Professional Documents
Culture Documents
Lecture No. 10 by Luminiţa SCRIPCARIU
Lecture No. 10 by Luminiţa SCRIPCARIU
Lecture No. 10 by Luminiţa SCRIPCARIU
OPERATING SYSTEMS
Lecture no. 10
by Luminiţa SCRIPCARIU
From the previous lecture
• L1 Network equipment
• L2 Network equipment
• IP addressing exercises
Luminita Scripcariu 2
PROJECT PRESENTATION
• Projects will be presented online in the 13th week, on
Thursday, May 27th, 2021, from 8 a.m.
Luminiţa Scripcariu 4
QUESTION 1
Which of the following devices work
on OSI layer 2?
hub
media converter
modem
switch
5 Luminita Scripcariu
QUESTION 2
Which of the following devices are
multiport type?
hub
media converter
modem
switch
6 Luminita Scripcariu
QUESTION 3
Which of the cables below can be used
for outdoor links?
coaxial
STP
twinaxial
UTP
optical cables
7 Luminita Scripcariu
QUESTION 4
What are the advantages of an open
rack for network equipment versus a
locked rack?
It is less heavy and easy to install
Equipment is secured
It is more ventilated
It has grounding option
8 Luminita Scripcariu
QUESTION 5
In order to avoid the failure of physical
mother port from the devices
mounted in a rack, it is
recommended to use:
Ethernet socket
EM shield
Patch panel
Rear panel
9 Luminita Scripcariu
QUESTION 6
Power supply can be done over:
Ethernet cable
Coaxial cable
Optical Cable
Radiolink
10 Luminita Scripcariu
QUESTION 7
Which of the cables below has the
maximum segment length?
coaxial
MMF
twinaxial
UTP
SMF
11 Luminita Scripcariu
QUESTION 9
Which of the following switching
techniques is the fastest one?
circuit-based switching
message switching
packet switching
12 Luminita Scripcariu
QUESTION 10
Which of the following statements about
a network switch are true?
A switch extends the network.
It switches packets.
A switch splits a larger broadcast domain
into smaller ones.
A switch splits a larger collision domain into
smaller ones.
13 Luminita Scripcariu
QUESTION 11
A network switch can read:
bits
frames
packets
MAC addresses
14 Luminita Scripcariu
QUESTION 12
A network switch learns:
IP addresses
MAC addresses
the physical port number associated
to a MAC address
logical ports
15 Luminita Scripcariu
QUESTION 13
Users’ management is done in a cable
network by:
CM
CMTS
EMS
NOC
16 Luminita Scripcariu
QUESTION 14
VLANs can be defined using a:
cable
hub
modem
switch
17 Luminita Scripcariu
QUESTION 15
What is the subnet mask of
192.168.200.128/26 subnet?
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224
18 Luminita Scripcariu
QUESTION 16
What is the broadcast address of
192.168.200.128/26 subnet?
192.168.200.143
192.168.200.159
192.168.200.191
192.168.200.255
19 Luminita Scripcariu
QUESTION 17
What is the address of host no. 12 in
192.168.200.128/26 subnet?
192.168.200.12
192.168.200.38
192.168.200.140
192.168.200.178
20 Luminita Scripcariu
What do the following acronyms
mean?
• CM CMTS
• DOCSIS NOC
• STP DB
• LS0H US
• SFP DL
Luminita Scripcariu 21
L3 NETWORK EQUIPMENT
• ACCESS POINT
Luminita Scripcariu 22
Access Point
used by WiFi networks
Luminita Scripcariu 23
Web management can be done using a GUI.
Luminita Scripcariu 24
Luminita Scripcariu 25
Router
• L3 equipment
• It routes the packets based on the routing
table.
Luminita Scripcariu 26
Remarks
• A router has at least two interfaces with
individual network addresses.
• A router can transfer data between networks
using different standards (Ethernet, FDDI, ATM)
and/or different protocol suites (multiprotocol
router).
Luminita Scripcariu 27
Example: Wireless Router front
panel
Luminita Scripcariu 28
WL500 Rear Panel
Luminita Scripcariu 29
Routable vs. Non routable
• The protocols known by a router are
considered to be routable protocols.
