Professional Documents
Culture Documents
NETWORK
SECURITY
PRABIN POUDEL
Network Security2018
Scenario I
NIC ASIA Bank has its antecedents in NIC Bank which was established on 21st July 1998. The Bank was rechristened
as NIC ASIA Bank after the merger of NIC Bank with Bank of Asia Nepal on 30th June 2013. This was a historic
merger in the annals of Nepalese financial landscape as the first of its kind merger between two successful commercial
banks in the country. Today, NIC ASIA has established itself as one of the most successful commercial banks in Nepal.
NIC ASIA Bank is now, one of the largest private sector commercial banks in the country in terms of capital base,
balance-sheet size, number of branches, ATM network and customer base. The Bank has 270 branches, 37 extension
counters, 22 branch less banking and 289 ATMs across Nepal with a network covering all major financial centers of
the country.
Recently bank has decided to open a provincial headquarter for control and management of operation and services in
PRABIN POUDEL / 2
Third Semester)
each province of Nepal. And you have been appointed as a Network Engineer in Provincial Headquarter of Karnali
Province. You have been given the responsibility of collecting and eliciting requirements, planning, designing and
implementing fully operational and functional secured network along with test plans. You need to document the test
plans, testing procedure, tested results along with expected results and actual outcome and provide fruitful
recommendations for further enhancement and bolstering of network security and finally present it in the form of report
to the CEO of your company.
Part 1
LO1 Examine Network Security principles, protocols and standards.
LO2 Design a secure network for a corporate environment.
Task A
Prepare a report covering the following topics:
1. Conduct a detailed analysis of Network Security principles and aspects covering devices needed to implement a
secured network.
2. Discussions of possible Network Security protocols and associated technologies that will enable a secure
network for the regional headquarter of State 5.
Task B
Design and implement a network prototype using a network simulator (or lab devices), which incorporates high levels
of Network Security features with the following requirements:
- Firewall configurations.
- Switches configurations.
- Routers configurations.
- Devices configurations.
- IP addressing.
- Subnetting, etc.
You also need to provide the following written material as a formal report:
1. A rationale about the selection of the networking devices for the prototype.
2. A detailed explanation of how the security protocols will work with IPv4 and IPv6.
Part 2
LO3 Configure Network Security measures for the corporate environment.
Task A
1. Discuss about various cryptographic types of Network Security and configure network security for the given
scenario selecting suitable appliances and encryption mechanism.
PRABIN POUDEL / 3
Third Semester)
2. Provide a manual for the implemented network security along with scripts/files/screenshots with comments.
3. Discuss what do you mean by Quality of Service in relation to Network Security Configuration and its need in
efficient network planning and implementation.
Task B
PRABIN POUDEL / 4
Third Semester)
P7 Create a Test Plan for your M4 Provide scripts /files / D3 Critically evaluate the design,
screenshots of the testing of your planning, configuration and testing
network.
network. of your network.
P8 Comprehensively test your
M5 Make some improvement
network using the devised Test Plan.
recommendations.
Note: Please access HN Global for additional resources support and reading for this unit. For further guidance and
support on report writing please refer to the Study Skills Unit on HN Global. Link to www.highernationals.com
Other Recommendations:
✓ It should be the student’s own work – plagiarism is unacceptable.
✓ Clarity of expression and structure are important features.
✓ Your work should be submitted as a well presented, word-processed document with headers and footers, and
headings and subheadings, both in hard and soft copies.
✓ You are expected to undertake research on this subject using books from the Library, and resources available
on the Internet.
✓ Any sources of information should be listed as references at the end of your document and these
sources should be referenced within the text of your document using APA referencing style ✓ Your report
should be illustrated with screen-prints, images, tables, charts and/or graphics.
✓ All assignments must be typed in Times New Roman, size 12, 1½ spacing.
I declare that all the work submitted for this assignment is my own work or, in the case of group work, the work of
myself and the other members of the group in which I worked, and that no part of it has been copied from any source. I
understand that if any part of the work submitted for this assignment is found to be plagiarized, none of the work
submitted will be allowed to count towards the assessment of the assignment.
