DESIGN AND SIMULATION OF AUTHENTICATION AND ADAPTIVE SECURITY FOR DNS SYSTEM

4000.00

CHAPTER ONE

INTRODUCTION

1.1 Background Of The Study

The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality on the Internet that has been in use since 1985. The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. This mechanism provides distributed and fault tolerant service and was designed to avoid a single large central database. The Domain Name System also specifies the technical functionality of the database service that is at its core. It defines the DNS protocol, a detailed specification of the data structures and data communication exchanges used in the DNS, as part of the Internet Protocol Suite. Historically, other directory services preceding DNS were not scalable to large or global directories as they were originally based on text files, prominently the hosts file. The Internet maintains two principal namespaces, the domain name hierarchy and the Internet Protocol (IP) address spaces. The Domain Name System maintains the domain name hierarchy and provides translation services between it and the address spaces. Internet name servers and a communication protocol implement the Domain Name System. A DNS name server is a server that stores the DNS records for a domain; a DNS name server responds with answers to queries against its database. The most common types of records stored in the DNS database are for Start of Authority (SOA), IP addresses (A and AAAA), SMTP mail exchangers (MX), name servers (NS), pointers for reverse DNS lookups (PTR), and domain name aliases (CNAME). Although not intended to be a general purpose database, DNS can store records for other types of data for either automatic lookups, such as DNSSEC records, or for human queries such as responsible person (RP) records. As a general purpose database, the DNS has also been used in combating unsolicited email (spam) by storing a real-time blackhole list. The DNS database is traditionally stored in a structured zone file.

1.2 Statement Of The Problem

The present network infrastructure in HOUDEGBE NORTH AMERICAN UNIVERSITY, BENIN does not allow good student-lecturer interaction. It only allows processing and registration activities which is also done manually. In addition to the fact that the services mentioned cannot be accessed when the staff and student leave the premises of the university campus.

1.3 Aim Of The Study

The aim of this project is to design and simulate authentication and adaptive security for DNS system for Houdegbe North American University, Benin in school of computer science mathematics and information technology.

1.4 Objective Of The Study

The objective of this authentication and adaptive security for DNS system is to include the following:

1. To control access into a DNS system.

2. To Secure information and Identity Management

3. To Secure Internet and information sharing

4. To Allow Reliability of a secured network

5. To Secure Desktop file Sharing

1.5 Significance Of The Study

This project enlightens readers and would serve as bedrock for computer network and information control in a computer Network environment.

As for a well-designed DNS, the project has the following significance:

• Extends geographic Network connectivity

• Improve security in Private Network

• Reduce operational costs versus traditional WAN

• Improve productivity • Simplify network topology

• Provide broadband networking compatibility

• Provide faster ROI (return on investment) than traditional WAN

• The study would also be helpful to the students who are carrying out research on this topic or any related topic And the following features are incorporate: • Security • Reliability

1.6 Scope Of The Study

This scope of the design and demonstration of a secure DNS network should cover the following features in HNAUB.

1. Internet-based Site to Site DNS that connects the various institutions (HNAUB).

2. Three Site WAN location which implies the HQ and two branches of the institution (HNAUB).

3. Access Control List Implementation, IPsec and Encryption to provide secure Access to network resources

4. Network Reliability

1.7 Limitation Of The Study

The design of Secure DNS is an enterprise network Project that leverages the use of enterprise facilities and network infrastructures available to the institution. In this project most of these facilities are not present.

This research ought to cover a wide area but unable to do so due to the following limitations (Bradley Mitchell, 1988).

Finance: The cost of acquiring network equipment is high, and as students, we were unable to afford all the financial requirements of the research study.

Time: The period of time allowed for this project was small. A project of this nature need more time for complete investigation and research to be conducted. More so, studies and examinations are being combined which does not allow complete dedication to the project.

Therefore the following may not be achieved in this academic project.

