1

Student Declaration

I confirm the following details:

khant Sithu
Candidate Name:

207916
Candidate ID Number:

Qualification: level 4 DC

Computer Network GA2

Unit:

KBT001-KBTC University (School of IT)

Centre:

I have read and understood both NCC Education’s Academic Misconduct Policy and the
Referencing and Bibliographies document. To the best of my knowledge my work has been
accurately referenced and all sources cited correctly.

I confirm that this is my own work and that I have not colluded or plagiarised any part of it.

Candidate Signature:

26.1.2024
Date:

2
 Content

Table of Contents
Task 1...........................................................................................................................................1
a)...........................................................................................................................................................1
b)...........................................................................................................................................................3
Task 2...........................................................................................................................................5
a)...........................................................................................................................................................5
b)...........................................................................................................................................................7
Task 3...........................................................................................................................................9
Task 4.........................................................................................................................................15
Task 5.........................................................................................................................................17
Task 6.........................................................................................................................................19

3
Task 1

a) Explain the term ‘Logical Topology’. You must provide a diagram to illustrate your answer.

In networking, logical topology is a concept that describes the design of communication

mechanisms for each node in a network. The logical topology of a network can be maintained and
modified dynamically using network equipment such as switches and routers. Unlike physical
topology, which describes the physical connections between each device in a network, logical
topology is How data flows is determined by the logical topology. In contrast, a physical topology
consists of the way cables, network equipment, and wiring are arranged. The two most widely used
logical topologies are:

Bus topology

Bus topology, also known as backbone or bus topology, is a type of logical topology in which all
switches and nodes are connected to a single wire. Nodes are connected in half-duplex fashion.
Hosts in a bus topology are called stations. Multiple stations in the bus structure have the capacity
to receive network traffic and are equally selected to transmit traffic throughout the network.
Additionally, in a bus topology, the network is controlled by the bus master, also known as carrier
sense multiple access. If the bus topology is not working, a node failure can affect the entire
network if just one segment goes down.

Ring topology

Another logical topology is the ring topology, in which all nodes are connected to form a circle. In a
circular path, every node is connected to two other nodes. In this topology, when a source node
broadcasts a data packet, it is routed through each node until it reaches the destination node. In a
ring topology, data packets can travel in either one direction or two directions. Local Area Network
(LAN) and Wide Area Network (WAN) are the main networks that use ring architecture.

1
 Figure-1(logical Topology)

2
b) Discuss what topology would provide the best redundancy should any access points fail. You
must provide a diagram to illustrate your answer.

The mesh topology is the most fault-tolerant topology available because it has multiple connections.
Each part of the network is directly connected to each other. There are two kinds of mesh
topologies: partial mesh and full mesh. The best topology for redundancy to access any point failure
is full mesh.

Full-mesh

A full mesh topology is complete when every node in the network has a circuit connecting it to every
other node. The most redundancy is created using a full mesh. This allows network traffic to be
routed to another node in the event of a node failure.

Advantages

A mesh topology has multiple connections, making it the most fault tolerant topology available.
Every component of the network is connected directly to every other component. Characteristics of
a mesh topology are as follows: A mesh topology provides redundant links across the network.
Failure of a single node in the system does not affect network availability, and this topology has
robust characteristics to handle any situation. This network cannot be shut down complete. Many
routes to the destination can be chosen with this topology, and extensive redundancy is included to
maintain maximum uptime. It is a highly distributed system that requires less infrastructure
investment because there is no central server managing the network.

Disadvantages

In addition to sending and receiving messages, each node must also act as a router, adding to the
complexity. As more nodes are added, administrators must ensure consistent latency across all
nodes to take advantage of the flexibility and scalability that this topology offers. As a result,
network planning becomes more difficult. Larger power demands arise because all nodes share the
load and must be constantly active.