Suman Koirala
PRABIN POUDEL / 5
Third Semester)
Brief Checked By: Signature: Date: 11 March 2020
Dhruba Babu Joshi
PRABIN POUDEL / 6
Third Semester)
Table of Contents
Section A................................................................................................................................................4
Introduction............................................................................................................................................4
Introduction........................................................................................................................................5
Confidentiality:...........................................................................................................................5
Integrity:......................................................................................................................................6
Availability:.................................................................................................................................6
Classifying Vulnerabilities.....................................................................................................................7
Classifying Countermeasures.................................................................................................................8
Administrative.............................................................................................................................8
Physical.......................................................................................................................................8
Logical.........................................................................................................................................8
Potential Attackers..............................................................................................................................9
Attack method..................................................................................................................................10
Reconnaissance............................................................................................................................10
Social engineering........................................................................................................................10
Privilege escalation......................................................................................................................11
Back Doors...................................................................................................................................11
Code Execution............................................................................................................................11
Attack Vectors..................................................................................................................................12
PRABIN POUDEL / 7
Third Semester)
PRABIN POUDEL / 8
Third Semester)
Network Security2018
Defense in depth...............................................................................................................................13
Separation of duties..........................................................................................................................13
Auditing............................................................................................................................................14
Router...............................................................................................................................................15
Hub...................................................................................................................................................15
Switch...............................................................................................................................................15
Multi-Layer Switch..........................................................................................................................16
Firewall.............................................................................................................................................16
Repeater............................................................................................................................................17
Bridges..............................................................................................................................................17
Wireless Devices..............................................................................................................................17
Load Balancer...................................................................................................................................17
VPN Connector................................................................................................................................18
Network Protocols................................................................................................................................18
Disk Encryption................................................................................................................................20
2. Integrity (Hashing)....................................................................................................................20
SHA1............................................................................................................................................21
PRABIN POUDEL / 9
Third Semester)
Network Security2018
SHA2............................................................................................................................................21
SHA3............................................................................................................................................21
Router Configuration........................................................................................................................23
PRABIN POUDEL / 10
Third Semester)
Network Security2018
Section A
Configure Network Security measures for the corporate environment. Prepare a report which
includes the following:
1. Configure Network Security for your network (within the Bank- NIC Asia) and discuss about
various cryptographic types of Network Security and configure network security for the given
scenario selecting suitable appliances and encryption mechanism.
2. Provide a manual for the implemented network security along with scripts/files/screenshots with
comments.
3. Discuss on Quality of Service (QoS) in relation to Network Security Configuration and its need in
efficient network planning and implementation.
Introduction
As the network Engineer of the NIC Asia bank of the Karnali province I have the responsibility to
make the full functional network system in the karnali branch where I have to design, implement
and needed to do some test plan whether the implemented system works as per the requirement of
the NIC Asia bank or not and at the end of the phase I have to demonstrate details about what I did in
the network system to make more secure and the robust in the form of report and submit to the CEO
of the bank of NIC Asia bank.
Taking about this task I need to explain the points that are going to include in the reports with
general concept of the network security. After describing the points that are going to take place in the
PRABIN POUDEL / 11
Third Semester)
Network Security2018
report need to describe the fundamentals of the network security by including the network security
and common network security threats. After that objectives of the network security with the cost
benefits analyses of security and gradually need to explain the vulnerabilities and their
countermeasures by observing the current network with some of the fundamental security principal
to design the network likewise need to elaborate the required network devices used in the NIC ASIA
Bank. At last the task will end with the conclusion where all the work done in this task will
summarized.
Introduction
As the requirement of the NIC bank need to create the full functional network system along with the
test plan where each and every aspects will checked and the connection between the head office and
this branch office need to be connected via remotely. Where at first I will design the network
topology by following the requirement of the NIC bank and after the approval I will visit the karnali
branch to implement the network in the bank. All the required resources like networking devices,
servers are already NIC bank team member will provide in the work place. I think the whole
implementation of full functional network system will be complete around in 2 month. Where all the
goals will identified and break down the scopes and stored in the GANNT chart and follow it to
accomplish the goals in the given time.