• Scalability

• Network management

• Policy management

• Remote Access DNS

1.8 Definition Of Terms

LEASED LINES: These are usually referred to as a point-to-point or dedicated connection.

ROUTER: A Network layer mechanism, either software or hardware, using one or more metrics to decide on the best path to use for transmission of network traffic.

SWITCH: Is a computer network device that connects devices together on a computer network, by using packet switching to receive, process and forward data to the destination device…

ATM: Asynchronous Transfer Mode: The international standard, identified by fixed-length 53-byte cells, for transmitting cells in multiple service systems, such as voice, video, or data. Transit delays are reduced because the fixed-length cells permit processing to occur in the hardware. ATM is designed to maximize the benefits of high-speed transmission media, such as SONET, E3, and T3

BANDWIDTH: The rate of data transfer, bit rate or throughput, measured in bits per second (bit/s)

Class A Network: Part of the Internet Protocol hierarchical addressing scheme. Class A networks have only 8 bits for defining networks and 24 bits for defining hosts and subnets on each network.

Class B Network: Part of the Internet Protocol hierarchical addressing scheme. Class B networks have 16 bits for defining networks and 16 bits for defining hosts and subnets on each network.

Class C Network: Part of the Internet Protocol hierarchical addressing scheme. Class C networks have 24 bits for defining networks and only 8 bits for defining hosts and subnets on each network.

COLLISION DOMAIN: The network area in Ethernet over which frames that have collided will be detected. Collisions are propagated by hubs and repeaters, but not by LAN switches, routers, or bridges.

DNS: The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network

DHCP:(Dynamic Host Configuration Protocol): DHCP is a network protocol that enables a server to automatically assign an IP address t o a computer from a defined range of numbers configured for a given network.

IP address: Often called an Internet address; this is an address uniquely identifying any device (host) on the Internet (or any TCP/IP network). Each address consists of four octets (32 bits), represented as decimal numbers separated by periods (a format known as “dotted-decimal”). Every address is made up of a network number, an optional sub network number, and a host number.

LAN:(local area network): Broadly, any network linking two or more computers and related devices within a limited geographical area (up to a few kilometers). LANs are typically high-speed, low-error networks within a company. Cabling and signaling at the Physical and Data Link layers of the OSI are dictated by LAN standards. Ethernet, FDDI, and Token Ring are among the most popular LAN technologies

NIC:(Network Interface Card): An electronic circuit board placed in a computer. The NIC provides network communication to a LAN. PING:(Packet Internet Groper): A Unix-based Internet diagnostic tool, consisting of a message sent to test the accessibility of a particular device on the IP network. The term’s acronym reflects the underlying metaphor of submarine sonar. Just as the sonar operator sends out a signal and waits to hear it echo (“ping”) back from a submerged object, the network user can ping another node on the network and wait to see if it responds

PPP:(Point-to-Point Protocol): The protocol most commonly used for dial-up Internet access, superseding the earlier SLIP. Its features include address notification, authentication via CHAP or PAP, support for multiple protocols, and link monitoring.

Routed Protocol: Routed protocols (such as IP and IPX) are used to transmit user data through an internet work. By contrast, routing protocols (such as RIP, IGRP, and OSPF) are used to update routing tables between routers.

Routing: The process of forwarding logically addressed packets from their local sub network towards their ultimate destination.

Subnet Address: The portion of an IP address that is specifically identified by the subnet mask as the sub network. See also: IP address, sub network, and subnet mask

Subnet Mask: Also simply known as mask, a 32-bit address mask used in IP to identify the bits of an IP address that are used for the subnet address. Using a mask, the router does not need to examine all 32 bits, only those indicated by the mask

OSI reference model: (Open Systems Interconnection reference model): A conceptual model defined by the International Organization for Standardization (ISO), describing how any combination of devices can be connected for the purpose of communication. The OSI model divides the task into seven functional layers, forming a hierarchy with the applications at the top and the physical medium at the bottom, and it defines the functions each layer must provide.

