The major focus of the study is to implement an open source firewall technology system intended for La Consolacion University Philippines (LCUP). The major concern of the project is to prevent an unauthenticated access to the Network Infrastructure of LCUP. The system is capable to detect, monitor, control and filter incoming and outgoing packets. A PfSense, is an open source network firewall and free distribution, FreeBSD customizable, having a Web interface was used. Two (2) PC-based routers were installed for two (2) separated campuses connected via VLAN. The study was found “very acceptable” based on the following criteria: data integrity, data confidentiality, non-repudiation and reliability. This shows that the system is highly recommendable for implementation.
unauthenticated access, open source, FreeBSD, PfSense, packets, La Consolacion University Philippines.
Schools today have already installed local area network (LAN) such as School Administration and Management System (SAMS) and the Multimedia Learning Center (MMLC). Others made use of leased lines to maintain a Wide Area Network (WAN). Leased lines ranging from ISDN (Integrated Services Digital Network) to OC3 (Optical Carrier-3) fiber provides the organization with a way to expand its private network beyond its immediate geographic area. A WAN had obvious advantages over a public network like the internet when it comes to reliability, performance and security. But maintaining a WAN, particularly when using leased lines, can become quite expensive and often rises in cost as the distance between the offices increases.
Some schools have implemented new information technology (IT) projects like school intranet system to let teachers and students have interactive communication and collaboration. It is envisaged that the operation of schools will be adversely affected if their IT facilities do not function properly or data cannot be assessed.
There are many potential causes of damage to computer systems one of which may be human by nature. Such kind of causes is generally called threats. Human threats are hacking or the unauthorized access of network resources; spoofing or the impersonate other users to access network resources; theft and willful destruction. Other human threats include equipment and power failure, human errors and mis managed systems.
These threats may induce risk of losses to schools.Nowadays, more and more IT facilities are integrating into school networks, including teaching materials, valuable information and data files which are stored in school systems. In order to protect them against threats and to reduce the risk of losses, communications security system is exigent. (AT &T, 2007)
Background of the study
LCUP has two separate campuses, the first campus is situated beside historical Barasaoin church in San Gabriel Malolos City, and as the university expanded, a second campus was established in Catmon, Malolos. With the establishment of the new campus, most of the key offices have been transferred in the administration building at Catmon (i.e. President Office, Finance Office, Registrar’s Office, and the offices of the Deans.).
The information and communications systems technology were also developed and implemented these are: Web server, Email server, Database and File Server, On-line Registration and Enrolment System, Web Public Access Library System, Payroll System and Course Management System.
With these new innovations and development of the network and data communications systems, the university is half-way through in promoting paperless and digitized communications. However, the campuses are separated by barrio and barangay, the Wide Area Network (WAN) or Internet is the cheapest backbone or device to facilitate the Local Area Network (LAN) and data communications of two campuses compare with lease line, ISDN and optical fiber medium. But information traveling across a shared IP-based network, such as the Intranet, could be exposed to many devious acts such as eavesdropping, forgery and manipulation, hence, the need for a implementation of protection method.
The study attempted to deliver a Virtual Private Network and protection method services in the form of PfSense firewall network tha provides connectivity of the two campuses and provides data security to the traffic flowing in the different offices of the university. It also addresses security issues by peer authentication, access control, per-packet authentication and data integrity, and by encrypting the traffic.
Scope and Delimitation
The study focused on the implementation of open VPN and Protection Method using PfSense for La Consolacion University Philippines. Computer networks are utilized for sharing services and resources. Information traveling across IP-based network could be exposed to devious acts such as forgery and manipulation. The implementation of this security system is an attempt to protect any university information that needs to be sent over a network.
The development processes cover software compilation, system configuration, system assessment, implementation, testing, evaluation, and documentation. It is an expressed limitation of the study that the evaluation of the acceptability of the system was done through perceptual evaluation using the criteria: data confidentiality, data integrity, non-repudiation, and reliability.