Confidentiality:
All the data are moved in the network or rest in the storage media like server, local
workstation, and cloud storage and so on. Confidentiality lies upon the security of the data or
prevent from the unauthorized access to the data. So in the network security data are
encrypted before it sending to the networks which will reduces the chance of accessibility
and can use different network for the confidential data transmission where also all the
confidential data can be encrypted before sending it to the networks.
PRABIN POUDEL / 12
Third Semester)
Network Security2018
Integrity:
All the data can only accessed by the authorized users and systems and only they can make
changes in those confidential data consider as the integrity for the data. Integrity of the data
maintains is failure if the data is corrupted.
Availability:
Availability terms lies upon the systems and data of the organization. When the data is
required for the authorized user and it cannot be available due to the DDOS attacks and the
failure of the network which impact for the organization will be significant and the users
who associated with the network as the business tool. The network failure will leads to the
loss of the organization revenue so the data needs to be available for 24 hours.
In the network design and systems the vulnerability is the main exploitable weakness for the
organization in technical environments. It can be identified in the operating systems, system designs,
applications and protocols and the most interesting obstacle is it is growing day by day with the
growth of the technology.
The main danger for an assets is consider as the threat. If any vulnerability lies upon the systems of
the organization and it is unknown to the users and administration that the threat is potential and not
realized yet. If someone tried to access in the network from various process and successfully
accessed or try to make adjustment of the network against the assets then the threat is realized. Those
particular who take the benefits of the vulnerability is describe as the malicious actors in the
technical term and the way they took to perform vulnerability attack known as the threat vector or
threat agent.
PRABIN POUDEL / 13
Third Semester)
Network Security2018
To somehow mitigate the latent risk as the safeguard consider as a countermeasure. So, vulnerability
are either eliminating or reducing by it and to exploit the risk at least reduces the possibility threat
agent. For example you have joined the new device in the network making it highly vulnerable and
if that device removed from the network and block all the data transmitting with others device then
you have successfully mitigated all of those upcoming vulnerability. You have completely removed
that device from the network so it cannot consider as the assets connected with the network: though
but it safer then to connect it.
We do not spend double money of the value of assets to make it secure because it will not make any
sense and it is just wastage of money. For example If you buy a new bike in $100 and you put some
security tools on it to make secure in $200 or attached the siren in $150 to make secure then it is just
a silly plan.
If you analyze the data and understand how worth those data are because all the data are equally
important but more valuable data like customers information and the account information are very
confidential data so , Treating (security) them need to be high then others data to make it safe.
Just accepting the risk (the all-or-nothing approach) is not really acceptable. Any how you have to
implement any security measures to mitigate with the risk. Moreover those similar security devices
like firewalls and intrusion prevention systems (IPS) by allowing cost benefits by protecting multiple
devices simultaneously. Always select appropriate security tools that can easily measure and mitigate
the risk by taking care of the budget but the main point is you cannot completely eliminate the risk
but you can find the way to mitigate with it or try to make it balance.
Classifying Vulnerabilities
Understanding the weak point of the network or systems in the organization or found the
vulnerabilities act on the systems of the networks will be the best way to neutralize the threats by
observing its impact in the system or networks. In the organization latent network vulnerabilities are
surrounded with the one or more following: -
Hardware Vulnerabilities
Physical access to network resources
Malicious software
Software vulnerabilities
Human factor
PRABIN POUDEL / 14
Third Semester)
Network Security2018
Policy flaws
Protocol weaknesses
Design errors
Misconfiguration
To know the threat better created the database by the production of network devices like Cisco and
others similar company categorized those threats in the public domain. There is the dictionary which
is based on the security vulnerabilities and exposure which was publicly known as the Common
vulnerabilities and exposures (CVE). Searching engines will help to search your query and help to
visit the websites as required of query which is also known as the National Vulnerabilities Database
which is standards-based vulnerability information of repository. (Using URL in the browser will not
be the best way to search the information by search it on your favorite search engine will avoid the
risk of the changing URL time to time).
