was extended by supporting 128 bit addresses. With 128 bit addresses, the protocol can support up to 3.4 *(10) ^38 machines. The address bits are used less efficiently in this protocol because it simplifies addressing configuration. The IPv6 routing system is more efficient and enables smaller global routing tables. The host configuration is also simplified. Hosts can automatically configure

28

themselves. This new design allows ease of configuration for the user as well as network administrator. The security architecture of the IPv6 protocol is of great interest. IPsec is embedded within the IPv6 protocol. IPsec functionality is the same for IPv4 and IPv6. The only difference is that IPv6 can utilize the security mechanism along the entire route the quality of service problem is handled with IPv6. The internet protocol allows for special handling of certain packets with a higher quality of service. From a highlevel view, the major benefits of IPv6 are its scalability and increased security. IPv6 also offers other interesting features that are beyond the scope of this paper. It must be emphasized that after researching IPv6 and its security features, it is not necessarily more secure than IPv4. The approach to security is only slightly better, not a radical improvement. Andress J.(2005) 2.5 COMMON INTERNET ATTACK METHODS Adeyinka, O. (2008) suggested that Common internet attacks methods are broken down into categories. Some attacks gain system knowledge or personal information, such as eavesdropping and phishing. Attacks can also interfere with the systems intended function, such as viruses, worms and trojans. The other form of attack is when the systems resources are consumes uselessly, these can be caused by denial of service (DoS) attack. Other forms of network intrusions also exist, such as land attacks, smurf attacks, and teardrop attacks. These attacks are
29

not as well known as DoS attacks, but they are used in some form or another even if they arent mentioned by name. 2.5.1 EAVESDROPPING Interception of communications by an unauthorized party is called eavesdropping. Passive eavesdropping is when the person only secretly listens to the networked messages. On the other hand, active eavesdropping is when the intruder listens and inserts something into the communication stream. This can lead to the messages being distorted. Sensitive information can be stolen this way. Adeyinka, O. (2008) 2.5.2 VIRUSES Viruses are selfreplication programs that use files to infect and propagate. Once a file is opened, the virus will activate within the system. Adeyinka, O. (2008) 2.5.3 WORMS A worm is similar to a virus because they both are selfreplicating, but the worm does not require a file to allow it to propagate. There are two main types of worms, massmailing worms and networkaware worms. Mass mailing worms use email as a means to infect other computers. Networkaware worms are a major problem for the Internet. A networkaware worm selects a target and once the

30

worm accesses the target host, it can infect it by means of a Trojan or otherwise. Adeyinka, O. (2008) 2.5.4 TROJANS Trojans appear to be benign programs to the user, but will actually have some malicious purpose. Trojans usually carry some payload such as a virus Adeyinka, O. (2008) 2.5.5 Phishing Phishing is an attempt to obtain confidential information from an individual, group, or Organization. Phishers trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information. Marin, G.A. (2005) 2.5.6 IP SPOOFING ATTACKS Spoofing means to have the address of the computer mirror the address of a trusted computer in order to gain access to other computers. The identity of the intruder is hidden by different means making detection and prevention difficult. With the current IP protocol technology, IP spoofed packets cannot be eliminated Adeyinka, O. (2008). 2.5.6 DENIAL OF SERVICE Denial of Service is an attack when the system receiving too many requests cannot return communication with the requestors. The system then consumes
31

resources waiting for the handshake to complete. Eventually, the system cannot respond to any more requests rendering it without service. Marin, G.A. (2005) 2.6 TECHNOLOGY FOR INTERNET SECURITY Internet threats will continue to be a major issue in the global world as long as information is accessible and transferred across the Internet. Different defense and detection mechanisms were developed to deal with these attacks. 2.6.1 CRYPTOGRAPHIC SYSTEMS Cryptography is a useful and widely used tool in security engineering today. It involved the use of codes and ciphers to transform information into unintelligible data. 2.6.2 FIREWALL A firewall is a typical border control mechanism or perimeter defense. The purpose of a firewall is to block traffic from the outside, but it could also be used to block traffic from the inside. A firewall is the front line defense mechanism against intruders. It is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both Adeyinka, O. (2008) 2.7
Metho d NAT

There are three basic types of Firewall

Description Network Address Translation (NAT) places private IP Advantages Can be configured transparently to 32 Disadvantages Cannot prevent malicious activity

subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several. The Linux kernel has built-in NAT functionality through the Netfilter kernel subsystem.

machines on a LAN Protection of many machines and services behind one or more external IP addresses simplifies administration duties Restriction of user access to and from the LAN can be configured by opening and closing ports on the NAT firewall/gateway Customizable through the
iptables front-end

once users connect to a service outside of the firewall

Packet Filter

A packet filtering firewall reads each data packet that passes through a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator. The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.