The study made use of the descriptive developmental research design. The study primarily focused in analyzing the existing network and communication system in the university. Quality observation and analysis is the heart of a descriptive investigation. (Heppner et.al., 1992) The descriptive method allows the researcher to carefully understand the situation as well as the necessities of the organization.
Design and Implementation of Network Topology
Figure 1illustrates the design of network topology. Which is able to observe, that the designed and implemented a LAN and WAN network scenario separated by a firewall, which was configured in a real environment and validated in a virtual network environment, through Pfesne software systems: This performs different assessments and evaluation of the selected firewalls in a real environment.
The OpenVPN server in a DMZ segment, separate it from LAN segment where the internal server and client reside. An UTM/firewall to separate the WAN, DMZ and LANs. Firewall rule between WN, DMZ and LAN segment.
The two campuses are not physically connected by a wired network. It has one 10 Mbps leased line connection for Catmon campus. It has five (5) public IP addresses. The Catmon Campus has four (4) computer servers with different platform such as (1) Web server (2) Open-source squirrel mail server; (3)Windows 2003 server for library WebPAC system (Mealisa); and (4) Windows 2003 server for the Finance Office enrolment-payment system.
Another pfsense installed in Barasoain Campus to connect virtually the Catmon Campus. The Internet could be accessed through assigned local IP gateways. The internet is the primary medium of communication between the two campuses. Considering the number of work stations and the nature and volume of transactions in the University: academic, financial, administrative, and the like, the installation of a pfsense that will ensure effective connectivity and security is very exigent.
The envisioned open VPN and protection method implementation software called pfsense. The system includes all the important features of an expensive commercial firewall system.
Figure 2depicts a step-by-step instruction for installing Pfsense server running DOS environment on LiveCD or USB.
The Linux operating system boots and pfSense starts, a prompt is presented with some choices and a countdown timer.
Results and discussion
After the system configuration and installation for both campuses of La Consolacion University Philippines were established, the next step is the system administration.Figure 3depicts the post installation using graphical user interface (GUI).
System firewall can filter by source and destination IP, IP protocol, and source and destination port for TCP and UDP traffic. Able to limit simultaneous connections on a per-rule basis.
Highly flexible policy routing possible by selecting gateway on a per-rule basis for load balancing, failover, multiple WAN.
Allow grouping and naming of IPs, networks and ports. This helps keep firewall rule set clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
Figure 4shows the configuration of Wide Area Network or external network where public IP from the ISP set in this module to point the server in the global network specifically static IP address was used.
A firewall is a network element that controls the traversal of packets across the boundaries of a secured network based on a specific security policy. In this module as depicts in Figure 5Network Address Translator (NAT) was configured to assigned external network IP address for WebPAC server and translate it to internal network IP address of 172.16.0.1 with a port address of 8088.
Conclusion and recommendation
Based on the findings of the study, the following conclusions were drawn:
- Vinod, J. and Mulugu, S. (2014). “Network Convergence: Ethernet Applications and Next Generation Packet Transport Architectures”., Armsterdam, Elsevier
- Thakur, Amit. (2015).”Open Source Firewall Implementation - Replacing Traditional Firewall with Open Source”. Thesis
- Walter Fuertes, Patricio Zambrano, Marcho Sanchez, Monica Santillan, Cesar Villacis, Theofilos Toulkeridis and Edgar Torres. (2014). “Repowering an Open Source Firewall Based on a Quantitative Evaluaton”, IJCSNS International Journal of Computer Science and Network Security”, Vol. 14 No. 11118
- O’Hanley, R. (2014). “Information Security Management Handbook”, London. CRC Press
- Mowbray, T. J. (2013). “Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusion”. Hoboken, Wiley
- Huang Ling-Fang. (2012). “The firewall Study of Network Perimeter Security”, Services Computing Conference, IEEE Asia-Pacific. Pages 410-413.
- Stallings, W. (2012). “Network Security Essentials”. Pearson.
- G. Maiolini, L. Cignini, and A. Baiocchi, “Adaptive Optimization of Packet Filtering Devices Performance