Midlands State University

Faculty of Science and Technology

Department of Computer Science and Information Systems

Name Surname Reg # Mode

Albert Mavhondo R166487W Para

Raoult Mujokeri R165001P Para

Emmanuel Aaron R145525Q Para

Edwin Makamure R164935M Para

Tinashe Leon Makarabgwa R144478M Para

Brain Maumbe R166944C Para

Moreblessings Tshabalala R169202F Para

Honest Mutamba R164697C Para

Aaron Mungate R153430B Para

Module: HCS 412 Advanced Data Communications and Computer Networks

Description: Assignment 1 (Group 7)

1) Explain the functions of following components found in the 4G cellular Network:

I. eNodeB in 4G networks is responsible for the scheduling and transmission of
broadcast information originated from the MME or Operations, Administration
and Maintenance. It also facilitates Radio Resource Management which
encompasses Radio Bearer Control, Admission Control, Connection Mobility
Control and Dynamic allocation of resources in both uplink and downlink. In
addition, it also carries out IP header encryption of user data stream as well as
routing of user data towards the Serving Gateway. In short, the eNodeB is
responsible for the handover process, location update as well as signaling

II. Mobile Management Entity (MME) in 4G Cellular Network is an important

controller node that facilitates intra-LTE handover with core networks,
relocation and user authentication. It is responsible for the distribution of
paging messages to the LTE eNodeB and security control during calls as well
as System Architecture Evolution bearer control.

III. Serving Gateways main function in 4G Cellular Networks is routing and

forwarding of user data packets and it supports intelligent paging and
prioritization. It is responsible for inter-eNodeB handovers, providing mobility
between LTE and other networks like 2G/3G. It also keeps context info such
as parameters of the IP bearer and routing info.

2) Compare and contrast the Authentication Header (AH) and Encapsulating Security
Payload (ESP) protocols.
[6]
 Authentication Header Encapsulating Security Payload
Provides authentication only, data Provides data confidentiality (encryption)
integrity, data origin authentication and an as well as authentication (data integrity,
optional replay protection service data origin authentication and replay
protection)

AH authenticates IP headers and their Can be used with confidentiality only

payloads, with the exceptions of certain Can be used with authentication only
headers that can be legitimately changed in Can be used with both confidentiality and
transit. authentication

Uses HMA-MD5 or HMAC-SHA for Uses the same algorithms as AH, but with
encryption authenticating the entire IP a different coverage. ESP authenticates
packet including the outer IP header only the datagram portion of the IP packet

3) Explain the operations of Virtual Private Network (VPN) with relevance to enforcing
network security.
[7]
A virtual private network (VPN) is programming that creates a safe, encrypted
connection over a less secure network, such as the public internet. There are multiple
types of VPNs which include Remote Access VPN, Site-to-Site VPN, Mobile VPN,
Hardware VPNs, Dynamic Multipoint VPNs. A VPN uses tunneling protocols to
encrypt data at the sending end and decrypt it at the receiving end. To provide additional
security, the originating and receiving network addresses are also encrypted. To gain
access to a restricted resource through a VPN, the user must be authorized to use the
VPN app and provide one or more authentication factors, such as a password, security
token or biometric data.

Due to the implementation which uses public internet access as opposed the creating a
costly Private Network, it justifies the need for IPSec. IPSec provides three main
facilities an authentication-only function referred to as Authentication Header (AH), a
combined authentication, encryption function called Encapsulating Security Payload
(ESP), and a key exchange function. A private datagram, including the header, is
encapsulated in an ESP packet. The router at the border of the sending site uses its own
IP address and the address of the router at the destination site in the new datagram.
 For VPNs, both authentication and encryption are generally desired, because it is
important both to assure that unauthorized users do not penetrate the virtual private
network and assure that eavesdroppers on the Internet cannot read messages sent over
the virtual private network.

At its most basic level, VPN tunnelling creates a point-to-point connection that cannot
be accessed by unauthorized users. To actually create the VPN tunnel, the endpoint
device needs to be running a VPN client, software application, locally or in the cloud.
The VPN client runs in the background and is not noticeable to the end user unless there
are performance issues.