3
 Figure-2(Full-mesh Topology)

4
Task 2

a) Explain the term ‘Network Operating System’ (NOS). In your answer, you must discuss the
advantages or disadvantages of using a proprietary NOS or an open- source NOS. You should
provide a maximum of THREE (3) advantages or disadvantages. You must also provide TWO (2)
named examples of Network Operating Systems.

A network operating system is a complete set of procedures, instructions, and tools that work
together to control how a computer network is managed, operated, and maintained. Microsoft
windows server and Mac OS X are some of Network Operation Systems.

Network Infrastructure:

The logical and physical parts of a network, including servers, cabling, switches, and routers.

Communication Protocols:

Established guidelines and practices that networked devices follow when interacting with each
other. Common protocols include HTTP, UDP, TCP/IP, etc.

Network Management Tools:

Network device monitoring, configuration, and troubleshooting software and utilities. This may
include resource allocation, security management, and performance tracking tools.

Security Measures:

We have procedures and systems in place to ensure the privacy, availability and integrity of data on
our network. This involves putting in place access controls, firewalls, encryption, and other security
measures.

5
User Authentication and Access Control:

A mechanism that uses predetermined permissions to manage user access to network resources
and authenticate the user's identity.

Data Sharing and Resource Allocation:

A process that allows printers, data, and other resources to be shared over a network. This entails
effectively controlling resource allocation and overseeing access rights.

Scalability and Performance Optimization:

Technology that ensures that networks perform at their best as they age, adapting to changes in
demand and scale.

Advantages

Vendor Support:

Proprietary network operating systems often have specialized vendor support. This can help you
get updates, troubleshoot problems, and ensure the general stability of your network.

Integration with Vendor Hardware:

A common feature of proprietary systems is seamless integration with specific hardware from the
same vendor. This integration allows for optimized performance and compatibility.

Security Features:

Proprietary systems may include advanced security measures designed for specific operating
systems. Companies that provide system security often make significant investments to prevent
intrusions.

6
b) Explain what issues an enterprise network could face if they do not update their NOS once it
reaches End of Life (EoL) .You should provide a minimum of FIVE (5) issues.

Enterprise networks can face a number of issues and difficulties if they continue to use network
operation end of life (EoL). Possible problems include:

Security Vulnerabilities:

One of the most critical issues is the exposure to security vulnerabilities. When a NOS reaches its
EoL, it no longer receives security updates and patches from the vendor. This leaves the network
susceptible to new and evolving security threats, making it an attractive target for malicious
activities such as cyberattacks, data breaches, and unauthorized access.

Compliance Concerns:

Many industries and organizations are subject to regulatory compliance requirements. Using an
outdated NOS might result in non-compliance with industry standards and regulations. This could
lead to legal consequences, fines, or other penalties, especially if sensitive data is involved.

Decreased Performance and Reliability:

As technology advances, newer NOS versions are often optimized for improved performance,
efficiency, and reliability. Running an outdated NOS may lead to decreased network performance,
compatibility issues with newer hardware and software, and a higher likelihood of system failures or
crashes.

Lack of Vendor Support:

When a NOS reaches EoL, the vendor typically ceases to provide official support, including
technical assistance and troubleshooting. Without vendor support, addressing issues or resolving
network-related problems becomes more challenging, potentially resulting in prolonged downtime
and increased frustration for IT teams.

Limited Features and Functionality:

7
Newer NOS versions often come with enhanced features, functionalities, and improvements over
their predecessors. By not updating to the latest version, an enterprise misses out on
advancements that could positively impact network management, security, and overall efficiency.
This may hinder the organization's ability to adopt new technologies and stay competitive in a
rapidly evolving digital landscape.

8
Task 3

Draw a logical network diagram to illustrate a typical network design for an open plan office that
must allow access for TWO HUNDRED (200) users.

The network should be wireless where possible and implement technology to ensure smooth
working as an employee moves around the office space freely.