Classifying Countermeasures
Recognizing the assets value and the act of the vulnerability inside the organization network or
systems will help you to make safer those assets from the threats against the vulnerability and also
can take the countermeasure of the successful attacks to reduce the risk. Some of the common
control methods used to implement the countermeasures are described below:-
Administrative
In Administrative all the written policies, procedures, guidelines and standards are consist. As
the example consider as the AUP (Acceptable Use Policy) where each users are agreed on the
network. For better understanding another example is Change Control Process where each
and every users need follow this process while changing any aspect of the networks. Also in
the administrative tools allow the background monitor to understand the user’s behaviors on
the network.
Physical
This is the security of physical devices like server networks, equipment’s and infrastructure.
Example: - physical control is the redundant system. (Backup planning for uninterruptable
power supply).
Logical
This types of countermeasures mostly known as the technical controls which includes
PRABIN POUDEL / 15
Third Semester)
Network Security2018
intrusion prevention systems, firewall, password, access list, VPN tunnel and more others.
All the countermeasures are not build equal and all the countermeasures purpose are not same but
working together with these above mention counter measures will allow you to prevent, detect,
correct, and recover, all while acting as a restrictive to a threat found in the system.
Potential Attackers
Each and every seconds in the world many attack are done by different actors with some purpose and
those attacks are done by making target of network resource, a section of critical infrastructure, or a
desired set of proprietary data. Instead of analyzing or making list of those dozen of attacks which
could arise vulnerable activities in networks so it’s better to begin by looking at the types of
antagonists that may behind the attacks:-
Criminals
Terrorist
Government agencies
Competitors
National States
Hackers
Disgruntled employees
Anyone with access to a computing device
Including the backer/cracker there are many terms used to recognize those individuals such as:-
script-kiddie, backtvisit, and the list goes on. As the security specialist of the network every
individuals have the responsibility to create the secure environment inside the network so for that
you need to have the clear vision about the actor behaviors for that having the clear concept about the
networking will help you to observe their behaviors but this statement did not support that every
individuals need to be hackers by creating the affecting way to arise vulnerability but having the
PRABIN POUDEL / 16
Third Semester)
Network Security2018
concept about those types of threats and attacks will make you aware and can took the best steps to
secure the networks.
Most of the attack are happen for the economical purpose and targeted the most reputed organization
whose status and welfare are high among the population, country and worldwide, So it will be easy
to black mail them by giving threat of deleting the data or changing it. Some of the attack are also
performed intendent and unintended by throwing their net wide and hurt organizations.
Taking example of the old days faced attacks are much simpler. Basically in that time have the
instructions of war dialing and things like that. Viruses facing in that time fairly new but it was all
about notoriety. In the late 1990’s and 2000s seen the increasing number of viruses and malwares
and it was about the fame.
Most of the attacks are done by making target of economic achievement from the targeted
organization by hacking their confidential data and erased those data from their systems and
demanding money to give back those data. Also may the growth of new technology as well as the
people graduate from this field lead to this activity. Also the attackers are being motivated by the
government or from the industrial companion.
Attack method
Attackers did not want to reveal their identity while creating vulnerable activity inside any networks
so they have several of techniques which help to hide their identity which are described below:-
Reconnaissance
This is the procedure to identifying the information about the networks also it include scanning the
network and figuring out the IP address of those networks with the related port open for them in
devices. This is the first step taken where identifying the details about the network and determine the
potential vulnerability.
Social engineering
It is the one of best and tough way to get access in the systems due the weakest vulnerability in the
secured systems (data, applications, devices, networks) such as the users. If the users are somehow
agree to reveal the information then it will be easier to the attackers by using the some of other
method of reconnaissance. Which are done through e-mail or misdirection of web page, which output
is while clicking those emails by users may reach those information to the attackers. Social
PRABIN POUDEL / 17
Third Semester)
Network Security2018
Phishing to the current links that looks like the valid and authentic resources to the user. When the
user click on those phishing links needs to reveal the confidential data like username and passwords.
