Professional Documents
Culture Documents
Final Ngongwa Nana Grace Report 2024-Edit
Final Ngongwa Nana Grace Report 2024-Edit
Final Ngongwa Nana Grace Report 2024-Edit
i
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
ii
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
CERTICATION
This is to certify that this internship report will focus on “EXTENTION OF AMHS NETWORK
THROUGH VPN TO THE AERODROMES” presented by NGONGWA NANA GRACE to
meet the required to obtain a HIGHER NATIONAL DIPLOMA (HND) in Network and security
by the University Institute of the GOLF OF GUINNEE (IUG) under the supervision of the
Ministry of Higher Education. Approved under the various supervisors:
iii
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
DEDICATION
TO
MY LOVELY
FAMILLY
iv
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
ACKNOWLEDGEMENTS
So as this emotional moment of my youth, it seem wise and appropriate to address to all those
who have contributed to my training in ASCENA and my education, my sincere and deep thanks
in particular:
To the Almighty GOD, my creator and my master who has always there for me throughout this
academic year, who help us in our moment of joy and in difficult time.
PREFACE
Founded 1993, the university Institute of the Gulf of Guinea (IUG) is a group of three schools of
higher institution located in PK8-Douala. Specialized in fields of commerce and management,
communication and information, industry and new technologies and paramedical sciences. It is
one of the most prestigious private higher institution in Cameroon. IUG trains young professional
in the Technical, Medical and Business environment. Since its creation in 1993, the advance
school of management has been striving to answer the urgent calls of economic operators in need
of foremen and management staff. With the launching of the HIGHER NATIONAL DIPLOMA,
the university Institution of the Gulf Guinea is becoming the first bilingual Higher Institution of
learning in Central Africa.
The Cameroon government has taken as duty to train and educate youths in all fields of
vocational training .In order to build up their professional skills, it is this light the order NO
008/CAB/PR of 19/03/1993, brought about the creation of private state university and higher
professional institute among which is ISTA (Institute superior des Technologies Advances).
ISTA was created by the ministerial order NO 05/0038 of the 12 January 2005. It had as mission
to employ good lecturers who are devoted and willing to train students to obtain the higher
national diploma (HND), after a two-year course. Below are some of the professional offered in
IUG?
vi
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
LIST OF ABREVIATIONS
IPEC: IP security
vii
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
ABSTRACT
In order to put into practice the theoretical knowledge acquired during the academic year
2022/2023, the establishment INSTITUT UNIVERSITAIRE DU GOLFE DE GUINEE (IUG)
has introduced the syllabus of the training and observation internship and familiarization. The
purpose of this one being to guide the students in the professionalization process in the chosen
field.
As a student in Network and security, the aim of the internship was to allow me to have a
practical base on the technical terms of network and security, to have an idea on the organization
of the various reception structures on administrative and operation level of the agency but also to
allow me to immerse myself in the different tasks and know the staff who carry them out on a
daily basis.
With the Representation of the Agency for the Safety of Air Navigation in Africa and
Madagascar, in Cameroon (ASCENA CAMEROON), I carried out an academic internship for a
period of 2 months that is from the 19th June to the 18th August 2023. During this internship I
was asked to work on the EXTENTION OF AMHS NETWORK THROUGH VPN TO THE
AERODROMES OF YAOUNDE AND GAROUA. This report will contain the following: the
presentation of ASECNA and its Representation in Cameroon, the unit where the internship was
carried, activities carried out during the internship and the theme I was given to work on
viii
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
RESUME
Etudiant en Réseau et sécurité, le but du stage était de me permettre d`avoir une base pratique sur
les termes techniques du réseau et de la sécurité, d`avoir une idée sur l`organisation des
différentes structures d`accueil au niveau administratif et opération de l`agence mais aussi pour
me permettre de m`imprégner des différentes tâches et de connaitre les personnels qui les
réalisent au quotidien.
