THE UNIVERSITY OF ZAMBIA

SCHOOL OF EDUCATION

DEPARTMENT OF LIBRARY STUDIES AND INFORMATION SCIENCE

ASSIGNMENT 1: NETWORKING

NAME : PRISCA MWABA CHISHIMBA

COMPUTER NO. : 2017013780

COURSE : ICT 1021: ASSIGNMENT 1: NETWORKING

LECTURER : DR. KACHAKA, C.

CONTACT INFORMATION:
Phone Number: 0961250696
Email Address: priscamwabachishimba@gmail.com
Due Date: Monday, April 30, 2018.
Introduction

Today, there is a considerably grand advancement in the area of Information and

Communication Technologies. Among others, networks have taken the lead in
communication technology. Loosely defined, a network is a group of computers and other
devices (such as printers) that are connected by some type of transmission media (Dean,
2013). Variations on the elements of a network and the way it is designed, however, are
nearly infinite. The idea of networks (use of various protocols, models and other
technologies) has made big organizations as well as individuals to input, process, store and
retrieve (share) data with ease. Computers are connected to the public network (the Internet).

Notably, the advent of networks has not come with advantages only; it is through such
electronic means of data sharing (even classified data or information) where most
Cybercrimes has become common. As aid in maintaining data integrity, security and the like,
algorithms have been designed to cushion such developments.

This paper will broadly respond to the questions surrounding the following: Network
Perimeter Security (NPS), TCP/IP and OSI models, and the IPv4 Datagram Structure.

To be specific, with the foregoing Cybercrimes such as identity theft, spoofing, phishing,
spying and so forth. The paper will give details of five technologies that can be deployed to
achieve Network Perimeter Security (NPS). The essay will also refer to the TCP/IP
(Transmission Control Protocol/Internet Protocol) and OSI (Open Systems Interconnection)
models and provide a sketch with comprehensive explanation to what the models are all
about and further give a comparison and contrast between the two models. Lastly, with help
of a diagram, an account of IPv4 Datagram Structure.

1. Five technologies you can deploy to achieve Network Perimeter Security (NPS)

As every country has an international boundary or perimeter, every private owned network
has a perimeter. The perimeter according to Ciampa (2012) and CISCO (2003) is the border
between one network and another, mostly the private network and the internet (public
network). Creating a security perimeter can be referred to as placing the necessary safeguards
at the entrance of a privately owned network to secure it from hackers and other types of
attacks. Just like countries put up checkpoints, fences, and security patrols to ensure that there
is control of people leaving the country or coming out of the country by any means possible.

Page 1 of 18
However, note that, no matter how firm security measured may be, attackers will always try
to find their way inside a network. Like the saying goes, “you cannot 100 percent protect
your network from hackers, but you can delay the hacker or defend your network.” Network
security therefore needs to guard networked computer systems and protect electronic data that
is either stored in networked computers or transmitted in the networks.

Various Network Perimeter Securities exist and there is none that can standalone and protect
the network, just like it would not be possible for one Emigration Officer to man different
exit and entry points to a country. Among the following five (05) technologies can be
deployed to help in securing network perimeter:

a. Firewall;
b. Intrusion Detection System (IDS);
c. Intrusion Prevention System (IPS);
d. Proxy Server and;
e. Anti-virus/malware Software

The security technologies can protect the private network from either inside or outside
violators.

a. Firewall

A firewall can be either hardware-based or host-based. A hardware-based firewall usually

means specialized network boxes, such as routers or switches, containing customized
hardware and software. This kind of firewall is often expensive, complicated and difficult to
configure. In contrast to a hardware-based firewall, a host-based firewall is easier to use for
individuals or small organizations. A host-based firewalls can be understood as a piece of
software running on an individual’s PC, notebook or host. It is designed to allow or restrict
data transferred on a network based on a set of rules. A firewall is used to protect a network
from intrusions and concurrently allow legitimate data pass through. Usually a firewall
should have at least two network traffics, one for private network and one for public network
activities such as the Internet. At that time it acts as a gate controlling outgoing/incoming data
streams of an intranet (Dean, 2013).

Technically a firewall should have these basic functions to add security features to the
network:

 Manage and control network traffic

Page 2 of 18
 Authentic access
 Resource Protection

Managing and Controlling Network Traffic

According to Reid and Lorenz (n.d) and Ciampa (2012), the first and most basic function
of a firewall is to control and manage traffic through a network. This means it should be
able to identify which data packets are coming through, which connection is established
and also be able to control those traffics in the system. A firewall can do this by
inspecting data packets and manage connection traffics. Base on the result of this
inspection, it will allow or deny access. Packet inspection is the process of handling data
in a packet to determine whether to permit or deny that packet based on access rules and
it should be executed on both incoming and outgoing traffics. The elements considered in
the inspection include IP addresses, ports, IP Protocol and packet header.