Pharming is used to retrieve all the user confidential information through the customers URL to a
valid resources to the malicious one which will appear like valid and authentic to the user. After
clicking those URL by the user each and every click will extract all the confidential information from
the user.
Privilege escalation
It is the procedure where attackers will try to access in some level (Authorized or not) and achieving
even the greater level of access. For example: - Some way attackers get the user mode access in the
router and then uses a brute-force attack against the router, determining what the enable secret is for
privilege level 15 access.
Back Doors
If you achieve something that you are willing to achieve and work hard for that then you defiantly
want achieve more than that in less effort. Similarly once the attacks performed in the network
attackers want further access in the network probable in the easiest way. So the backdoor application
can installed inside the network for the further access or gaining the information required for the
further access.
Many of the backdoors application are installed by the users by clicking links without realizing that it
will be the network threat. Most of the backdoors application are consider as the virus or a worm but
often known as the malware.
Code Execution
When attackers get the access in any device of any organization or any individuals they can do
numerous actions toward the device. The types of the action is fully depended upon the level of
access that attacker has or can achieve and is relate with the permission allowed to the account
cooperated by the attacker. The availability of code execution with in the devices is the most
shattering actions available to an attackers. The code execution will leave the adverse impact in the
confidentiality (Attackers can view all the data available in the devices), Integrity (Can modify the
system configuration of the device by the attackers), Availability (Through the modification of the
PRABIN POUDEL / 18
Third Semester)
Network Security2018
Attack Vectors
Attackers can be anywhere may be inside the organization and outside of the organization but the
attackers inside the organization are more dangerous for the organization so now a days in the
corporate network BOYD rules are implemented to avoid the internal illegal interaction with the
data. BOYD stands for the “Bring your own device” which somehow avoid the users illegal
interaction with the data but some of the users through the curiosity they can also use the backdoor
application to interact with the data illegally so for that can implement security policy on the server
for the limited access to the each particular users. Which will not completely avoid the risk but open
the way of mitigating those risk.
Using the security policy without any granted by making compulsory authentication for user before
their devices connected to the network (For that can implement 802.1X and Cisco Access Control
Server [ACS]). Which means before connecting to the network user profiling are analyzed and only
gave the access in the network also can implement the Network Admission Control (NAC) or an
Identity Service Engine (ISE) to enforce such policy. In addition can implement more security policy
such as switch port (port security) and many more.
If this types of attack happen in the layer 2 then attackers spoof their mac address of the devices to be
on the similar LAN of the network to make them believe that the connecting device (attacker) is the
layer 2 address of its default gateway. This types of attacks are known as the ARP poisoning. All the
frames are traveling one device to others device through the switch at the layer 2 address where the
attacker also took place in that similar network. As the formality after receiving all the frames
attackers will forwarded all the frames to the correct destination so the sender and receiver will not
got any doubt that the third person was reviewing their data and easily attacker will see those frames
traveling between two devices. So to avoid this kind of risk can implement the Dynamic routing
protocol (ARP) inspection (DAI) on the switches to avoid the spoofing of the layer 2 address.
PRABIN POUDEL / 19
Third Semester)
Network Security2018
In the layer 3 the man in middle attack are performed where a rogue router being placed on the
network and then fooling the others routers into the new router has the best path to travel the frames.
This process will interrupt the flow of the network traffic through the rogue router and again
permitted to steal the network data. So these types of attacks are normalized by using routing
authentication protocols and filtering information from being advertised or learned on specific
interfaces.
