Lecture No. 10 by Luminiţa SCRIPCARIU

COMPUTER NETWORKS AND
OPERATING SYSTEMS
Lecture no. 10
by Luminiţa SCRIPCARIU
From the previous lecture
• L1 Network equipment
• L2 Network equipment
• IP addressing exercises
Luminita Scripcariu 2
PROJECT PRESENTATION
• Projects will be presented online in the 13th week, on
Thursday, May 27th, 2021, from 8 a.m.
• 15-20 minutes are allocated for each project.
• The project is presented by the entire team, using a

presentation file (PowerPoint or Prezi).
• Each team creates an archive of the project

including all files (.docx, .vsdx, .pkt) named by the
names of the team members.
Luminiţa Scripcariu 3
COLLOQUIUM
• The final evaluation is scheduled in the 14th
week, on June, 3rd, 2021, from 8.a.m.
• It consists in a theory quiz with 20 multiple-
choice questions (on Moodle), an exercise-
solving test (from 9.a.m.) and the oral evaluation
(the meaning of 5 acronyms and details of
them), during the exercise test.
• The exercise files will be uploaded in Files, on
Teams, until the announced deadline.
QUESTION 1
Which of the following devices work
on OSI layer 2?
 hub
 media converter
 modem
 switch
5 Luminita Scripcariu
QUESTION 2
Which of the following devices are
multiport type?
 hub
 media converter
 modem
 switch
QUESTION 3
Which of the cables below can be used
for outdoor links?
 coaxial
 STP
 twinaxial
 UTP
 optical cables
QUESTION 4
What are the advantages of an open
rack for network equipment versus a
locked rack?
 It is less heavy and easy to install
 Equipment is secured
 It is more ventilated
 It has grounding option
QUESTION 5
In order to avoid the failure of physical
mother port from the devices
mounted in a rack, it is
recommended to use:
 Ethernet socket
 EM shield
 Patch panel
 Rear panel
QUESTION 6
Power supply can be done over:
 Ethernet cable
 Coaxial cable
 Optical Cable
 Radiolink
QUESTION 7
Which of the cables below has the
maximum segment length?
 coaxial
 MMF
 twinaxial
 UTP
 SMF
QUESTION 9
Which of the following switching
techniques is the fastest one?
 circuit-based switching
 message switching
 packet switching
QUESTION 10
Which of the following statements about
a network switch are true?
 A switch extends the network.
 It switches packets.
 A switch splits a larger broadcast domain
into smaller ones.
 A switch splits a larger collision domain into
smaller ones.
QUESTION 11
A network switch can read:
 bits
 frames
 packets
 MAC addresses
QUESTION 12
A network switch learns:
 IP addresses
 MAC addresses
 the physical port number associated
to a MAC address
 logical ports
QUESTION 13
Users’ management is done in a cable
network by:
 CM
 CMTS
 EMS
 NOC
QUESTION 14
VLANs can be defined using a:
 cable
 hub
 modem
 switch
QUESTION 15
What is the subnet mask of
192.168.200.128/26 subnet?
 255.255.255.0
 255.255.255.128
 255.255.255.192
 255.255.255.224
QUESTION 16
What is the broadcast address of
192.168.200.128/26 subnet?
 192.168.200.143
 192.168.200.159
 192.168.200.191
 192.168.200.255
QUESTION 17
What is the address of host no. 12 in
192.168.200.128/26 subnet?
 192.168.200.12
 192.168.200.38
 192.168.200.140
 192.168.200.178
What do the following acronyms
mean?
• CM CMTS
• DOCSIS NOC
• STP DB
• LS0H US
• SFP DL
L3 NETWORK EQUIPMENT
• ACCESS POINT
• ROUTER (FIREWALL, GATEWAY)
Access Point
used by WiFi networks
Web management can be done using a GUI.
Router
• L3 equipment
• It routes the packets based on the routing
table.
Remarks
• A router has at least two interfaces with
individual network addresses.
• A router can transfer data between networks
using different standards (Ethernet, FDDI, ATM)
and/or different protocol suites (multiprotocol
router).
Example: Wireless Router front
panel
WL500 Rear Panel
Routable vs. Non routable
• The protocols known by a router are
considered to be routable protocols.
• The router can route only routable
protocol packets.
• The data units sent by non routable
protocols will be forwarded by
bridging only if this procedure is
enabled on the router (BR – bridge
router).
Network Graph and Tree
Destination Next Hop