ix
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
TABLE OF CONTENT
CERTICATION............................................................................................................................................II
DEDICATION............................................................................................................................................III
ACKNOWLEDGEMENTS...........................................................................................................................IV
PREFACE...................................................................................................................................................V
LIST OF ABREVIATIONS............................................................................................................................VI
ABSTRACT...............................................................................................................................................VII
RESUME.................................................................................................................................................VIII
TABLE OF CONTENT.................................................................................................................................IX
GENERAL INTRODUCTION........................................................................................................................1
PART 1:.....................................................................................................................................................2
THE FRAMEWORK (ENVIRONMENT) OF THE TRAINING COURSE.............................................................2
CHAPTER ONE...........................................................................................................................................3
GENERAL PRESENTATION OF THE COMPANY AND OF ITS REPRESENTATION IN CAMEROON.................3
SECTION ONE: HISTORY OF ASECNA, MISSION.....................................................................3
A: CREATION OF THE ASECNA...............................................................................................................3
B: THE MISSION OF ASECNA.................................................................................................................4
SECTION TWO: THE REPRESENTION OF ASECNA IN CAMEROON AND THE GEOGRAPHICAL LOCATION......4
C: The representation of ASECNA in Cameroon...................................................................................4
D: Activities of the Representation.......................................................................................................5
E: GEOGRAPHICAL LOCATION OF ASECNADOUALA..............................................................................7
F: ORGANIZATIONAL OF ASECNA CAMEROON.....................................................................................8
CHAPTER 2: PROGESS OF THE INTERNSHIP..............................................................................................9
SECTION ONE: PRESENTATION OF THE HOST DEPARMENT.........................................................................9
2.1 Introducing the RSI Unit.................................................................................................................9
x
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
SECTION TWO: ACTIVITIES CARRIED OUT DURING THE INTERNSHIP......................................................10
2.2 DESCRIPTION OF MY DIFFERENT TASKS........................................................................................10
PART TWO: PRACTICAL FRAMEWORK....................................................................................................14
CHAPTER 3. GENERALITIES ON THE EXTENTION OF AMHS NEYWORK THROUGH VPN TO THE
AERODOMES..........................................................................................................................................15
SECTION A: DIAGNOSTIC OF THE SYSTEM..................................................................................................15
3.1 WHAT IS A VPN.............................................................................................................................15
3.2 TYPES OF VPNs.....................................................................................................................................17
3.2.2 SITE TO SITE VPN.......................................................................................................................18
3.3 ENCRYPTING DATA IN A VPN........................................................................................................22
3.4 VPN protocols...............................................................................................................................23
SECTION B: ARCHITECTURE AND CONFIGURATION OF THE PROPOSE SYSTEM..........................................26
3.1Network Architecture of ASECNA..................................................................................................26
3.2 NEW Network Architecture of ASECNA........................................................................................26
3.3 CONFIGURATION OF THE DIFFERENT PROTOCOLS.......................................................................28
3.6 TESTS AND RESULTS.....................................................................................................................31
CHAPTER 4..............................................................................................................................................32
DIFFICULTIES ENCOUNTERED AND RECOMMENDATIONS......................................................................32
SECTION 1: PROBLEM ENCOUNTER DURING THE INTERSHIP.....................................................................32
4.1 Positive remarks...........................................................................................................................32
4.2 Difficulties Encountered...............................................................................................................32
SECTION 2: RECOMMENDATIONS..............................................................................................................32
GENERAL CONCLUSION..........................................................................................................................33
REFERENCES...........................................................................................................................................34
xi
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
TABLE OF FIGURES
xii
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
LIST OF TABLES
xiii
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
GENERAL INTRODUCTION
The internship in a company allows students to put into practice the knowledge acquired during
the training; work within a professional team under time and resource constraints; their capacity
for initiative, autonomy and responsibility. I had the privilege of carrying out my internship at
ASECNA DOUALA during a period of two month where I immersed myself in the professional
environment. Demonstrate Aviation safety management is an extremely complex job, and relies
heavily on the proper functioning and quality of an airport’s infrastructure .Meeting the
requirement association with aviation safety requires a look at the energy supply aspect. It is in
this spirit that ASECNA fulfills its main mission which is to ensure safety and navigation in
AFRICA and MADAGASCAR, and pays particular attention to it .Here in Douala, part of this
task is carried out by the RSI department, the department in which I did my internship .These
department is responsible for ensuring the availability and proper functioning of the ASECNA
network. The rest of this work will allow me to better understand the project I have developed
which is based on the Extention of the AMHS network through a VPN.
