Implementation of Local Area Network (LAN) & Build a Secure LAN System for BAEC Head Quarter

Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction


Introduction
A local area network (LAN) is a collection of devices connected together in one physical location, such as a building, office, or home [1]. A LAN can be small or large, ranging from a home network with one user to an enterprise network with thousands of users and devices in an office or school. A local area network (LAN) is a group of computers and associated devices that share a common communications line or wireless link [2]. Usually, the server has applications and data storage that are shared in common by multiple computer users. A local area network may serve as few as two or three users (for example, in a home network) [3]. Networks are divided into two main categories: Local Area Networks (LANs) and Wide Area Networks (WANs). These two types of networks have different characteristics and different functionalities. In general, a LAN is a collection of computers and peripheral devices in a limited area such as a building or campus [4]. A LAN is usually under the domain of a single organization such as an institutional or department. The internet is, however, more than just a physical connection of LANs, internetworking protocols and standards are also needed. Network's models serve to organize, unity, and control the hardware and software components of communication and networking. The Internet has revolutionized many aspects of our daily lives [5]. It has affected the way we do business as well as the way we spend our leisure time. Count the ways you have use the internet recently. Perhaps you have sent electronic mail (email) to a business associate, paid a utility bill, read a newspaper from a distant city, or looked up a local movie schedule all by using the internet or maybe you researched a medical topic, booked a hotel reservation, chatted with a fellow trekker or comparison shopped for a car. The internet is a communication system that has brought a wealth of information to our fingertips and organized it for out use [6][7][8]. The internet is a structured, organized system. Bangladesh Atomic Energy Commission is a scientific research organization and regulatory body of Bangladesh. Its main objective is to promote use of atomic energy for peaceful purposes. It was established on 27 February 1973. So, it is important to Design, Deployment and Implementation of Local Area Network (LAN) at BAEC Head Quarter.

Bangladesh Atomic Energy Commission
Bangladesh Atomic Energy Commission (BAEC) was established in 1973 as a multidisciplinary R&D organization with the view of promoting peaceful uses of nuclear energy in Bangladesh. From the very beginning of its formation, BAEC started R&D works in areas covering physical science, bioscience, engineering and nuclear medicine for human welfare and economic uplift of the country. At present, the BAEC has grown as the largest organization for scientific and technological research in Bangladesh. Page: 3 www.raftpubs.com long-distance calling and international services as well as internet services. In 2004, the Bangladesh Government issued a number of PSTN licenses to private companies, but they were barred from providing services in the lucrative Dhaka market (which accounts for the majority of the nationwide market). The monopoly held by BTCL was broken when other operators started to receive licenses from 2007 [9].

Optical Fiber Network
Fiber optic internet cable is increasingly popular. This is due to the higher speeds and bandwidth it can provide compared to standard Ethernet or Wi-Fi signals delivered via coaxial or even copper wire from street-level exchanges. This means that fiber networking is a far better choice where high speeds are advantageous or for particularly intensive data transfer needs. Fiber optic bandwidth is usually significantly higher than a typical Ethernet connection. Fiber is also safe to use in highvoltage locations, and in areas where flammable gases or other harsh chemicals or weather conditions are likely to be a factor. This can be another important factor in choosing fiber optic cables for broadband delivery and telecoms as opposed to standard Ethernet.

Local Area Networks
Local area networks, generally called LANs, are privately-owned networks within a single building or campus of up to a few kilometers in size. They are widely used to connect personal computers and workstations in company offices and factories to share resources (e.g., printers) and exchange information. The Local Area Network (LAN) is one of the most important types of information networks in providing communication within a limited community such as universities and institutions. The LAN consists of an interconnected group of computers and other communication devices, which are connected to each other through an integrated engineering system. They are distributed within relatively small geographical areas and characterized by high speed and lack of errors in communication. Thus, the local area networks are a mixture of interrelated devices, equipment and institutions, where they form a fabric called networks, these networks mainly rely on essential physical components and software to operate efficiently. The present analytical study seeks to understand both the basic components of the operation of local networks and to recognize and define the role of each of the means of communication adopted within the local network in order to construct and operate the LAN.

Research Background Networks
A network is a set of devices (often referred to as nodes) connected by communication links. A node can be a computer, printer, or any other device capable of sending and/or receiving data generated by other nodes on the network.

Optical Fiber Cable
A fiber-optic cable, also known as an opticalfiber cable, is an assembly similar to an electrical cable, but containing one or more optical fibers that are used to carry light. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable is used. Different types of cable [1] are used for different applications, for example, long distance telecommunication, or providing a high-speed data connection between different parts of a building.

Unshielded Twisted Pair (UTP) Cable
Cable is the medium through which information usually moves from one network device to another. Unshielded twisted pair (UTP) is the most popular and is generally the best option for Local Area networks (See figure 1).  It also prevents accidental disconnection.