Network
A -
B B
C B
D G
E B
F B
G G
H G
Static vs. Dynamic Routing
• Static Routing: Routing Tables can be

created manually by the network
administrator, for small networks.
• Dynamic Routing: Large Networks use
routing algorithms to calculate the routes
and routing protocols to exchange routing
information between routers.
Remarks
• A router produces a higher end-to-end
delay (30 % - 40 % of the total
transmission time) than a network
switch or bridge.
• A multiprotocol router can recognize and
convert different data units and network
address formats.
Dynamic Routing Protocols
Internal Routing Protocols:
Based on distance vectors:
• RIP - Routing Information Protocol
• IGRP - Internal Gateway Routing Protocol
• DVMRP- Distance Vector Multicast Routing
Protocol
Based on the link status:
• OSPF - Open Shortest Path First
External Routing Protocols:
• BGP - Border Gateway Protocol
Routing Principles
• A router runs different routing algorithms
for calculating the optimal path from source
to destination
• STA (Spanning Tree Algorithm) is applied
according to STP (Spanning Tree Protocol)
on the network graph.
• Routing protocols are used by a router to
send other routers the routing information
contained in its routing table, including the
network status and topology.
Metrics used by the Routing
Algorithms
• Number of hops between the source
and the destination
• Link Throughput
• The end-to-end delay
• Congestion risk
• Security risk
• Transmission costs
Network Tree and the Routing Table
• The next hop is the network address of the next router

interface used to reach the destination. The next hops
are written in the routing table that contains the
destination network addresses and a default route.
4/29/2021 Luminiţa Scripcariu 37
Exercise
Write the routing table for router A
according to the tree diagram below.
4/29/2021 Luminiţa Scripcariu 38