The organisation of the report is divided into 2 part, Part one is made up of two chapter: chapter 1
and chapter 2 and both subdivide into section 1and 2
Part two is also made up of two chapter: chapter 3 and chapter 4 and both subdivided into section
1 and section 2
1
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
PART 1:
2
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
CHAPTER ONE
Chapter one is made up of two sections, section 1 and section 2 .Section 1 talks about history
ASECNA, its basic aspects and about the member’s states of ASECNA, it’s states members, it’s
mission .section two is about it’ representation and the geographical location and the
organizational hierarchy chart.
3
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
B: THE MISSION OF ASECNA
Agency is mandated to discharge the following functions:
Providing en-route air navigation services in the airspaces, coupled with organizing the
airspace and air routes in compliance with the ICAO provisions, publishing aeronautical
information, forecasting and transmitting information related to aviation meteorology;
Providing aerodromes under its control with air traffic, approach and aerodromes
services in addition to fire fighting and aircraft rescues services. It also has to publish
aeronautical information, conduct forecast and transmit aviation meteorology information;
Managing schools and offering courses to solve the challenges of civil aviation;
Defining specification relative to function, systems and devices as well as defining
implemented working procedures and methods, including those relative to the study,
specification about procurement, reception, installation, technical control, in addition to
th1e ones to be kept under operational condition, operation of equipment and installations,
systems of communication, navigation, surveillance, air traffic management and aviation
meteorology
ASECNA is also responsible for defining the implementation of safety and quality
management system pursuant to the ICAO standards and transmit aviation meteorology
4
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
three aerodromes: Douala, Yaoundé and Garoua. It is also in charge of the meteorological station
of the Ngaoundéré aerodrome.
By delegation and under the authority of the General Management, the Representations are
responsible for implementing the Agency's strategic orientation in every country.
2: The Representative
It represents the Director General in his Representation. He coordinates all the activities of the
Representation and ensures compliance with the policy of the General Management and the
realization of the projects defined by it.
3: Activity Managers
An activity manager is responsible for an administrative or technical area, which he or she
manages. An activity consists of several unit.
4: Head of Unit
A unit is a particular service in an activity. The Heads of Unit coordinate the work in their
respective units.
5
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
6
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Figure
1:
ASECNA REPRESENTION
7
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
8
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
9
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
The RSI/Meteorological Unit is responsible for the maintenance of computer equipment and
systems used for the production and exchange of aeronautical and meteorological data and
information.
- TOPSKY: A system that displays on the air traffic controller's screen a representation of
the airspace under his area of responsibility, air routes and beacons symbolizing aircraft.
The data used to symbolize aircraft comes from RADAR, flight plans, ADS/B;
- SIOMA (Integrated Aeronautical Meteorological Observation System): A system
composed of instruments for measuring the temperature, pressure, direction and strength
of the wind. It automatically generates this information in the form of a message and is
submitted to the assessment of the Aerodrome Meteorological Watchmen for verification,
completion and transmission.
- A Weather Park: A park that brings together equipment for measuring meteorological
parameters and sensors. All this allows the Meteorological Observer to have regular data
on the state of the atmosphere on the surface and to write meteorological observation
messages called SYNOP.
- An altitude observation station: it contains balloons, a helium balloon inflator and probes
connected to a computer system called GRAWMET. To make an observation at altitude,
the Meteorological Observer inflates a balloon with Helium 1 and attaches a probe to it.
10
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
When the balloon is released, the probe provides the parameters of the atmosphere aloft as
it climbs.
- The Radio/Telephone Channel: It gathers satellite IP telephone lines for communication
between air traffic controllers in adjacent centres and frequencies for Pilot-Controller
communication;
- Aeronautical (FSFTA/AMHS) and meteorological (SMT/SIO) communication networks:
these are the networks set up by ICAO and 2 WMO3 for the exchange of aeronautical and
meteorological messages;
- The INTRANET network: This is an internal network of ASECNA that allows its agents
to have access to various services: internal e-mail, the Enterprise Resource Planning
Software, the invoicing of fees, the ASECNA websites and which offers an opening to the
Internet.
We then took it upon ourselves and decode it at the back of my mind that we have been received
in a cordial and peaceful manner, this thinking we had within allowed us to experience an
interesting and well fulfilled stay. It is therefore in this point in time we began the internship
within the RSI Unit. During my stay within this company, I accomplished several tasks and
encountered some difficulties that I have grouped them together in the following table.