The best way to secure the confidential transit data through the encryption methods. If you
implementing the plain text protocols for the management, such as: Telnet or HTTP then the attacker
who implemented the man in the middle attack can easily review all the plain text data packets and
as the output all the data passes through the attacker devices and review by the data packets
including the username and password that are used in the devices. So implementing management
protocols enables encryption all the data packets such as Secure Shell (SSH) and Hypertext
Transfer Protocol Secure (HTTPS) are consider as best approaches and implementing VPN
protection clear text sensitive data is also considered a best approach.
Defense in depth
In this security procedure suggest that security need to implement nearly every point of the network.
The principle to implement this option is that the single security technology fails, additional levels,
or mechanisms, of security are still in place to protect the data, applications, and devices on the
network.
Separation of duties
When you place each individual users in the same place then user might be much familiar with the
data of the organization and the chances of vulnerability increase so rotating all the employee as per
their duty day by day will can reduce the chances to create vulnerability inside the systems.
PRABIN POUDEL / 20
Third Semester)
Network Security2018
And also by using the security policy can divide the department and only allow the limited users in
each department also one department user cannot view the others department data which will reduce
the vulnerability somehow if some of them trying to create then they can addressed easily by using
the auditing features.
Auditing
This security option will allow to make the record about the activities done inside the network.
Mostly features of this will automatically adapt by the authentication, authorization, and accounting
(AAA). When some the activities done inside the network then those activities are record and send it
in the accounting server. When the separation-of-duties approach is used those who are trying to
make changes on the network cannot be able to have directly access and modify or delete the
accounting records which are kept in the accounting server.
PRABIN POUDEL / 21
Third Semester)
Network Security2018
frames one place to other place so few of the necessary devices to design the network are described
below:-
Router
Combining two or more networks of the organization in the one device called router. Router is used
figure out the best route that used for the transmission. It works in the network layer 3 of OSI model.
Hub
Having multiple ports in connectivity devices to connects computers known as the Hub. It accepts
data amplifies them and then broadcast it. During this process data traffic will increased. Now a
day’s switch are replacing the hubs. Which operate through Physical layer (Layer-1) of OSI model.
Used to data transferring.
Switch
It is the process that more than more devices connect for Connecting and sharing their features and
ability, which has certain rules, and limitation, which decided by the network provider or according
to the demand from the organization or user. It performs under OSI model layer 2 of data link.
PRABIN POUDEL / 22
Third Semester)
Network Security2018
Multi-Layer Switch
In the multilayer switch that perform under the higher layer of the OSI models. It can perform as the
switch and router in the very fast speed. To perform the routing in multi-layer switch used ASIC
hardware circuits. This varies from common switches, which dwell on a chip and utilize applications
running on it to play out their steering activities.
Firewall
Firewall used to restrict the incoming data packet as well as the outgoing data packet. It used to
control the network traffic flow in the private networks that arises from public networks. It works, as
the filter traffic to control the malicious packet traveling over the public network to private networks
to avoid the malicious packet in the private network. It used to operate to secure the private network
from incoming bugs as being the filter of the network. Basically controls the flow of the data traffic.
A HIDS investigates the activity to and from the particular PC on which the interruption
identification programming introduced. A host-based framework likewise can screen key framework
records and any endeavor to overwrite these documents.
Nevertheless, contingent upon the span of the system, either HIDS or NIDS conveyed. For example,
if the span of the system is little, at that point NIDS is normally less expensive to execute and it
requires less organization and preparing than HIDS. In any case, a HIDS is for the most part more
PRABIN POUDEL / 23
Third Semester)
Network Security2018
Repeater
In computerized correspondence frameworks, a repeater is a network device that gets an advanced
signal on an electromagnetic or optical transmission medium and recovers the signal along the
following leg of the medium. In electromagnetic media, repeaters defeat the weakening caused by
free-space electromagnetic-field difference or link misfortune. A progression of repeaters make
conceivable the expansion of a signal over a separation.
Bridges
A system connect joins two generally isolate PC systems to empower correspondence amongst them
and enable them to fill in as a solitary system. Extensions utilized with local area network (LANs) to
stretch out their range to cover bigger physical regions than the LAN can generally reach. Bridges
are common—but more insightful than—straightforward repeaters, which additionally expand
signals extend.
