DEVELOPING A CENTRAL AUTHENTICATION SYSTEM FOR ACCESS CONTROL WITHIN A NETWORK DOMAIN

ABSTRACT

An important requirement of any information management system is to protect data and resources against unauthorized disclosure (secrecy) and unauthorized or improper modifications (integrity), while at the same time ensuring their availability to legitimate users (no denials-of-service). Enforcing protection therefore requires that every access to a system and its resources be controlled and that all and only authorized accesses can take place. This process goes under the name of access control. The development of a central authentication system requires the definition of the regulations according to which access is to be controlled and their implementation as functions executable by a computer system. The development process is carried out with a multi-phase approach based on the following concepts of Security policy (it defines the (high-level) rules according to which access control must be regulated) and Security model (it provides a formal representation of the access control security policy) and it’s working. The central authentication system provides an access control mechanism which is used for mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by the domain controller, which is a system implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and in some sense, to different definitions of what ensuring security means. In this research the researcher identifies the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration and  develops a central authentication system for  access control within a network domain applying several policies, and models formalizing them, that have been proposed in the literature and which provides a complete and opened solution to organizations and universities to offer an integrated access to their services and information.

TABLE OF CONTENTS

Title page

Declaration………………………………………………………………………………………i

Certification……………………………………………………………………………………..ii

Dedication………………………………………………………………………………............iii

Approval page…………………………………………….…………………………………….iv

Acknowledgment…………………………………………………………………………..........v

Abstract………………………………………………………………………………………….vi

Table of Contents………………………………………….…………………………………….vii

List of Figures…………………………………………………………………………………...xi

List of Tables……………………………………………………………………………………xiii

Abbreviation…………………………………………………………………………………….xiii

CHAPTER ONE

1.0Introduction………………………………………………………………………………3

1.1       Background of the Study …………………………..…………………………….............3

1.2       Statement of the Problem ………………………………………………………………..4

1.3       Objectives of the Study ………………………………………………………….............5

1.4       Research Questions………..……………………………………………...……………...6

1.5       Significance of the Study………………………………………………………………...6

1.6       Scope of the Study……………………………………………………………………….7

1.7       Definition of Terms………………………………………………………………………7

CHAPTER TWO

2.0       LITERATURE REVIEW ………………………...........................................................8

2.1       Introduction …………………...........................................................................................8