11
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
PROBLEM
TIME ACTIVITIES RESULT ENCOUNTERED SOLUTION
-Collection of
Week 1 the acceptance
document and
document for the Well done None None
creation of the
access card
-Collection of
the access card
and the program Well done None None
for the internship
-Began visiting
the various The explanation
department of Well done was in French None
the ASECNA
Cameroon
representation
12
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
First day at
maintenance IRE
Learning more
about the various Well done Understanding of Some softcopy
system in place some point was handle to us
to ensure the to understand
safety of flight those point
Learning about
the different Well done None
tools used in None
aeronautics
Week 3 Presentation of
the ASECNA’S None
computer None
network and
system
Theme handle by
my supervisor
and immediately Difficulties in More
started making understanding the explanation was
research on it topic given by my
supervisor and
handle of some
document for
more
understanding
Installation of
operating system Language setting
Week 4 and was arise during
configuration of the installation
basic setting process
such as keyboard
language,
Kaspersky
antivirus on new
computers
13
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
The solution currently being implemented is the extension via ASECNA's private
telecommunications network which is done via satellite links, but this connection offers
insufficient bandwidth to meet the requirements of the systems that implement AMHS between
the Douala aerodrome and the Yaoundé and Garoua aerodromes. This sometimes causes service
interruptions. It is for this reason that an alternative solution aimed at improving the quality and
continuity of service with the use of the system implementing AMHS wants to be used. This
alternative is the use of VPN channels to establish communications between the AMHS system at
Douala airfield and subscribers who are in Yaoundé and Garoua airfield
14
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
15
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
A VPN allows you to create a virtual link called a tunnel between two points:
In this tunnel, data is encrypted and isolated, ensuring its confidentiality. A VPN allows you to
create a virtual extension of a network.
- In order to ensure a high degree of privacy, the VPN encrypts data transmitted over the
internet. This means that anyone who tries to intercept this data will only see a confusing mix
of characters that is almost impossible to decipher.
- The VPN initiates an authentication process between two communication devices to ensure
that both devices are truly who they say they are.
-The VPN also digitally signs the data to ensure the integrity of the data, verifying that the data
is not tampered with or intercepted before it reaches its intended recipient
16
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Cost: While there are free VPN services available, premium VPNs with better security and
performance may come at a cost. Additionally, maintaining a VPN service may add to your
monthly expenses.
Limited Server Location: some VPN providers may have limited server locations, which can
restrict your ability to access content from different regions.
Potential for Connection Drops: VPN connections may occasionally drop, exposing your IP
address and compromising your privacy if the VPN fails to reconnects.
17
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
3.2.1 CLIENT TO SITE VPN
It allows an employee to establish a secure connection to the corporate network (to access
applications, file servers, etc.) over the Internet. This method is most commonly used in the
context of teleworking. Here, the company's firewall acts as a VPN gateway. This VPN can be
Split Tunnel or Full-Tunnel. The Split-Tunnel allows the remote user to access only the company
network via the VPN and the rest of the internet traffic (search, videos, etc.) is done outside the
VPN. The Full-Tunnel routes all of the remote user's traffic through the VPN. In this case, to go
over the Internet, the traffic goes through the VPN and then uses the company's Internet
connection. Thus, the company's security policy will always be applied even if the user is outside
(e.g. the limitation of certain sites, etc.)
18
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Secure Remote Access: Client- to- Site VPN allows remote user to securely connection to the
organization’s network from any location. This provides employees with the flexibility to
work from home or while traveling while maintaining a secure connection to company
resources.
Data Encryption: All data transmitted between the client device and the organization’s
network is encrypted, ensuring that sensitive information remains secure and protected from
UN authorized access.
Secure Communication: Client- to- site VPN provides a secure communication channel for
remote users to communicate with other employees, access email, share files, and collaborate
on projects without compromising data security.
Access Control: Client – to- Site VPN allows organization to implement access control
policies, ensuring that only authorized users can connect to the network. This helps to prevent
unauthorized access to company resources and sensitive data.
19
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Enhanced network security: Site –to- site VPN provide a secure and encrypted connection
between two or more networks, ensuring that sensitive data is protected from unauthorized
access.