Bridges device examine approaching system activity and decide if to forward or dispose of it as per
its planned goal.
Wireless Devices
Wireless devices used to connect the network without wire or cable. The operation principles of the
wireless devices perform through the radio signals that transmitted from antenna routers and
switches that signals are grabbed by Wi-Fi recipients, such has PCs and mobile phones are prepared
with Wi-Fi recipients. Whenever the PC gets the signals within the scope of 100-150 feet for switch
it interface the gadget quickly. The scope of the Wi-Fi is relies on the earth, indoor or open-air
ranges. The Wi-Fi cards will read the signals and make a web association amongst client and system.
The speed of the gadget utilizing Wi-Fi association increments as the PC gets nearer to the
fundamental source and speed will be slow if Pc gets away from the device or the fundamental
source.
Load Balancer
To prohibit over loading in the networking Load balancer used to balance the server and virtual
machine with in the clustering to discard overflow any host and improved the performance. It
controlled the overloading by controlling as well as managing the trafficking in networks.
PRABIN POUDEL / 24
Third Semester)
Network Security2018
VPN Connector
VPN connectors used to give safely accessed to the private networks of organizations through the
public networks. It relays the security for the organization and made safe all the information of the
organization instead of accessing from the public networks. Site to site and Remote access VPN are
the types of the VPN. Also the reason behind to operate the VPN connectors are to make services
effective towards the organization, low costing and the main as I described above for the effective
security.
Network Protocols
1. Confidentiality (Encryption):-
In the confidentiality all the data are moved in the network and stored in the server or cloud.
So all the data can accessible globally from unauthorized person that’s way all the data are
encrypted and stored in the server or cloud also all the data moved in the network are
encrypted.
PRABIN POUDEL / 25
Third Semester)
Network Security2018
PRABIN POUDEL / 26
Third Semester)
Network Security2018
Disk Encryption
2. Integrity (Hashing)
“Hashing is known as the collection of the string characters converted in to the fixed length
value or the key that represent the original string.” ( Margaret Rouse, 2005) As per the
PRABIN POUDEL / 27
Third Semester)
Network Security2018
author hashing is the bundle of string character changed in to the fixed length value or the
key which represent the original string. Never the less in mine point of view it grouped all the
string character and transform in to the fixed length value or key which represent the original
string. It is used to index and retrieve all the required data from the database due to the it’s
faster nature to search the items using the shorter hashed key than to figure out it using the
original value. By the national institute of standard and technology introduced for generating
cryptographically secure one-way hash.
SHA1
It has the 160-bits obtain from the message with the minimum length of (264-1)bits and
resemble in to the md5 algorithms.
SHA2
With the different block size SHA-256, SHA-512 and which consist 32-bit and 64-bit words
respectively. It is the family of two similar functions.
SHA3
“It uses the sponge construction in which the message block are Xored in to the initial bit of
the state, which is then invertible permuted.” (HACERTEAM, n.d.)
3. Availability (Redundancy)
1 Combination of many function of the Splits the AAA function in to Different elements.
authorization and authentication Authentication is different from authorization and both of
together. Also has the detailed them are different from accounting.
accounting capability when
accounting is configured for use.
PRABIN POUDEL / 28
Third Semester)
Network Security2018
4 In terms confidentiality only the All the collection of packets in the frame are encrypted
password is encrypted with regard to among the ACS server and the router (which is the
packets sent back and forth between client)
the ACS server and the router.
5 No explicit command authorization This is supported, and the rules are defined on the ACS
inspection rules can be applied. server about which commands are allowed or disallowed.
1. Remotely VPN:-
Remotely VPN allows to the admin or user to connect the private network over the public
networks securely from any place. It is the connection between the public network and
private network so it may bring few obstacles which will prevent by the remotely VPN in
secured way and makes it private. It is useful to the business as well as the home users too. A
corporate employee used the remotely VPN to access in their network while they traveling.
