An improved computer network access control using free BSD PFSENSE A case study of UMaT local area network

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
The University of Mines and Technology (UMaT) has a Local Area Network (LAN) whose primary purpose was to facilitate research; teaching and learning; and information sharing. Unfortunately, the LAN had some challenges attributable to high demand by over 2500 users on the limited bandwidth of 45 MB, misuse of the bandwidth on low priority bandwidth hungry applications, insecurity from virus attacks, phishing and lack of effective user access control. This thesis sought to study the behaviour patterns of the network users and deploy an enhanced network access control using pfSense open source software as the dedicated perimeter firewall. Prior to the installation of the firewall, a test was conducted using wireshark protocol analyzer to identify completely the vulnerabilities of the LAN and their causes. The results showed that the network was slow due to the limited bandwidth, and phishing out user credentials and other vital information was easy since illegitimate users could gain unauthorised access to the LAN. To resolve this problem, the LAN was upgraded by installing additional software packages which included Squid, squidGuard, Squid Analyses Report Generator (SARG) and setting up of an Active Directory server with user access protocols and policies on the firewall to effectively improve user access control and insulate the LAN from misuse and virus attacks. A test was then conducted using freeBSD pfsense software to assess any improvement in the upgraded LAN. The results showed that in spite of the limited bandwidth, the speed of the upgraded LAN had improved significantly and become more secure. It is recommended that the bandwidth of the LAN at UMaT is increased from 45 MB to at least 80 MB especially as the student enrolment is expected to increase. The installed software packages should also be upgraded periodically.
A thesis submitted in partial fulfilment of the requirements for the degree of Master of Science in Information Technology,