• The router can route only routable
protocol packets.
• The data units sent by non routable
protocols will be forwarded by
bridging only if this procedure is
enabled on the router (BR – bridge
router).
Luminita Scripcariu 30
Network Graph and Tree
B B
C B
D G
E B
F B
G G
H G
Luminita Scripcariu 31
Static vs. Dynamic Routing
Luminita Scripcariu 32
Remarks
• A router produces a higher end-to-end
delay (30 % - 40 % of the total
transmission time) than a network
switch or bridge.
• A multiprotocol router can recognize and
convert different data units and network
address formats.
Luminita Scripcariu 33
Dynamic Routing Protocols
Internal Routing Protocols:
Based on distance vectors:
• RIP - Routing Information Protocol
• IGRP - Internal Gateway Routing Protocol
• DVMRP- Distance Vector Multicast Routing
Protocol
Based on the link status:
• OSPF - Open Shortest Path First
External Routing Protocols:
• BGP - Border Gateway Protocol
Luminita Scripcariu 34
Routing Principles
• A router runs different routing algorithms
for calculating the optimal path from source
to destination
• STA (Spanning Tree Algorithm) is applied
according to STP (Spanning Tree Protocol)
on the network graph.
• Routing protocols are used by a router to
send other routers the routing information
contained in its routing table, including the
network status and topology.
Luminita Scripcariu 35
Metrics used by the Routing
Algorithms
• Number of hops between the source
and the destination
• Link Throughput
• The end-to-end delay
• Congestion risk
• Security risk
• Transmission costs
Luminita Scripcariu 36
Network Tree and the Routing Table
Luminita Scripcariu 39
Router Advantages
• A router usually offers security services
(access control, authentication, filtering).
• Every router decreases the TTL or the no.
of hops in each forwarded packet, so it
discards those packets with unreachable
destination.
• Routers can prevent and solve network
congestions.
Luminita Scripcariu 40
Router configuration
• Change the administrator account (delete the default
account).
• Include the router in a network domain.
• Configure the router interfaces (name, network
address, network mask) (set if)
• Enable/Disable protocols on the router.
• Eventually, configure statically the routes (set route)
• Apply the security policy (create ACL, enable the
firewall, apply access restrictions on hour/day/key
words/application, enable traffic filtering etc.)
Luminita Scripcariu 41
Example(router_file.cfg)
hostname Cisco3620 !
! interface Ethernet 1/2
ip routing no description
! no ip address
interface Ethernet 0/0 shutdown
no shutdown !
description connected to Internet interface Ethernet 1/3
ip address 80.46.94.10 255.0.0.0 no description
! no ip address
interface Ethernet 1/0 shutdown
no shutdown !
description connected to Cisco1548 router rip
ip address 192.168.1.1 255.255.255.224 version 2
! network 192.168.1.0
interface Ethernet 1/1 passive-interface Ethernet 0/0
no shutdown ! IP Static Routes
description connected to Cisco1548_2 ip route 0.0.0.0 0.0.0.0 Ethernet 0/0
ip address 192.168.1.33 255.255.255.224 no ip http server
Luminita Scripcariu 42
Security Protocols from the
TCP/IP suite
Luminiţa Scripcariu 43
IPsec
• IP security
Security services:
• authentication (based on username and
passwords, biometric etc.)
• Certification (digital certificates)
• Confidentiality (by data encryption)
• integrity (by hashing, MD –message
digest)
• data filtering (based on MAC, IP, port
numbers, usernames, packet priority etc.)
• service access control (by defining a
service set for each user).
Luminiţa Scripcariu 44
Data Encryption
• ENCRYPTION ALGORITHMS:
DES – Data Encryption Standard; 3DES
RSA – Rivest-Shamir-Adleman
AES – Advanced Encryption System
MD – Message Digest
Hash functions (SHA - Secure Hash Algorithm)
• ENCRYPTION PROTOCOLS:
SSL - Secure Socket Layer (L6 protocol)
TLS - Transport Layer Security (L6 protocol)
CCMP – Counter-Mode Cipher-Block-Chaining
(CBC) Message Authentication Code
(MAC) Protocol
Luminiţa Scripcariu 45
OTHER SECURITY PROTOCOLS
• Authentication protocols (L4 protocols)
AH – Authentication Header
ESP- IP Encapsulating Security Payload
• Tunneling protocols: IPSec tunneling; GRE
Generic Routing Encapsulation (L3) – private
address routing; SSTP - Secure Socket Tunneling
Protocol; L2TP Layer 2 Tunneling Protocol; SSH
tunneling (L4) – set secret routes called
tunnels between two network nodes.