IT has asked to have a separate network for the following teams:

 HR and Finance
 Management
 IT

All other users can be connected to a shared presence. Within the design, you must:

 Label each component in your diagram clearly – IP Scheme with Subnet Mask, Name,
interconnection devices etc.
 Allocate suitable IPv4 based IP address schemes (IP Address & Subnet mask) for:

o A network segment for up to TWO HUNDRED (200) unique IP addresses for

each member of staff.

o A network segment for HR and Finance with THIRTY (30) unique IP

addresses for each member of staff.

o A network segment for Management with TEN (10) unique IP addresses for

each member of staff.

o A network segment for IT with FORTY-FIVE (45) unique IP addresses for

each member of staff.

 Identify any interconnection devices needed to allow communication between the above
FOUR (4) network segments.
 Identify any security considerations put into place within the design of the network.
 Note any assumptions made by yourself in the network design.

9
 Figure-3(Office Network)

10
In a scenario with four network segments, you might need some or all of the following
interconnection devices:

Router:

A router is essential to connect various network segments. It can route communications through
various subnets and operate at the network layer, or Layer 3, of the OSI model.

Switch:

Switches are used to connect devices within the same network segment and operate at the data
link layer (Layer 2). Reduces network congestion and is effective for local traffic.

Firewall:

A firewall is necessary for network security. They can be deployed at the perimeter separating
different network segments to monitor and regulate incoming and outgoing network traffic according
to preset security standards.

Gateway:

Gateways can be used to connect different network topologies by converting between different
communication standards or network protocols. A segment of network services. However, hubs are
generally less efficient than switches.

Access Points:

To provide connectivity, a wireless access point is required if one or more network segments
include wireless devices.

11
Here are some common security considerations that are typically incorporated into the design of an
office network:

Firewalls:

Incoming and outgoing network traffic is monitored and controlled by the firewall using preset
security rules. This helps protect against various cyber threats and prevent unwanted network
access.

Intrusion Detection and Prevention Systems (IDPS):

IDPS is designed to recognize and respond to harmful network activity. They have the ability to
recognize security events that may occur, notify administrators of them, and take automatic actions
to neutralize or block threats.

Virtual Local Area Networks (VLANs):

To improve network security, VLANs are used to divide the network into multiple broadcast
domains. Without proper configuration, devices on one VLAN typically cannot connect directly to
devices on another VLAN.

Encryption:

Data in transit can be protected by implementing encryption protocols, such as SSL/TLS for online
traffic, to prevent man-in-the-middle attacks and eavesdropping.

Access Control Lists (ACLs):

Access to network resources is managed through ACLs. You specify rules that specify what
operations are allowed on specific objects and which people or system processes are allowed
access to those objects.

12
Authentication and Authorization:

Leverage strong authentication technologies, such as multi-factor authentication (MFA), and ensure
employees are granted permissions to the extent necessary for their role in the company.

Regular Software Updates and Patch Management:

Update all software and network hardware with the latest security updates to fix vulnerabilities and
protect against known attacks.

Security Awareness Training:

Train your employees on security best practices, including creating secure passwords, detecting
phishing activity, and quickly reporting security incidents.

Physical Security:

Train your employees on security best practices, including creating secure passwords, detecting
phishing activity, and quickly reporting security incidents.

Backup and Disaster Recovery:

Establish consistent data backups and a robust disaster recovery strategy to ensure data
accessibility in the event of unintentional deletion, hardware malfunction, or cyberattack.

Logging and Monitoring:

To identify strange or suspicious activity, set up a monitoring system and enable logging for
network devices. Check logs regularly for indications of possible security events.

13
Assumption about Network Design

Assumption about Network Traffic:

Assumptions can be made regarding the volume and nature of network traffic: the number of users
expected, the amount of data exchanged, and the types of applications used.

Assumption about Security Threats:

Assumptions about the types of security threats and risks the network may face; Based on historical
data or industry trends.