Cannot filter packets for content like proxy firewalls Processes packets at the protocol layer, but cannot filter packets at an application layer Complex network architectures can make establishing packet filtering rules difficult, especially if coupled with IP masquerading or local subnets and DMZ networks

utility Does not require any customization on the client side, as all network activity is filtered at the router level rather than the application level Since packets are not transmitted through a proxy, network performance is faster due to direct connection from client to remote 33

Proxy

Proxy firewalls filter all requests of a certain protocol or type from LAN clients to a proxy machine, which then makes those requests to the Internet on behalf of the local client. A proxy machine acts as a buffer between malicious remote users and the internal network client machines.

host Gives administrators control over what applications and protocols function outside of the LAN Some proxy servers can cache frequently-accessed data locally rather than having to use the Internet connection to request it. This helps to reduce bandwidth consumption Proxy services can be logged and monitored closely, allowing tighter control over resource utilization on the network

Proxies are often application-specific (HTTP, Telnet, etc.), or protocolrestricted (most proxies work with TCP-connected services only) Application services cannot run behind a proxy, so your application servers must use a separate form of network security Proxies can become a network bottleneck, as all requests and transmissions are passed through one source rather than directly from a client to a remote service

Ingham, Kenneth; Forrest, Stephanie (2002)

2.8

The ISO/OSI Reference Model Curtin, M. (1997) pointed out that the International Standards Organization

(ISO) Open Systems Interconnect (OSI) Reference Model defines seven layers of communications types, and the interfaces among them. (See Figure 4) Each layer
34

depends on the services provided by the layer below it, all the way down to the physical network hardware, such as the computer's network interface card, and the wires that connect the cards together. An easy way to look at this is to compare this model with something we use daily: the telephone. In order for you and me to talk when we are out of earshot, we need a device like a telephone. (In the ISO/OSI model, this is at the application layer.) The telephones, of course, are useless unless they have the ability to translate the sound into electronic pulses that can be transferred over wire and back again. (These functions are provided in layers below the application layer.) Finally, we get down to the physical connection: both must be plugged into an outlet that is connected to a switch that is part of the telephone system's network of switches. If I place a call to you, I pick up the receiver, and dial your number. This number specifies which central office to which to send my request, and then which phone from that central office to ring. Once you answer the phone, we begin talking, and our session has begun. Conceptually, computer networks function exactly the same way.

35

Figure 4: The ISO/OSI Reference Model 2.11 Difference between IDS, IPS, Firewall & Antivirus 2.11.1(Intrusion Detection system) IDS There are basically 2 types of IDS, Network IDS and Host IDS. Network IDS will Generally Capture all Traffic on the network. while Host will Capture Traffic for Individual Host IDS detects attempted attacks using Signature and Patterns much like an Anti Virus App will. it's purpose is to analyze the traffic that goes through it and detects possible intrusions to the system. 2.11.2IPS (Intrusion Prevention System) IPS solutions are focused on identifying and blocking attack traffic. It can actually be a Cisco router. When the IPS detects a problem, the IPS itself can prevent the traffic from entering the network. 2.11.3 AntiVirus:

36

They will capture attempted Infections of Files or email. The general infection will be a Trojan and/or Virus/Malware. It detects the infections in the system and heals it depending on the updated version.

2.11.4 Firewall: According to Karl, B. (2008), Firewalls can be sophisticated. Firewall will scan TCP/IP packets based on Source and Destination then check again a list (ACL) and block/Allow traffic accordingly, some firewalls can provide Layer 7 Traffic Scanning (Deep Packet Inspection) for instance rules can be setup for Applications. It is a network device that in it's basic form separates the internal network from the external network. It allows internal users to go out, but prevents any one from outside the internal network to go in. AlSalqan, Y (1997) stated that the trend towards biometrics could have taken place a while ago, but it seems that it isnt being actively pursued. Many security developments that are taking place are within the same set of security technology that is being used today with some minor adjustments.

