ABSTRACT
An important requirement of any information management system is to protect data and resources against unauthorized disclosure (secrecy) and unauthorized or improper modifications (integrity), while at the same time ensuring their availability to legitimate users (no denials-of-service). Enforcing protection therefore requires that every access to a system and its resources be controlled and that all and only authorized accesses can take place. This process goes under the name of access control. The development of a central authentication system requires the definition of the regulations according to which access is to be controlled and their implementation as functions executable by a computer system. The development process is carried out with a multi-phase approach based on the following concepts of Security policy (it defines the (high-level) rules according to which access control must be regulated) and Security model (it provides a formal representation of the access control security policy) and it’s working. The central authentication system provides an access control mechanism which is used for mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by the domain controller, which is a system implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and in some sense, to different definitions of what ensuring security means. In this research the researcher identifies the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration and develops a central authentication system for access control within a network domain applying several policies, and models formalizing them, that have been proposed in the literature and which provides a complete and opened solution to organizations and universities to offer an integrated access to their services and information.
TABLE OF CONTENTS
Title page
Declaration………………………………………………………………………………………i
Certification……………………………………………………………………………………..ii
Dedication………………………………………………………………………………............iii
Approval page…………………………………………….…………………………………….iv
Acknowledgment…………………………………………………………………………..........v
Abstract………………………………………………………………………………………….vi
Table of Contents………………………………………….…………………………………….vii
List of Figures…………………………………………………………………………………...xi
List of Tables……………………………………………………………………………………xiii
Abbreviation…………………………………………………………………………………….xiii
CHAPTER ONE
1.0Introduction………………………………………………………………………………3
1.1 Background of the Study …………………………..…………………………….............3
1.2 Statement of the Problem ………………………………………………………………..4
1.3 Objectives of the Study ………………………………………………………….............5
1.4 Research Questions………..……………………………………………...……………...6
1.5 Significance of the Study………………………………………………………………...6
1.6 Scope of the Study……………………………………………………………………….7
1.7 Definition of Terms………………………………………………………………………7
CHAPTER TWO
2.0 LITERATURE REVIEW ………………………...........................................................8
2.1 Introduction …………………...........................................................................................8
2.2 Network…………………………………………………………………………………..8
2.3 Network Domain…………………………………………................................................8
2.4 Network Domain Controller……………………………………………………………...8
2.5 Windows Server 2012 …………………………………………..……………………......9
2.6 Active Directory Domain Services (ADDS)……………………….………………….....10
2.6.1 Basic active directory components………………………………………………............11
2.6.2 Forests……………………………………………………………………………….....11
2.6.3 Organizational units…………………………………………………………………………......11
2.6.4 Security rights……………………………………………………………………..........12
2.6.5 Groups……………………………………………………………………………………...........12
2.6.6 Domain naming system (DNS)…………………………………………………………….........13
2.7 Access Control and Access Control Entries……………………………………………..14
2.7.1 Permissions within a network domain……………………………………………………14
2.8 User Rights and Privileges …………………………….…...……………………………15
2.9 Digital Identity……………………………………………………………………………15
2.9.1 Client identity and access control management…………………………………….........16
2.9.2 Access Control and Management…………………………………………………………….......17
2.10 Central Authentication System…………………………………………………………...18
CHAPTER THREE
3.0 RESEARCH METHODOLOGY........................................................................................20
3.1 Introduction………………………………………………………………………………...20
3.2 System Design……………………………………………………………………………..20
3.2.1 System Development Life Cycle (SDLC)…………………………………………………20
3.3 feasibility Study……………………………………………………………………………21
3.4 Virtualization Technology ………………………………..................................................22
3.4.1 Virtual Domain (mantech.com)……………………………………………………………22
3.5 Windows server 2012……………………………………………………………………..22
3.6 Design Procedure………………………………………………………………………….23
3.6.1 Deployment of virtualization platform…………………………………………………....23
3.6.2 Deployment of windows server 2012 and creation of domain controller…………………23
3.6.3 Creation and deployment of client machine……………………………………………….24
3.7 System Specifications……………………………………………………………………...24
3.7.1 Hardware requirement……………………………………………………………………...24