Authentication Access

The usage of packet filtering helps to restrict resource access from unexpected sources.
This can partly limit threats to the valuable resources. However, an intruder can fake an
IP address in a trustworthy network and then can have full access to the files and data, at
that moment one need an extra mechanism to improve the security (Dean, 2013). A
firewall provides access authentication to eliminate those mentioned threats.

Additionally, Ciampa (2012) outlines that the simplest mechanism for verification is
asking users for a username and password whenever they want to access the system.
Information about a username and password must be created first by an administrator on
that required server. When users want to access a certain server, that server will request
user to input username and password, then it will check whether users input is correct or
not. If it is correct, the server allows connection and vice versa, false input will be
rejected. This mechanism is not only for verification but also for applying privacy policy
on separate users (for example giving a user a read-only right in a Data directory but full
rights in a Shared directory).

The second authentication mechanism is using Certificate and Public Key. The benefit of
this mechanism compared to using a username and password is that it does not require
user’s intervention. Users are no longer needed to insert username and password
anymore. After that a system will create a Private/Public key pair (CISCO, 2003). This

Page 3 of 18
 method can be useful when deployed on a large scale. By using access authentication, a
firewall provides an extra method for ensuring a legitimate connection. Even when that
packet can bypass the packet inspection and filtering but it cannot be verified, it will also
be denied.

Resource Protection

The most important task of a firewall is to protect the network resources from outside
threats. Network resources can be local stations in the intranet, or mail servers and web
servers and uttermost important is business sensitive data. An administrator can apply
packet filtering, access authentication, using a Proxy Server or any extra methods to
protect the network (Reid and Lorenz (n.d.). However, an administrator should remember
that a firewall is not an absolute safety solution for network securities.

In terms of deployment, the diagram below shows a firewall in a network:

Source: Reid, A and Lorenz, J (n.d.). Working at a Small-to-Medium Business or ISP, CCNA
Discovery Learning Guide.

b. Intrusion Detection Systems (IDS)

Intrusion Detection Systems are other security technologies deployed in quest to achieve
Network Security Perimeter. Like the idea of the “border”, the road or route leading to the
country may have all sorts of emigrants, so it is important to detect suspicious emigration

Page 4 of 18
activities. In the real world, at the border, the Emigration Office may install CCTV (Closed
Circuit Television) cameras at the entrance and electronic sensors on its doors to monitor
attempts to enter the country.

In similar manner, a network administrator according to Tiwari et al (2017) might use

techniques to monitor and flag any unauthorized attempts to access an organization’s secured
network resources using an IDS.

By definition, an Intrusion Detection System is a software running on a dedicated IDS device

or on another device, such as a server or switch that also performs other functions. An
example of a free and open source IDS is Snort. Additionally, according to Ciampa (2012)
and Dean (2013) one technique that an IDS may use to monitor traffic travelling carried by a
switch is port is configured to send a copy of all its traffic to a second port on the switch. The
second port issues the copied traffic to a monitory program. Among other detections, the IDS
can be configured to detect many types of suspicious patterns, including those typical of
denial-of-service or smurf attacks, for example. In addition, for detecting unauthorized
attempts to access a network, its sensors are installed at the edge of the network, the places
where a protected network intersects with a public network.

The following diagram shows a diagrammatic presentation of an IDS mechanism:

Page 5 of 18
Source: Dean, T. (2013). Networking: Network + Guide to Networking 6th Edition.

c. Intrusion Prevention Systems (IPS)

In response to the changing threat landscape, Network Intrusion Prevention Systems was
developed to provide advanced protection beyond that offered by firewalls and Intrusion
Detection Systems. Firewalls and Intrusion Detection Systems provide security but do not
arrive the point that Intrusion Prevention System provides.

IPS is a new technology that provides security for computer systems with new features that
are effective in facing threats. Intrusion prevention system (IPS) considered the next step in
the evolution of intrusion detection system (IDS). It has ability to detect attacks whether
known or unknown, and prevent attack to complete the needed job successfully (Abdelkarim
and Nasereddim, 2011).

In addition, IPS is a network security device that monitors network and/or system activities
for unwanted behavior and can interacts to prevent those activities (Ciampa, 2012). The work
of an IPS in a network if often mixed with application-layer firewall. Firewall is a very
different type of technology for example firewall use full proxy features to decode and
reassemble packets in other hand not all IPS perform full proxy-like processing.

