Professional Documents
Culture Documents
a)................................................................................................................................................3
b)................................................................................................................................................5
Task 2................................................................................................................................7
a)................................................................................................................................................7
b)................................................................................................................................................9
Task 3..............................................................................................................................11
Task 4..............................................................................................................................16
Task 5..............................................................................................................................18
Task 6..............................................................................................................................20
REFERENCES.....................................................................................................................22
a) Logical Topology
Bus topology
Bus topology, also known as backbone or bus topology, is a type of logical topology in which
all switches and nodes are connected to a single wire. Nodes are connected in half-duplex
fashion. Hosts in a bus topology are called stations. Multiple stations in the bus structure
have the capacity to receive network traffic and are equally selected to transmit traffic
throughout the network. Additionally, in a bus topology, the network is controlled by the bus
master, also known as carrier sense multiple access. If the bus topology is not working, a
node failure can affect the entire network if just one segment goes down.
Ring topology
Another logical topology is the ring topology, in which all nodes are connected to form a
circle. In a circular path, every node is connected to two other nodes. In this topology, when
a source node broadcasts a data packet, it is routed through each node until it reaches the
destination node. In a ring topology, data packets can travel in either one direction or two
directions. Local Area Network (LAN) and Wide Area Network (WAN) are the main networks
that use ring architecture.
The mesh topology is the most fault-tolerant topology available because it has multiple
connections. Each part of the network is directly connected to each other. There are two
kinds of mesh topologies: partial mesh and full mesh. The best topology for redundancy to
access any point failure is full mesh.
Full-mesh
A full mesh topology is complete when every node in the network has a circuit connecting it
to every other node. The most redundancy is created using a full mesh. This allows network
traffic to be routed to another node in the event of a node failure.
Advantages
Mesh topologies are the most error-prone topologies available because of the large number
of connections. Each element of the network is directly connected to every other element.
Following are the attributes of mesh topology: A mesh topology provides redundant links
throughout the network. Failure of a single node in the system does not affect network
availability, and this topology has robust characteristics to handle any situation. This network
cannot be shut down complete. Many routes to the destination can be chosen with this
topology, and extensive redundancy is included to maintain maximum uptime. It is a highly
distributed system that requires less infrastructure investment because there is no central
server managing the network.
Disadvantages
In addition to sending and receiving messages, each node must also act as a router, adding
to the complexity. As more nodes are added, administrators must ensure consistent latency
across all nodes to take advantage of the flexibility and scalability that this topology offers.
As a result, network planning becomes more difficult. Larger power demands arise because
all nodes share the load and must be constantly active.
An operating system is that it serves as a user interface with computer hardware. Every day
we use operating systems on our devices that offer great graphical user interfaces (GUIs)
and many other features. Similarly, a network operating system (NOS) is software that
allows computers and other devices to connect to a network and share resources. Let's look
at the role played by a network operating system.
Network Infrastructure:
The logical and physical parts of a network, including servers, cabling, switches, and routers.
Communication Protocols:
Established guidelines and practices that networked devices follow when interacting with
each other. Common protocols include HTTP, UDP, TCP/IP, etc.
Network device monitoring, configuration, and troubleshooting software and utilities. This
may include resource allocation, security management, and performance tracking tools.
Security Measures:
We have procedures and systems in place to ensure the privacy, availability and integrity of
data on our network. This involves putting in place access controls, firewalls, encryption, and
other security measures.
A process that allows printers, data, and other resources to be shared over a network. This
entails effectively controlling resource allocation and overseeing access rights.
Technology that ensures that networks perform at their best as they age, adapting to
changes in demand and scale.
Advantages
Vendor Support:
Proprietary network operating systems often have specialized vendor support. This can help
you get updates, troubleshoot problems, and ensure the general stability of your network.
Security Features:
Proprietary systems may include advanced security measures designed for specific
operating systems. Companies that provide system security often make significant
investments to prevent intrusions.