37

CHAPTER THREE SYSTEM ANALYSIS AND DESIGN 3.0 INTRODUCTION MikroTik Router OS is a Linux-based operating system Installed on the MikroTiks proprietary hardware (Router BOARD), or on standard x86-based computers (our personal computers), it turns the computer into a network router and implements various additional features, such as firewalling, virtual private network (VPN) service and client, bandwidth shaping and quality of service, wireless access point functions and other commonly used features when interconnecting networks. The system is also able to serve as a captive-portalbased hotspot system. The operating system is licensed in increasing service levels, each releasing more of the available Router OS features. A Microsoft Windows
38

application called Winbox provides a graphical user interface for the Router OS configuration and monitoring, but Router OS also allows access via FTP, telnet, and secure shell (SSH). An application programming interface is available for direct access from applications for management and monitoring. This Router OS supports many applications used by Internet service providers, for example OSPF, BGP, Multiprotocol Label Switching (VPLS/MPLS). The Router OS also supports Internet Protocol Version 4 (IPv4) as well as Internet Protocol Version 6 (IPv6). 3.1 NETWORK DESIGN The network implementation for this system is a Local Area Network (LAN). The layout was designed using Cisco packet tracer 5.2. Users in this network are assigned IP addresses (Ipv4) which identify them on the layer 3 of the OSI model. In order to ensure security, the IP addressing is made static as against DHCP (Dynamic Host Control Protocol) addressing which dynamically allocates IP addresses. This method could be less secure since the IP addresses cannot be monitored as to which system uses which address. The IP addresses used are 192.168.0.0 and 192.168.1.0 which are network addresses. A network address is used to represent a network by means of a subnet mask. The subnet mask used in the network is 255.255.255.0 which means all devices can take IP addresses from this range 192.168.0.1 192.168.0.254 in the
39

case of network 192.168.0.0 and devices can take IP addresses from this range 192.168.0.1 192.168.0.254 in the case of network 192.168.1.0. . The class of address used is class C address and also a private address. Private addresses are used within a local area network but when the computers are to be represented on the Wide Area Network, a process called Network address translation is carried out by the internet service provider to represent the hosts with the public address on the internet.

The cables used in connecting the systems are Ethernet straight through cables. Straight through cables are used in connecting devices to switches. All the devices in the LAN are connected to the switch which serves as a network link to all the devices provided they are all bearing the network address. The other cabling method is the cross over cable which is used in connecting similar devices together such as a router and the PC, switch to switch or hub to switch. The cables are connected to the network interface cards of the devices using RJ45 pin outs. Todd Lammle, 2008.

40

Fig 3.1 Network Design for the Network Security System

3.1.1 ROUTER OS INSTALLATION The mikrotik router OS is installed from a compact disk in the CD drive of the chosen computer. Installing the router OS on the computer automatically makes it a router. First the computer was booted and setup was entered to configure the boot options. The computer was set to boot from the CD drive which contained the router OS. On booting, the router OS provided the option of wiping out old
41

configuration present in the hard disk or leaving it. The option to wipe out old configuration was chosen giving the router a fresh start. Old data was wiped out and the packages to be installed were presented. Using the available options, the desired packages were chosen and installed. The router rebooted and was set to use. 3.1.2 ROUTER CONFIGURATION To support the network design presented in fig 3.2. The first interface of the router was configured using the IP address 192.168.0.1 and a subnet mask of 255.255.255.0 (/24) and the second with 192.168.1.1 and a subnet mask of 255.255.255.0. The router was logged into using admin as the user name and an empty password. Configuring the IP address is the first necessary configuration before it can be interacted with from another system (the administrator system using cwinbox. MiKrotik Login: Admin Password: [admin@MikroTik] IP address add Address: 192.168.0.1/24 Interface: ether1 [admin@MikroTik] IP address print. [admin@MikroTik] IP address add Address: 192.168.1.1/24
42

Interface: ether2 [admin@MikroTik] IP address print

Ether1 is the interface for accessing the router from the local area network and all the computers in the network thus follow such addressing pattern. Ether2 is the interface for connecting the file server. The file server is on another network subnet which is connected to this Ether2 interface of the router. The very first computer to be configured other than the router is the administrators computer which takes 192.168.0.2/24. The file server containing the company data takes 192.168.1.254. The clients are assigned the addresses 192.168.0.3 and 192.168.0.4. . The

addresses 192.168.0.5 -192.168.0.253 are free addresses for other computers in the LAN. 3.1.3 ROUTER FIREWALL The Mikrotik router has a firewall resource that enables it act as a firewall between devices in a network. To ensure this action, the network is designed such that the router comes in between the file server and the other clients since it has 2 ethernet ports, the file server containing company data is put on Ether2 while the clients as well as the administrator are put on Ether1.