Home and other private users use this VPN to access the blocked sites.
2.
PRABIN POUDEL / 29
Third Semester)
Network Security2018
Router Configuration
Test Carried:- Router Configuration (Giving the Router Name )
PRABIN POUDEL / 30
Third Semester)
Network Security2018
3 Type configure
terminal and press
enter and insert in
global configuration
mode where you can
give the router name
using the hostname
keyword.
PRABIN POUDEL / 31
Third Semester)
Network Security2018
PRABIN POUDEL / 32
Third Semester)
Network Security2018
PRABIN POUDEL / 33
Third Semester)
Network Security2018
Actual Output:- As expecting implemented script allow to assigin IP address on the selected
interface.
Expected output:- Used script should allow the given name to the switch
PRABIN POUDEL / 34
Third Semester)
Network Security2018
1 Go to the global
configuration mode as
like router.
Switch Configuration
1 Go to the global
configuration mode.
PRABIN POUDEL / 35
Third Semester)
Network Security2018
1 Go to the global
configuration mode.
PRABIN POUDEL / 36
Third Semester)
Network Security2018
Expected output:- Privileged exec mode need to be secured by asking the password.
PRABIN POUDEL / 37
Third Semester)
Network Security2018
1 Go to the global
configuration mode.
4 Strat it from by
typing enable then it
will asked the
password.
Actual Output:- As expected while trying to access in the priviliged mode it asked for the password.
PRABIN POUDEL / 38
Third Semester)
Network Security2018
Actual Output:- As expected after executing the query it show the status active from head quarter to
branch office connection.
Test Carried:- Site to site VPN (Tseting ISKMP policy whether it is working or not.)
PRABIN POUDEL / 39
Third Semester)
Network Security2018
Actual Output:- As expected after executing the query it show the status active from branch office
to head quarter connection.
PRABIN POUDEL / 40
Third Semester)
Network Security2018
1 At first pinging
from head quarter
pc to branch office
pc to analyze it is
working or not.
Actual Output:- As expected Sucessfully pinged from head quarter pc to branch office pc.
PRABIN POUDEL / 41
Third Semester)
Network Security2018
1 At first pinging
from branch office
pc to head quarter
pc to analyze it is
working or not.
Actual Output:- As expected Sucessfully pinged from branch office pc to head quarter pc.
PRABIN POUDEL / 42
Third Semester)
Network Security2018
1 Now after
executing the
crypto ipsec script
it need to show all
the encrypt and
decrypt packets
while pinging.
Actual Output:- As expected it show the all in encrypted and decrypted number of packets.
PRABIN POUDEL / 43
Third Semester)
Network Security2018
1 Now after
executing the
crypto ipsec script
it need to show all
the encrypt and
decrypt packets
while pinging.
Actual Output:- As expected it show the all in encrypted and decrypted number of packets.
Test Carried:- Site to site VPN (Testing crypto mapping for IPSEC)
PRABIN POUDEL / 44
Third Semester)
Network Security2018
1 Head quarter to
branch office pc’s
respectively need to
ping and after that
while executing the
crypto ipsec s then
need to upgrade
encrypt and decrypt
packets number
from the above
testing numbers
Test Carried:- Site to site VPN (Testing crypto mapping for IPSEC)
PRABIN POUDEL / 45
Third Semester)
Network Security2018
1 Branch office to
head quater pc’s
respectively need to
ping and after that
while executing the
crypto ipsec s then
need to upgrade
encrypt and decrypt
packets number
from the above
testing numbers
Test Carried:- Site to site VPN (Testing crypto mapping for IPSEC)
1 Head Quarters to
Branch Office pc’s
respectively need to
ping and after that
while executing the
crypto ipsec s then
need to upgrade
encrypt and decrypt
packets number
from the above
testing numbers
PRABIN POUDEL / 46
Third Semester)
Network Security2018
Actual Output:- As expected after pinging twicely the number of enacrypted and decrypted number
inacrases respectively.
PRABIN POUDEL / 47
Third Semester)