[NCC Global Assignment]

Student Name: Khant Sithu

NCC Education ID 207916
Number
Name of Center KBT001 - KBTC University (School of IT)
Unit Computer Network GA2
Course Title: Level 4 DC
Date: 26.1,2024

KBTC University Confidential 1

Table of Contents
Task 1................................................................................................................................3

a)................................................................................................................................................3

b)................................................................................................................................................5

Task 2................................................................................................................................7

a)................................................................................................................................................7

b)................................................................................................................................................9

Task 3..............................................................................................................................11

Task 4..............................................................................................................................16

Task 5..............................................................................................................................18

Task 6..............................................................................................................................20

REFERENCES.....................................................................................................................22

KBTC University Confidential 2

Task 1

a) Logical Topology

In networking, logical topology is a concept that describes the design of communication

mechanisms for each node in a network. The logical topology of a network can be
maintained and modified dynamically using network equipment such as switches and
routers. Unlike physical topology, which describes the physical connections between each
device in a network, logical topology is How data flows is determined by the logical topology.
In contrast, a physical topology consists of the way cables, network equipment, and wiring
are arranged. The two most widely used logical topologies are:

Bus topology

Bus topology, also known as backbone or bus topology, is a type of logical topology in which
all switches and nodes are connected to a single wire. Nodes are connected in half-duplex
fashion. Hosts in a bus topology are called stations. Multiple stations in the bus structure
have the capacity to receive network traffic and are equally selected to transmit traffic
throughout the network. Additionally, in a bus topology, the network is controlled by the bus
master, also known as carrier sense multiple access. If the bus topology is not working, a
node failure can affect the entire network if just one segment goes down.

Ring topology

Another logical topology is the ring topology, in which all nodes are connected to form a
circle. In a circular path, every node is connected to two other nodes. In this topology, when
a source node broadcasts a data packet, it is routed through each node until it reaches the
destination node. In a ring topology, data packets can travel in either one direction or two
directions. Local Area Network (LAN) and Wide Area Network (WAN) are the main networks
that use ring architecture.

KBTC University Confidential 3

 Figure-1(logical Topology)

KBTC University Confidential 4

b) Mesh Topology

The mesh topology is the most fault-tolerant topology available because it has multiple
connections. Each part of the network is directly connected to each other. There are two
kinds of mesh topologies: partial mesh and full mesh. The best topology for redundancy to
access any point failure is full mesh.

Full-mesh

A full mesh topology is complete when every node in the network has a circuit connecting it
to every other node. The most redundancy is created using a full mesh. This allows network
traffic to be routed to another node in the event of a node failure.

Advantages

Mesh topologies are the most error-prone topologies available because of the large number
of connections. Each element of the network is directly connected to every other element.
Following are the attributes of mesh topology: A mesh topology provides redundant links
throughout the network. Failure of a single node in the system does not affect network
availability, and this topology has robust characteristics to handle any situation. This network
cannot be shut down complete. Many routes to the destination can be chosen with this
topology, and extensive redundancy is included to maintain maximum uptime. It is a highly
distributed system that requires less infrastructure investment because there is no central
server managing the network.

Disadvantages

In addition to sending and receiving messages, each node must also act as a router, adding
to the complexity. As more nodes are added, administrators must ensure consistent latency
across all nodes to take advantage of the flexibility and scalability that this topology offers.
As a result, network planning becomes more difficult. Larger power demands arise because
all nodes share the load and must be constantly active.

KBTC University Confidential 5

 Figure-2(Full-mesh Topology)

KBTC University Confidential 6

Task 2

a) Network Operating System (NOS)

An operating system is that it serves as a user interface with computer hardware. Every day
we use operating systems on our devices that offer great graphical user interfaces (GUIs)
and many other features. Similarly, a network operating system (NOS) is software that
allows computers and other devices to connect to a network and share resources. Let's look
at the role played by a network operating system.

Network Infrastructure:

The logical and physical parts of a network, including servers, cabling, switches, and routers.

Communication Protocols:

Established guidelines and practices that networked devices follow when interacting with
each other. Common protocols include HTTP, UDP, TCP/IP, etc.

Network Management Tools:

Network device monitoring, configuration, and troubleshooting software and utilities. This
may include resource allocation, security management, and performance tracking tools.

Security Measures:

We have procedures and systems in place to ensure the privacy, availability and integrity of
data on our network. This involves putting in place access controls, firewalls, encryption, and
other security measures.

