Click here to go back to the Home Page! Click to know fun facts abot me Click here to send email to me    

Abstract

Content

Introduction

The Project Proposal

Literature Search

Project Plan

Investigaton & Result

Critical Appraisal

Conclusion

Suggestions for further work

References

Appendices

THE PROJECT PROPOSAL

2.1 Background Information on the company:
Sun Infosys Ltd. http://www.suninfosys.co.uk/ has a business of not only computer hardware but software and CCTV systems as well. Because of the varied systems there was a need for convergence and also availability so that the resources can be tapped and checked from virtually everywhere as the sales team and director is mostly mobile. This need coupled with the popularity of VPN systems gave me a chance to offer myself for this project and offer a solution to their problems. Sun Infosys Ltd. gladly accepted my offer.

The aims and objectives of this project is that to make proposals and then implement a suitable proposal that will allow me to investigate the best method and solution of implementing a Virtual Private Network for Sun InfoSys Ltd. between its Head Office, Branch office and to provide connectivity to its Managing Director, Sales team various Installers and Site Engineers requiring access to various resources.

Sun InfoSys Ltd. is established by I.T and Security experts to provide total solutions to retail business market. Probably Sun InfoSys Ltd. is the only one which provides total security systems by integrating with I.T Sun Infosys is the supplier and installer of various hardware (i.e. Computers, Printers, Point of Sale systems, Digital Internet enabled CCTV systems and software and hardware (All types of software needed by EPOS, CCTV, Client business) for retail business in the UK.

The company's aim is to add value in all areas of its involvement with customers whether simply offering technical support, single hardware components or efficient planning of a large systems integration and installation programme.

By making a Virtual Private Network system, I plan to cater to the company's current need of providing connectivity to its essential resources as the Managing Director Mr. S. Peter Andy is always on the move and needs to connect to the company resources from various national and international venues such as UK and Taiwan when doing
meetings & presentations with his suppliers in Taiwan . He needs to be able to have up to the minute data about stocks, current requirements, current problems and sales figures.

The company has a head office in the following location:
Head Office: No 8, Exmouth Rd. London , e17 7qq.
And also has a branch office in the following location:
Branch Office: No 772-776, Romford Rd. , London e12.

The sales team need to commute to various organizations to give presentations and also to convince potential clients, they frequently require on the move connections to resources such as sales figures, Sage, presentations, Technical Date and live demos and IP Based demonstrations if their digital CCTV systems.

The Support team and various installers and engineers require on the move access to technical resources, software, patches, and contact information from the company & Sage and when visiting client locations varied anywhere in London currently.
In light of the above data and information give to me, I propose a Virtual Private Network solution. This solution can be delivered under a UNIX system or on a Microsoft Windows based system .

2.2 The UNIX based solution entitles the following to be done:
Installation and configuration of a LINUX box (server). Installation of LINUX FreeS/WAN . LINUX FreeS/WAN is an implementation of IPSEC & IKE for Linux.
The abbreviation “IPSEC” stands for I nternet P rotocol SEC urity. It uses strong cryptography to offer both authentication and encryption services. The reason for Authentication is that it ensures that packets are from the right sender and have not been altered in transfer. The purpose of Encryption is that it prevents unauthorised reading of packet contents. Hence proving even better security.

These services enable to build secure tunnels through untrustworthy and unreliable networks. Everything that passes through the untrusted network is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. This results in forming a Virtual Private Network or VPN, a network which is effectively private even though it includes machines at several different sites connected by the insecure and public Internet.

The IPSEC protocols were developed by the IETF (Internet Engineering Task Force) and will be required as part of the next generation IPV or IPVersion 6. They are also being widely implemented for IP V4. In particular, nearly all vendors of any type of firewall or security software have IPSEC support either shipping or in development. There are also several open source IPSEC projects. Several companies are co-operating in the Secure Wide Area Network (S/WAN) project to ensure that products will interoperate. There is also a VPN Consortium fostering cooperation among companies in this area.
The LINUX / FreeS/WAN solution requires basic knowledge of LINUX and a moderate knowledge of networking protocols.

There are three popular authentication methods that are being supported by LINUX based FreeS/WAN:
•  RAW RSA keys - for FreeS/WAN to FreeS/WAN connections only.
•  A raw RSA key is literally a long string of alphanumeric characters, which is the encoding of either a public or private key. The public and private keys go together, so that with the private key the owner can “validate” the public key.

•  X.509 certificates (which are essentially RSA keys in a glorified format)
•  The X.509 certificates are the same encryption scheme as raw RSA keys, but use certificates. This allows a trust-inheritance scheme, and also the certificates themselves contain useful supporting information. The actual representation of a certificate is a file, and can be encoded in many different ways (plain-text, binary or combinations of the two) for example: - PEM, base64, pkcs12, etc.

•  PSKs (Pre-shared secret keys).
•  PSK's are not very secure at all. They are simply non-encrypted passphrases stored in plain-text, eg “my_secret_password”. They help get a connection set up if easy authentication is to be used (they are the easiest of any of these three to set up), but are insecure and should not be used in the long run.

Hardware Requirements for LINUX FreeS/WAN solution:
The hardware requirements are pretty basic. A 32-bit machine capable of running Linux, with two NICs (network interface cards; one is connected towards the internet, the other is connected to the “clients”).

2.3 The Windows Based solution consists of the following:
Requirements: A Windows based Server operating system ideally Windows Server 2003 and Microsoft ISA Server 2000.

Hardware requirements for Windows Server 2003 / ISA Server 2000 solution:
Computer and processor:
PC with a 133-MHz processor required; 550-MHz or faster processor recommended
Memory:
128 MB of RAM required; 256 MB or more recommended; 4 GB maximum
Hard disk:
1.25 to 2 GB of available hard-disk space
Drive:
CD-ROM or DVD-ROM drive
Display:
VGA or hardware that supports console redirection required; Super VGA supporting 800 x 600 or higher-resolution monitor recommended
   
 
    © 2004-2005 Rashid Yunus Khan. All Rights Reserved.