Design and Implementation of a Secure Campus Network

Author :- Swapnil Kushwaha

[email protected]

Abstract— Security has been a polar issue within the elevated availableness, glorious performance, good infrastruct
style associated readying of an enterprise network.AS ure, and security. Securing an enormous network has
increase and merging of new technologies like cloud been invariably a problem to associate IT manager.
computing, Enterprise quality and e-commerce, There are plenty of similarities between
network security has still remained as big increasing securing associate oversize network and university
challenge. A field network is a very important a part of network however everyone has its own problems and
field life and network security is important for a field. challenges. Gift academic establishments pay a lot
Field network faces challenges to handle core problems of attention thereto to enhance their students’ learning expertise.
with security that area unit ruled by specification. Architects of field can do this if IT managers hold on to the
Secured network protects an establishment from elemental principles self-addressed during
security attacks related to network. A university this reference design, particularly LAN or
network encompasses a variety of uses, like teaching, WAN property style issues, security, and centralized manage
learning, research, management, e-library, result men .
publication and reference to the external users. The network infrastructure style has become
Network security can stop the university network from an important half for a few IT organizations in recent years. A
differing kinds of threats and attacks. The theoretical vital network style thought for today's networks is making the
contribution of this study may be a reference model potential to support future growth in an
design of the university field network which will be exceedingly reliable, ascendable and secure manner. This
followed or tailored to make a sturdy however versatile needs the designer to outline the client's distinctive state of
network that responds to subsequent generation affairs, significantly the present technology, application,
necessities. A stratified design of the field network is and knowledge design.
organized with differing kinds of security problems for
making certain the standard of service. During this The physical network infrastructure is needed for a
project, a tested and secure network style is projected recent university network. University Management and IT
supported the sensible necessities and this projected manager could apprehend specifically what quite network they
network infrastructure is realizable with flexible require to line up, coming plans, and expected growths.
infrastructure.. Contingencies for future space, power,
and alternative resource should be a part of the physical set
Keywords—Campus Network, Security, WAN, up of a university. Building a recent university network
Security Threats, Network Attacks, VPN, VLAN, atmosphere conjointly contains practical and
Firewall. safety parts that conjointly transcend the IT department’s
obligations and skills.
I. INTRODUCTION Here, completely different analysis papers are consulted for
As the computers and networked systems thrive in security in field network. Lalita Kamari et al introduced varied
today’s world, the requirement for increase and robust pc current network info security issues and their solutions.
and network security becomes more and more necessary They delineated the present security standing of
and vital. The increase within the electronic network the field network, analyzed security threat to field network
system has exposed several networks to varied sorts of and delineated the ways to maintenance of network security
web threats and with this exposure. The security could [3]. The hierarchic network style is taken into account within
embrace identification, authentication and authorization, the projected system and correspondent network are scalable;
and police work camera to safeguard integrity, performance and security are increased; and therefore
convenience, irresponsibleness, and legitimacy of the network are simple to take care of.
component or network instrumentality. There is no laid- A hierarchic design of field network is organized
down procedure for planning a secure network. Network with differing types of traffic hundreds and
security has got to be designed to suit the requirements of security problems for guaranteeing the standard of service
a company.
Campus network is important and it plays a crucial role
II. BACKGROUND
for any organization. Network architecture and its There are various types of network such as Personal Area
security area unit as vital as air, water, food, and shelter. Network (PAN), Local Area Network (LAN), Metropolitan
Computer network security threat and specification area Area Network (MAN), Storage Area Network (SAN) and
it perpetually serious problems. Wide Area Network (WAN).
A field network is AN autonomous
A Personal space Network (PAN) may be an electronic
network underneath the management of a
network organized around a personal person.
university that is inside space| a neighborhood
Personal space Networks generally involve a mobile laptop,
geographical place and generally it should be a MAN.
a mobile phone and/or a hand-held data
Generally, IT manager during a network faces lots processor like a personal organizer. an area space Network
