Qualification - Higher National Diploma in Computing
Unit Name - Network Security
Unit Level - Level 5
Unit Number - Unit 17
Assignment Title - Network Security
Learning Outcome 1: Examine Network Security principles, protocols and standards.
Learning Outcome 2: Design a secure network for a corporate environment.
Learning Outcome 3: Configure Network Security measures for the corporate environment.
Learning Outcome 4: Undertake the testing of a network using a Test Plan.
Assignment Brief: EMC Finance is a well-known Finance company established in Kandy with more than 5000 customers and 8 branches island wide. Director board of EMC Finance hasdecided to restructure and enhance the computer network at Head office with up to date security measures to face the emerging security threats worldwide. You have been appointed as the Network Security Engineer for EMC Finance and it is now your responsibility to plan and implement a secure network that fulfils the company's expectations.
Acknowledgement
I would like to express my special thanks of gratitude to my professor as well as our guide who gave me the wonderful opportunity to do this project on the topic Network Security which helped me in making my course a great success.
Executive summary
In Socio-economic environment internet is the fastest growing infrastructure in the world. Cyber-attack is also increasing and creating very big challenges for the digital infrastructure. Network security is the foremost important part for perming digital communication. The report will discuss the importance of network security in digital world. Internet is the vast growing field in socio economic world. The report will depict various applications require network security. It will show the security principles and the corresponding network devices. It will demonstrate the cryptographic techniques such as symmetric encryption and asymmetric encryption. The importance of digital certificates and the application of digital certificates are presented in this report. The company EMC Finance is located at Kandy and the company has 8 branches. The company requires corporate network to provide high performance for doing their business communications as well as achieve high level of security. The report will provide plan and implementation for the network design for the company EMC. The requirements will be analysed and the adequate solution will be given in the report. The report will suggest the protocols and security mechanisms to improve the security of the company. The report will include the principle of integrating security into QoS measures. The report concludes the work with the recommended suggestion for improving the network security of the organization.
Our professional Will Help You To Provide Best Unit 17 Network Security - Higher National Diploma in Computing Assignment Help Services!!
Introduction
The company EMC Finance is located at Kandy operating their finance related business with above 5000 customers. The company has 8 branches. The director of EMC decided to enhance their network with more security to face latest security issues. The report will present plan and implementation of secure network for the company EMC.
Requirement:
• Gigabit Ethernet for head office LAN
• Routers, switches and firewalls are secured through logins
• AAA used for N-Network D-Device L-Login A-Authentication(NDLA)
• Syslog server for recording log events
• Time - NTP server
• Secure way of web access enable for web servers
• S-Storage A-Area N-Network (SAN) to save Data of internal network
• Authentication of end users and management of security policy are centralized
• Communication among head and branch offices are highly secured
• Implementation of QoS
EMC and their Departments:-
Department
|
Number of Users
|
Customer Care
|
25
|
Sales and Marketing
|
35
|
Finance
|
60
|
Legal
|
5
|
HR
|
20
|
IT Team
|
25
|
Internal Server Room
|
8 Servers + SAN
|
Servers for Public users
|
4
|
Table 1: Department Needs
Task 1 Examine Network Security principles, protocols and standards.
1.1. Discuss the importance of Network Security in present socio-economic world.
Solution:
Network Security
Network security is a model designed to protect integrity as well as usability of the network. The security model has both software as well as hardware. It has estimation on various kinds of threat. The model checks the authorization details for network access.
Importance
• Resources can be shared with high security model
• Protection for resources
• Fixing level for accessing
• Prevents from attacking and hacking
• The model controls the system in an attractive method
• Maintenance and updations are performed centralized manner
1.1 Importance of Network security in present socio-economic world
Solution: In Socio-economic environment internet is the fastest growing infrastructure in the world. Cyber-attack is also increasing and creating very big challenges for the digital infrastructure. Nowadays, most of the users and business community prefer social media platform for their communications. S-Social N-networking S-sites are using at high rate(Khaffaf, 2018 ). SNS has various applications for digital marketing, ecommerce, eLearning, on line money transactions, e-medicine. The most upcoming and attractive technology is IoT. It is the technology to connect things for making communication among them. Non-technical users are not aware of the issues of cyber security. In social networking there are possible for misuse of identity, threating third party applications, phishing and so on. Network security plays vital role in every size of network to decreasing the risks of malwares and increasing the benefit for networking resources. Network security is more important to enjoy the benefits of the technologies.
