Experiment - 78 :- setting up basic protection using public keys and MAC Address filters

Setting up basic protection using public keys and MAC address filters involves a combination of cryptographic techniques and network security measures. Below is a step-by-step guide to help you set up a basic protection mechanism using these methods.

Experiment Overview

1. Public Key Infrastructure (PKI): Use public/private key pairs for authentication.
2. MAC Address Filtering: Restrict network access based on device MAC addresses.

Requirements

• A server (could be a local machine or cloud-based)
• Client devices (laptops, smartphones, etc.)
• OpenSSL (for generating keys)
• A router or network switch that supports MAC address filtering
• Basic knowledge of networking and cryptography

Step 1: Generate Public/Private Key Pair

1. Install OpenSSL: If you don't have OpenSSL installed, download and install it from OpenSSL's official website.

2. Generate Keys: Open a terminal and run the following commands to generate a private key and a public key.

   bash
   1# Generate a private key
   2openssl genpkey -algorithm RSA -out private_key.pem
   3
   4# Generate a public key from the private key
   5openssl rsa -pubout -in private_key.pem -out public_key.pem

3. Store Keys Securely: Ensure that the private key is stored securely and is not accessible to unauthorized users.

Step 2: Implement Public Key Authentication

1. Server Setup: On your server, implement a simple application that requires clients to authenticate using the public key.

   • You can use programming languages like Python, Node.js, or any other language that supports cryptography libraries.

2. Client Authentication:

   • When a client wants to connect, it should sign a message (e.g., a nonce or timestamp) with its private key.
   • The server will verify the signature using the client's public key.

Step 3: Set Up MAC Address Filtering

1. Access Router Settings: Log in to your router's web interface. This is usually done by entering the router's IP address in a web browser.

2. Locate MAC Filtering Section: Find the section for MAC address filtering. This is often under "Wireless Settings" or "Security".

3. Add Allowed MAC Addresses:

   • Obtain the MAC addresses of the devices you want to allow on the network. You can find the MAC address on most devices in the network settings.
   • Add these MAC addresses to the allowed list in your router's MAC filtering settings.

4. Enable MAC Filtering: Make sure to enable the MAC filtering feature. This will restrict access to only the devices with the specified MAC addresses.

Step 4: Testing the Setup

1. Connect a Client Device: Attempt to connect a client device that is allowed by the MAC address filter. Ensure that it can authenticate using the public key.

2. Test Unauthorized Access: Try to connect a device that is not on the allowed MAC address list. It should be denied access.

3. Verify Public Key Authentication: Ensure that the server correctly verifies the public key authentication by checking the signatures.

Step 5: Monitor and Maintain

• Log Access Attempts: Keep logs of access attempts to monitor for unauthorized access.
• Regularly Update Keys: Periodically regenerate keys and update the public keys on the server.
• Review MAC Address List: Regularly review and update the MAC address filter list as devices are added or removed from the network.

Conclusion

This experiment provides a basic framework for securing a network using public key authentication and MAC address filtering. While these methods can enhance security, they should be part of a broader security strategy that includes firewalls, intrusion detection systems, and regular security audits.