IPS can considered as important component in any IT system defense. There are many
reasons that IPS considered like that, among that it protect from denial of service attacks and
protect any weakness points in any software.

Page 6 of 18
The following diagram shows the mechanism used by an IPS in a Network:

Source: Dean, T. (2013). Networking: Network + Guide to Networking 6th Edition.

d. Proxy Server

A proxy server is a computer or an application program that intercepts a user request from the
internal secure network and then processes that request on behalf of the user. A proxy server
works as a shield, protecting and hiding computer from the outside network. The proxy server
sends and receives encapsulated packets from specific applications. Web browsers and e-mail
clients must be aware of a proxy on the network, as Internet access is typically funneled
solely through the proxy when one is present. The proxy service listens for traffic on a
particular port.

To be precise, the function of a proxy server acts as a connecting link between internal users
and an external host. It decides whether to obstruct of allow traffic based on rulest computer
on the provided by the proxy server administrator. The proxy server takes a request from an
internal computer and sends it to target computer on the internet (EC-Council, 2010) and

Page 7 of 18
CISO (2006). This is important because internal users of the network will be hidden and or
protected from outside networks.

The illustrations below shows the deployment and function of a proxy server:

Source: Ciampa, M (2012). Security + Guide to Network Security Fundamentals 4th Edition.

A Diagram to show how the proxy server works:

Page 8 of 18
Source: EC-Council (2010). Network Defense: Perimeter Defense Mechanisms.

e. Honeypots

Honeypots are a new technology with enormous potential for the Information Technology
community. The first concepts regarding them were introduced by various icons in
Information Security, such as those defined by Cliff Stoll in the book “The Cuckoo’s Egg”
(2002) and the works of Bill Cheswick, documented in the book “An Evening with Berferd”
(1997). Since then, those concepts have been in continuous evolution, developing in an
accelerated way and becoming a powerful security tool nowadays (Riebach, Rathgeb and
Tödtmann, 2005).

Honeypots are, in their most basic form, fake information severs strategically-positioned in a
test network, which are fed with false information disguised as files of classified nature. In
turn, these servers are initially configured in a way that is difficult, but not impossible, to
break into them by an attacker; exposing them deliberately and making them highly attractive
for a hacker in search of a target (Spitzner, 2002). Finally, the server is loaded with
monitoring and tracking tools so every step and trace of activity left by a hacker can be
recorded in a log, indicating those traces of activity in a detailed way.

The main functions of a Honeypot according to (Pouget and Holz, 2005) are:

 To divert the attention of the attacker from the real network, in a way that the main
information resources are not compromised.

Page 9 of 18
  To capture new viruses or worms for future study.
 To build attacker profiles in order to identify their preferred attack methods, similar to
criminal profiles used by law enforcement agencies in order to identify a criminal’s
modus operandi.
 To identify new vulnerabilities and risks of various operating systems, environments
and programs which are not thoroughly identified at the moment.

In a more advanced context, a group of Honeypots becomes a Honeynet, thus providing a

tool
that spans a wide group of possible threats that gives a systems administrator more
information for study. Moreover, it makes the attack more fascinating for the attacker
because Honeypots can increase the possibilities, targets and methods of attack.

The diagram below shows a typical deployment of a honeypot:

Source: Ciampa, M (2012). Security + Guide to Network Security Fundamentals 4th

Edition.

Page 10 of 18
2.
a. TCP/IP and OSI models
i. TCP/IP (Transmission Control Protocol)

TCP/IP specifies how data is exchanged over the internet by providing end-to- end
communications that identify how it should be broken into packets, addressed, transmitted,
routed and received at the destination. TCP/IP requires little central management, and it is
designed to make networks reliable, with the ability to recover automatically from the failure
of any device on the network (CISCO, 2006 and Dean, 2013).

The two main protocols in the internet protocol suite serve specific functions. TCP defines
how applications can create channels of communication across a network (Dean, 2013). It
also manages how a message is assembled into smaller packets before they are then
transmitted over the internet and reassembled in the right order at the destination address.

IP (Internet Protoscol) defines how to address and route each packet to make sure it reaches

the right destination. Each gateway computer on the network checks this IP address to
determine where to forward the message.

Page 11 of 18
TCP/IP layers:

Source: Carthern, et al (2015). Cisco Networks: Engineers’ Handbook of Routing, Switching,

and Security with IOS, NX-OS, and ASA.