of challenges within the course of maintaining (LAN) may be a cluster of computers and associated devices
that share a typical communications line or wireless Security Issues in Campus Network
link. Typically, connected devices share the
There square measure a large vary of network attacks and
resources of one processor or server at intervals tiny
security threats, network attack methodologies, and
low geographical region. A
categorizations of network attacks.
Metropolitan space Network (MAN) may be
The question is: however can we minimize these network
a network that interconnects users
attacks? The kind of attack, as mere by the categorization
with laptop resources in a very geographical
of intelligence activity, access, or DoS attack, determines
region or region larger than that lined by even an
the suggests that of mitigating a network threat.
oversized native space Network
(LAN) however smaller than the realm lined by a Table 1.
large space Network (WAN). A field space Network Identify the threats
(CAN) may be a proprietary native space Network
(LAN) or set of interconnected LANs serving an Threat Internal Threat consequences
organization, office, university, or similar \
organization. A cargo hold Network (SAN) may be External
a high-speed network of storage devices e-mail with virus External Could infect system reading
that conjointly connects those storage devices with origination email and subsequently
servers. It provides block- level storage which will be internal spread throughout entire
accessed by the applications running on any use organization.
networked servers. a large space Network Network Virus External Could enter through
unprotected ports,
(WAN) may be
compromise whole network.
a geographically spread telecommunications
network. The term distinguishes a broader Web based virus Internal Could cause compromise
telecommunication structure from an browsing on system doing browsing
area space Network (LAN). in depth analysis or to external and subsequently affect
project has been tired the position of spec and site other internal systems.
security problems in field networks . Web server attack External to If web server is
web compromised hacker could
Network Architecture in Campus Networks
servers gain access to other systems
The field network of our study is intended during internal to network
a hierarchal manner that could be
a common apply of field and enterprise networks. It Denial of Internal External services such as
provides a standard topology of building blocks service attack web Email and ftp could
become unusable. If router is
that enable the network to evolve simply.
attack , whole network could
A hierarchal style avoids the requirement for a fully- go down.
meshed network within which all network nodes area Network User Internal Traditional border firewalls
unit interconnected. Attack ( Internal to do nothing for this attack.
Designing a field network might employee) anywhere Internal segmentation
not seem as fascinating or exciting firewall can help contain
damage.
as planning A science telephone network, AN science
video network, or maybe planning a wireless network. Types of Network Attacks:
However, rising applications like these area Classes of attack might embrace passive observation of
unit engineered upon the field foundation. Very like the communications, active network attacks, exploitation by insiders,
development of a house, if the engineering work is skipped and attacks through the service provider info systems and
at the inspiration level, the house can crack and eventually networks supply engaging targets and will be immune to attack
collapse. from the complete vary of threat agents, from hackers to nation -
If the inspiration services Associate in nursing states. A system should be able to limit harm and recover chop -
reference style in an enterprise network don't seem to chop once attacks occur. Here are some attacks types:
be rock-solid, applications that rely upon the services 1. Passive Attack
offered by the network 2. Active Attack
like science telecommunication, science video and 3. Distributed Attack
wireless communications can eventually suffer 4. Insider Attack
performance and responsibility challenges. To continue 5. Close-in Attack
the analogy, if a reliable foundation 6. Phishing Attack
is designed and engineered, the house can indicate years, 7. Hijack attack
growing with the owner through alterations and 8. Spoof attack
expansions to supply safe and reliable service throughout 9. Buffer overflow
its life cycle. 10. Exploit attack
11. Password attack
 Real Time Data: Some Network Attacks time knowledge that assailant mistreatment Net cut computer
code exploit the weakness within the homeless creative
A. Denial of Service (DoS):
person protocol because of the dearth of authentication in an
Denial of service (DoS) is an intermission of service either as
exceedingly field network.
a result of the system is destroyed, or as a result
of it's briefly out of stock. Examples embrace destroying a
computer's magnetic disc, cut the physical infrastructure, Fig 2. ARP Spoofing Attack in Campus network
and consumption all out there memory on a resource. Fig1
shows a true continuance of DoS attack knowledge during Traditional Campus Network Design
a field network mistreatment Cyberoam security
device. when piece Firewall and VLAN for DoS attack