43

Configuring the firewall to restrict access to the file server was achieved using the following code: [admin@MikroTik] >/IP firewall address-list add list=authorized address=192.168.0.2/32 [admin@MikroTik] address=192.168.0.3/32 [admin@MikroTik] > /IP firewall address-list print Flags: X - disabled, D - dynamic # LIST 0 1 ADDRESS >/IP firewall address-list add list=authorized

authorized 192.168.0.2 authorized 192.168.0.3 Thus the only authorized IP addresses with access to the file server

-192.168.1.254 are 192.168.0.2 and 192.168.0.3. 3.1.4 EVENT LOGGING Various system events and status information can be logged. Logs can be saved in local routers file, displayed in console, sent to an email or to a remote server running a syslog daemon. The log of the firewall activities has to be set to be taken each time there is an operation. This is done using the following code: [admin@MikroTik] system logging> add topics=firewall action=memory [admin@MikroTik] system logging> print Flags: X - disabled, I - invalid
44

# TOPICS 0 info 1 error 2 warning 3 critical 4 firewall [admin@MikroTik] system logging

ACTION PREFIX memory memory memory echo memory

Viewing the Log of operations is the focus of an intrusion detection system. A log shows details of an event such as the date and time of an event, what the event is and who performed such an event. The mikrotik router log is viewed as thus: To view the local logs: [admin@MikroTik] > log print TIME MESSAGE

dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin
45

-- [Q quit|D dump] To monitor the system log: [admin@MikroTik] > log print follow TIME MESSAGE

apr/30/2012 08:20:36 log configuration changed by admin apr/30/2012 08:30:34 log configuration changed by admin apr/30/2012 08:30:51 log configuration changed by admin apr/30/2012 08:25:59 log configuration changed by admin apr/30/2012 08:25:59 log configuration changed by admin apr/30/2012 08:30:05 log configuration changed by admin apr/30/2012 08:30:05 log configuration changed by admin apr/30/2012 08:35:56 system started apr/30/2012 08:35:57 isdn-out1: initializing... apr/30/2012 08:35:57 isdn-out1: dialing... apr/30/2012 08:35:58 Prism firmware loading: OK apr/30/2012 08:37:48 user admin logged in from 10.1.0.60 via telnet -- Ctrl-C to quit. New entries will appear at bottom showing the current logs for effective monitoring.

46

In such an intrusion detection system, the log has to be monitored at all times just as a security camera has to be focused at all times but all events can be logged for future access in case of a security breach. 3.1.5 Bandwidth Management 3.1.5.1 Queues This functionality of the router is very important in the management of Network usage. The Queue option provides a tabular arrangement of all users accessing the network with their individual bandwidth usage (Measured basically in bits per second [b/s]) The administrator has the option of setting the maximum and minimum bandwidth usage for a particular resource. Our version of Mikrotik OS (V.29) has the ability to allow unlimited download and upload in the network so he could restrict network usage by setting the uplink and downlink to low values. (See Fig 3.2.5.1 in Appendix) 3.1.5.2 Torch Like the name implies, torch is used in viewing something closely. If an administrator want to view in details the network access. It shows the ports of access. The very common ports of access are 443 for secured sites (https(Secured hypertext transfer Protocol)), 80 for basic http, 21 for file transfer protocol and 23 for telnet. (See Appendix Fig 3.2.5.2). It also shows the source and destination
47