3.7.2 Software requirements………………………………………………………....………......25
3.8 Design Representation………………………………………………………………………………..25
CHAPTER FOUR
4.0 SYSTEM TESTING AND INTEGRATION……………………………………….26
4.1 Introduction…………………………………………………………………………….26
4.2 Characteristics of the System……………………………………………………………26
4.3 System Presentation…………………………………………………………………….27
4.3.1 Domain Controller and Administrator Roles……………………………………….......27
4.3.2 Creating a User account and generating Log in credentials……………………………..28
4.3.3 Joining a client Personal computer (PC) to the domain……………………………........32
4.3.4 Controlling access by assigning rights and permissions to a user……………….............36
4.3.5 Sharing a Folder within a network domain(mantech.com)…………………………........41
4.3.6 Accessing the shared folder from another system within the network domain……….....43
4.3.7 Assigning Permissions to a shared folder within the network domain (mantech.com)....45
4.3.8 Authentication and Domain Controller Role……………………………………………...46
4.3.9 Accessing a shared folder from a client computer………………………………………..48
4.3.10 Creating an Organizational unit (OU) within the network domain……………………….50
4.3.11 Applying security Policies to the network domain (mantech.com)………………………53
CHAPTER FIVE
5.0 SUMMARY, RECOMMENDATION AND CONCLUSION
5.1 Summary ……………………………………………………………..………………..60
5.2 Conclusion……………………………………………………………………………..60
5.3 Recommendation………………………………………………………………………62
REFERENCES…………………………………………………………………………..........63
APPENDIX I…………………………………………………………………………………...65
LIST OF FIGURES
Figure 1………………………………………………………………………………………..66
Figure 2………………………………………………………………………………………..66
Figure 3………………………………………………………………………………………..67
Figure 4………………………………………………………………………………………..67
Figure 5………………………………………………………………………………………..21
Figure 6………………………………………………………………………………………..68
Figure 7………………………………………………………………………………………..69
Figure 8………………………………………………………………………………. ………70
Figure 9………………………………………………………………………………………. 71
Figure 10………………………………………………………………………………………71
Figure 11……………………………………………………………………….……...............72
Figure 12…………………………………………………………………….………...............73
Figure 13………………………………………………………………………………………29
Figure 14………………………………………………………………………………………29
Figure 15………………………………………………………………………………………30
Figure 16………………………………………………………………………………………30
Figure 17………………………………………………………………………………………31
Figure 18………………………………………………………………………………………31
Figure 19………………………………………………………………………………………32
Figure 20………………………………………………………………………………………33
Figure 21………………………………………………………………………………………34
Figure 22………………………………………………………………………………………35
Figure 23………………………………………………………………………………………35
Figure 24………………………………………………………………………………………36
Figure 25………………………………………………………………………………………40
Figure 26………………………………………………………………………………………41
Figure 27………………………………………………………………………………………42
Figure 28………………………………………………………………………………………42
Figure 29………………………………………………………………………………………42
Figure 30………………………………………………………………………………………43
Figure 31………………………………………………………………………………………44
Figure 32………………………………………………………………………………………44
Figure 33………………………………………………………………………………………45
Figure 34………………………………………………………………………………………46
Figure 35………………………………………………………………………………………47
Figure 36………………………………………………………………………………………47
Figure 37………………………………………………………………………………………48
Figure 38………………………………………………………………………………………49
Figure 39………………………………………………………………………………………49
Figure 40………………………………………………………………………………………51
Figure 41………………………………………………………………………………………52
Figure 42………………………………………………………………………………………52
Figure 43………………………………………………………………………………………54
Figure 44………………………………………………………………………………………55
Figure 45………………………………………………………………………………………55
Figure 46………………………………………………………………………………………56
Figure 47………………………………………………………………………………………56
Figure 48………………………………………………………………………………………57
Figure 49………………………………………………………………………………………57
Figure 50………………………………………………………………………………………58
Figure 51………………………………………………………………………………………58
Figure 52………………………………………………………………………………………59
LIST OF TABLES
Table 1………………………………………………………………………………………….74
ABBREVIATIONS
CAS: Central authentication system
DC: domain controller
ACL: Access control lists
ACE: Access control entries
Mantech: Management Technology
GPO: Group policy object
ID: Identity
AD: Active directory
DNS: Domain name system
PC: Personal computer
DHCP: Dynamic host configuration protocol
MAC: Media access
LAN: Local area network
WS2k12: Windows Server 2012
Hyper-V: Hypervisor
IT: Information Technology
OU: Organisational unit
MITP: Management information technology programme
ATP: Accounting and Technology programme
Busmgt: Business Management
BFTP: Banking and Finance Technology programme
BMTP (Business Management Technology Program)
HR: Human Resource
GUID: Global Unique Identifier
SDLC: System development life cycle
IP: Internet protocol
WS: Windows Server
OS: Operating System
ADDS: Active Directory Domain services
RAM: Random Access Memory
GB: Gigabytes
MB: Megabytes
CPU: Central Processing Unit
DACL: Discretionary Access Control Lists
SACL: System Access Control List
SID: Security Identifier
GPME: Group Policy Management Editor
SSID: Service Set Identifier
AP: Access Point
HTTP: Hypertext Transfer Protocol
IS: Information System