User Authentication and Access Control:

A mechanism that uses predetermined permissions to manage user access to network

resources and authenticate the user's identity.

KBTC University Confidential 7

Data Sharing and Resource Allocation:

A process that allows printers, data, and other resources to be shared over a network. This
entails effectively controlling resource allocation and overseeing access rights.

Scalability and Performance Optimization:

Technology that ensures that networks perform at their best as they age, adapting to
changes in demand and scale.

Advantages

Vendor Support:

Proprietary network operating systems often have specialized vendor support. This can help
you get updates, troubleshoot problems, and ensure the general stability of your network.

Integration with Vendor Hardware:

A common feature of proprietary systems is seamless integration with specific hardware

from the same vendor. This integration allows for optimized performance and compatibility.

Security Features:

Proprietary systems may include advanced security measures designed for specific
operating systems. Companies that provide system security often make significant
investments to prevent intrusions.

KBTC University Confidential 8

b) Issues of an enterprise network could face if they do not
update their NOS once it reaches End of Life (EoL)

Security Vulnerabilities:

Vulnerability to security flaws is one of the most serious problems. NOS will stop receiving
security updates and patches from the manufacturer upon its expiration. As a result, Network
security risks are constantly changing, hacking, It has become a desirable target for illegal
activities, including data breaches and illegal access.

Compliance Concerns:

Requirements for regulatory compliance apply to many different industries and

organizations. In relation to industry standards and laws, it is illegal to use an up-to-date
NOS . If sensitive data is involved; fine There may be penalties or other legal consequences.

Decreased Performance and Reliability:

As technology advances, newer NOS versions are often optimized for improved
performance, efficiency, and reliability. Running an outdated NOS may lead to decreased
network performance, compatibility issues with newer hardware and software, and a higher
likelihood of system failures or crashes.

Lack of Vendor Support:

When a NOS reaches EoL, the vendor typically ceases to provide official support, including
technical assistance and troubleshooting. Without vendor support, addressing issues or
resolving network-related problems becomes more challenging, potentially resulting in
prolonged downtime and increased frustration for IT teams.

KBTC University Confidential 9

Limited Features and Functionality:

Newer NOS versions often come with enhanced features, functionalities, and improvements
over their predecessors. By not updating to the latest version, an enterprise misses out on
advancements that could positively impact network management, security, and overall
efficiency. This may hinder the organization's ability to adopt new technologies and stay
competitive in a rapidly evolving digital landscape.

KBTC University Confidential 10

Task 3

A typical network design For an open plan office

Figure-
3(Office Network)

KBTC University Confidential 11

In a scenario with four network segments, you might need some or all of the following
interconnection devices:

Router:

A router is essential to connect various network segments. It can route communications

through various subnets and operate at the network layer, or Layer 3, of the OSI model.

Switch:

Switches are used to connect devices within the same network segment and operate at the
data link layer (Layer 2). Reduces network congestion and is effective for local traffic.

Firewall:

A firewall is necessary for network security. They can be deployed at the perimeter
separating different network segments to monitor and regulate incoming and outgoing
network traffic according to preset security standards.

Gateway:

Gateways can be used to connect different network topologies by converting between

different communication standards or network protocols. A segment of network services.
However, hubs are generally less efficient than switches.

Access Points:

To provide connectivity, a wireless access point is required if one or more network segments
include wireless devices.

KBTC University Confidential 12

Here are some common security considerations that are typically incorporated into the
design of an office network:

Firewalls:

Incoming and outgoing network traffic is monitored and controlled by the firewall using preset
security rules. This helps protect against various cyber threats and prevent unwanted
network access.

Intrusion Detection and Prevention Systems (IDPS):

IDPS is designed to detect and respond to malicious network activity. They can identify
potential security incidents; They can trigger automated responses to alert administrators
and delete or stop attacks.

Virtual Local Area Networks (VLANs):

The purpose of IDPS is to identify and address malicious network activity. to recognize
potential security incidents in them; Ability to set automated responses to notify
administrators and remove or stop threats.

Encryption:

Encryption methods such as SSL/TLS for Internet traffic can be used to protect data from
eavesdropping and man-in-the-middle attacks.

Access Control Lists (ACLs):

Access to network resources is managed through ACLs. You specify rules that specify what
operations are allowed on specific objects and which people or system processes are
allowed access to those objects.