Source Destination
Attack
Type Traffic Traffic
Applied Applied
Dropped Dropped
SYN
Yes 44844 No 0
Flood
UDP
Yes 48240 No 0
Flood
TCP
No 0 No 0
Flood
ICMP
Yes 27 Yes 429
Flood

Fig 3. Traditional Campus Network design

III. Mitigating known attacks

Here are some proposed steps:-
a. Proposed cost effective design of a Secure Campus
Network.
b. Creation of VLANs (Virtual LAN) for security.
c. Implement firewall for internal and external
security
d. Virtual private network use for branch campus

Fig1. Attacker IP List

Attacker tried DoS Attack however the

protection device born the traffic that we've
got shown within the diagram.

2 ARP Spoofing Attack

It may be a style of attack in which a malicious actor sends
falsified creative person area network. This leads to the
linking of Associate in Nursing attacker’s
Macintosh address with the IP address of a
legitimate laptop or server on the network. we have a
tendency to area unit showing some real
Cost Effective Secure Campus Network Design
B. Implementing Firewall for Internal and External
Security
A firewall works to watch and block or enable network
traffic, each incoming and outgoing, on a
personal network. whereas there’s a hardware
firewall to assist defend the field network security, this
firewall affects bound outgoing traffic and prevents
unauthorized incoming traffic. NetBIOS, SMTP
and different miscellaneous ports determined to cause a
security risk ar blocked within the outgoing direction.
This doesn't impact the bulk of
educational work connected programs used on the field.
C. Virtual Private Network (VPN) Use for branch
campus

A Virtual non-public Network (VPN) extends a

personal network across a public network, like the net.
It allows a laptop or network-enabled device to send and
receive information across shared or public networks as if it were
directly connected to the non-public network, whereas making
the most of the practicality, security and management policies
of the general public network. A VPN is formed by establishing
a virtual point-to-point affiliation through the employment of
dedicated connections, virtual tunneling protocols, or
Fig 4. Cost Effective Secure Campus Network Design traffic secret writing. Major implementations of
Implementation of Cost Effective Secure Campus VPN embody Open VPN and IPsec. Field VPN - provides a full
Network tunnel VPN service that's a secure (encrypted) affiliation to the
network from off field. Common uses of the field
Several challenges confront the implementation of a VPN embody access to file sharing/shared drives
secure network on a university field, however the and bound applications that need a field science address.
challenge central to the present topic is security. The field VPN features a 20-hour session limit.
Henceforth, we've got made
public intimately many attainable solutions in
maintaining a network, the planning of our network so
as to comprehend such solutions.
A. Creation of VLANs (Virtual LAN) for security
It's easy to ascertain why virtual
LANs became extraordinarily fashionable on networks of
all sizes. In sensible terms, multiple VLANs area unit just
about identical as having multiple separate physical
networks inside one organization — while not the
headache of managing multiple cable plants and
switches. as a result of VLANs section a
network, making multiple broadcast domains, they
effectively permit traffic from the printed domains to
stay isolated whereas increasing the network's information
measure, handiness and security. Here are some suggested
VLANs for better security of campus network and
reducing Broadcast.
Table 2.
Proposed VLAN for Campus Network

Proposed VLAN for Campus Network Fig 5. VPN Connectivity Diagram for Branch Campus

Sl VLAN ID VLAN Name

1 10 Student
2 15 Faculty
3 20 Admin
4 25 Computer Lab
5 30 Exam
6 35 Accounts
7 40 Internal Servers
 IV. CONCLUSION
Network architecture and its security are vital any
organization. If we have a tendency to follow
the stratified network style, network are ascendible,
performance and security are exaggerated, and
therefore the network are straightforward to take care
of. during this work, we have a tendency to planned a
compact price effective
secure field network style supported the
work atmosphere and needed measurability, security
and different aspects.
This planned network infrastructure is realizable
with convertible infrastructure.
It conjointly provides an summary of the most
effective practices in mitigating the glorious attacks
and recommendation on the way
to forestall reoccurrence attacks
REFERENCES
[1] NETWORK SECURITY, SULAIMON ADENIJI
ADEBAYO, Bachelor’s Thesis (UAS) Degree Program
In Information Technology Specialization: Internet
Technology.
[2] Network Architecture and Security Issues in Campus
Networks, Mohammed Nadir Bin Ali, Fourth
International Conference on Computing,
Communications and Networking Technologies
(ICCCNT) 2013.
[3] Security Problems in Campus Network and Its
Solutions, 1Lalita Kumari, 2Swapan Debbarma,
3Radhey Shyam, Department of Computer Science1-2,
NIT Agartala, India, National Informatics Centre, India.
[4] Network Security: History, Importance, and Future
“University of Florida Department of Electrical and
Computer Engineering Bhavya Daya ”.
[5] Security Analysis of a Computer Network, Jan
Vykopal, MASARYK UNIVERSITY FACULTY OF
INFORMATICS.