Secure Campus Network Simulation

Project Overview
This project involves designing and implementing a secure campus network using free
tools. The simulation will cover network segmentation, access control, security policies, and
monitoring mechanisms.

Step 1: Define Network Requirements

The campus network should support:
- Faculty, Students, and Administrative Staff
- Wi-Fi and Wired Connectivity
- Authentication and Access Control
- Network Segmentation (VLANs, Firewalls)
- Intrusion Detection and Monitoring

Step 2: Select Free Simulation Tools

We will use the following free tools:

 - GNS3 – For network topology simulation (routers, switches, firewalls)

 - Cisco Packet Tracer – Alternative lightweight simulation tool
 - pfSense – Open-source firewall for security policies and access control
 - FreeRADIUS – Authentication server for NAC (802.1X enforcement)
 - Wireshark – Network traffic analysis and monitoring
 - SNORT – Intrusion Detection System (IDS)

Step 3: Network Topology Design

1. Core Components:
 - Core Switch (L3)
 - Access Switches (L2)
 - Firewall (pfSense)
 - Authentication Server (FreeRADIUS)
 - Monitoring System (Wireshark & SNORT)

2. Network Segmentation (VLANs):

 - VLAN 10 – Admin Network (Restricted Access)
 - VLAN 20 – Faculty Network (Controlled Access)
 - VLAN 30 – Student Network (Internet-Only Access)
 - VLAN 40 – Guest Wi-Fi (Isolated from Internal Network)

3. IP Addressing Scheme (Subnetting Example):

VLAN Subnet Purpose
10 192.168.10.0/24 Admin Network
20 192.168.20.0/24 Faculty Network
30 192.168.30.0/24 Student Network
40 192.168.40.0/24 Guest Wi-Fi

Step 4: Implementation Steps

 - Configure VLANs & Inter-VLAN Routing: Use GNS3 with virtual routers (Cisco or
pfSense) to configure VLANs.
 - Set Up pfSense Firewall Rules: Restrict VLAN communication, configure firewall rules,
and enable VPN access.
 - Implement Network Access Control (NAC) with FreeRADIUS: Configure 802.1X
authentication for wired and wireless networks.
 - Deploy SNORT IDS for Intrusion Detection: Monitor traffic and set up alerts for
suspicious activities.
 - Use Wireshark for Traffic Analysis: Capture packets to identify potential security
issues and analyze performance.

Step 5: Testing & Security Evaluation

 - Verify VLAN Isolation: Check if unauthorized access is blocked.
 - Test Firewall Policies: Simulate attacks and observe responses.
 - Analyze Authentication Logs: Ensure FreeRADIUS enforces access control.
 - Run Penetration Tests: Use Nmap and Metasploit to test security.

Final Documentation & Report

The final deliverables will include:
- Network Diagram & Configuration Scripts
- Security Policies & Firewall Rules
- Test Results & Performance Metrics
- Future Enhancements & Recommendations