KBTC University Confidential 13

Authentication and Authorization:

Leverage strong authentication technologies, such as multi-factor authentication (MFA), and

ensure employees are granted permissions to the extent necessary for their role in the
company.

Regular Software Updates and Patch Management:

Update all software and network hardware with the latest security updates to fix
vulnerabilities and protect against known attacks.

Security Awareness Training:

Train your employees on security best practices, including creating secure passwords,
detecting phishing activity, and quickly reporting security incidents.

Physical Security:

Train your employees on security best practices, including creating secure passwords,
detecting phishing activity, and quickly reporting security incidents.

Backup and Disaster Recovery:

Establish consistent data backups and a robust disaster recovery strategy to ensure data
accessibility in the event of unintentional deletion, hardware malfunction, or cyberattack.

Logging and Monitoring:

To identify strange or suspicious activity, set up a monitoring system and enable logging for
network devices. Check logs regularly for indications of possible security events.

KBTC University Confidential 14

Assumption about Network Design

Assumption about Network Traffic:

Assumptions can be made regarding the volume and nature of network traffic: the number of
users expected, the amount of data exchanged, and the types of applications used.

Assumption about Security Threats:

Assumptions about the types of security threats and risks the network may face; Based on
historical data or industry trends.

Assumption about Budget Constraints:

Budgetary assumptions may be made that may affect security protocol, software, and
hardware selection.

Assumption about Regulatory Compliance:

Assumptions that may impact network architecture and security measures due to regulatory
environment and compliance requirements.

KBTC University Confidential 15

Task 4

Virtual Private Network (VPN)

A virtual private network is known as a VPN. A technology known as a virtual private

network (VPN) establishes a secure, encrypted link over a less secure network,
such as the Internet. If you utilize a public network such as the Internet,
you can expand your private network using a virtual private network.
All the name suggests is that it is a “virtual private network”. This means that users
can access their local network from afar. We use tunneling technology to provide
a secure connection

Implementation of VPN within a Network:

Client VPN software

Client software is required for secure remote connections via VPN. Clients must be able
to run and access a variety of programs and services that users may wish to utilize,
including collaboration tools such as audio and video conferencing.

VPN infrastructure
Organizations should use specific VPN-aware routers and firewalls to allow authorized VPN
traffic to pass through and prevent undesirable, unauthorized third parties.
To facilitate this process, these VPN devices typically use blocklist technology
address and domain name filters.

VPN appliance, concentrator or server.

Incoming VPN traffic is processed and managed by VPN appliances, concentrators, and
servers. It also creates and maintains VPN sessions and user access to network resources.

KBTC University Confidential 16

Advantages:
Secure Connectivity:
A VPN allows you to establish a secure connection between remote users and your
corporate network. This reduces the chances of remote users being infected with malware
and prevents eavesdropping.

Access Control:
Users must authenticate before they can use a VPN to access resources on the corporate
network. This helps prevent illegal access to company assets.

Network Scalability:
VPNs allow organizations to easily connect distributed networks over the public Internet
using encrypted channels. This allows organizations to easily scale their networks while
treating them as a single private network.

Task 5

Difference between a hardware firewall and a software firewall

KBTC University Confidential 17
Hardware Firewall:
Implementation:
A hardware firewall is a tangible entity, often a specific piece of network equipment. It
controls and filters incoming and outgoing network traffic by operating between an internal
network and an external network.

Location:
It is typically located at the edge of the network, where the internal network meets the
Internet.

Functionality:
At the network layer, data packets are analyzed and decisions are made
based on port and IP address.

Advantages:
1.Hardware firewalls are designed for faster response times and can therefore withstand
higher traffic loads.
2.A firewall-only operating system reduces vulnerability to attack. As a result, security risks
are reduced.
3.A box that is kept separate from other network elements is easier to manage and doesn't
interfere with or slow down other programs.
4.A hardware firewall allows you to carefully manage the traffic that reaches your servers.
5.You can set specific rules for all types of traffic.

Drawbacks:
They can be more expensive to purchase and maintain. The complexity of configuration may
vary depending on your specific hardware firewall.

Software Firewall:
A specific type of computer software that runs on a computer or server is called a software
firewall. Depending on the software firewall you use, its primary function is to protect your
computer or server from outside efforts to control or gain access. It is also possible to set up
a software firewall to monitor unusual outbound requests.

KBTC University Confidential 18

Location:
It is set within a specific system.