Security Vulnerabilities:
Vulnerability to security flaws is one of the most serious problems. NOS will stop receiving
security updates and patches from the manufacturer upon its expiration. As a result, Network
security risks are constantly changing, hacking, It has become a desirable target for illegal
activities, including data breaches and illegal access.
Compliance Concerns:
As technology advances, newer NOS versions are often optimized for improved
performance, efficiency, and reliability. Running an outdated NOS may lead to decreased
network performance, compatibility issues with newer hardware and software, and a higher
likelihood of system failures or crashes.
When a NOS reaches EoL, the vendor typically ceases to provide official support, including
technical assistance and troubleshooting. Without vendor support, addressing issues or
resolving network-related problems becomes more challenging, potentially resulting in
prolonged downtime and increased frustration for IT teams.
Newer NOS versions often come with enhanced features, functionalities, and improvements
over their predecessors. By not updating to the latest version, an enterprise misses out on
advancements that could positively impact network management, security, and overall
efficiency. This may hinder the organization's ability to adopt new technologies and stay
competitive in a rapidly evolving digital landscape.
Figure-
3(Office Network)
Router:
Switch:
Switches are used to connect devices within the same network segment and operate at the
data link layer (Layer 2). Reduces network congestion and is effective for local traffic.
Firewall:
A firewall is necessary for network security. They can be deployed at the perimeter
separating different network segments to monitor and regulate incoming and outgoing
network traffic according to preset security standards.
Gateway:
Access Points:
To provide connectivity, a wireless access point is required if one or more network segments
include wireless devices.
Firewalls:
Incoming and outgoing network traffic is monitored and controlled by the firewall using preset
security rules. This helps protect against various cyber threats and prevent unwanted
network access.
IDPS is designed to detect and respond to malicious network activity. They can identify
potential security incidents; They can trigger automated responses to alert administrators
and delete or stop attacks.
The purpose of IDPS is to identify and address malicious network activity. to recognize
potential security incidents in them; Ability to set automated responses to notify
administrators and remove or stop threats.
Encryption:
Encryption methods such as SSL/TLS for Internet traffic can be used to protect data from
eavesdropping and man-in-the-middle attacks.
Access to network resources is managed through ACLs. You specify rules that specify what
operations are allowed on specific objects and which people or system processes are
allowed access to those objects.
Update all software and network hardware with the latest security updates to fix
vulnerabilities and protect against known attacks.
Train your employees on security best practices, including creating secure passwords,
detecting phishing activity, and quickly reporting security incidents.
Physical Security:
Train your employees on security best practices, including creating secure passwords,
detecting phishing activity, and quickly reporting security incidents.
Establish consistent data backups and a robust disaster recovery strategy to ensure data
accessibility in the event of unintentional deletion, hardware malfunction, or cyberattack.
To identify strange or suspicious activity, set up a monitoring system and enable logging for
network devices. Check logs regularly for indications of possible security events.
Assumptions can be made regarding the volume and nature of network traffic: the number of
users expected, the amount of data exchanged, and the types of applications used.
Assumptions about the types of security threats and risks the network may face; Based on
historical data or industry trends.
Budgetary assumptions may be made that may affect security protocol, software, and
hardware selection.
Assumptions that may impact network architecture and security measures due to regulatory
environment and compliance requirements.
VPN infrastructure
Organizations should use specific VPN-aware routers and firewalls to allow authorized VPN
traffic to pass through and prevent undesirable, unauthorized third parties.
To facilitate this process, these VPN devices typically use blocklist technology
address and domain name filters.
Access Control:
Users must authenticate before they can use a VPN to access resources on the corporate
network. This helps prevent illegal access to company assets.
Network Scalability:
VPNs allow organizations to easily connect distributed networks over the public Internet
using encrypted channels. This allows organizations to easily scale their networks while
treating them as a single private network.
Task 5
Location:
It is typically located at the edge of the network, where the internal network meets the
Internet.
Functionality:
At the network layer, data packets are analyzed and decisions are made
based on port and IP address.