addresses of access in the network showing the Upload and Download rate. The administrator can decide to torch to see based on ports, protocol , source or destination address the network usage and can then know what each user is accessing only on a protocol, port and address basis. 3.1.5.3 Bandwidth Test The average performance of the router can be verified using the bandwidth test option accessed from the winbox. After inputting the authentication, the user is able to view the average uplink and downlink performance of the router on the network. From our test we found and average of 459/383 of Uplink and downlink respectively. This is quite impressive, but depending on the load of the network the bandwidth is shared among the users just like a wide road getting congested. (see Fig 3.2.5.3 in Appendix) 3.2 UNIFIED MODELLING LANGUAGE (UML) REPRESENTATION The Unified Modeling Language (UML) analysis of the proposed system was done using case diagram 3.2.1 Use Case Diagram A use case diagram visually represents what happens when an actor interacts with a system. It captures the functional aspects of a system. More specifically, it captures the business processes carried out in the system. As you discuss the functionality and processes of the system, you discover significant characteristics
48

of the system that you model in the use case diagram. Due to the simplicity of use case diagrams, and more importantly, because they are shorn of all technical jargon, use case diagrams are a great storyboard tool for user meetings. Use case diagrams have another important use. Use case diagrams define the requirements of the system being modeled and hence are used to write test scripts for the modeled system. In the intrusion detection system, the main actors are the clients and the administrator. The client goes through the operations which is logged for the administrators view. Use cases: A use case describes a sequence of actions that provide

something of measurable value to an actor and is drawn as a horizontal ellipse. Actors: An actor is a person, organization, or external system that

plays a role in one or more interactions with the system. System boundary boxes (optional): A rectangle is drawn around the

use cases, called the system boundary box, to indicate the scope of system. Anything within the box represents functionality that is in scope and anything outside the box is not in scope.

User
49

User
Authentication / Routing by Microtik Router router

Winbox Login / Network Access

Authorized Access to Router Resource /Configuration

Router Directs traffic to the resource /accepts configuration

Log of all events for access by the administrato r

Administrator

Figure 3.2: The use case diagram for the Design of a Network Security System 3.3 HOTSPOT CONFIGURATION The Mikrotik hotspot provides internet access to subscribers by means of a login interface. Subscribers could be connected wirelessly or with wires to the network but to have internet access, they will be required to enter a login name and password. Setting up a hotspot in a mikrotik router entails the following.
1.

Give the mikrotik internet connectivity by connecting one of its interfaces to your internet source and assigning IP addresses to both ends either by DHCP( Dynamic Host control Protocol) or statically.
50

2.

The other interface of the router which is directed to client use could be set up as a DCHP server so as to facilitate automatic assigning of IP addresses to network hosts.

3.

Next the router is configured to hand out DNS server address to the clients and is the address of the internet connection source.

4.

Internet connectivity on the router has to be verified by pinging an address e.g. 8.8.8.8 which is google.com server.

5.

Next the wireless adapter needs to be configured and IP address set. If you are using a LAN card the IP address will still be set but it will be connected to a D-link to provide connection to the other wired hosts

6.

The next step is to open the hotspot setup page and set the interface to the WLAN or Ethernet interface you are setting it up on. You can set up hotspot on more than one interface.

7. Next the Network address for access is set which then generates the pool of addresses to be assigned to hosts
8.

Another step is to decide if SSL certificates will be used or not if they are to be used, then they must be uploaded at this point of the configuration

9. The SMTP (Simple mail Transfer Protocol) is set 10.The DNS is set to the address of the internet connection end

51

11. The

DNS name is set to administrators choice as this is what appears on the

web browser on attempt to access the web. E.g. ubtech.com 12.The username and password for the administrator is set. This can be changed later. 13.The hotspot setup is now complete.

52

CHAPTER FOUR IMPLEMENTATION, TESTING AND RESULT 4.0 INTRODUCTION This chapter presents the hardware required for the Network security system in section 4.1. In section 4.2, software required is presented. Section 4.3 presents the design and specification and section 4.4 presents the implementation technique and documentation of the system. 4.1 HARDWARE REQUIREMENTS a. b. An Intel compatible Pentium III computer or a higher version. A 256MB or higher of Random Access Memory (RAM). (Determines speed of the router processing) c. d. e. f. 4.2 Network Interface Cards. CD-ROM Drive on proposed router system for Router OS installation. Keyboard, Monitor and Mouse Network cables (Straight through and cross over)

SOFTWARE REQUIREMENTS The list of required software is as listed below: a. Mikrotik Router OS b. Windows Operating system c. Windows XP operating system.
53

d. Winbox for GUI access to the router e. Cisco Packet Tracer 5.2 4.3 SYSTEM IMPLEMENTATION For the implementation of a network security system, the following steps are needed: a. Router OS installation: system engineer must install the Router OS effectively. b. Hardware and software needed to operate the system must be readily available.
c.

