Professional Documents
Culture Documents
Network System Administration and Security
Network System Administration and Security
COURSE OUTLINE
WEEK1
CHAPTER ONE: INTRODUCTION
Definitions- Network, Node, Segment, Backbone, Topology;
Network topologies; Bus, Star, RiSSSSSSSSSSSSSSSng.
Transmission Media.
Network Protocols; OSI/TCPIP.
WEEK 2
CHAPTER TWO: NETWORK PLANNING
Gathering user requirements
Conducting site survey
Network design principles.
Assignment 1 : Develop a design for simple office network
WEEK 3
CHAPTER THREE: NETWORK H/W AND SOFTWARE
Routers and Switches.
Network Servers and Clients
Network Operating Systems.
WEEK 4
CHAPTER FOUR : ACQUIRING NETWORK RESOURCES
Procurement vs Outsourcing Options
Request for proposals
Acquisition process
WEEK 5
CHAPTER FIVE: CONFIGURING NETWORK DEVICES
Server Configuration
Client Configuration
Connecting to the internet
WEEK 6
i
WEEK 7
CHAPTER SEVEN: TROUBLESHOOTING NETWORK PROBLEMS
Diagnostic tools
Network management software
WEEK 8
CHAPTER EIGHT: DISASTER RECOVERY
Risk assessment
Risk mitigation Strategies
Data backup and recovery techniques
WEEK 9
CHAPTER NINE: CASE STUDY
Introduction to Linux Operating Systems
Installation
Configuration
Security
Diagnostic tools
User management
WEEK 10
CHAPTER TEN: NETWORK MONITORING TOOLS
WEEK 11
CHAPTER ELEVEN: NETWORK PERFORMANCE
WEEK 12
CHAPTER TWELVE: NETWOK TROUBLESHOUTING
REVISION GUIDE
CHAPTER ONE: INTRODUCTION
1.1 Definitions
Network - A group of computers connected together in a way that allows
information to be exchanged between the computers.
Node - Anything that is connected to the network. While a node is typically a
computer, it can also be devices such as:
– Mainframes, minicomputers, supercomputers
– Workstations
– Printers, disk servers, robots
– X-terminals
– Gateways, switches, routers, bridges
– Cellular phone, Pager.
– Refrigerator, Television, Video Tape Recorder
1
its destination node. Each end of a bus network must be terminated with a resistor
to keep the packets from getting lost.
2
Physical Token Ring
Advantages
Data packets travel at great speed
No collisions
Easier to fault find
No terminators required
Disadvantages
Requires more cable than a bus
A break in the ring will bring it down
Not as common as the bus – less devices available
3
Advantages
Easy to add devices as the network expands
One cable failure does not bring down the entire network (resilience)
Hub provides centralised management
Easy to find device and cable problems
Can be upgraded to faster speeds
Lots of support as it is the most used
Disadvantages
A star network requires more cable than a ring or bus network
Failure of the central hub can bring down the entire network
Costs are higher (installation and equipment) than for most bus networks
4
HUB
Modern Ethernet networks are Star Topologies (physically) but logically they are bus
topologies. The Hub is at the centre, and defines a Star Topology.
In any network, computers communicate by sending information across the media as
a series of signals. In a logical bus topology, the signals travel along the length of the
cable in all directions until they weaken enough so as not to be detectable or until
they encounter a device that absorbs them. This traveling across the medium is
called signal propagation
When a computer has data to send, it addresses that data, breaks it into manageable
chunks, and sends it across the network as electronic signals
All computers on a logical bus receive them
Only the destination computer accepts the data
All users must share the available amount
of transmission time,
implying network performance is reduced
Collisions are bound to occur since all nodes are sharing same bus.
Advantages
A single node failure does not bring the network down
Most widely implemented topology
Network can be added to or changed without affecting other stations
Disadvantages
5
1.3.2 Logical Ring Topology
Data in a logical ring topology travels from one computer to the next computer until
the data reaches its destination. Token passing is one method for sending data around
a ring
Token is a small packet which passes around the ring to each computer in turn.
If a computer (sender) has packets to send, it modifies the token, adds address and
data, and sends it around the ring. The receiver returns an acknowledgement packet
to the sender.
Upon receiving the acknowledgement packet, the sender releases the tokens and
sends it around the ring for another sender to use.
Logical ring can be implemented on a physical star. Modern logical ring topologies
use ―smart hubs‖ that recognize a computer‘s failure and remove the computer
from the ring automatically. One advantage of the ring topology lies in its capability
to share network resources fairly.
Advantages
The amount of data that can be carried in a single message is greater
than on a logical bus.
There are no collisions.
6
Disadvantages
A broken ring will stop all transmissions.
A device must wait for an empty token to be able to transmit.
1.2.6 Switching
A switch takes a signal coming from a device connected and builds a circuit on the
fly to forward the signal to the intended destination computer
Superior to other logical topologies because unlike bus and ring, multiple computers
can communicate simultaneously without affecting each other. