network monitoring using captive portal in ...greenskill.net/suhailan/fyp/report/037409.pdfcaptive...
TRANSCRIPT
NETWORK MONITORING USING CAPTIVE PORTAL
IN PFSENSE
ROHIDAYU BINTI OTHMAN
BACHELOR OF COMPUTER SCIENCE
(COMPUTER NETWORK SECURITY)
UNIVERSITI SULTAN ZAINAL ABIDIN
2017
NETWORK MONITORING USING CAPTIVE PORTAL IN PFSENSE
ROHIDAYU BINTI OTHMAN
Bachelor of Computer Science (Computer Network Security)
Faculty of Informatics and Computing
Universiti Sultan Zainal Abidin, Terengganu, Malaysia
MAY 2017
i
DECLARATION
I would like to declare this thesis has been satisfied in term of abstract, scope,
literature review, framework and also presentation. This thesis is produce based on my
own effort in gathering information from sources to complete it. The work is a result
from my investigation. I also understand that cheating and plagiarism is not allow in
university so I am sure this thesis never been produce by any student from University
Sultan Zainal Abidin or student from others university.
________________________________
Name : ..................................................
Date : ..................................................
ii
CONFIRMATION
This report entitled Network Monitoring Using Captive Portal In pfSense was
prepared and submitted by Rohidayu Binti Othman (Matric Number :
BTBL14037409) and has been found satisfactory in terms of scope, quality and
presentation as partial fulfilment of the requirement for Bachelor of Computer Science
(Computer Network Security) with honors in Universiti Sultan Zainal Abidin.
________________________________
Name : ..................................................
Date : ..................................................
iii
DEDICATION
Firstly, I am praised to Allah S.W.T because simplifying and blessing me to finish my
final year project successfully. Next, I would like to take this opportunity to thank my
supervisor, Dr. Mohd Fadzil Bin Abdul Kadir for his guidance, advice and idea
throughout preparation process of completing this project. Besides that, I would like to
thanks all panels for valuable comment and suggestion regarding this project. Without
all of them, this project is impossible to me for completing since this project must
follow requirement that given. Secondly, I would like to give my appreciation to my
beloved family’s members because they have given me support and encouragement
advice during process of final year project. Last but not least, I want to say thanks to
all my friends who always helping me to solve problem and give a lot of support
throughout this project.
iv
ABSTRACT
Nowadays, networking technology is increasing as well as a number of user
increase. Each user can communicate to transfer data information through a network.
However, when network continues to grow up, network administrator have to monitor
traffic flow or bandwidth that are traversing networks. Some of the user that accessing
the Internet without any purpose may cause a problem like a Bottleneck. The main
purpose is to design a simulation that can monitor network and optimize network
usage as well as limiting bandwidth and time. The importance of solving this problem
is enhanced network traffic performance. Next, One Time Password algorithm has use
as a technique which apply into captive portal. Captive portal is a web page that
control any Hyper Text Transfer Protocol (HTTP) browser access to the internet. A
user that want to access internet would be redirected to webpage for authentication.
This is make network administrator easy to monitor and handle of network traffic.
Besides, pfSense is an open source computer software distribution based on FreeBSD.
It can be installed on a physical computer or a virtual machine to make a dedicated
router for a network. Network activity is easy to monitor when the user is accessing
the Internet in real time. As an expected result of this project, the network
performance will smooth well as simulation can limit bandwidth and minimize users
that want to access Internet at one time.
v
ABSTRAK
Pada masa kini, teknologi rangkaian kian meningkat dan jumlah pengguna
juga bertambah. Setiap pengguna boleh berkomunikasi untuk memindahkan maklumat
melalui sesuatu rangkaian. Walau bagaimanapun, apabila rangkaian semakin
berkembang, pentadbir rangkaian perlu memantau aliran trafik atau bandwidth yang
melalui rangkaian tersebut. Sebahagian pengguna yang mengakses Internet tanpa
sebarang tujuan boleh menyebabkan masalah seperti Bottleneck. Tujuan utama adalah
untuk mereka suatu simulasi yang boleh memantau rangkaian dan mengoptimumkan
prestasi rangkaian disamping data akses dan masa boleh dihadkan. Kepentingan
menyelesaikan masalah tersebut adalah prestasi rangkaian trafik boleh
dipertingkatkan. Seterusnya, One Time Password algoritma digunakan sebagai teknik
yang dimasukkan kedalam captive portal. Captive portal adalah laman sesawang yang
mengawal Hyper Text Transfer Protocol (HTTP) browser untuk mengakses Internet.
Pengguna yang ingin mengakses Internet diarahkan ke laman sesawang untuk
pengesahan. Ini dapat memudahkan pentadbir rangkaian untuk memantau and
mengendalikan rangkaian trafik. Selain itu, pfSense adalah sumber terbuka bagi
pengedaran perisian komputer berdasarkan FreeBSD. pfSense bole dipasang pada
komputer secara fizikal atau mesin secara maya untuk mengkhususkan router pada
rangkaian. Aktiviti rangkaian adalah memudahkan bagi memantau apabila pengguna
mengakses Internet pada waktu sebenar. Berdasarkan hasil kajian daripada projek ini,
prestasi rangkaian akan menjadi lancar dan simulasi ini boleh menghadkan bandwidth
dan mengurangkan pengguna yang ingin mengakses Internet pada masa tertentu.
vi
CONTENTS
PAGE
DECLARATION i i
CONFIRMATION ii
DEDICATION iii
ABSTRACT iv
ABSTRAK v
CONTENTS vi
LIST OF TABLES viii
LIST OF FIGURES ix
LIST OF ABBREVIATIONS x
CHAPTER 1 INTRODUCTION
1.1 Background 1
1.2 Problem statement 2
1.3 Objectives 3
1.4
1.5
Scopes
Limitation of works
3
4
1.6 Report structure 4
CHAPTER 2 LITERATURE REVIEW
2.1 Introduction 6
2.2 Network 6
2.3 Bandwidth usage 7
2.4
2.5
Linux Operating System
One Time Password
8
9
2.6 Existing system
2.6.1 Securing Wireless Network using pfSense
Captive Portal with RADIUS Authentication
2.6.2 Building secure wireless access point based
on certificate authentication and firewall
Captive Portal
2.6.3 DNS-based Captive Portal with integrated
transparent proxy to protect against user
device caching incorrect IP address
10
11
12
vii
2.7
2.8
CHAPTER 3
2.6.4 Design and configuration of app supportive
indirect internet access using a
Transparent Proxy Server
2.6.5 Monitoring Local Area Network using
Remote Method Invocation
2.6.6 Secure network monitoring system using
mobile agents
2.6.7 Low cost web based remote monitoring and
controlling system
2.6.8 Android based network monitor
2.6.9 Two factor authentication using smartphone
generate one time password
Overview of the Project and Research
Summary
METHODOLOGY
13
14
15
16
17
18
19
24
3.1 Introduction 25
3.2 Flowchart 25
3.3
3.4
Framework
Algorithm
27
29
3.5
3.6
3.7
Captive portal
pfSense
Summary
30
31
31
CHAPTER 4 CONCLUSION
4.1 Introduction 32
4.2 Project limitation 32
4.3 Recommendation 33
4.4 Summary 33
REFERENCES 34
APPENDIX
37
viii
LIST OF TABLES
TABLE TITLE PAGE
1.1 First table in chapter 2 8
ix
LIST OF FIGURES
FIGURE TITLE PAGE
1.1 First figure in chapter 3 22
1.2 Second figure in chapter 3 24
1.3 Third figure in chapter 3 25
x
LIST OF ABBREVIATIONS
WiFi Wireless Fidelity
DHCP Dynamic Host Configuration Protocol
DNS Domain Name System
LAN Local Area Network
WAN Wide Area Network
AD Active Directory
NPS Network Policy Server
TLS Transport Layer Security
WLAN Wireless Local Area Network
SSID Service Set Identifier
Admin Administrator
HMAC Hash Message Authentication Code
1
CHAPTER 1
INTRODUCTION
1.1 Background
In an era of globalization, access Internet has become a part of life and it is
compulsory activity in everyday especially students. Besides, the Internet acts as medium
communication between one person to another person in the world. The Internet can also
become a resource for education which is teaching and learning. It is often connected by
using wired but today, many places have connected the Internet using wireless as simply
called as WiFi at home or building such as university and company. Based on that
statement, network usage will increases from time to time with an application that user can
use for access. This problem can be worse if it is not managed efficiently.
Next, Internet can be defined as a massive network of networks. A network is a
collection of computers and other devices that can send data to and receive data from one
another, more or less in real time (Elliotte Rusty Harold,2013). Development of network
may lead data access to become exceed. So, network administrator should monitor the
network using pfSense. In current research, pfSense is an essential software that use for
easy monitor the network. pfSense is open source software distribution based on FreeBSD.
pfSense is commonly used as a router, perimeter firewall, DHCP server, wireless access
point and DNS server. Moreover, pfSense also support installation of third-party packages
2
like Snort as intrusion detection and prevention (IDS/IPS). In order to overcome network
problem, pfSense must be configured as DHCP server. Switch is use to make two device
such as computer connected. Switch act as bridge. Switch is better performance in average
time compared with hub (Christopher Udeagha, R. Maye, D. Patrick, D. Humphery, D.
Escoffery and E. Campbell, 2016). It can send and receive information at same time and
faster than hub. Many peoples are use switch in forwarding a message to specific host.
Authentication is an importance process should use to validate access from authorized user
before he or she has given access to the resource. One Time Password is one form of
authentication that mostly use with other forms of authentication. In other word, One Time
Password algorithm is one of the simplest and most popular forms of two-factor
authentication today (Nilesh Khankari and Geetanjali Kale, 2014).
1.2 Problem Statement
Some of the problems are common causes of this project is developed. The problem is:
i. Congestion in network will limit communication between client (user) and
server so bottleneck problem may occur.
ii. Users are consume a lot of bandwidth at one time when access the Internet.
iii. Unexpected scalability and performance problem appear as number of network’s
user increase at one time.
3
1.3 Objectives
There are three main objectives to develop this project include:
i. To study existing LAN infrastructure.
ii. To design the simulation that can monitor and apply One Time Password
algorithm into captive portal.
iii. To implement the simulation that optimize network usage as well as
limiting bandwidth and time in pfSense.
1.4 Scopes
The scopes of this project involve two parties which are administrator and user.
1.4.1 Scope of administrator
Administrator can monitor and configure this simulation by set up server to
minimized network usage so administrator will limit data access and time.
1.4.2 Scope of user
The users should be able to get access Internet or network in real time so this
simulation can monitor network activity or network behavior.
4
1.5 Limitation of work
There is some limitation in this project which are:
i. Difficult to configure because network not in same range.
ii. This simulation depends on an internet connection to be in real-time mode
only.
iii. This simulation need two network interface card.
1.6 Report structure
Chapter 1
This chapter is most significant part which introducing project background,
problem statement, objective of project, project scope and limitation of work. The
introduction part gives a basic description on idea of the whole project.
Chapter 2
This chapter is basically describes concept of network monitoring with related
work for this project. Specific knowledge about network monitor comes from reading
material and sources such as books, journals, related website and existing project.
5
Chapter 3
This chapter explains about methodology that use to perform in this project. This
chapter also discuss about flowchart, framework and algorithm to shows concept of
process model in this research.
Chapter 4
This is a conclusion chapter of final year project. Limitation and recommendation
which discover into more advance are kindly stated there.
6
CHAPTER 2
LITERATURE REVIEW
2.1 Introduction
This chapter is about selected literature review that need to describe and
explain which are relate to a simulation will be developed. The literature review is a
text of a trusted paper such as journal, article and book that include current knowledge
about theoretical and methodological contribution. Main purpose of the literature
review is to identify research methods and strategies that should be applying in this
project. It is important to know and understand about all information from previous
research and takes a consideration before develop this project. A few previous
research or existing system will also discussed in this chapter. Therefore, the literature
review is carried out to be used as references in developing the proposed simulation.
2.2 Network
According to Data Communication and Networking Fifth Edition book, a
network is the interconnection of a set devices capable of communication (Behrouz A.
Forouzan,2012). In this definition, a device can be connecting device or host which
connects the network to other networks and transmission data will be occur.
7
These device are connect by using wired and wireless transmission media. Wired use
copper wires or fiber optic cable to send data and receive data. Instead of wireless
transmission, the data signal will travel on electromagnetic waves. In this case, we use
switch act as a bridge to make client and server are connected. For information, two
type of network that involve in this simulation which are Local Area Network (LAN)
and Wide Area Network (WAN). LAN is a privately own and connects some hosts in
single office, building or campus but it is also depends on organization needed. Most
LAN are design to allow resources to be shared between hosts. Normally, LAN is
limited size of area while WAN is wider size of area. Rate of transmission that
transmit between can be measured in kilobyte, megabyte or gigabyte per second.
2.3 Bandwidth usage
Bandwidth is defined as a range of frequencies that can be transmitted by a
particular system or medium (Jorge L. Olenewa,2012). Although this term often
define as maximum data transmission capacity but it is also refer as transmission
speed. The growth of technology will make bandwidth usage increase. So when
bandwidth usage increase then network administrator must handle and maintain
network performance as well as before this.
Moreover, bandwidth need to manage by an organization. Bandwidth
management is a generic term that describes the various techniques, technologies,
tools and policies employed by an organization to enable the most efficient use of its
bandwidth resources (Lockias Chitanana,2012). Bandwidth is measured in bits per
8
seconds and is particularly important in the case of transferring large amounts of data
over a network (Stanislaw Lota and Marcin Markowski,2015). Wireless technology
such as third generation (3G) and fourth generation (4G) have significant give impact
on the bandwidth. Most of universities are prefer use wireless means of providing
internet to wired connection using Wireless Local Area Network (WLAN) (Aryeh, F.
L., Asante, M. and Danso, A. E. Y.,2016). Many students are consume a lot of data
access for streaming video and surfing media social. For example, a twenty megabits-
per-second (20 Mbps) is sufficient for download high definition video. Video-based
application are require large amount of bandwidth because content video and audio in
there.
2.4 Linux Operating System
Linux is an open source operating system that available in the form of
distribution from companies such as Red Hat. It is freely available of source code and
use under GNU General Public License. Advantage of Linux is that it offer user
variety of supported file system (Eduardo Ciliendo and Takechika Kunimasa, 2007).
Linux does not require a license to install because free operating system for individual
use. Linux is powerful and unique operating system compared with other operating
system such as Windows and Macintosh (Hussain A. Alhassan and Dr. Christian
Bach, 2014). Moreover, Linux is user-friendly when writing application code through
an accessing network so that why suitable in this project. Many programmer also
choose Linux because it is support multi-processing compare than other operating
system. pfSense is compatible with Linux although pfSense is a software based on
9
Free BSD. Linux is much better than Windows because Linux quite rarely crashes.
According to the pfSense are install in computer, Ubuntu Linux has choose as
operating system in the project. Ubuntu has been the better performer as far as the
networking performance (Saranya S. Devan, 2013).
2.5 One Time Password
One Time Password schemes has been introduced that provide secure
authentication. One Time Password is a popular algorithm or technique of two-factor
authentication. A One Time Password is valid for only one login session (Nilesh
Khankari and Geetanjali Kale, 2014). In other word, One Time Password is unlike a
static password because it is changes each time the user want to log in. According to
article Survey on One Time Password, One Time Password are form of strong
authentication, provide much better protection to online bank account, corporate
network and other system that contain sensitive information. Himika Parmar, Nancy
Nainan and Sumaiya Thaseen are proposed about an authentication service that image
based and eliminate text password in their article (Himika Parmar, Nancy Nainan and
Sumaiya Thaseen, 2012). This paper integrate image-based authentication and HMAC
based one time password for achieve level of security. User should obtain One Time
Password to access their personal account after image authentication.