• IKE - Internet Key Exchange (RFC2409)
• ISAKMP - Internet Security Association and
Key Management Protocol.
Luminiţa Scripcariu 46
Important about SSH
• SSH transport layer is a secure, low level transport
protocol for remote connection.
• It provides strong encryption, cryptographic host
authentication, and integrity protection.
• Authentication in this protocol level is host-based.
• SSH does not perform user authentication.
• A higher level protocol used for user authentication
can be designed on top of SSH.
• SSH can be combined with application protocols to
offer secure e-mail, ftp, telnet services.
Luminiţa Scripcariu 47
How to secure a network?
• Configure user and groups accounts but remove the
default account.
• Configure the equipment by enable/disable
protocols, open/close ports, install/uninstall network
applications (trusted vs. untrusted), install time-
limited certificates.
• 24/7 network manually/automatically monitoring
• Enable network local or remote alarms (audio, visual,
flashing, by SMS or by e-mail)
• Control and filter the network traffic
• Install antivirus, antimalware programs on all the
devices connected to the network.
• Create periodically backups or images of the system.
Luminiţa Scripcariu 48
KERBEROS Mechanism
• Authentication protocol (RFC 3129) based on a
tickets sent by the Kerberos server: KDC (Key
Distribution Center).
• It allows mutual authentication of two entities
using a third part negotiator without storing locally
the passwords.
• DH (Diffie-Helman) algorithm provides forward
secrecy in TLS ephemeral modes.
Luminiţa Scripcariu 49
Remarks
• IPsec is a suite of protocols.
• IPsec works on OSI L3 and TCP/IP Internet
layer.
• IPsec is optional for IPv4 bit it is compulsory for
IPv6.
• In those local networks with a very large
number of users, RADIUS servers must be
used for authentication and dedicated network
monitoring software programs must be run.
• RADIUS – Remote Authentication Dial-In User
Server.
Luminiţa Scripcariu 50
OTHER SECURITY METHODS
ACL - Access Control List
VLAN – Virtual Local Area Network – the data
traffic is unencrypted but the LAN is segmented
in order to separate the traffic of different
customers.
VPN – Virtual Private Network – are set in WAN;
the traffic is encrypted (e.g. a company with
many subsidiaries located in different cities or
countries can use a VPN so that the employees
from different places can communicate securely
when they have Internet access).
Luminiţa Scripcariu 51
FIREWALL
• A firewall (as a software program or a dedicated
device) controls the network traffic based on
physical or network addresses, source or
destination, port numbers, day and time, user
credentials etc.
• Security policy is applied based on ACL (Access
Control List) stored on routers or using RADIUS
servers.
• The firewall controls and monitors the access to
the network (Logging Facility).
• In order to avoid packet double filtering, on the
router working as a firewall NAT service must be
disabled.
Luminiţa Scripcariu 52
SECURITY POLICIES
• A firewall becomes active only after a private
interface and a public one have been configured and
access rules have been defined for them.
• The transfer of packets between an unsecured
interface to a secured one is automatically blocked.
• Usually, only the transfer of packets coming as a
reply to an internal request is allowed to the private
interface.
Luminiţa Scripcariu 53
Proposed Exercise
In 10.0.0.0 network, subnets are defined by borrowing 7 bits
from the HOST ID. Calculate:
1. The network mask.
2. The broadcast address of the major network.
3. The total number of bits used to identify a subnet.
4. The number of host addresses available in each subnet.
5. The subnet mask.
6. The subnet no. 100 (S#100) address.
7. The host address space in S#100.
8. The broadcast address of S#100.
9. The IP address of host no. 1030 in S#100.
10. The equivalent IPv6 address of this node calculated by the
mixed mapping method.
Luminiţa Scripcariu 54