Assumption about Budget Constraints:

Budgetary assumptions may be made that may affect security protocol, software, and hardware
selection.

Assumption about Regulatory Compliance:

Assumptions that may impact network architecture and security measures due to regulatory
environment and compliance requirements.

14
Task 4

Explain what a ‘VPN’ is and how it can be implemented within a network. Discuss FOUR (4) advantages or
disadvantages of implementing a VPN for an enterprise with staff working from various locations in the UK.

Virtual Private Network (VPN):

Users can access private networks from afar as if they were physically there, thanks to a
technology called a virtual private network (VPN), which creates a secure, encrypted connection
over the Internet. A VPN provides security and privacy by encrypting the data flow between your
device and the VPN server.

Implementation of VPN within a Network:

Protocols and Encryption:

PPTP, L2TP/IPsec, SSTP, and OpenVPN are just some of the protocols VPNs use to create secure
connections. These protocols ensure data integrity and confidentiality. Security in information
transmission is often achieved using encryption methods such as AES.

Authentication:

VPNs use passwords, digital certificates, and usernames to verify your identity and ensure that only
authorized people have access to your network.

VPN Clients and Servers:

Your device is equipped with a VPN client, and your business network hosts the VPN server. Data
is transmitted through a secure tunnel that is created when a client and server connect. To do this,
you can use special VPN software or an operating system with built-in VPN functionality.

Tunneling:

15
The foundation of a VPN is the idea of tunneling. Data is encapsulated in a secure “tunnel” and
transmitted between the corporate network and user devices.
Advantages of Implementing a VPN for an Enterprise:

Advantages:
Enhanced Security:
Using a virtual private network (VPN) protects your data from prying eyes by encrypting it. Workers
use public networks; This is especially important when using coffee shops or airport Wi-Fi to access
private information.

Remote Access and Flexibility:

They can work remotely from anywhere with an internet connection because a VPN allows
employees to remotely access the company network.

Cost Savings:

VPNs can result in cost savings by eliminating the requirement for expensive private networks or
specialized leased lines.

Geographical Bypass:

VPN users can avoid location-based content restrictions. This can be advantageous for global
organizations as employees can access information or services relevant to their location as if they
were physically present in that location.

16
Task 5

Explain the difference between a hardware firewall and a software firewall. You should provide FIVE (5)
advantages or disadvantages for each firewall.

The primary difference between a hardware and a software firewall lies in their implementation and
the layer of the network they operate on. Here's an explanation of each:

Hardware Firewall:
Implementation:
A hardware firewall is a tangible entity, often a specific piece of network equipment. It sits between
an internal network and an external network to filter and regulate incoming and outgoing traffic.

Location:
It is typically located at the edge of the network, where the internal network meets the Internet.

Functionality:
At the network layer, data packets are analyzed and decisions are made
based on port and IP address.

Advantages:
1. Dedicated hardware firewalls are made specifically for network security.
2. Typically, Hardware firewalls are installed and maintained centrally.
3. Hardware firewalls often include distributed denial of service (DDoS) attack mitigation
techniques.
4. Hardware firewalls are suitable for scalable and multi-user networks.
5. Provides an extra degree of protection between the internal network and the external
environment.

Drawbacks:
They can be more expensive to purchase and maintain. The complexity of configuration may vary
depending on your specific hardware firewall.

17
Software Firewall:
Implementation:
A program or application installed on a computer or server is called a software firewall. They may
be included in third-party software bundles or in the operating system itself.

Location:
Installed on individual devices or servers, protecting them directly.

Functionality:
Operating at layer 7 of the OSI model, the application layer is where data traffic is monitored
and regulated according to specific services or applications.

Advantages:
1.At the application layer, software firewalls provide granular control over incoming and outgoing
traffic
2.Users can change configuration and settings according to their security needs.
3.Software firewalls are often more cost-effective for smaller networks or individual devices.
4.Software firewalls can be easily deployed on individual devices, including desktops, laptops, and
servers.
5.Software firewall can provide targeted protection against specific applications or services.