File preparation: The file server needs to be installed and files into it.

d. System testing and evaluation: The system is tested by using wrong usernames and passwords and trying access by unauthorized hosts and then the log is viewed. 4.3.1 CHOICE OF ROUTER OS The Mikrotik Router OS was chosen as the OS for this setup due to its ease of use and low cost. It also readily has the features needed to implement network security. Cisco routers are very costly and would require the physical routers but mikrotik router OS could simply be installed into the computer and this makes it a router.
54

4.4

IMPLEMENTATION TECHNIQUE The Network has been fully configured to enhance a more secured network

by configuring firewalls on the mikrotik router as discussed in chapter three. The network is now set for implementation. Data files have been kept in the file server which is on the 192.168.1.0 network separated by the router from the 192.168.0.0 network. The users with access granted to the file server are 192.168.0.2 and 192.168.0.3. a. Authorized access: A user with a valid username and password logs into the router from the winbox environment. The user also accesses the file server across the router and the log is taken. (see Appendix A) b. Unauthorized access: A user without a valid username and password is used to attempt login. A user from an IP address not permitted access to the file server is also used to attempt login and the log is also taken c. Viewing Log: The administrator has access to viewing the log of both operations. He logs into the router through the winbox using the username admin and password assigned. Next he clicks on log and all the operations with the time of event is displayed. (see Appendix A)

55

SYSTEM TESTING The system was tested with an authorized user that has been authenticated with a username and password. He logs into the network at different times to access the file server which were successful. An unauthorized user also tried to log into the network but access was denied. The logs of both the authorized and the unauthorized were taken. RESULT The record of logs of both the authorized and the unauthorized was seen by the administrator who monitors and prevent network intrusion. The system worked as expected.

56

57

CHAPTER 5
58

SUMMARY This work has been able to demonstrate network security using mikrotik routers operating system. Then, clients in the intranet - both authorized and unauthorized tried to access a file server and logs were taken and seen by the administrator who has the ability to enable or disable any user. 5.1 CONCLUSION AND RECOMMENDATION Network security is an important field that is increasingly gaining attention as the internet expands. The security threats and internet protocol were analyzed to determine the necessary security technology. The security technology is mostly software based, but many common hardware devices are used. The current development in network security is not very impressive. Originally it was assumed that with the importance of the network security field, new approaches to security, both hardware and software, would be actively researched. It was a surprise to see most of the development taking place in the same technologies being currently used. The embedded security of the new internet protocol IPv6 may provide many benefits to internet users. Although some security issues were observed, the IPv6 internet protocol seems to evade many of the current popular attacks. Combined use of IPv6 and security tools such as firewalls, intrusion detection, and authentication mechanisms will prove effective in

59

guarding intellectual property for the near future. The network security field may have to evolve more rapidly to deal with the threats further in the future. what is going to drive the Internet security is the set of applications more than anything else. The future will possibly be that the security is similar to an immune system. The immune system fights off attacks and builds itself to fight tougher enemies. Similarly, the network security will be able to function as an immune system.

60

REFERENCES Adeyinka, O., "Internet Attack Methods and Internet Security Technology," Modeling & Simulation, 2008. AICMS 08. Second Asia International Conference on, vol., no., pp.7782, 13 15 May 2008 AlSalqan, Y.Y., "Future trends in Internet security,"Distributed Computing Systems, 1997., Proceedings of the Sixth IEEE Computer Society Workshop on Future Trends of , vol., no., pp.216217, 2931 Oct 1997. Andress J., IPv6: the next internet protocol,(2005), Available at: www.usenix.com/publications/login/2005 04/pdfs/andress0504.pdf .Accessed (27 April 2012) Curtin ,M. Introduction to Network Security Available at: http://www.interhack.net/pubs/networksecurity. Accessed (28 April 2012) Dr. La Jolla, CA 92093 (858) 534-2230 Copyright 2012 Regents of the University of California discussed How firewalls work: (http://blink.ucsd.edu/technology/security/firewall/) ("Intranet.)" Wikipedia, The Free Encyclopedia. Jun 2008, 10:43 UTC. Wikimedia Foundation, Inc. 2 Jul 2008 <http://en.wikipedia.org/w/index.php?title=Intranet&ol did=221174244>. Improving Security, http://www.cert.org/tech_tips, 2006. Internet History Timeline,www3.baylor.edu/~Sharon_P_Johnson/etg/inthistory.h J.P. Holbrook, J.K. Reynolds. ``Site Security Handbook.'' RFC 1244. Jun 2008, 10:43 UTC. Wikimedia Foundation, Inc. July 2008 Kartalopoulos, S. V., "Differentiating Data Security and Network Security," Communications, 2008. ICC '08.IEEE International Conference on, pp.1469 1473, 1923 May 2008.
61