Key to the exercise
Destination Next Hope

Network
A -
B 193.100.1.130
C 193.100.1.130
D 193.100.1.66
E 193.100.1.130
F 193.100.1.130
G 193.100.1.66
H 193.100.1.66
Router Advantages
• A router usually offers security services
(access control, authentication, filtering).
• Every router decreases the TTL or the no.
of hops in each forwarded packet, so it
discards those packets with unreachable
destination.
• Routers can prevent and solve network
congestions.
Router configuration
• Change the administrator account (delete the default
account).
• Include the router in a network domain.
• Configure the router interfaces (name, network
address, network mask) (set if)
• Enable/Disable protocols on the router.
• Eventually, configure statically the routes (set route)
• Apply the security policy (create ACL, enable the
firewall, apply access restrictions on hour/day/key
words/application, enable traffic filtering etc.)
Example(router_file.cfg)
hostname Cisco3620 !
! interface Ethernet 1/2
ip routing no description
! no ip address
interface Ethernet 0/0 shutdown
no shutdown !
description connected to Internet interface Ethernet 1/3
ip address 80.46.94.10 255.0.0.0 no description
! no ip address
interface Ethernet 1/0 shutdown
no shutdown !
description connected to Cisco1548 router rip
ip address 192.168.1.1 255.255.255.224 version 2
! network 192.168.1.0
interface Ethernet 1/1 passive-interface Ethernet 0/0
no shutdown ! IP Static Routes
description connected to Cisco1548_2 ip route 0.0.0.0 0.0.0.0 Ethernet 0/0
ip address 192.168.1.33 255.255.255.224 no ip http server
Security Protocols from the
TCP/IP suite
IPsec
• IP security
Security services:
• authentication (based on username and
passwords, biometric etc.)
• Certification (digital certificates)
• Confidentiality (by data encryption)
• integrity (by hashing, MD –message
digest)
• data filtering (based on MAC, IP, port
numbers, usernames, packet priority etc.)
• service access control (by defining a
service set for each user).
Data Encryption
• ENCRYPTION ALGORITHMS:
DES – Data Encryption Standard; 3DES
RSA – Rivest-Shamir-Adleman
AES – Advanced Encryption System
MD – Message Digest
Hash functions (SHA - Secure Hash Algorithm)
• ENCRYPTION PROTOCOLS:
SSL - Secure Socket Layer (L6 protocol)
TLS - Transport Layer Security (L6 protocol)
CCMP – Counter-Mode Cipher-Block-Chaining
(CBC) Message Authentication Code
(MAC) Protocol
OTHER SECURITY PROTOCOLS
• Authentication protocols (L4 protocols)
AH – Authentication Header
ESP- IP Encapsulating Security Payload
• Tunneling protocols: IPSec tunneling; GRE
Generic Routing Encapsulation (L3) – private
address routing; SSTP - Secure Socket Tunneling
Protocol; L2TP Layer 2 Tunneling Protocol; SSH
tunneling (L4) – set secret routes called
tunnels between two network nodes.
• IKE - Internet Key Exchange (RFC2409)
• ISAKMP - Internet Security Association and
Key Management Protocol.
Important about SSH
• SSH transport layer is a secure, low level transport
protocol for remote connection.
• It provides strong encryption, cryptographic host
authentication, and integrity protection.
• Authentication in this protocol level is host-based.
• SSH does not perform user authentication.
• A higher level protocol used for user authentication
can be designed on top of SSH.
• SSH can be combined with application protocols to
offer secure e-mail, ftp, telnet services.
How to secure a network?
• Configure user and groups accounts but remove the
default account.
• Configure the equipment by enable/disable
protocols, open/close ports, install/uninstall network
applications (trusted vs. untrusted), install time-
limited certificates.
• 24/7 network manually/automatically monitoring
• Enable network local or remote alarms (audio, visual,
flashing, by SMS or by e-mail)
• Control and filter the network traffic
• Install antivirus, antimalware programs on all the
devices connected to the network.
• Create periodically backups or images of the system.
KERBEROS Mechanism
• Authentication protocol (RFC 3129) based on a
tickets sent by the Kerberos server: KDC (Key
Distribution Center).
• It allows mutual authentication of two entities
using a third part negotiator without storing locally
the passwords.
• DH (Diffie-Helman) algorithm provides forward
secrecy in TLS ephemeral modes.
Remarks
• IPsec is a suite of protocols.
• IPsec works on OSI L3 and TCP/IP Internet
layer.
• IPsec is optional for IPv4 bit it is compulsory for
IPv6.
• In those local networks with a very large
number of users, RADIUS servers must be
used for authentication and dedicated network
monitoring software programs must be run.
• RADIUS – Remote Authentication Dial-In User
Server.
OTHER SECURITY METHODS
 ACL - Access Control List
 VLAN – Virtual Local Area Network – the data
traffic is unencrypted but the LAN is segmented
in order to separate the traffic of different
customers.
 VPN – Virtual Private Network – are set in WAN;
the traffic is encrypted (e.g. a company with
many subsidiaries located in different cities or
countries can use a VPN so that the employees
from different places can communicate securely
when they have Internet access).
FIREWALL
• A firewall (as a software program or a dedicated
device) controls the network traffic based on
physical or network addresses, source or
destination, port numbers, day and time, user
credentials etc.
• Security policy is applied based on ACL (Access
Control List) stored on routers or using RADIUS
servers.
• The firewall controls and monitors the access to
the network (Logging Facility).
• In order to avoid packet double filtering, on the
router working as a firewall NAT service must be
disabled.
SECURITY POLICIES
• A firewall becomes active only after a private
interface and a public one have been configured and
access rules have been defined for them.
• The transfer of packets between an unsecured
interface to a secured one is automatically blocked.
• Usually, only the transfer of packets coming as a
reply to an internal request is allowed to the private
interface.
Proposed Exercise
In 10.0.0.0 network, subnets are defined by borrowing 7 bits
from the HOST ID. Calculate:
1. The network mask.
2. The broadcast address of the major network.
3. The total number of bits used to identify a subnet.
4. The number of host addresses available in each subnet.
5. The subnet mask.
6. The subnet no. 100 (S#100) address.
7. The host address space in S#100.
8. The broadcast address of S#100.
9. The IP address of host no. 1030 in S#100.
10. The equivalent IPv6 address of this node calculated by the
mixed mapping method.

Lecture No. 10 by Luminiţa SCRIPCARIU

Uploaded by

Copyright:

Available Formats

You might also like

Lecture No. 10 by Luminiţa SCRIPCARIU

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture No. 10 by Luminiţa SCRIPCARIU

Uploaded by

Copyright:

Available Formats

COMPUTER NETWORKS AND

• 15-20 minutes are allocated for each project.

• The project is presented by the entire team, using a

• Each team creates an archive of the project

• ROUTER (FIREWALL, GATEWAY)

Destination Next Hop

• Static Routing: Routing Tables can be

• The next hop is the network address of the next router

4/29/2021 Luminiţa Scripcariu 38

Destination Next Hope

You might also like