Drawbacks:
It depends on the host system's resources which may affect performance.
You may need to configure every device individually.

18
Task 6

a) How scalability for growth has been considered in your network design produced in Task 3. You
must provide THREE (3) recommendations that you would make to ensure the network is future-
proofed for a minimum of FOUR (4) years.

Regular Updates and Future-Proofing Technologies:

Firmware and Software:

Update the firmware and software of your network devices. Update your device frequently to take
advantage of security fixes, new features, and performance improvements.

Emerging Technologies Evaluation:

Continue to monitor and evaluate new technologies related to networking. Stay abreast of the latest
developments in your industry, including edge computing, automation, and 5G, and evaluate how
these developments may impact your network architecture.

Capacity Planning and Bandwidth Management:

Traffic Analysis:

Perform detailed traffic analysis to understand current usage trends and future demand. Plan for
sufficient bandwidth to handle increased data traffic and account for projected growth.

Quality of Service (QoS):

Implement QoS methods to prioritize critical applications and ensure optimal performance during
times of high network activity. This helps maintain service levels for critical applications across
network scalability.

19
Security Measures:

Network Segmentation:

Use network segmentation to increase security and isolate potential security breaches. This
strategy reduces the impact of security issues by splitting the network into smaller, more
manageable chunks.

Advanced Threat Protection:

To protect your network from ever-changing security threats, invest in intrusion detection and
prevention systems and other advanced threat protection technologies. Update and patch your
security infrastructure regularly to address vulnerabilities.

20
b) Identify FIVE (5) key aspects of your design that will secure the network from common threats
such as the spread of Malware or hackers pivoting while they have network access. You must
identify a minimum of THREE (3) threats clearly with some detail of why it is a threat to the network.

Here are five key aspects:

Firewall Implementation:

Implementing a strong firewall strategy is essential. A firewall acts as a barrier between external
risks and your internal network by regulating incoming and outgoing traffic according to preset
security standards.

Intrusion Detection and Prevention Systems (IDPS):

IDPS closely monitors system and network activity to identify security risks and policy violations and
take appropriate action.

Network Segmentation:

Segment your network to reduce the impact of potential security compromises. Segmentation helps
contain threats and stop lateral movement by limiting unwanted access to specific network
segments.

Regular Software Patching and Updates:

Updates to your operating system, apps, and software are needed to fix security flaws and prevent
hackers and viruses from taking advantage of them.

User Education and Security Policies:

When a security threat occurs, users are often the first to respond. By educating users on good
practices and enforcing security standards, you reduce the risk of social engineering attacks and
unintentional security breaches.

21
Phishing Attacks:

Unauthorized access: A successful phishing attack can grant unauthorized access to network
resources, putting sensitive data at risk and opening the door to further attacks.

Data theft: Phishing attempts often target sensitive personal or business data, increasing the risk
of financial fraud or identity theft.

Malicious code distribution: Clicking on a malicious link or attachment in a phishing email

causes malicious code to be distributed across the network.

Denial of Service (DoS) Attacks:

Service Outage: A successful DoS attack can render critical network services unavailable,
disrupting normal network operations and causing downtime. An attacker can overload a network
with traffic, causing resource exhaustion, which can reduce the responsiveness and overall
performance of the network. Some denial-of-service (DoS) attacks are used as a diversion strategy
to draw attention away from other malicious activities, such as identity theft or unauthorized access.

Malware Infections:

Data loss: You may lose sensitive information or important business files due to malicious
software that corrupts or deletes your sensitive data.

Network disruption: Fast-spreading malware, such as worms, can disrupt networks, disrupting
traffic and slowing down the performance of connected devices.

Financial Impact: A form of malware that encrypts files and demands money to unlock them is
called ransomware and poses a direct threat to an organization's finances.

Words count=2959

22
23