Bandwidth and Window of Fiber Optic Cable
In May 2002, the ITU-T organization divided the fiber optical communication system into six bands as O, E, S, C, L and U6. Multi-mode optical fiber at 850nm is known as the first window, single-mode optical fiber at O band is referred to as the second band. C band is called as the third window, L band is the fourth window and E band is the fifth window. The following table shows the wavelength bands for both multimode fiber optic cable and singlemode fiber optic cable [11]. Page: 5 www.raftpubs.com formula, speed = wavelength x frequency, we can easily figure out the frequency of light. Its relation to the transmission loss of fiber optic cable and wavelength has been displayed as follow: In the early days of fiber optic communication, the LED was employed as a light source due to its low price. Multi-mode fiber optic cables that operate at 850nm and 1300nm became the first choice for building small network, while single-mode optical fiber cables, working at 1310nm and 1550nm with laser as the light source were the foundation for constructing large network. If there were more windows available for single-mode optic cable, one fiber optic cable would achieve ultra-high-speed transmission by transmitting signals at different wavelength at the same time by employing WDM (wavelength division multiplexing) technology, thus maximizing the potential of single mode fiber. Telephone and network and be using at the same time via ADSL (asymmetric digital subscriber line) modem. That's because voice and data use different frequency. And this principle is similar with WDM and ADSL technology, which are usually applied in main networks that require higher bandwidth [12].

Optical Fiber Cable at OSI Model
The interface between an optical fiber and a twisted pair Cable can be at different layers of the OSI model. At the Physical layer a media converter can be used. It will transform the electrical Ethernet signal to Ethernet over fiber. At the data link layer, a layer 2 (Ethernet) switch can be used with copper and fiber interfaces. At the network layer a router can be used with an optical (fiber) interface and a copper (RJ45) interface. Conversion at the physical layer is a signal conversion. At the data link layer Ethernet packets will be switched or retransmitted at a different interface. At the network layer routing of IP packets to a different interface will take place.

Internet
The Internet is a worldwide telecommunications system that provides connectivity for millions of other, smaller networks; therefore, the Internet is often referred to as a network of networks. It allows computer users to communicate with each other across distance and computer platforms. Page: 6 www.raftpubs.com

Internet Service Provider
An Internet service provider (ISP) is an organization that provides a myriad of services for accessing, using, or participating in the Internet. Internet service providers can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise privately owned.

Network Security Essential
Network security has become more important to personal computer users, organizations, and the military. With the advent of the internet, security became a major concern and the history of security allows a better understanding of the emergence of security technology. The internet structure itself allowed for many security threats to occur. The architecture of the internet, when modified can reduce the possible attacks that can be sent across the network. Knowing the attack methods, allows for the appropriate security to emerge. Many businesses secure themselves from the internet by means of firewalls and encryption mechanisms. The businesses create an "intranet" to remain connected to the internet but secured from possible threats. The entire field of network security is vast and in an evolutionary stage. The range of study encompasses a brief history dating back to internet's beginnings and the current development in network security. In order to understand the research being performed today, background knowledge of the internet, its vulnerabilities, attack methods through the internet, and security technology is important and therefore they are reviewed [13]. When developing a secure network, the following need to be considered: 1. Access-Authorized users are provided the means to communicate to and from a particular network 2. Confidentiality-Information in the network remains private 3. Authentication -Ensure the users of the network are who they say they are 4. Integrity -Ensure the message has not been modified in transit 5. Non-repudiation -Ensure the user does not refute that he used the network [14].

Security Services
It is a processing or communication service that is provided by a system to give a specific kind of production to system resources. Security services implement security policies and are implemented by security mechanisms. Security Services are Confidentiality, Authentication, Peer Entity Authentication, Data Origin Authentication, Integrity, Connection Oriented Integrity [15].

Basic Technologies of Computer Network Security
The basic technologies of computer network securities are Firewall technology, Data encryption technology, Intrusion detection technology, Anti-virus technology [16].

Types of Attacks
4 Types of Attacks 1) Interception: Watches packets 2) Interruption: Steals or disturbs the data 3) Modification: Changes the data 4) Fabrication: Sends another message apart from original but having the same sender's name [17].

Security Protocols a) Secure Socket Layer
It is used in secure exchange of information between web browser and web server. It gives 2 security services. Page: 7 www.raftpubs.com

Set up a firewall
Firewalls are an important means to ensure network security, network management applications through the use of technology, packet filtering technology and agent technology, effectively control network access permissions, comprehensive data to external restrictions and discrimination [18].

Access control
Security policy and security model based on access control body set access permissions, such as to the identity of the user, password authentication, in order to gain the true identity of the user, to facilitate tracing network behavior [18].

Strengthening Intrusion Detection
Network intrusion detection is a real-time network detection system can effectively compensate for the lack of firewalls and other protective means [19].