Improved data privacy: By encrypting data transmitted over the vpn tunnel, site –to- site vpn
help ensure the privacy of communication between different network locations.
Increased network reliability: Site –to –site van help improve network uptime by providing a
secure and stable connection between different network locations, ensuring uninterrupted
access to resources.
20
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Secure Cloud connectivity : Site –to – site vpn can used to securely connect on-premises
networks to cloud services, enabling organization to leverage cloud resources while
maintaining data privacy and security
Potential for network latency: Encrypting data and routing it through a vpn tunnel can
sometime introduce network latency, especially over long distances or when dealing with
large amount of data. This can impact network performance and user experience.
Potential security risks: Despite providing encryption and security features, site-to-site VPNs
can still be vulnerable to security breaches or attacks .Any weaknesses in the VPN
implementation or configuration can potentially be exploited by cybercriminals.
Performance impact on high-bandwidth application: some high-bandwidth application or
services may experience degraded performance when transmitted over a vpn tunnel due to the
overhead of encryption and authentication processes.
Complexity of setup and management: Site-to-sevens can be complex to set up and configure,
especially for organization with limited IT resource or expertise
21
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
22
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
3.2.3.1ADVANTAGES OF CONSUMER
Anonymity: VPNs can help mask your IP address and location, making it more difficult for
websites and online services to track your online activities .This can help to protect your
identity and maintain anonymity online.
Remote access: VPNs allows you to securely access your home or work network from
anywhere in the world. This is especially useful for remote employees who need to access
company files and resources while working outside of the office.
Cost: While many VPN services offer free or low-cost options, premium VPN services can be
quite expensive, especially if you require addition features or advanced security protocols.
Limited server locations: Some VPN services may have a limited number of servers and
server locations, which could impact your ability to access content from certain regions or
experience slower connection speeds if the servers are overcrowded.
23
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Encryption is done in several step, including initial swapping, swapping, final swapping, and
expansion 2.DES is considered secure, but it has been replaced by newer algorithms such as ASE
(Advanced Encryption Standard)
- AES (Advance Encryption Standard): It comes in 128-bit, 196-bit, and 256-bit. It is this
last value that determines the suffix of the protocol. The higher the number of bits, the greater
the protection. AES – 256 is therefore quite simply the most secure encryption standard to
date. It encrypts data in blocks of 128 bits each. This means that it takes 128 bits as input and
24
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
outputs 128 bits of cipher text. AES is based on the substitution-permutation network
principle, which means that it is performed using a series of linked operations that involve the
replacement and shuffling of input data. The number of turns depends on the length of the key
as follows: 128-bit key – 10 turns; 192-bit key – 12 rounds; 256-bit key – 14 rounds.
- RSA (Rivets, Shamir, and Adelman): Key exchange protocol involving the generation and
distribution of keys, this protocol is named after its three creators: Rivets, Shamir, and
Adelman.
- DH (Daffier-Hellman): A key exchange protocol involving the generation and
authentication of keys and often referred to as an exchange of authenticated keys.
Possibility of multi-threaded tunnelling, and therefore the execution of several secure tasks
simultaneously, which can compensate for the speed losses related to the security itself.
Unfortunately, the L2TP protocol only uses UDP port 500, which means that it cannot be masked
by using another port. This makes it an easier protocol to block and also less effective at
bypassing firewalls. The IPsec encryption algorithm is secure but a bit slow because the traffic
needs to be converted to L2TP and then encrypted with IPsec.
25
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
on all Windows devices since Windows 7. It allows mutual authentication between hosts at
both ends of the tunnel (including with a shared key), and a connection established in two
pairs. IKEv2 is particularly effective at re-establishing a VPN connection after the internet
connection has been lost.
- SSTP (Secure Socket Tunnelling Protocol): This is another VPN protocol that belongs to
Microsoft. It is now available on all Windows devices since Vista Service Pack 1. It is,
however, perfectly usable for both Linux and Mac users. This is an extremely popular
protocol due to its very high level of security. SSTP encrypts data in AES – 256 bits. SSTP
additionally uses TCP port 443 to establish a connection to the VPN server. To put it simply,
the advantage of this port is that it can bypass almost any firewall. SSTP is more geared
towards Windows users. Its weakness is that it cannot be evaluated effectively as it is a
proprietary protocol. Because it uses SSLv34, it has the ability to bypass firewalls.