10
2.6 Existing system
2.6.1 Securing Wireless Network using pfSense Captive Portal with RADIUS
Authentication
This paper discuss the authentication method to avoid unauthorized users to
access. Effective ways of achieving a secure wireless network authentication is by
using a Captive Portal with Radius authentication method. Wireless network allow
users easy making connection although within local coverage of network. However,
some problem about wireless network is security. The improvement security of
WLAN is by using secure mechanism called Captive Portal. The advantages of that
mechanism are users will direct to login page when they open web browser for
accessing the internet and users does not need install access controller software on
their mobile device. Windows 7 and Windows 8 are setup as a client while Windows
Server 2012 has Active Directory (AD) and Network Policy Service (NPS) acts as
local RADIUS server. AD is responsible about user’s credential for authentication.
NPS is responsible for allowing network administrator create network policies to
authenticate and authorize connections from wireless access points and authenticating
switches. In this project, pfSense can be function as a perimeter firewall, router, Proxy
server and DHCP server. However, pfSense prefer act as a firewall in this case.
Captive Portal setting up with RADIUS so combination both of them will be more
secured. Disadvantage in this project is difficult for large organization within over
2000 user login credential in AD. (Aryeh, F. L., Asante, M. and Danso, A. E. Y.,2016)
11
2.6.2 Building secure wireless access point based on certificate authentication
and firewall Captive Portal
According to this paper, discuss about securing wireless local area network
used WPA2 Enterprise based PEAP MS-CHAP and Captive Portal. Protected
Extensible Authentication Protocol (PEAP) is a member of family of Extensible
Authentication Protocol (EAP) protocols. It is use in Transport Layer Security to
create encrypted channel between authenticating PEAP client. Moreover, PEAP does
not specify an authentication method but provide additional security for other EAP
authentication protocol. PEAP MS-CHAP will utilize Active Directory Certificate
Service to generate digital certificate that install on NPS. Authentication process
occurs in two phase. Firstly, use protocol EAP for opening channel TLS. Second,
authentication mechanism of username and password that connect WLAN through
SSID Internal by using protocol EAP. Proposed method in this research that have two
level security which are firewall with pfSense Captive Portal and WPA2 Enterprise.
On the other hand, this paper focus on two SSID which is SSID for guest and internal
user. Next, advantage of this paper is use strong authentication to protect data
transmission. Basically, the evaluation and analysis process are compulsory in this
project because need for testing effectiveness method that apply. Complementary to
this, WLAN that use PEAP MS-CHAP security is still vulnerable to airodump-ng and
aireplay-ng tools. Aireplay-ng tool is to inject data packet to client that connect to
access point. After injection occur, aireplay-ng will force that client to re-
authentication again. In re-authentication process, airodump-ng will capture
handshake process and save them into a file. (B. Soewito and Hirzi,2014)
12
2.6.3 DNS-based Captive Portal with integrated transparent proxy to protect
against user device caching incorrect IP address
This paper present about DNS-based captive portal. Name server receive
Domain Name System (DNS) request and queries login database. Then, name server
respond to DNS request with Internet Protocol (IP) address of web server as resolve IP
address of specified domain name when user device is logged in. Web server acts as
transparent proxy between user device and non-local target Uniform Resource Locator
(URL). Captive portal involves a DNS server resolving all domain names for
unlogged in user devices to the IP address of a login portal. Advantage from this paper
is about good in security. This because when user want to access a website, they need
logged in portal first before that website successful appear. Second advantage is make
organization easy for managing users because possible instruct users to manually
navigate URL or IP address by placing instructional card at specific place. Instead,
they expect all process are automatically. Disadvantage of DNS-based captive portal
is only work if user initially attempt to browse to URL with domain name address.
Next, perform DNS poisoning for unlogged in user device. The user device may cache
IP address of login portal even after they are logged in. Solution to that problem is
configuration DNS server of captive portal to provide low time-to-live (TTL). TTL
will resolve domain name to IP address of login portal for unauthorized user device.
TTL should complete prevent user device from cache an incorrect IP address.
However, no guarantee user device will respect TTL. (Peter S. Warrick and David T.
Ong, 2014)
13
2.6.4 Design and configuration of app supportive indirect internet access using a
Transparent Proxy Server
Company or institute need to perform many task such as web filtering, caching
and user monitoring but only allow access Internet after authentication by using
explicit proxy. According that statement, this paper has been proposed transparent
proxy and captive portal to get application work with it. A pfSense use as firewall
which has both proxy server and captive portal services integrated on single platform.
User cannot be challenged for credential by proxy server itself since transparent proxy
is use. So, user have authenticate by using captive portal. Transparent proxy has been
proposed for fulfill filtering, caching and monitoring requirement. Advantage from
this approach is proxy server will allowing client computer to make indirect network
connection to other network services. Transparent proxy also does not require any
configuration on client’s end and makes use of efficient forwarding mechanism. More
importantly, ideal choice for web accelerator and web filtering gateway. Disadvantage
of transparent proxy deployment, web browser is unaware that it is communicate with
a proxy. Captive portal technique also use in this research for preventing user from
access network until authentication occur. This way may protect confidential
information. (Pranjal Sharma and T. Benith, 2014)
14
2.6.5 Monitoring Local Area Network using Remote Method Invocation
In this paper, discuss about control and monitor network of Local Area
Network (LAN) by using Remote Method Invocation (RMI). This technique allow
java object execute on one machine to invoke method of a Java object that execute on
another machine. Stub has been generated before use of client and server. Stub is a
java object that reside on client machine and function of stub is present same interface
as remote server. Network monitoring is use of system that constantly monitor
computer network and then, notify network administrator if any problem detect. Java
RMI is mechanism that allow one to invoke method on object that exist in another
address space. Subsequently, Java RMI use for providing authority to administrator by
stopping any illegal process and enable to monitor whole of LAN. Advantage of that
technique is use wireless network so can get Internet Protocol address of client and
keep pinging every time for checking latest status LAN. Another advantage is instant
of client’s machine image should be saved to database when server shutdown client’s
machine. The action will reduce size of database. Disadvantage of this project is vast
functionalities regarding it performance. (Harsh Mittal, Manoj Jain and Latha Banda,
2013)
15
2.6.6 Secure network monitoring system using mobile agents
This paper represent about network monitoring system that follow decentralized
approach for overcome problem of existing system. Decentralized approach are
related with secure multi-agent based on architecture which create different mobile
agents that has been proposed. Main proposed of the system to reduce network
bandwidth by using mobile agent for monitoring the network. Problem of existing
system are heterogeneity in network, limited amount of bandwidth, lack of resources,
lack of fault tolerance capability and huge amount of traffic generated on central
server. Beside, architecture of system have one Master Controller Agent (MCA) and
different Controller Agent (CA). Mobile agent is use to control and manage network
traffic as well as network infrastructure require. Advantages of the system are ability
to achieve confidentiality and integrity and reduce network bandwidth. Moreover,
load balancing problem can overcome after that approaches apply on the system. Each
client is independent for performing their own process and given result to server.
Disadvantages is process of system must be slow and delay at a certain time. (Larkins
Carvalho and Nielet Dmello, 2013)
16
2.6.7 Low cost web based remote monitoring and controlling system
In this paper, discuss about design and implement web monitoring and
controlling system which is capable of monitoring visually and controlling device at
remote areas autonomously through web page. Embedded system is a special-purpose
computer system that design to perform one or few dedicated function often with real-
time computing constraint. Besides, embedded system is require to run at speed of
environment. Advantage of this system is dedicated to specific task may reduce size
and cost of product and also increase reliability and performance. However, this
system also have limitation or disadvantages. Disadvantages of the system is only
focus on specific task only. General-purpose computer can do many different tasks
depend on programming. This is reason might be challenge to design embedded
system because need to conform to specific set of constraint for application. Another
challenge for embedded system design is perform an accurate worst case design
analysis on system with statistical performance characteristic. (V. Srinivas and
V.V.S.R.K.K. Pavan. Bh, 2015)
17
2.6.8 Android based network monitor
The paper is purpose about develop a system that user not available at the actual
site can monitor the network. This method can remote Local Area Network (LAN) by
using a mobile-based application, ANDROID. Objective this system is develop a
system where administrator can execute various command to control activities of
network even when not present at actual site of network using a mobile-based app.
Administrator can enter command through ANDROID app which would sent to
remote server. Next, administrator would be authenticated using SHA (Secure hash
algorithm) and gain right to monitor network. Two ways of control the network are
enter command through mobile device and control network directly through server.
Administrator is responsible to check network load on LAN by typing a command.
Advantages of system are high throughput, scalability, availability, reliability and
transparency. Limitation on this system are security model and algorithms of GPRS
were developed in secrecy and were never published. The system also does not
support duplex communication between client and server. (Aditya Bhosale, Kalyani
Thigale, Sayali Dodke and Tanmay Bargal, 2014)
18
2.6.9 Two factor authentication using smartphone generate one time password
According to paper, proposed a system that involves generating and delivering
a One Time Password to mobile phone. The authors also explain about method of two
factor authentication implemented using One Time Password (OTP) generate by
Smartphone. Smartphone use as token for creating OTP. OTP is valid for short period
of time only and it is generated and verified using Secured Cryptographic Algorithm.
High security is the main advantage of using OTP. Security is the major concern in all
sector. So OTP can solve a problem about password because it is valid in one session
only. However, this system also have disadvantage. More than one two-factor
authentication system require multiple token. From user’s point of view, token gives
drawback which include cost of purchasing, issuing and managing the token as well.
(Sagar Archarya, Apoorva Polawar and P.Y.Pawar, 2013)
19
2.7 Overview of the Project and Research
Table 2.1 : Comparison table of project and research
Author/Year Project Name Technology/
Technique
Description Advantage Disadvantage
Aryeh, F. L.,
Asante, M. and
Danso, A. E. Y.
(2016)
Securing Wireless
Network Using
pfSense Captive
Portal with
RADIUS
Authentication
Radius
authentication
- Authentication method to avoid
unauthorized users to access
- Effective ways in overcome
problem is use a Captive Portal with
Radius authentication method
- Users will direct to login
page when they open web
browser for access internet
- Users does not need
install access controller
software on their mobile
device
Difficult for large
organization within
over 2000 user login
credential in Active
Directory
B. Soewito and
Hirzi
(2014)
Building secure
wireless access
point based on
certificate
authentication
and firewall
Captive Portal
WPA2
Enterprise
- Secure wireless local area network
used WPA2 Enterprise based PEAP
MS-CHAP and Captive Portal
- Two phase of authentication
process are use protocol EAP and
authentication mechanism of
username and password
Use strong authentication
to protect data transmission
Use PEAP MS-
CHAP security is
still vulnerable to
airodump-ng and
aireplay-ng tools.
20
Peter S.
Warrick and
David T. Ong
(2014)
DNS-based
Captive Portal
with integrated
transparent proxy
to protect against
user device
caching incorrect
IP address
Integrated
transparent
proxy
- Captive portal involves a DNS
server resolve all domain names for
unlogged in user devices to IP
address of a login portal
- Solution of problem is
configuration DNS server of captive
portal to provide low time-to-live
(TTL)
- Good in security
- Make organization easy
for managing users
Only work if user
initially attempt to
browse to URL with
domain name
address
Pranjal Sharma
and T. Benith
(2014)
Design and
configuration of
app supportive
indirect internet
access using a
Transparent
Proxy Server
Transparent
Proxy Server
- Proposed transparent proxy and
captive portal to overcome problem
- Transparent proxy use for fulfill
filtering, caching and monitoring
requirement
- Captive portal technique use in
this research for preventing user
from access network until
authentication occur
- Allow client computer to
make indirect network
connection to other
network services
- Does not require any
configuration on client’s
end and makes use of
efficient forwarding
mechanism
Web browser is
unaware that it is
communicate with a
proxy
21
Harsh Mittal,
Manoj Jain and
Latha Banda
(2013)
Monitoring Local
Area Network
using Remote
Method
Invocation
Remote
Method
Invocation
- Control and monitor network of
Local Area Network by using
Remote Method Invocation
- Allow java object execute on one
machine to invoke method of a Java
object that execute on another
machine
- Java RMI is mechanism that allow
one to invoke method on object that
exist in another address space and
use for providing authority to
administrator by stopping any illegal
process and enable to monitor whole
of Local Area Network
- Use wireless network so
can get Internet Protocol
address of client and keep
pinging every time for
checking latest status LAN
- Instant of client’s
machine image saved to
database when server
shutdown client’s machine
Vast functionalities
regarding its
performance
Larkins
Carvalho and
Nielet Dmello
(2013)
Secure network
monitoring
system using
mobile agents
Mobile agents - Network monitoring system that
follow decentralized approach for
overcome problem of existing
system
- To reduce network bandwidth by
using mobile agent for monitoring
the network
- Ability to achieve
confidentiality and
integrity
- Reduce network
bandwidth
Process of system
slow and delay at a
certain time
22
V. Srinivas and
V.V.S.R.K.K. Pavan.
Bh
(2015)
Low cost web based
remote monitoring
and controlling
system
Embedded
system
- Web monitoring and
controlling system is capable
of monitoring visually and
controlling device at remote
areas autonomously through
web page
- Embedded system is special-
purpose computer system
design to perform one or few
dedicated function
- Dedicated to
specific task may
reduce size and
cost of product
- Increase
reliability and
performance
Only focus on specific
task only
Aditya Bhosale,
Kalyani Thigale,
Sayali Dodke and
Tanmay Bargal
(2014)
Android based
network monitor
Android - Develop system that user not
available at the actual site can
monitor the network
- Administrator is
authenticate using Secure hash
algorithm and gain right to
monitor network
- Two ways of control
network are enter command
through mobile device and
control network directly
through server
- High throughput
- Scalability
- Availability
- Reliability
- Transparency
- Security model and
algorithms of GPRS
develop in secrecy and
never publish
- System does not
support duplex
communication
between client and
server
23
Sagar Archarya,
Apoorva Polawar and
P.Y.Pawar
(2013)
Two factor
authentication using
smartphone generate
one time password
One Time Password - System that involves
generating and
delivering a One
Time Password to
mobile phone
- OTP is valid for
short period of time
only
High security Cost of purchasing,
issuing and managing
the token
24
2.8 Summary
This chapter provides overview regarding the concept of the system. Based on
the study that has been made it shows the literature review is one of the important part
in research. Literature review will help in determine idea about technology has been
studied before or not. Besides, research article must be related with project that
proposed. Example source of research paper can be believed for study about research
are IEEExplore, Springer and ScienceDirect. Every article and journal need to
compare each other for decide which one should be selected.
25
CHAPTER 3
METHODOLOGY
3.1 Introduction
Methodology is a systematic way that solve the research problem by applying
technique, algorithm or method. It comprises theoretical analysis of methods and
principles associated with a branch of knowledge. Methodology also define as
principles, rules or procedure that use for developing a project or system. According
to the project, methodology that shows in this chapter are flowchart and framework. In
order to overcome problem stated in 1.2, this methodology builds referring to the three
main objectives stated in 1.3. First, to study existing LAN infrastructure, second to
design the simulation and lastly, to implement the simulation. This project will be
focused on network monitoring.
3.2 Flowchart
Flowchart is a type of diagram represent algorithm or process where it is shows
various of box has been connected with arrow. It is means visual diagram presenting
flow of data through information processing system in sequence to be performed in
solving a problem. Flowchart also shows step by step for user authentication before
administrator has monitor their network usage by limiting their bandwidth or time of
access Internet.
26
These flowchart plays a vital role in solving a problem that relate with programming.
It is quite helpful in understanding a complicated problem that appear by solving this
problem wisely. Besides, box represent as a operation of process, circle represent as a
connector or joining of two parts of program and arrow represent as a flow line.
Figure 3.1 Flowchart
Figure 3.1 shows flowchart for user authentication of simulation in this project.
This simulation has involve user and administrator. According to the project, two
computer are needed to use as requirement for testing. One computer represent as
DHCP server while another computer act as client’s computer or user’s computer.
Moreover, pfSense is install in virtual box of computer that acting as DHCP Server.
Users must be authenticated by captive portal before get access the Internet.
So, users should enter username and password for verifying and identifying by
administrator.
27
Once users cannot pass in authentication, users cannot access the Internet although
user try hundreds of times to enter browser or access the Internet. When users enter a
correct username and password, they are easy to access the Internet.
Next, administrator have to monitor network usage of users. Administrator
able to enter total of bandwidth and time consume by users for limiting or maximize
usage of network in configuration of pfSense. pfSense will be recorded IP address or
mac address of each computer that access the network.
3.3 Framework
This part will be discussed and focused on simulation of framework.
Simulation is imitation of operation that applied as real world process or system over a
time. This simulation are require a model has develop and that model represents the
key characteristics or functions of selected system. This simulation of framework
define a process has need for operationalization of model that show design of network
system will develop in the future. According to the project, it is explain design of
network system which involve device such as computer and switch for making
connection between them. Furthermore, this framework are helps to understand
concept of monitor network usage in Local Area Network by administrator.
28
Figure 3.2 Framework
Figure 3.2 shows simulation model of network for user’s computer get Internet
access after connecting with DHCP Server. Switch in this case act as bridge that
making both of computer are connected. A computer has install with pfSense is
configure as DHCP Server for monitoring network usage of user. DHCP Server and
user’s computer are connected by switch has form intranet. Actually, intranet is a
private network that contain within a enterprise. Intranet is involve connection through
one or more gateway computer to the outside Internet. In this case, use of intranet for
sharing data access or Internet from DHCP Server. User’s computer should go
through captive portal first before user can access network.
29
3.4 Algorithm
Figure 3.3 shows proposed algorithm that apply into captive portal is One Time
Password algorithm.
Figure 3.3 Proposed algorithm
One Time Password algorithm is a representative technique that applying in
the project for securing relate to authentication of users into captive portal. One Time
Password is a different technique than others where different password is generate
each time a password used. In other word, One Time Password is randomly generated
password and need sending to users by using email or mobile phone services. As an
administrator, when users want to enter a captive portal, administrator need to send
one time password code to the users after they are making pre-register. Users will be
allowed into the network after they are successful authenticate by captive portal.
30
Password usually for secure need consist of 8 characters with at least one digit, one
capital letter and one small letter. Advantage of One Time Password is not vulnerable
to replay attack. This means intruder who want to attack the system does not easy
enter that system because intruder need to break the password first.
3.5 Captive Portal
Captive portal is a technique that imposes user’s authentication by presenting
their credential before gaining access to the network (Surasak Sanguanpong and
Kasom Koht-Arsa, 2013). Moreover, it is allow users to redirection through page
login and then, they will get access the network. When user enter web page of browser
is automatically redirected to login page on an authentication web server. According
to captive portal, the user must insert credentials which are username and password so
after authentication, user can access to the Internet. Administrator need to identify and
verify user that access the network. Captive portal also ways or method of security is
provide before someone want to access Internet.
31
3.6 pfSense
pfSense is a open source computer software and customized distribution of
FreeBSD which configure computer into DHCP Server. pfSense need to download
and install in virtual box. After successful install in virtual box, administrator must
configure and upgrade pfSense first in web-based interface. Besides, pfSense setup
should have two network interface card in order to run system. pfSense use single
XML file to store configuration all services available in pfSense software or machine.
It is allow pfSense to be easily back up. Furthermore, pfSense services is written in
PHP which make easy to extend current code base.
3.7 Summary
This chapter is discuss the methodology use to complete this project. In chapter
methodology shows flowchart, framework and algorithm. The elements are important
to make this project more systematic. Because of that, methodology must be followed
during simulation development in order to complete and making the project
successful. One Time Password algorithm is a technique that applying in this project.
Overview about captive portal and pfSense which important to be discussed in this
chapter. The right methodology can help in project to be done accordingly to the Gantt
Chart.
32
CHAPTER 4
CONCLUSION
6.1 Introduction
This chapter can be concluded the overall contribution of project Network
Monitoring using Captive Portal in pfSense. The conclusion of the project is discuss
about the conclusion of the simulation that gives benefit to the administrator and
users. Project limitation will be stated all the difficulties that have been faced
throughout process of development. Recommendation should be discussed in giving
suggestion in the future project.
6.2 Project limitation
There are several problems and constraints that occur throughout the development
of this project. During completing this project proposal, a few of limitation that comes
up. These problems and constraints in conducting this study are:
This project must have same network range for LAN and WAN coverage
Difficulties to use wireless in campus
Cannot use whether hub or modem in this project
This project need use two network interface card
This project must be depends on internet connection either performance
network is slow or strong
33
6.3 Recommendation
This simulation will be better if all requirement for this project can be fulfilled. So
this project of simulation can widely used by everyone especially administrator to
monitor network performance in easy way.
6.4 Summary
As a conclusion, this project proposal will help any organization or company
administrator in easily monitor of network performance. Regarding to the project, it
will make reducing the cost or budget in any organization. This project can be
minimized network usage by limiting bandwidth and time. A lot of discussion has
been made that describe about network monitoring in pfSense and also study of
literature review in research paper based on the previous related works. Last but not
least, this project hope can help many people especially administrator and users.