Information encrypted
Information technology is the key encryption technology to achieve information security, help strengthen security, through a particular encryption algorithm translated the important plaintext cipher text, so unauthorized users can not directly read the raw data, even if the data file is lost or stolen, as long as difficult to crack the key, so it will not lead to the leakage of confidential information, which greatly ensure information security [18].

Close some not commonly used services and ports
From the theory in terms of computer security, computer systems were more port system is also more secure. For using the computer in the process, especially when the operating system is installed in inadvertently will not have to install some service functions and ports, it will not only occupy a certain system information and also reduce the security of computer systems sex. In addition, in order to understand the use of the user interface can be installed port monitoring program. It can be determined by examining those ports are not commonly used. In addition, once a virus into a computer system, the monitoring program can automatically alarm, some of the function can automatically shut down the port, effectively prevent hacker intrusion [18].

IP addresses are correct hidden PC
IP address of the hacker and virus attacks must have a condition that is on the network and information attacks must have a real IP address to be a hacker to obtain the user's IP address mainly through the use of network technology to detect host information view, some of the traditional hackers and virus attacks, Flop overflow attacks and so must obtain address as preconditions. Therefore, the user should use a computer system when hiding your IP address, using a proxy server is the most common way to hide IP address, a hacker can only detect the proxy server IP address, but cannot get the user's real IP address You cannot find the real IP address will not be able to attack, effective maintenance of computer information and network security [18].

Authentication technology
Authentication should include at least verification protocol and license agreement. A variety of network applications and computer systems are needed to confirm the legality through authentication, and then determine its personal data and specific permissions. For authentication system, the legitimate user's identity is easy to be someone else pretending to be its most important technical indicators [18].

Timely installation of Vulnerability Patch
Vulnerability can be utilized during the attack weaknesses can be software, hardware, procedural shortcomings, functional design or improper configuration. University of Wisconsin Miller gives a research report on today's popular operating systems and applications, noting that the software cannot be without flaws and loopholes [18]. Page: 8 www.raftpubs.com

File encryption and digital signature technology
File encryption and digital signature technology is to improve the security and confidentiality of information systems and data, one of the secrets to prevent external data theft, interception or destruction primary technologies. Depending on the role, file encryption and digital signature technology is mainly divided into data transmission, data storage, data integrity of the three kinds of discrimination [18]. Data integrity identification technology is mainly involved in the transmission of information, access, processing of data related to the identity and to verify the contents, to confidentiality requirements, including general identification passwords, keys, identity, data items of the system by Comparative validation object input feature value meets the preset parameters, to achieve data security [18].

Security Services and Processes
Security is fundamentally about protecting assets. Security is a path, not a destination. As we analyze our infrastructure and applications, we identify potential threats and understand that each threat presents a degree of risk. Security is about risk management and implementing effective countermeasures. Security services and processes depends on: Authentication, Authorization, Auditing, Confidentiality, Integrity [19].

Security in Linux Networks
The Linux operating system is built with security features, as it provides the file access permission mechanism, which prevents the unauthorized users in gaining access to the files [20]. Page: 9 www.raftpubs.com i.e.; it uses a trusted hardware and operating system [21].

Methodology
"Methodology" implies more than simply the methods intend to use to collect data. It is often necessary to include a consideration of the concepts and theories which underlie the methods.
More over methodology guides the researcher to involve and to be active in my particular field of enquiry. Right from selecting the topic and carrying out the whole research work till recommendations; research methodology drives the researcher and keeps him on the right track. The entire research plan is based on the concept of right methodology [22].
In my research paper, the methodology is following:

Design, planning & deployment of LAN at BAEC Head Quarter
Fiber optical Communication is a method of transmitting information from one place to another by sending pulses of light through an optical fiber [23]. The light forms an electromagnetic carrier wave that is modulated to carry information. Page: 10 www.raftpubs.com This day's most organizations build their own LAN infrastructure with special consideration of security measures to protect their resources from any kind of attacks [24]. Building a well-secured LAN requires designing of network topology before deciding which physical devices to be purchased or technologies to deploy [25]. A topology design is defined as the identification of networks and their interconnection points, the size and the scope of the network, and the type of interconnecting devices used [26]. Every network requires a structured planning and designing before deployment it that requires internet access [27], Internet connectivity factors should be included into the plan, Includes a practical design of network internet connectivity backbone [28]. Procedures of selecting equipment's are added and planning designs their networks. The LAN of BAEC head quarter interconnects more than 90 computers using various network media. The previous LAN was not properly working; as a result, the internet service was interrupted. Hence, the previous LAN was redesigned and up gradated using a Proxy server of Dell T320, Router: Cisco 2901, and other network media. Currently, internet service is smoothly running at BAECHQ.  Page: 11 www.raftpubs.com