1.2 Devices and characteristics used to enhance security of network
Solution:
The devices used in network are as follows:-
• Routers
Routers are the devices to connect more than one networks. It performs routing tasks for packets over the network. The below diagram depicts the structure of Cisco's route. ACL (A-Access C-Control L-Lists) are defined in the router, based on the list specifications resources in the network granted or rejected. It does not analyse the nature of the packet whether normal packet or malicious.
• Switches
Switches are the communication device used in network. It perform networking of devices.
To make the network formations, switches are helpful. The below diagram shows the switch
• Firewalls
Firewall exists either software or hardware basis. Based on thee given security rule, the system monitors incoming as well as outgoing traffic. Firewall performs the following operations such as accept, reject and drop.
Various kinds of firewall
Firewall is classified based on the usage and where it is adopted such as
• Host firewall
It performs the monitoring of network traffic for each node of the network. It protects the node from the unauthorised access.
Network Firewall
It protects the whole network from an authorised access. It is dedicated system with firewall software installed with it.
• Server
The name suggest server is used to provide services. In per-peer network the devices are directly connected with the other directly. In client/servier architecture, the devices are communicated through the server.
• IDS
It monitors the traffic of the network, when it encounters any suspicious activities or malicious traffic, it alerts. It is based on software application.
H-Host I-Intrusion D-Detection S-System -HIDS
N- Network I-Intrusion D-Detection S-System -NIDS
P-Protocol B-based I-Intrusion D- Detection System -PIDS
A-ApplicationP-Protocol based I-Intrusion D-Detection S-System (APIDS):
H-Hybrid I-Intrusion D-Detection S-System
• DNS
The system translates the domain name into IP addresses. For example, www.google.com, DNS provides associated IP address.
The network dedicated with subnetwork or network for interconnecting storage devices of various servers.
• Load balancer
These devices are the targets for the intruders or attackers to do malicious activities in network.
The following are the possible solutions to improve the security of the network such as :-
• Segmenting network
Networks can be segmented either physically or logically. Physical segmentation can be performed using routers. Logical segmentation can be performed with the technique VLAN, V-virtual R-routing and F-forwarding-VRF and V-Virtual P-Private N-Networks -VPN.
• Limit unwanted communications
Restriction of traffic at host level through fire walls on user, program, IP address or user and so on. Implementation of VLANACL A-access C-control L-list filters traffic into the network. Sensitive resources are to be segmented as separate network.
• Strengthen networking devices
Implementation of secure configurations on network devices improves security of the network. The following are some of the options for strengthening network devices such as disabling unwanted services such as SNMP, HTTP, Bootstrap, disabling unencrypted protocols of remote admin such as FTP, Telnet, implementation powerful logins, restriction of physical access for switches, routers and so on.
• Securing access of infrastructure devices
It is possible through enforcing M-multi F-factor A-authentication-MFA, enabling A-Authentication A-Authorization A-Accounting principles, managing credentials as administrative.
• Integrity validation of hardware and software
1.3. Differentiate Symmetric and Asymmetric Encryption with examples.
Solution: symmetric and Asymmetric Encryption with example
Cryptography is the method in which mathematical calculations are performed on information to change the form of information as not understandable except communication parties during communication. The key terminology used in cryptography is encryption(Khaffaf, 2018 ). Encryption is the task of converting information into unreadable format. Decryption is the opposite task of encryption. Key is the code to encrypt as well as decrypt information.
Symmetric encryption is using same key for encryption as well as decryption. The secret key may be letters, text or numbers. The key is combined with the text to convert the text. The sender use the same key or code to decrypt the text.
Examples
- AES192 AES128,AES256, DES, RC4, RC6, RC5
Asymmetric encryption
A-Asymmetric E-encryption (AE) called as cryptography of public key. The techniques uses two different keys such one key for encryption and another key for the reverse process decryption. The two different keys are private key and public. The public can be transmitted over the internet. Anyone can use public key to transmit information to intended recipient. The authorized recipient only can decrypt the information using their private key.