2.2            Network…………………………………………………………………………………..8

2.3       Network Domain…………………………………………................................................8

2.4       Network Domain Controller……………………………………………………………...8

2.5       Windows Server 2012 …………………………………………..……………………......9

2.6       Active Directory Domain Services (ADDS)……………………….………………….....10

2.6.1     Basic active directory components………………………………………………............11

2.6.2       Forests……………………………………………………………………………….....11

2.6.3       Organizational units…………………………………………………………………………......11

2.6.4      Security rights……………………………………………………………………..........12

2.6.5       Groups……………………………………………………………………………………...........12

2.6.6       Domain naming system (DNS)…………………………………………………………….........13

2.7       Access Control and Access Control Entries……………………………………………..14

2.7.1    Permissions within a network domain……………………………………………………14

2.8       User Rights and Privileges …………………………….…...……………………………15

2.9       Digital Identity……………………………………………………………………………15

2.9.1      Client identity and access control management…………………………………….........16

2.9.2       Access Control and Management…………………………………………………………….......17

2.10    Central Authentication System…………………………………………………………...18

CHAPTER THREE

3.0  RESEARCH METHODOLOGY........................................................................................20

3.1   Introduction………………………………………………………………………………...20

3.2    System Design……………………………………………………………………………..20           

         3.2.1 System Development Life Cycle (SDLC)…………………………………………………20

3.3    feasibility Study……………………………………………………………………………21

3.4    Virtualization Technology  ………………………………..................................................22

3.4.1 Virtual Domain (mantech.com)……………………………………………………………22

3.5     Windows server 2012……………………………………………………………………..22

3.6     Design Procedure………………………………………………………………………….23

3.6.1  Deployment of virtualization platform…………………………………………………....23

3.6.2  Deployment of windows server 2012 and creation of domain controller…………………23

3.6.3 Creation and deployment of client machine……………………………………………….24

3.7    System Specifications……………………………………………………………………...24

3.7.1 Hardware requirement……………………………………………………………………...24

3.7.2 Software requirements………………………………………………………....………......25

3.8  Design Representation………………………………………………………………………………..25

CHAPTER FOUR

4.0       SYSTEM TESTING AND INTEGRATION……………………………………….26

4.1            Introduction…………………………………………………………………………….26

4.2       Characteristics of the System……………………………………………………………26

4.3       System Presentation…………………………………………………………………….27

4.3.1   Domain Controller and Administrator  Roles……………………………………….......27

4.3.2    Creating a User account and generating Log in credentials……………………………..28

4.3.3    Joining a client Personal computer (PC) to the domain……………………………........32

4.3.4    Controlling access by assigning rights and permissions to a user……………….............36

4.3.5    Sharing a Folder within a network domain(mantech.com)…………………………........41

4.3.6    Accessing the shared folder from another system within the network domain……….....43

4.3.7    Assigning Permissions to a shared folder within the  network domain (mantech.com)....45

4.3.8  Authentication and Domain Controller Role……………………………………………...46

4.3.9   Accessing a shared folder from a client computer………………………………………..48

4.3.10 Creating an Organizational unit (OU) within the network domain……………………….50

4.3.11 Applying security Policies to the network domain (mantech.com)………………………53

CHAPTER FIVE

5.0       SUMMARY, RECOMMENDATION AND CONCLUSION

5.1        Summary ……………………………………………………………..………………..60

5.2        Conclusion……………………………………………………………………………..60

5.3        Recommendation………………………………………………………………………62

 REFERENCES…………………………………………………………………………..........63

APPENDIX I…………………………………………………………………………………...65

LIST OF FIGURES

Figure 1………………………………………………………………………………………..66

Figure 2………………………………………………………………………………………..66

Figure 3………………………………………………………………………………………..67

Figure 4………………………………………………………………………………………..67

Figure 5………………………………………………………………………………………..21

Figure 6………………………………………………………………………………………..68

Figure 7………………………………………………………………………………………..69

Figure 8………………………………………………………………………………. ………70

Figure 9………………………………………………………………………………………. 71

Figure 10………………………………………………………………………………………71

Figure 11……………………………………………………………………….……...............72

Figure 12…………………………………………………………………….………...............73

Figure 13………………………………………………………………………………………29

Figure 14………………………………………………………………………………………29

Figure 15………………………………………………………………………………………30

Figure 16………………………………………………………………………………………30

Figure 17………………………………………………………………………………………31

Figure 18………………………………………………………………………………………31

Figure 19………………………………………………………………………………………32

Figure 20………………………………………………………………………………………33

Figure 21………………………………………………………………………………………34

Figure 22………………………………………………………………………………………35

Figure 23………………………………………………………………………………………35

Figure 24………………………………………………………………………………………36

Figure 25………………………………………………………………………………………40

Figure 26………………………………………………………………………………………41

Figure 27………………………………………………………………………………………42

Figure 28………………………………………………………………………………………42

Figure 29………………………………………………………………………………………42

Figure 30………………………………………………………………………………………43

Figure 31………………………………………………………………………………………44

Figure 32………………………………………………………………………………………44

Figure 33………………………………………………………………………………………45

Figure 34………………………………………………………………………………………46

Figure 35………………………………………………………………………………………47

Figure 36………………………………………………………………………………………47

Figure 37………………………………………………………………………………………48

Figure 38………………………………………………………………………………………49

Figure 39………………………………………………………………………………………49

Figure 40………………………………………………………………………………………51

Figure 41………………………………………………………………………………………52

Figure 42………………………………………………………………………………………52

Figure 43………………………………………………………………………………………54

Figure 44………………………………………………………………………………………55

Figure 45………………………………………………………………………………………55

Figure 46………………………………………………………………………………………56

Figure 47………………………………………………………………………………………56

Figure 48………………………………………………………………………………………57

Figure 49………………………………………………………………………………………57

Figure 50………………………………………………………………………………………58

Figure 51………………………………………………………………………………………58

Figure 52………………………………………………………………………………………59

LIST OF TABLES

Table 1………………………………………………………………………………………….74

ABBREVIATIONS

CAS: Central authentication system

DC: domain controller

ACL: Access control lists

ACE: Access control entries

Mantech: Management Technology

GPO: Group policy object

ID: Identity

AD: Active directory

DNS: Domain name system

PC: Personal computer

DHCP: Dynamic host configuration protocol

MAC: Media access

LAN: Local area network

WS2k12: Windows Server 2012

Hyper-V: Hypervisor

IT: Information Technology

OU: Organisational unit

MITP: Management information technology programme

ATP: Accounting and Technology programme

Busmgt: Business Management

BFTP: Banking and Finance Technology programme

BMTP (Business Management Technology Program)

HR: Human Resource

GUID: Global Unique Identifier

SDLC: System development life cycle

IP: Internet protocol

WS: Windows Server

OS: Operating System

ADDS: Active Directory Domain services

RAM: Random Access Memory

GB: Gigabytes

MB: Megabytes

CPU: Central Processing Unit

DACL: Discretionary Access Control Lists

SACL: System Access Control List

SID: Security Identifier

GPME: Group Policy Management Editor

SSID: Service Set Identifier

AP: Access Point

HTTP: Hypertext Transfer Protocol

IS: Information System