View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Universiti Teknologi Malaysia Institutional Repository CHAPTER 1 INTRODUCTION 1.1 Overview At every organization internal threats are the main problem encountered by security administrators. The need to secure the internal network of an organization is required to avoid such threats. Not every organization implements host-based virtual private network solutions due to budget constraints. At System Consultancy Services Sdn Bhd’s network system holds various workstations, servers and devices. Information of the organization is important and is needed to safeguards from internal and external threats. Only computers that are allowed by the organization can enter the physical network of the organization. The network is the link between different systems; it has an accounting system, email, human resources system, calendaring system, file sharing system and software engineering system. All of the systems are being used by various staff of the company. There for the need to safeguard the system is important. 2 An illegal workstation can enter the network by plugging into any wall mounted port located throughout the organization. By doing that a hacker could sniffed packets throughout the network and captured data running across it. These data may include email transaction, financial and trade data, and other information that are important for the company. Furthermore the hacker could also launch malicious code, viruses, and hacker’s tool to penetrate other workstations and servers to gain information. 1.2 Problem Background In any organization an attacker could enter to the company as a corporate visitor. He or she shall utilize the internal network of the organization which has very minimum security. Possibility of threats could come as below; i) The visitors are able to connect their workstation or notebook on any ports which are connected to the main switch or hub of the organization. ii) Network ports are available through out any organization either it is being used by other workstation or not. The network ports are wall mounted and is connected using the RJ45 connector. Hackers can plug their workstation to any wall mounted port which is available through out the organization premises. iii) The workstation could have been installed with hacker’s tool such as penetration tools, port scanners, or sniffers. 3 iv) Virus outbreak such as worms could also compromise the system by infecting other computer systems. 1.3 Problem Statement At the organization, any person who has the privileges to enter the building will have access to any computer communication port. The person itself could be a manager, part time staff, contractor or any corporate visitor. There fore the need to block and prevent any illegal workstation from entering organization LAN is required. Any workstation that is not registered or unknown shall not be allowed to enter the network by all means. The illegal workstations are computers that are being brought in by an unauthorized person to company premises that has malicious intention to the corporate network system. Besides that during viruses’ outbreak, any workstation that has been compromised must be disconnected from the network. This is to stop the spreads of viruses on to the network. 4 1.4 Project Aim With this research the organization shall be able to; i) To secure an organization LAN from attacks within the premises. ii) To defend intrusion and viruses whereby stopping the threats utilizing the network of the organization. iii) To eliminate illegal workstation entering the LAN. 1.5 Project Objectives The need to research, analyze and test the application to ensure that the objectives are being met; i) The system shall scan the network for IP address and Mac Address. ii) The system shall block any unauthorized workstation or devices from entering the LAN. iii) The blocking of workstation shall be done remotely from a monitoring system without disconnecting the physical RJ45 cable or turning off the power of the unauthorized workstation. 5 iMac iMac iMac Figure 1.1: Elimination of illegal workstation From figure 1.1, the illegal workstation shall be eliminated by the monitoring software. The elimination process will stop any packets from the illegal workstation going to any other workstation in the network. 6 1.6 Project Scope The scope of the project shall include; i) This project shall be done within a LAN of an organization. ii) Intrusion is done by entering the network via switches and hubs only and not by other means, which includes wireless, modems, or the organization’s workstation that had been hacked. iii) Intrusion is done within the organization network and not from the internet. iv) This project is not building an intrusion detection system or a firewall, however both product do complement by building a total secure system. v) This project is not by implementing policies but a solution or mechanism to block illegal connection access to the switches or hubs. vi) Research and analyzing TCP/IP fundamentals are required to enhance research. 7 1.7 Project Importance With the delivery of the application the organization shall benefit from; i) To secure the internal network from illegal workstation with the possibility that it could have malicious attempts towards the network, system or other workstation and servers. ii) For any virus outbreak, this application shall be able to block any infected workstation from entering the network. 1.8 Project Plan i) Define the problem and methodology that are be used by hackers entering the network physically. ii) Research and analyzing in depth on network technology which emphasis on TCP/IP. iii) Research and analyzing Ethernet and MAC address. iv) Research and analyze Firewalls and Intrusion Detection System mechanism. 8 1.9 Conclusion Throughout this project it shall determine that the application being develop could eliminate and safeguard the network from any attempts from illegal workstation. Intrusion detections system or firewall is not the main aim for this project but the technology being use by the application could complement the research. Besides implementing policy to block hackers attacking the physical network the solution that can stop hackers from entering the network in an automated way. With this application, it will benefit mostly system administrators and security officers to secure their internal network. Even though a routine inspection throughout the physical network is a wise choice but with this application it will determine the IP address and the MAC address of the workstation that allowed entering the network.