Landwehr, C.E.; Goldschlag, D.M., "Security issues in networks with Internet access," Proceedings of theIEEE, vol.85, no.12, pp.20342051, Dec 1997 "Intranet." Wikipedia, The Free Encyclopedia. Manual/securityguide/chsgsov.html. Molva, R., Institut Eurecom,Internet Security Architecture, in Computer Networks & ISDN SystemsJournal, vol. 31, pp. 787804, April 1999. M. Curtin, ``Snake Oil Warning Signs: Encryption Software to Avoid.'' USENET <sci.crypt> Frequently Asked Questions File. ] Dowd, P.W.; McHenry, J.T., "Network security: it's time to take it seriously," Computer, vol.31, no.9, pp.24 Sep 1998 Marin, G.A., "Network security basics," Security &Privacy, IEEE , vol.3, no.6, pp. 6872, Nov.Dec. 2005. S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989. Security Overview,www.redhat.com/docs/manuals/enterprise/RHEL4 Sotillo, S., East Carolina University, IPv6 security issues, August 2006, www.infosecwriters.com/text_resources/pdf/IPv6_SSotillo.pdf. Tyson, J., How Virtual private networks http://www.howstuffworks.com/vpn.htm . Accessed (24-5-2012) work,

Warfield M., Security Implications of IPv6, Internet Security Systems White Paper, documents.iss.net/whitepapers/IPv6.pdf. Y. Rekhter, R. Moskowitz, D. Karrenberg, G. de Groot, E. Lear, ``Address Allocation for Private Internets.'' RFC 1918. Computer network definition http://en.wikipedia.org/wiki/Computer_network

accessed (24-5-2012)
62

APPENDIX A: INTERFACES Fig 3.1.2 Configuring Ip address on Client systems

63

Fig 3.1.3 Unauthorized Login

Fig 3.1.4 Winbox Login

64

User List

Fig 3.1.4: Router Firewall 65

Router Logging

66

Fig 3.1.5.1 Using Queue

67

Fig3.1.5.2 Using Torch

68

Fig.3.3. 1

Setting DHCP on the internet interface of the router

69

Fig 3.3.2 Setting DNS request granting

Fig 3.3.3 Verifying Internet Connectivity on Router

70

Fig 3.3.4 Enabling the WLAN card if its to be used

71

Fig 3.3.5 Setting the Hotspot

Fig 3.3.6 Choosing the Interface for the Hotspot Access

72

Fig 3.3.7 Setting the Network

73

Fig 3.3.8 Setting the pool of addresses for clients

Fig 3.3.9 Secure Shell Certificate option

74

Fig 3.4.0 SMTP (Simple Mail Transfer Protocol) none selected

75

Fig 3.4.1 Domain Name Service Setup

76

Fig 3.4.2 Setting the Dns Name

Fig 3.4.3 Setting the first username and password

77

Fig 3.4.4 Setting DHCP on the internet interface of the router

78

Fig 3.4.5 Setting DNS request granting

Fig 3.4.6 Verifying Internet Connectivity on

79

Fig 3.4.7 Enabling the WLAN card if its to be used

Fig 3.4.8 Setting the Hotspot

80

Fig 3.4.9 Choosing the Interface for the Hotspot Access

81

Fig 3.5.0 Setting the Network

Fig 3.5.1 Setting the pool of addresses for clients

82

Fig.3.5.2 Secure Shell Certificate option

83

Fig 3.5.3 SMTP (Simple Mail Transfer Protocol) none selected

Fig 3.5.4 Domain Name Service Setup

84

Fig 3.5.5 Setting the Dns Name

Fig 3.5.6 Setting the first username and password

85

Fig 3.5.7 Hotspot Completed

86

87