The performance of a VPN can be affected by a variety of factors, among them the
speed of users' internet connections, the types of protocols an internet service provider
may use and the type of encryption the VPN uses. In the enterprise, performance can
also be affected by poor quality of service (QoS) outside the control of an organization's
information technology (IT) department.

Limitations are, any device that accesses an isolated network through a VPN presents a
risk of bringing malware to that network environment unless there is a requirement in
the VPN connection process to assesses the state of the connecting device. Without an
inspection to determine whether the connecting device complies with an organization's
security policies, attackers with stolen credentials can access network resources,
including switches and routers.

4) Distinguish classful and classless IP addressing applied in IPv4 using suitable

examples.[8]
Classless routing causes a router to use its default routes for any packet that does not
match some other route. This was a move to overcome address depletion and give more
organizations access to the internet.

In classless addressing, when an entity, small or large, needs to be connected to the

Internet, it is granted a block of addresses. The size of the block varies based on the
nature and size of the entity. For example, a household may be given only two
addresses; a large organization may be given thousands of addresses. An ISP, as the
Internet service provider, may be given thousands or hundreds of thousands based on
the number of customers it may serve.

To simplify the handling of addresses, the Internet authorities impose three restrictions
on classless address blocks:

1. The addresses in a block must be contiguous, one after another.

2. The number of addresses in a block must be a power of 2 (I, 2, 4, 8, ... ).

3. The first address must be evenly divisible by the number of addresses.

Classful routing places one restriction on when a router can use its default route,
resulting in cases in which a router has a default route but the router chooses to discard
a packet rather than forwarding the packet based on the default route. In IPv4 uses the
concept of classes. It is divided into five classes namely classes A, B, C, D and E. each
class.
• Class A: The first octet is the network portion. Octets 2, 3, and 4 are for subnets/hosts.

In a class A address, the first bit of the first octet is always ‘0’. Thus, class A
addresses range from 0.0.0.0 to 127.255.255.255(as 01111111 in binary converts to
127 in decimal). The first 8 bits or the first octet denote the network portion and the
rest 24 bits or the 3 octets belong to the host portion. Example: 10.1.1.1

• Class B: The first two octets are the network portion. Octets 3 and 4 are for
subnets/hosts.

In a class B address, the first octet would always start with ’10’. Thus, class B
addresses range from 128.0.0.0 to 191.255.255.255. The first 16 bits or the first two
octets denote the network portion and the remaining 16 bits or two octets belong to the
host portion.
Example: 172.16.1.1

• Class C: The first three octets are the network portion. Octet 4 is for subnets/hosts.

In a class C address, the first octet would always start with ‘110’. Thus, class C
addresses range from 192.0.0.0 to 223.255.255.255. The first 24 bits or the first three
 octets denote the network portion and the rest 8 bits or the remaining one octet belong
to the host portion.
Example: 192.168.1.1

• Class D: multicast addresses

Class D is used for multicast addressing and in a class D address the first octet would
always start with ‘1110’. Thus, class D addresses range from 224.0.0.0 to
239.255.255.255. Class D addresses are used by routing protocols like OSPF, RIP, etc
Example: 239.2.2.2

• Class E: reserved for future use

The terms classless and classful also characterize both IP addressing and IP routing
protocols, so a fair amount of confusion exists as to the meaning of the terms.

Class E addresses are reserved for research purposes and future use. The first octet in a
class E address starts with ‘1111’. Thus, class E addresses range from 240.0.0.0 to
255.255.255.255.
As Applied To Classful Classless
Addresses Addresses have three parts: Addresses have two parts: subnet or
network, subnet, and host. prefix, and host.

Routing Routing protocol does not Routing protocol does advertise masks
Protocols advertise masks nor support and support VLSM; RIP-2, EIGRP,
OSPF.
VLSM; RIP-1 and IGRP
Routing IP forwarding process is restricted IP forwarding process has no
(Forwarding) in how it uses the restrictions on using the default route
default route