Advantages:
1.Hardware firewalls are designed for faster response times and can therefore withstand
higher traffic loads.
2.A firewall-only operating system reduces vulnerability to attack. As a result, security risks
are reduced.
3.A box that is kept separate from other network elements is easier to manage and doesn't
interfere with or slow down other programs.
4.A hardware firewall allows you to carefully manage the traffic that reaches your servers.
5.You can set specific rules for all types of traffic.
Drawbacks:
They can be more expensive to purchase and maintain. The complexity of configuration may
vary depending on your specific hardware firewall.
Software Firewall:
A specific type of computer software that runs on a computer or server is called a software
firewall. Depending on the software firewall you use, its primary function is to protect your
computer or server from outside efforts to control or gain access. It is also possible to set up
a software firewall to monitor unusual outbound requests.
Functionality:
They are placed on individual devices, such as computers and phones, to prevent users or
devices from accessing separate components of the network. Essentially, it inspects packets
before they occur to prevent illegal access.
Advantages:
1.Useful for banning specific websites.
2.You can monitor parental controls and juniors.
3.Simplicity of Maintenance
4.Useful for people at home
5.Assigning different levels of access and permissions to users is simple.
Drawbacks:
All systems require installation and upgrades. System is running too slowly. System
resources are exhausted.
Task 6
To ensure that your network design is scalable and future-proof for at least four years, the
following suggestions can be made:
The modular design allows you to easily expand your network to add new devices or
services. Network Functions Virtualization (NFV), Software Defined Networking (SDN), and
virtualization are some of the technologies that can help achieve this. Decoupling network
services from hardware makes it simpler to expand and modify the network in response to
changing needs.
Investigate your network's expected and actual bandwidth requirements. Make sure the
switches, routers, and links in your network infrastructure can handle the expected increase
in traffic. Consider utilizing high-capacity routers and switches with sufficient bandwidth and
port density. To accommodate future expansion, consider adding technologies such as link
aggregation (LACP) or upgrading to higher-speed interfaces (such as 10 Gbps or 40 Gbps).
As networks grow in size, they become more vulnerable to security breaches. Take strong
security measures, such as secure remote access methods, firewalls, and intrusion
detection and prevention systems (IDPS). To ensure high availability and resilience, also
consider implementing redundancy and failover measures. Cloned network devices, power
supplies, and connections are some examples of this.
These suggestions can help you create a network design that is future-proof and scalable for
at least four years. It is important to regularly review and update your architecture to adapt
your network design to changing business needs and technological advancements.
Firewalls:
Implementing firewalls between network segments and at network boundaries can help filter
and block unauthorized access attempts. Additionally, a firewall with the ability to monitor
KBTC University Confidential 20
and manage network traffic can block the spread of viruses and block malicious connections.
Recognizes violent and suspicious behavior. They have the ability to alert managers to
possible risks and take proactive action to stop or reduce them.
Partitioning the network into distinct zones based on security requirements is a necessary
step in designing a secure network architecture. This limits hackers' ability to move laterally
and reduces the impact of security failures. Implementing DMZs, VLANs, and network
segmentation can improve network security.
You can prevent unauthorized access to your network by using strong authentication
methods, such as multi-factor authentication (MFA), and by strictly enforcing access control
restrictions. As a result, hackers are less likely to break into your network and switch to
another system.
It is important to update your operating system, software, and network devices with the latest
patches and upgrades to address known vulnerabilities. Applying patches often helps defend
against malware and attacks that target older software.
Malware:
Phishing Attacks:
KBTC University Confidential 21
Phishing attacks involve tricking people into revealing personal information, such as login
passwords or bank account information, by pretending to be a trusted source. An attacker
can enter a network without authorization and, if successful, use it for nefarious purposes.
Insider Threats:
When someone with access to a network abuses their privileges or intentionally causes
damage, it is called an insider threat. This can include workers stealing confidential
information, intentionally installing malware, or negligently or maliciously putting network
security at risk.
Words count=2900
REFERENCES