TCP/IP functionality is divided into four layers, each of which include specific protocols,
according to Cathern et al (2015) and Dean (2013). The following are the layers of the
TCP/IP stack:

 The application layer provides applications with standardized data exchange. Its

protocols include the Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP),
Post Office Protocol 3 (POP3), Simple Mail Transfer Protocol (SMTP) and Simple
Network Management Protocol (SNMP).

 The transport layer is responsible for maintaining end-to-end communications across

the network. TCP handles communications between hosts and provides flow control,
multiplexing and reliability. The transport protocols include TCP and User Datagram
Protocol (UDP), which is sometimes used instead of TCP for special purposes.

 The network layer, also called the internet layer, deals with packets and connects
independent networks to transport the packets across network boundaries. The network
layer protocols are the IP and the Internet Control Message Protocol (ICMP), which is
used for error reporting.

Page 12 of 18
 The physical layer consists of protocols that operate only on a link -- the network
component that interconnects nodes or hosts in the network. The protocols in this layer
include Ethernet for local area networks (LANs) and the Address Resolution Protocol
(ARP).

ii. Comparison between OSI (Open Systems Interconnection) and TCP/IP

models

Source: Carthern, et al (2015). Cisco Networks: Engineers’ Handbook of Routing, Switching,

and Security with IOS, NX-OS, and ASA.

The OSI (Open Systems Interconnection) model breaks the function of the TCP/IP
application layer into separate distinct layers. The Upper three layers of the OSI model
specify the same functionality as the application layer of the TCP/IP model (Dean, 2013).

In addition, the TCP/IP protocol suite does not specify protocols for the physical network
interconnection. The two lower layers of the OSI model are concerned with access to the
physical network and the delivery of bits between hosts on a local network.

Page 13 of 18
b. IPv4 Datagram Structure

IPv4 (Internet Protocol Version 4) is the fourth revision of the Internet Protocol (IP) used to
identify devices on a network through an addressing system. The Internet Protocol is
designed for use in interconnected systems of packet-switched computer communication
networks.

It is the most widely deployed Internet protocol used to connect devices to the Internet. IPv4
uses a 32-bit address scheme allowing for a total of 2^32 addresses (just over 4 billion
addresses).  With the growth of the Internet, it is expected that the number of unused IPv4
addresses will eventually run out because every device -- including computers, smartphones
and game consoles -- that connects to the Internet requires an address (Ciampa, 2012).

The diagram below shows the IPv4 Datagram Structure

Source: Carthern, et al (2015). Cisco Networks: Engineers’ Handbook of Routing, Switching,

and Security with IOS, NX-OS, and ASA.

Page 14 of 18
Concisely, the IPv4 Datagram can be tabulated as follows:

Source: Carthern, et al (2015). Cisco Networks: Engineers’ Handbook of Routing, Switching,

and Security with IOS, NX-OS, and ASA.

Page 15 of 18
REFERENCES

Abdelkarim, A.A and Nasereddim, H.H.O, 2011, ‘Intrusion Prevention System’,

International Journal of Academic Research, Vol.3, no.1, Part II.

Cathern, C. et al. (2015). Cisco Networks: Engineers’ Handbook of Routing, Switching and
Security with IOS, NX-OS and ASA. New York: APress.

Ciampa, M (2012). Security + Guide to Network Security Fundamentals 4th Edition. Boston:
Cengage Learning.

CISCO (2003). Designing Perimeter Security, Volume 1. New York: CISCO.

CISCO (2006). Networking Fundamentals. New York: CISCO.

Dean, T. (2013). Networking: Network + Guide to Networking 6 th Edition. Boston: Course

Technology.

EC-Council (2010). Network Defense: Perimeter Defense Mechanisms. UK: Course

Technology Cengage Learning.

Pouget, F., & Holz, T. (2005). A pointillist approach for comparing honeypots”. In K. Julisch
& C. Kruegel (Eds.), Intrusion and malware detection and vulnerability assessment. Berlin /
Heidelberg: Springer.

Reid, A and Lorenz, J (n.d.). Working at a Small-to-Medium Business or ISP, CCNA

Discovery Learning Guide. New York: CISCO.

Riebach, S., Rathgeb, E. P and Tödtmann, B. (2005). Efficient deployment of honeynets for
statistical and forensic analysis of attacks from the Internet. In Proceedings from IFIP-TC6
Networking Conference 2005. Waterloo, Ontario, Canada.

Tiwari, M et al, 2017, ‘Intrusion Detection System’, International Journal of Technical

Research and Applications, e-ISSN: 2320-8163, www.ijtra.com, Vol.5, Issue 2, pp. 38-44.

Page 16 of 18