Functionality:
They are placed on individual devices, such as computers and phones, to prevent users or
devices from accessing separate components of the network. Essentially, it inspects packets
before they occur to prevent illegal access.

Advantages:
1.Useful for banning specific websites.
2.You can monitor parental controls and juniors.
3.Simplicity of Maintenance
4.Useful for people at home
5.Assigning different levels of access and permissions to users is simple.

Drawbacks:
All systems require installation and upgrades. System is running too slowly. System
resources are exhausted.

Task 6

a) Regular Updates and Future-Proofing Technologies:

To ensure that your network design is scalable and future-proof for at least four years, the
following suggestions can be made:

KBTC University Confidential 19

Implement a modular and scalable architecture:

The modular design allows you to easily expand your network to add new devices or
services. Network Functions Virtualization (NFV), Software Defined Networking (SDN), and
virtualization are some of the technologies that can help achieve this. Decoupling network
services from hardware makes it simpler to expand and modify the network in response to
changing needs.

Consider bandwidth requirements:

Investigate your network's expected and actual bandwidth requirements. Make sure the
switches, routers, and links in your network infrastructure can handle the expected increase
in traffic. Consider utilizing high-capacity routers and switches with sufficient bandwidth and
port density. To accommodate future expansion, consider adding technologies such as link
aggregation (LACP) or upgrading to higher-speed interfaces (such as 10 Gbps or 40 Gbps).

Plan for network security and resilience:

As networks grow in size, they become more vulnerable to security breaches. Take strong
security measures, such as secure remote access methods, firewalls, and intrusion
detection and prevention systems (IDPS). To ensure high availability and resilience, also
consider implementing redundancy and failover measures. Cloned network devices, power
supplies, and connections are some examples of this.

These suggestions can help you create a network design that is future-proof and scalable for
at least four years. It is important to regularly review and update your architecture to adapt
your network design to changing business needs and technological advancements.

b) FIVE key aspects of my design that will secure the

network from common threats

Here are five key aspects:

Firewalls:

Implementing firewalls between network segments and at network boundaries can help filter
and block unauthorized access attempts. Additionally, a firewall with the ability to monitor
KBTC University Confidential 20
and manage network traffic can block the spread of viruses and block malicious connections.

Intrusion Detection and Prevention Systems (IDPS):

Recognizes violent and suspicious behavior. They have the ability to alert managers to
possible risks and take proactive action to stop or reduce them.

Secure Network Architecture:

Partitioning the network into distinct zones based on security requirements is a necessary
step in designing a secure network architecture. This limits hackers' ability to move laterally
and reduces the impact of security failures. Implementing DMZs, VLANs, and network
segmentation can improve network security.

Strong Authentication and Access Control:

You can prevent unauthorized access to your network by using strong authentication
methods, such as multi-factor authentication (MFA), and by strictly enforcing access control
restrictions. As a result, hackers are less likely to break into your network and switch to
another system.

Regular Patching and Updates:

It is important to update your operating system, software, and network devices with the latest
patches and upgrades to address known vulnerabilities. Applying patches often helps defend
against malware and attacks that target older software.

Malware:

Malicious software is software that is intentionally created to harm, disrupt, or gain

unauthorized access to a computer system. It can spread through a variety of channels,
including portable media, compromised websites, and email attachments. Malware has the
ability to spread throughout a network, stealing confidential data and carrying out further
attacks.

Phishing Attacks:
KBTC University Confidential 21
Phishing attacks involve tricking people into revealing personal information, such as login
passwords or bank account information, by pretending to be a trusted source. An attacker
can enter a network without authorization and, if successful, use it for nefarious purposes.

Insider Threats:

When someone with access to a network abuses their privileges or intentionally causes
damage, it is called an insider threat. This can include workers stealing confidential
information, intentionally installing malware, or negligently or maliciously putting network
security at risk.

Words count=2900

REFERENCES

Jain, S., 2023. www.geeksforgeeks.com. [Online]

Available at: https://www.geeksforgeeks.org/
[Accessed 26 Jan 2024].
JAiswal, S., 2023. www.javapoints.com. [Online]
Available at: https://www.javatpoint.com/
[Accessed 26 Jan 2024].
S.Gillis, A., 2023. www.techtarget.com. [Online]
Available at: https://www.techtarget.com/searchnetworking/definition/virtual-private-network
[Accessed 26 Jan 2024].

KBTC University Confidential 22

KBTC University Confidential 23