1.4. Explain the purpose of a Digital Certificatein secure web access.
Solution: Purpose of Digital Certificate in secure web access
Either one of the party request secured encrypted communication to other end whenthey wants to communicate with each other. The other communication party send copy of digital certification. From the digital certificate sender fetches public key to transmit information over secure channel(Khaffaf, 2018 ).
If offers the following functions such as
• authentication
The certificate shows the authenticity of the communication parties
• integrity
Digitally signed message is useful to identify any tamper or malicious activity on the message
• confidentiality
The public and private key concepts are useful to enforce confidentiality of the communication. The authorised recipient only can decrypt the message using private key.
• non- repudiation
Digital certificated shows the origin of the communication parity (sender).
The possible digital certificate providers are as follows:-
Task 2 Design a secure network for a corporate environment.
2.1. Provide a suitable Virtual LAN design for internal network and IP Design for the network. (Public servers should be separated from the Internal Network)
Solution: 2.1 Suitable Virtual LAN for internal network and IP design
IP subnet design
Department |
No of users |
Block size |
Network ID |
Broadcast ID |
Usable range |
Default gateway |
Subnet mask |
Customer Care |
25 |
32 |
192.168.1.128/27 |
192.168.1.159 |
192.168.1.129 |
192.168.1.129 |
255.255.255.224 |
192.168.1.158 |
Sales and Marketing |
35 |
64 |
192.168.1.64/26 |
192.168.1.127 |
192.168.1.65 |
192.168.1.65 |
255.255.255.192 |
192.168.1.126 |
Finance |
60 |
64 |
192.168.1.0/26 |
192.168.1.63 |
192.168.1.1 |
192.168.1.1 |
2555.255.255.192 |
192.168.1.62 |
Legal |
5 |
8 |
192.168.2.32/29 |
192.168.2.39 |
192.168.2.33 |
192.168.2.33 |
255.255.255.248 |
192.168.2.38 |
HR |
20 |
32 |
192.168.1.192/27 |
192.168.1.223 |
192.168.1.193 |
192.168.1.193 |
255.255.255.224 |
192.168.1.222 |
IT team |
25 |
32 |
192.168.1.160/27 |
192.168.1.191 |
192.168.1.161 |
192.168.1.161 |
255.255.255.224 |
192.168.1.190 |
Internal server Room |
16 |
32 |
192.168.2.0/27 |
192.168.2.31 |
192.168.2.1 |
192.168.2.30 |
255.255.255.224 |
192.168.2.30 |
Servers for Public users. |
4 |
8 |
192.168.2.40/29 |
192.168.2.47 |
192.168.2.41 |
192.168.2.41 |
255.255.255.248 |
192.168.2.46 |
Table 2: IP subnet design
Computer science Assignment Help Services By Top Experts Hire World Class Writer Now !!
2.2. Explain the Technologies /concepts that are required to accomplish the objectives of the above scenario.
Solution: Technologies and concepts according to the given scenario
VPN
(V)Virtual (P)Private (N)Network is the method of logically separating the public network into private secure network. The communication channel is established between the communication ends to make the communication more secure. It gives more privacy for communication. The popular protocol VoIP needs VPN. Most of the organizations prefer VPN for their secure business operations. The below diagram depicts the architecture of VPN.
Types of VPN
• R-Remote A-Access VPN
Individual users can access the remote corporate network through VPN tunnel.
• S-Site S-site VPN
Two remote corporate networks are connected through secure VPN connection
The below diagram depicts the architecture of remote and site-site VPN
ACL
(A)Access (C)control (L)list is the technique to secure the resources over the network. it is the method to allocate rights to control access over the resources. The sensitive resources are preserved from the public use through ACL.
SSH
The protocol secure shell is used to for secure remote login. The protocol is used for working with the remote computer. It offers secure access of the automated processes. It offers interactive as well as automatic file transfers. The protocol is applicable for M-mission C-critical A-applications (MCP).
AAA
The basic security concepts are Authorisation, Authentication and accounting. The resources in the network should be accessed only through authorized person. Authentication deals about checking user credentials to access the resources. Accounting tells about the level of rights the users are having over the resources.
Syslogserver
Syslog server are useful for sending diagnostic as well as monitored data. The data can be utilized for monitoring the system, performance of the network, tracking malicious activities and so on.