According to the statement, this project will be beneficial and useful to all
organization and clients. On the other hand, these limitation can monitor network
usage through Captive Portal so users does not access network without any purpose in
the future.
34
REFERENCES
[1] Elliotte Rusty Harold. 2013. Java Network Programming Fourth Edition.
pp. 26.
[2] Behrouz A. Forouzan. 2012. Data Communication and Networking Fifth
Edition. pp. 7-17.
[3] Jorge L. Olenewa. 2012. Guide to Wireless Communication Third Edition.
pp. 18-56.
[4] Stanislaw Lota and Marcin Markowski. 2015. Performance analysis of virtual
computer network based on Cisco cloud services router 1000v in a private
cloud environment. Vol. 7, No. 2, pp. 117-132.
[5] B. Soewito and Hirzi. 2014. Building secure wireless access point based on
certificate authentication and firewall Captive Portal. EPJ Web of Conferences
68. doi:10.1051/epjconf/20146800029.
[6] Aryeh, F. L., Asante, M. and Danso, A. E. Y. 2016. Securing Wireless
Network using pfSense Captive Portal with RADIUS Authentication. Ghana
Journal of Technology, Vol. 1, pp. 40-45.
[7] Peter S. Warrick and David T. Ong. 2014. Dns-based Captive Portal with
Integrated transparent proxy to protect against user device caching incorrect IP
address.US 2014/0344890 A1.
[8] Pranjal Sharma and T. Benith. 2014. Design and Configuration of App
Supportive Indirect Internet Access using a Transparent Proxy Server.
International Journal of Modern Engineering Research, Vol. 4, Issue. 10,
pp. 2249-6645.
35
[9] Harsh Mittal, Manoj Jain and Latha Banda. 2013. Monitoring Local Area
Network using Remote Method Invocation. International Journal of Computer
Science and Mobile Computing, Vol. 2, Issue. 5, 50-55.
[10] Larkins Carvalho and Nielet Dmello. 2013. Secure network monitoring system
using mobile agents. International Journal of Modern Engineering Research,
Vol. 3, Issue. 3, pp. 1850-1853.
[11] V. Srinivas and V.V.S.R.K.K. Pavan. Bh. 2015. Low cost web based remote
monitoring controlling system. International Journal of Innovative Research
in Electronics and Communication, Vol. 2, Issue 4, pp. 22-34.
[12] Aditya Bhosale, Kalyani Thigale, Sayali Dodke and Tanmay Bargal. 2014.
Android Based network monitor. International Journal of Computer Science
and Information Technology & Security, Vol. 4, No.2, pp. 2249-9555.
[13] Lockias Chitanana. 2012. Bandwidth management in universities in
Zimbabwe: Towards a responsible user base through effective policy
implementation. International Journal of Education and Development using
Information and Communication Technology, Vol. 8, Issue 2, pp. 62-76.
[14] Eduardo Ciliendo and Takechika Kunimasa. 2007. Linux Performance and
Tuning Guidelines First Edition. pp. 15.
[15] Hussain A. Alhassan and Dr. Christian Bach. 2014. Operating System and
Decision Making. ASEE 2014 Zone I Conference, pp. 80-85.
[16] Saranya S. Devan. 2013. Windows 8 V/S Linux Ubuntu 12.10 – Comparison
Of The Network Performance. International Journal of Research in
Engineering and Technology, Vol. 2, Issue 3, pp. 577-580.
36
[17] Surasak Sanguanpong and Kasom Koht-Arsa. 2013. A Design and
Implementation of Dual-Stack Aware Authentication System for Enterprise
Captive Portal. pp. 118-121.
[18] Nilesh Khankari and Geetanjali Kale. 2014. Survey on One Time Password.
International Journal of Computer Engineering and Application, Vol. 9,
Issue 3. pp. 2321-3469.
[19] Christopher Udeagha, R. Maye, D. Patrick, D. Humphery, D. Escoffery and E.
Campbell. 2016. Comparative analysis of performance of hub with switch
local area network (LAN) using riverbed in University of Technology (Utech),
Jamaica. pp. 118-126.
[20] Salim Istyaq. 2016. A New Technique For User Authentication Using Numeric
One Time Password Scheme. International Journal of Advanced Trends in
Computer Science and Engineering, Vol. 4, Issue 5, pp. 163-165.
[21] Himika Parmar, Nancy Nainan and Sumaiya Thaseen. 2012. Generation Of
Secure One Time Password Based On Image Authentication. pp. 195-206.
[22] Sagar Archarya, Apoorva Polawar and P.Y.Pawar. 2013. Two factor
authentication using smartphone generate one time password. ISOR Journal of
Computer Engineering, Vol. 11, Issue 2, pp. 85-90.
37
APPENDIX
Gantt Chart (FYP1)
Week
Activity
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Project briefing by KPP
Discussion and selection of
proposal topic
Project title registration
Detailed about background
project, problem statement,
objectives, scope, limitation
Detailed about Literature
Review
Presentation of proposal and
presentation 1
Correction of proposal
Framework discussion
Configuration of pfSense
Draft proposal submission
Correction of proposal
Discussion and preparation of
project presentation
Conference of project
presentation
Final submission report