LAN Related Device Selection
Router Model 2901; we are using Cisco router. It is reliable and trusted to IT Community. Bandwidth is a factor for router as well and 2900 series router required MBPSA Duplex operations easily choose a Cisco router supports upgrade IOS version will enable to enjoy some good facilities. Switch Model 2960; we also use Cisco manageable switch for their backbone. It is tested and performs well for IT backbone. Cable & Connector; Choosing good brand cable. Now days Cat-6 cables are most popular [29]. It will be best for LAN wearing (it has really good sailed protection). The RJ 45 and is 8 -Position modular connector that looks like a large phone plug [30]. Servers; Server Selection is important for each server services. Many reputed ISP in Bangladesh runs with brand servers. Need to choose a brand which spare parts are available local support for the brand is essential.

Configuring Router
We install the routers hardware properly before configuring and commissioning. We install all hardware properly to avoid damage. We Read all supplied manual properly before installing router. We Take a PC/Laptop with terminal emulator software (Hyper Terminal for windows minicom for Linux). The PC should have at least a standard communication port (Com-1) connect Router's console to Pc's communication port using console cable. We Turn on Pc's and router power switch. Terminal will display router's booting information. We have successfully booted router and configure using setup facility the router is now configured properly with initial configuration and ready touse.

Configure Server
Proxy Server satisfies web browser's query by sending requested web page. Proxy does two main operations. First operation is to reduce internet bandwidth charges. And the second option is to limit web access to authorized user/PC. Users configure their web browser's to use the proxy server instead of going to the internet directly [31]. When a user sends any web request, proxy takes the request. Proxy is the only service, which heavily uses CPU, memory and storage simultaneously. We Installing Operating System and then configuration following:

Operating System
Buying operating system (OS) in Bangladesh is really a big headache. There are very few commercial operating systems. All commercial operating systems supports are not also available locally. So, we need to depend on foreign support we choose OS Centos-6.5 which includes squid with its entire options precompiled [32]. Server OS should have a large amount of hardware support. Compare with your operating systems hardware compatibilities List (HCL), before choosing the OS. Installation Media; Install Linux operating system from any comfortable media like CD ROM, Hard disk including all network installation method. Installing OS; we have chosenCentos-6.5 Linux operating system. All other versions installation is almost same. We cover Centos-6.5 installation step bystep. a) Disk Partition Setup. b) Boot loader configures. c) Firewall configure manual. d) Set root Password. e) Package group selection automatically. f) Escape boot diskette creation. g) Video card configurations. h) Configuring monitor. i) Installation complete then reboot the system. Network configuration is Linux; we configure Linux server to enjoy networking features. Linux Networking Facility by default Linux support network, when will install a system, Networking facility will be installed. Moreover, is a stalled system without a NIC card Networking will be available with to interface. IO helps to run all Network related services when other NIC is not available we can check/control network by "Network" service script nicely (/etc/rc,d/init.d/network). Use the following command connected to start/stop network Service.
[root@ns1 root] # Service network status. Determining IP address; now a day's commonly all Pc's come with a NIC, when Linux is installed this first device is called "eth0" second one is "eth1" and so on. We can determine the IP address of these interfaces using "ifconfig" [root@snmp root] # if config.
Assigning IP address using "if config". We can assign an IP address on "eth0" interface using the" if config" command. This is the most common method. The "up" at the end of the command activates the interface after assigning the IP. But this procedure is not permanent. When you will reboot the system the IP setting will be lost. To make this IP permanent, you need to change the script file for the particular interface. All files will be found in "/etc/sysconfig /network-

Result
Bangladesh Atomic Energy Commission (BAEC) is the largest scientific organization in Bangladesh. If we want to connect international network, we have to setup Local Area Network. For this in my paper, we have shown and practically configured Local Area Network at Bangladesh Atomic Energy Commission and build a secure LAN System. We smoothly installed Local Area Network (LAN) networking with secure system at BAEC HQ. As a result of this LAN network, Bangladesh Atomic Energy Commission Head Quarter is getting a high-speed internet service with security.

Future work
In Future, we extended our Local Area Network by adding Access Point (AP) and Wi-Fi devices. We add more network devices to service the end user who are working at BAEC Head Quarter.

Conclusion
This Research Paper proposed a secure design for network and system in Linux and windows environment using the latest technology. We should have an understanding with communication models, network service & architecture, media, devices and protocol suites. We are expected to have network service. Every network requires a regular maintenance such as storage maintenance, remote resource access, user management, log management and some other management. Monitoring is a regular task for all network system. It is mandatory when the system is dedicated to public service to make a user friendly and dependable monitoring system. After applying our proposed design, deployment and implemented highly reliable local area network mechanism. Therefore, all the mechanisms thoroughly discussed in this paper to work well together and provide strong Local Area Network (LAN) system at BAEC Head Quarter.