EIGRP
The protocol E-Enhanced I-Interior G-Gateway R-Routing P-Protocol -EIGRP is used for automatic decision for routing as well as configurations. It is developed by Cisco.
NTP
The protocol is for synchronization of time between computer and the packet switching as well as variable latency network.
Encryption
The task of converting information from one format to another is known as encryption. The converted form of information can be understood only by the communication parties. Encryption has keys to perform the operations. The reverse task is called as decryption.
VLAN
VLAN is the method to logical segment network into small networks to increase level of security for network. layer 2 switches are required to logical partitioning of physical switches. The following are the advantages of such logical partitions such as
• Efficient usage of physical switches
• Users of various physical location are tied up into one logical location to avoid reconfiguration
• Reduces network traffic
P- Private VLAN (PVLAN)
Private Vlansimplify the deployment of multiple vlan. Private VLAN can be achieved isolating VLANs using one the three options in the port such as promiscuous, community and isolated. By using one of the types of ports VLAN can be identified as either promiscuous, community or isolated.
Promiscuous
The port can able to communicate with all the ports in the private VLAN. The gateway for the segment should be promiscuous. The port can communicate with all other ports.
Isolated
The port can communicate only with the promiscuous port. The incoming traffic for the port is blocked in Private LAN. The kind of port restriction is used to block the access of resources in the network.
Community
The port can communicate with the ports of promiscuous and community. These kinds are ports are used industries to have direct access of email server or databases.
VLAN types
Primary
The VLAN carries traffic from port of promiscuous to all other ports in the VLAN
Isolated
The VLAN carries traffic from port of promiscuous to port of isolated.
Community
It performs traffic among community ports as well as performs traffic among community to promiscuous.
Native VLAN
It is the untagged in the switch port of 802.1 q trunked. The protocol 802.1Q gives method for tagging Ethernet frames with the associated VLAN identifier. The untagged frames are the member of native VLAN.
While the configuration of the port trunk, native VLAN should not send the same for each to avoid loop. The identifier for the native VLAN by default is 1. It is the recommendation to change the default VLAN identifier into some unused name of the VLAN to avoid hopping attacks in the VLAN.
The default VLAN is also assigned with the number 1. The number is determined by CISCO. The identifier cannot be changed until the specified value will be assigned for that port. The native VLAN identifier is also 1 by default.
Security concepts for VLANs
• Shutdown unused interface and ports
• Restriction of VLAN to use trunk port
• Disabling D-Dynamic T-Trunking P-Protocol -DTP for preventing from unauthorized negotiation of trunk link
The following are the steps for performing security in switching at layer 2 such as
• Restriction of broadcast domains
• Security of STP S-Spanning T-Tree P-Protocol
Restriction of broadcast domains
The switches perform broadcast frames, forwarding frames and multicasting frames in the LAN segment. Broadcasting leads to drawback in the network. While performing flooding affect the performance of the network. When broadcast domain is failure, it affects the switches in the LAN due to failure. Broadcast domain increases the possibilities for insecurity.
The alternate option for broadcast domain is the segmenting domains into multiple subnets or VLANs with hierarchical structure. The hierarchical structure increase scalability and reliability for LAN.
The above hierarchical structure indicates that VLAN switches aggregated into the layer 3 to balance load in the network. Failure in Layer 3 protocol, does not affect the process of broadcast process in the network. It only impacts on the routing process.
Security for S-Spanning T-Tree P-Protocol
The protocol is the protocol for link management. The protocol is the IEEE 802.1 D standards. The protocol offers redundancy in path by preventing the unnecessary loop in the network. When multiple active loops occur between host leads to network performance degradation. STP has algorithm to construct loop less topology. It builds the tree in the form topological order to main one active link at the same. The redundant paths are deactivated and those paths are used as backup paths. The packup paths are used when one active path get fail. The changes in the tee topology occur it leads to recalculation of the paths.
The variation of STP are R-Rapid S-Spanning T-Tree P-Protocol (RSTP). The protocol is the standard of IEEE 802.1 w. It is next version of the protocol STP. The time consumed to reconfigure the topology tree is less than the STP.
