Contract

Home

Faculty of Information Technology

PROJECT SUPERVISION CONTRACT

Students wishing to undertake a project are required to complete this form and have it approved by both their project supervisor and the project unit coordinator before the end of Week 2.  Students failing to submit this form by the end of Week 2 risk having their enrolment in the project unit cancelled or postponed to the following semester.

Project Title: MASQUERADED INTRANET
Unit Code: ITB 539
Semester: Semester 1 1999
Credit Point Value: 12
QUT Student Number: 02256835
Student Name:  Chang Ah Meng Michael
Student's Course Code: IT21
Project Supervisor: Neville Richter
Other Project Team Member:
     (include QUT student numbers)		 Student Name : Ken Low Tian Wah
QUT Student Number : 02304902
Student's Course Code : IT21

Project Outline:

The main objective of this project is to develop a firewall package that is easy for the end-users to setup
This package would be FREE for download for anyone who needs to setup a firewall for any network environment.
It could be for a school with a leased line or even a small company with a PPP link to the Internet.

The package will be developed under Linux RedHat 5.2. The firewall package that would be
used is IPCHAIN. The initial part is to write a script to secure the main server. Thereafter,
setup a secure channel using APACHE-SLL. The rest of the installation and setup would be
would be done from a PC with a web browser.

Other packages that would be included are SAMBA, DHCP, SQUID and more if time permits.
The plan also includes to have to same firewall package to be installed into another
server to act as a Bastion Host with any other package above to off-load the main
server.

 

Current Problems :

Small networks must have multiple connection to the Internet if more than one workstation need to be connected to it
Leased-line to ISP is very costly when the connection to the Internet is NOT fully utilised
It is very costly to have a full leased-line connection to the ISP in term of cost of hardware and software involved
Insecure to the private network when there is a connection to the ISP/Internet

Solution :

To implement a masqueraded network
Have one PPP dialup connection made from the enduser to the ISP/Internet
Since traffic is not heavy, dial-up would be cheaper than having a leased-line connection
The dial-up host is also a firewall that protects the private network
The firewall will be a proxy web server, so that it is able cache all web access
The firewall is easy to manage as most control and done via web browsers

Minimum System Requirements - Hardware :

Pentium 120 with 32MB RAM
HD 2.1GB
SVGA Monitor
Keyboard, mouse
2 NIC cards
Modems for dialup

 

System Requirements - Software :

RedHat Linux 5.2 as Operating System
Apache Web/Proxy Server (SSL Version)
IPCHAIN (firewall)
DHCP Server
X-Windows


Implementation Strategies - Installations :

The firewall software (IPCHAIN) will be running on RedHat Linux 5.2 Network Operating System
This will protect the private network from the Internet
Address Translation will be done between the private network address and the Internet
Apache Web/Proxy Server (SSL version) will be running on the server
The proxy server will provide the cache for the web access, so that if the site has been access once, it will be cache to that the next person wishing to access the same site again, the information is available from the server straight away
This will provide better bandwidth
DHCP server will be installed on the same host to provide IP addresses for the private network workstations

 

Implementation Strategies – Management/Monitoring :

To implement a management software to manage the firewall via web browser from the private network
The connection between the web browser and server must be a secure connection (SSL)
Management software are to be written using CGI/Perl Programming
Must be able to change the Firewall Rules
Must be able to control the DHCP server
Must be able to control the Web server
To implement a monitoring module so that monitoring is presented via web as well
Must be able to monitor the system performance (base on the log file)
Must be able to monitor application usage (base on the log file)
Must be able to monitor the traffic’s load
Must be able to monitor DHCP Server’s address leased against the hardware address

 

 

Projected Schedule :

All installations to be completed by Week 5
Preliminary Seminar on Week 5
Management & Monitoring modules to be completed by Week 12
Final Seminar on Week 13

Student Signature:                                                                    Date:

 

Student Signature:                                                                    Date:

OFFICE USE ONLY

Supervisor's Approval

Name:

Project Outline:    Approved o     Not Approved  o

Signature:                                                                                 Date:

 

Unit Coordinator's  Approval

Name:

Project Outline:    Approved   o     Not Approved  o

Signature:                                                                                 Date:

Moderator(s) for project:

Copyright � Ken Low, Michael Chang 1999. All rights reserved. Apart from fair dealing as permitted under the copyright law of your country, and as necessary for the operation of the program, no part of this program may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, reprographic or otherwise, without the prior permission of the author.