OpenVPN: This is the most widely used today. It is often associated with the notion of SSL. It is
open source and compatible with many devices (Android, Windows, Marcos, Linux, etc.). It
works by default in UDP on port 1194 but it is also compatible with TCP which allows it to pass
some firewalls. OpenVPN can easily bypass firewalls, and supports many types of encryption
such as AES, Blowfish, and 3DES. The speed of this protocol depends largely on
the method chosen for encrypting the data. In the majority of cases, VPNs use AES – 256-bit, the
most secure encryption method available today, and one that has never been breached.
Unfortunately, OpenVPN isn't built into most operating systems out of the box. On Windows or
Android for example, you'll need to install and run a third-party app on your machine to make
your OpenVPN connection work. Because it uses SSL v3, it has the ability to bypass firewalls.
- The Wire Guard protocol: It is recent and is compatible with several devices like
OpenVPN. But it works in Peer to Peer mode unlike other protocols that work in client-
server mode. It only works in UDP and can potentially be blocked by firewalls.
26
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
3.5 Hash protocols
Hashing is a process that allows a unique digital signature to be obtained from the seed
information and a hash function. Hash functions have a variety of applications, including the
ability to calculate the unique fingerprint of a file or store passwords securely in a database. It can
also be used to check the checksum of a piece of data to verify its integrity.
There are several different algorithms that can be used to obtain a fingerprint: MD5, SHA1, and
SHA-256
The hash print is therefore different depending on the input used and therefore it is unique.
MD5 and SHA1 are no longer considered safe. Collisions (identical fingerprints obtained with
different inputs) have been found with M
D5. The SHA1 function is also discouraged because researchers have found possible attacks
against this algorithm. It has been replaced by SHA2 which gives the hash functions SHA-224,
SHA-256, SHA-384, and SHA-512.
27
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
3.1Network Architecture of ASECNA
During the simulation of the Client-to-Site VPN the new network architecture was required and it was
done using packet Tracer.
28
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Subnet
Device Interface IP Address mask
29
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
102.219.45.2 255.255.255.252n
G 0/0/1
Switch 1 NLC
Following are the steps carried out in order to configure the Yaoundé router.
Policy ISAKMP: Here configuration is based on the encryption of the Hash md5,
authentication pre-share, group and the lifetime and the same procedure will be repeated
on the other router.
30
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
31
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Figure 8 : IPSEC R1
APPLICATION OF THE CRYPTO MAP :Here the access-list is created that will be
used define the set off user whose data should be secure with the vpn, the IPsec transform
set come in to place using the encryption algorithm and the ash algorithm, and chose to
whom will be sent the secured packets
32
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
Connectivity test (ping) involves sending an ICMP request to verify communication is possible
between the devices.
33
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
CHAPTER 4
SECTION 2: RECOMMENDATIONS
Provide Wi-Fi box who can help us to have access to the internet.
Provide vehicles for the company to deploy their technician on different worksite.
Clear communication channel should be establish and new equipment for the tower
ASECNA should provide language training to their working staff.
36
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
GENERAL CONCLUSION
The main objective of this internship was to acquire knowledge and experience on how work
function in our day to day life enterprises and to bring up analysis on how things can be improved
or reorganize. Put in practice all our theoretical knowledge acquired during our first year and
familiarize our self with the socio-professional world. The simulation of the extension of the
AMHS network through a VPN is to aid the company in order to have easily remote access and
the encryption of their data. Moreover, beyond the report we wrote, our internship contained a
greater number of very enriching experiences for us, because it allowed us to discover the field of
air traffic, its outlets and its constraints, through the mission in which we had to participate. Also,
we want to believe that our internship at ASECNA DOUALA will make a contribution, as
modest as it can, to the efficiency of certain services and to the improvement of certain
inadequate practices or situation.
37
EXTENTION OF AMHS NETWORK THROUGH VPN TO THE AERODROMES: CASE OF ASECNA
REFERENCES
Mbun Godlove, notes on VPN type (network security course), HND-NWS, ISTA/IUG
2023/2024 academic year, unpublished.
Past reports.
Documents handle by the professional supervisor during the internship.
IPSEC –config.pdf
https://youtu.be/CsAROSbZF-Y?si=uaxt3riux8zpPul
38