The STP and RSTP are giving better performance in network traffic but fail to yield security for the network. The protocol STP does not have any authentication or encryption for the protection of bridge protocol data unit -BPDU while exchanging. Anyone in the network can contact with the STP protocol enabled device. the attacker can easily perform malicious task with the device which has STP protocol.
The changes in the STP are required to avoid the attacks in the network such as denial of service, man in middle.
Possible attacks on STP protocol
|
Objective of the attack
|
countermeasures
|
Trunk illegitimate
|
|
Disabling Dynamic trunk
|
STP spanning VLAN
|
Attack entire network through starts attack on one VLAN
|
Restriction of domain STP
Usage of Per VLAN
|
Participation of illegal spanning tree
BPDU bogus packets
Malicious frame sent to root bridge
|
Instability of network
Attacker realizes frames
Target for the following attacks such as Dos, MITM
|
Guard:BPDU
Guard: Root
|
Table 3 Different Attack
Best practices for guarding network from STP attacks.-
• Disabling Dynamic trunk port
• Restriction of domain STP Usage of Per VLAN
• Guard:BPDU
Guard: Root
Hierarchical network model
The model has 3 basic layers such as Access layer, distribution layer and core layer.
Access layer
The layer performs switching task
Distribution layer
The primary function of this layer is routing.
Core layer
The layer is the backbone of the network(Yu, 2011). The layer connects the network into large network.
Hierarchical model has the following benefits such as
• Management of network is easy
• Clear separation of problem section
The below diagram depicts the architecture of Hierarchical Network model:-
For the current scenario, Hierarchical Network model is the optimum option due to the following reasons such as
|
Flat Network design
|
Hierarchical Network design
|
Merits
|
Model used for small network with static nature
|
Model used for enterprise large network
|
|
Less scalability feature
|
High scalability feature
|
|
Stations : limited
|
Stations:unlimited
|
|
Single point failure
|
No single point failure
|
|
Flat architecture
|
3 layer architecture
|
Table 4 Flat vs Hierarchical Network
Strength of hierarchical model
• Good wiring
• Efficient usage of switches
• Space for the data center is adequate
• Redundancy is allowable to avoid single point failure
• Topology of network model is hybrid
• Network accessible as well as reliable
Access Layer
The layer provides devices connectivity at high speed. the access layer provides both wireless and wired connectivity(Yu, 2011). The connectivity can be achieved using the technologies such as Gigabit Ethernet.The switches are customer care, sales*&marketing, finance, legal,HR, IT, serverroom are exists in the access layer. The below diagram depicts VLAN architecture and the logical partition of physical switch into more than one logical switch.
Distribution layer
The layer has routers to forwards packets from one network into another. The layer has aggregation for of access layer switches in the network(Yu, 2011). The layer performs communication in between networks such as VLAN 10 to VLAN 20 and so on. The below diagram depicts the architecture of distribution layer.
Core layer
The layer has devices to connect the enterprise network environment with the outside environment. The core layer has multiple routers. The routers are aggregated into one single router. The router is connected with the public internet or cloud. The below diagram depicts the structure of core layer
2.3. Determine which security devices and software are needed to design this network and justify your selections.
Solution: Security devices and software needed to design the network and justification
IPS
(I) Intrusion (P) Prevention (S) system blocks the intruders and don't allow into the local network or system. The system suspects' intruders or malicious packets then IDS block those packets or request.
IDS
The next of the IPS is the detection system. The system performs monitoring and takes actions after detecting the malicious packets or activities. IPS and IDS system an work separately or together as security device.
Antivirus
The antivirus may be intrusion detection or intrusion prevention system or both. These software components are exists at the boundary of the system. It handles both threats such as internal and external.
Firewalls
Firewalls are implemented either in hardware or software or both. It is used to monitor and filter. It handles the threats those are external.
Intrusion Detection System
The proposed network design has the following security benefits such as :-
• Port sniffing is avoided through security of port or shutdown
• VLAN implementation divides the network into logical separations. The logical separation is useful for organization of resources(Somasundaram, 2018). The sensitive resources can be protected through denying access over the resources.
• The proposed network model is easy to troubleshooting issues
• With the use of Telnet service the network can accessed remotely using secure user credentials
• DHCP server used for managing IP address efficiently
Layer 2 and layer 3 redundancies
The switches are connected with the core switch. The above figure indicates that, the possibility to occur single point failure when the core switch goes down. The access layer switches are going down when the core switch goes down. To avoid such situation, redundancy is required for the network.