WAN (Wide Area Network): Is a designation used to connect LANs together across a DCE (data communication equipment) network. Typically, a WAN is a leased line or Dial-up connection across a PSTN network. Examples of WAN protocols includes Frame Relay, PPP, ISDN, and HDLC

Intranet: computer network within organization: A network of computers, especially one using World Wide Web conventions, accessible only to authorized users such as those within a company.

Internet: The Global “network of Networks” a network that links computer networks all over the world by satellite and telephone, connecting users with service networks such as e-mail and the World Wide Web Encryption: The conversion of information into scrambled form that effectively disguises it to prevent unauthorized access. Firewall: A barrier purposefully erected between any connected public networks and private network, made up of a router or access server or several routers or access servers that uses access lists and other methods to ensure the security of the private network.

VPN: (virtual private network): A method of encrypting point-to-point logical connections across a public network, such as the Internet. This allows secure communications across a public network.

LAN:(local area network): Broadly, any network linking two or more computers and related devices within a limited geographical area (up to a few kilometers). LANs are typically high-speed, low-error networks within a company. Cabling and signaling at the Physical and Data Link layers of the OSI are dictated by LAN standards. Ethernet, FDDI, and Token Ring are among the most popular LAN technologies

NIC:(Network Interface Card): An electronic circuit board placed in a computer. The NIC provides network communication to a LAN. PING:(Packet Internet Groper): A Unix-based Internet diagnostic tool, consisting of a message sent to test the accessibility of a particular device on the IP network. The term’s acronym reflects the underlying metaphor of submarine sonar. Just as the sonar operator sends out a signal and waits to hear it echo (“ping”) back from a submerged object, the network user can ping another node on the network and wait to see if it responds

PPP:(Point-to-Point Protocol): The protocol most commonly used for dial-up Internet access, superseding the earlier SLIP. Its features include address notification, authentication via CHAP or PAP, support for multiple protocols, and link monitoring.

Routed Protocol: Routed protocols (such as IP and IPX) are used to transmit user data through an internet work. By contrast, routing protocols (such as RIP, IGRP, and OSPF) are used to update routing tables between routers.

Routing: The process of forwarding logically addressed packets from their local sub network towards their ultimate destination.

Subnet Address: The portion of an IP address that is specifically identified by the subnet mask as the sub network. See also: IP address, sub network, and subnet mask

Subnet Mask: Also simply known as mask, a 32-bit address mask used in IP to identify the bits of an IP address that are used for the subnet address. Using a mask, the router does not need to examine all 32 bits, only those indicated by the mask

OSI reference model: (Open Systems Interconnection reference model): A conceptual model defined by the International Organization for Standardization (ISO), describing how any combination of devices can be connected for the purpose of communication. The OSI model divides the task into seven functional layers, forming a hierarchy with the applications at the top and the physical medium at the bottom, and it defines the functions each layer must provide.

WAN (Wide Area Network): Is a designation used to connect LANs together across a DCE (data communication equipment) network. Typically, a WAN is a leased line or Dial-up connection across a PSTN network. Examples of WAN protocols includes Frame Relay, PPP, ISDN, and HDLC Intranet: computer network within organization: A network of computers, especially one using World Wide Web conventions, accessible only to authorized users such as those within a company.

Internet: The Global “network of Networks” a network that links computer networks all over the world by satellite and telephone, connecting users with service networks such as e-mail and the World Wide Web Encryption: The conversion of information into scrambled form that effectively disguises it to prevent unauthorized access.

Firewall: A barrier purposefully erected between any connected public networks and private network, made up of a router or access server or several routers or access servers that uses access lists and other methods to ensure the security of the private network.

VPN: (virtual private network): A method of encrypting point-to-point logical connections across a public network, such as the Internet. This allows secure communications across a public network.

DESIGN AND SIMULATION OF AUTHENTICATION AND ADAPTIVE SECURITY FOR DNS SYSTEM