The above diagram depicts the application of redundancy in the network. The devices in the network considers alternate path, when one point gets down. Each device has multiple links. The devices are interconnected.
Redundancy leads to looping issue. Looping occurs when two devices trying to take the chance at same time. It affects the performance of the network. The alternate option of such scenario is the Spanning tree protocol. The protocol avoids redundancy.
Link aggregation
The task of combining multiple Ethernet links logically into one link for avoiding redundancy. The aggregation is used for load balancing(Somasundaram, 2018). Due to combing multiple physical links into one logical unit, the network management and troubleshooting is easy for network administrator. It provides reliability and available network. load balancing is performed well due to aggregation.
Redundancy: Layer 3
• The below diagram depicts the importance of layer 3 redundancy. Various protocols are used for achieving layer 3 redundancies such as OSPF,VRRP,HSRP,GLBP and so on.
2.4. Provide a suitable detailed Diagram of above Network Design including WAN connections.
Solution: Network design (WAN)
Advantages of WAN
• Unnecessary packets can filtered with the help of A-Access C-control L-list
• Broadcast domain can be reduced
• Redundancy can be supported to avoid single point failure
• Coordinating as well as routing traffic among different networks
• Support scalability feature
• Techniques are used to attain the requirements of users at the maximum
Task 3 Explain how QoS can be integrated in to Network security configurations
Solution: Integration of QoS into Network security configuration
The integration of quality if service and network security is the most important and both are at top level. Both are correlated with each other. Most of the real time applications require both at top level such as VoIP, Video conferencing, real time videos. These applications require quality of service as well as secure communication over the network.
The architecture of QoS is depicted below:-
Thrust areas of QoS in networks
• V-Video-on-D-demand VoD
• V-Voice o-over IP (VoIP)
• I-Internet P-Protocol T-television (IPTV),
• Stream media
• Video conferencing
• Online game
QoS is defined as in the network is the ability of the network to produces the services those are present in the SLA(Giovanni,2018). It allows service providers to offer different services with low capital investment. It allows utilizing the resources at maximum to increase the throughput of the network.
The following are the issues related with the QoS such as
• QoSR - QoS requested by customer or user. The users are mentionubg the quality of the expected service in terms of criteria. For example, the users are expecting to the service provider to offer internet speed at "XX" speed.
• QoS offered by the providers: These are the services those are offered by the service providers to their customers.
• In these cases the quality is measured using the quality expected by the customer and the quality provided by the providers.
• QoS parameters: The measurable parameters are used to measure the quality of the service such as in network bandwidth, speeds, delay of packet, loss of packet are the measure to measure the quality.
The sample network depicts the integration of network security and QoS and te following steps are followed such as :-
• Network creation
• Installation of QoS
• Measuring QoS
• Adding security in QoS parameters
• Measuring QoS parameters
The QoS is applied for the below network such as
Installation of QoS
• C-command L-line I-interface(CLI)
• M-modular Q-QOS C-command(MQC)
• C-Cisco C-configuration P-Professional(CCP)
• Automatic QOS
Measuring QoS
• From the parameters of QoS such as jitter, packet loss, throughput, packet loss and so on
• Analysis from user behaviour
• Algorithms used to estimate the measures such as arrival time of packet, packet loss rate
• numericalCalculations
Vlan Configuration in the router
Integration of Quality and Network security
They are various methods for joining Quality of service with Network security. In mobile Ad hoc quality of service is integrated with routing protocols. Layer 3 protocols can be integrated with the QoS. The following network integrates QoS with the tunnelling of VPN. In this method the packets are encapsulated with additional header information before going into tunnel.
The above diagram depicts the integration of QoS with the IP tunnelling. For this environment, QoS parameters will contain one of the security measures. The new QoS parameters are as follows delay, jitter, loss, reliability, throughput, bandwidth, and security
• Security is one of the vital parts in network. Without security, the services of the networks are not satisfied or accepted. The integration of security with the QoS is more important as well as adequate for nowadays.
Task 4 Undertake the testing of a network using a Test Plan
Develop test cases and test the above LAN and WAN designs to verify whether the design objectives are met.
Solution: Test cases and test
Testing :Host to host at VLAN 20
Name of test
|
Host to host
|
Target
|
For ensuring the connection between PC1 until PC20 through router 1
|
IP address :source
|
192.168.1.3
|
Destination IP address
|
IP
192.168.1.4, 192.168.2.6, 192.168.3.5, 192.168.4.8, 192.168.5.7, 192.168.6.9
|
Method
|
Ping test
|
Expected results
|
Source and destination pinged and successful
|
Comment
|
For enabling route route command such as ip maintained at router2
|
VLAN 30:Host to Host
Name of test
|
Host to host
|
Target
|
For ensuring the connection between PC1 until PC20 through router 3 at VLAN 30
|
IP address :source
|
192.168.1.2
|
Destination IP address
|
IP
192.168.1.10
|
Method
|
Ping test
|
Expected results
|
Source and destination pinged and successful
|
Comment
|
For enabling route route command such as ip maintained at router3
|
Table 5VLAN configuration
VLAN 40: functionalities of Router
Name of test
|
Functionality
|
Target
|
For ensuring the connection between router1, router2 as well as router 3
|
IP address :source
|
192.168.1.1
|
Destination IP address
|
IP
192.168.2.1, 192.168.3.1,
|
Method
|
Ping test
|
Expected results
|
Source and destination pinged and successful
|
Comment
|
For enabling route command such as ip maintained at router3 and router 1
|
Table 6VLAN 40 Configuration
4.2 Suggest how you can improve the performance and security of this network in the Future.
Solution: Suggestion to improve performance and security
The network designed using the Hierarchical Network Model or 3 layer network model. The model offer many features for successful implementation of network for the company EMC finance. The network management and troubleshooting are easy and efficient in Hierarchical Network Model. The hierarchical network model has 3 important layers such as access layers, distribution layer and core layer. The access layer has the switches and distribution layer routers to connect the devices are forwards the traffic from one network to another network. The core layer has aggregation device to aggregate the communication, links of the distribution layer devices. The core layer connect with the public network or WAN.
The architecture implemented for the company EMC achieves the basic security thorough VLAN concepts. The VLANs are separating the networks into various logical separations. From VLANs, the devices and sensitive resources are protected from the malicious attacks. The port access features are used to restrict as well as enable service to and from the ports. Different Access controls are set in VLAN environment.
To improve the performance of the network as well as security, the following suggestion are recommended for EMC such as :-
• Disabling Dynamic trunk port
• Restriction of domain STP Usage of Per VLAN
• Guard:BPDU
• Guard: Root
• Shutdown unused interface and ports
• Restriction of VLAN to use trunk port
• Disabling D-Dynamic T-Trunking P-Protocol -DTP for preventing from unauthorized negotiation of trunk link
• The following are the steps for performing security in switching at layer 2 such as
• Restriction of broadcast domains
• Security of STP S-Spanning T-Tree P-Protocol
• V-virtual R-routing and F-forwarding-VRF and V-Virtual P-Private N-Networks -VPN
• Integrating security as one of the parameter in QoS.
Conclusion
As introduction part, the report discussed the importance of network security in digital world. Internet is the vast growing field in socio economic world. The report presents various applications require network security. It includes the security principles and the corresponding network devices. It also demonstrates the cryptographic techniques such as symmetric encryption and asymmetric encryption. The importance of digital certificates and the application of digital certificates are presented in this report. The company EMC Finance is located at Kandy and the company has 8 branches. The company requires network to provide high performance as well as achieve high level of security. The recommended and implemented network model for the company is the Hierarchical Network model. The hierarchical network model offers various features to manage the network efficiently. The architecture of the model follows hierarchical topology. The troubleshooting is flexible in such architecture. The architecture uses VLAN to divide the network into logical groups. The logical groups are maintained securely with allocation ACL, port restriction, minimum usage if physical devices and son on. The architecture uses STP protocol. The protocol dies not have security or encryption features. Explicit mechanisms are required to efficiently utilize the benefits of SPT protocol. The network implemented with the security mechanism. In future, the company can invoke security as one of the QoS measure.
The company has 8 branches. The communication is required between the branch offices and head offices. Virtual Private Network is the next option for the company to increase their security for doing communication.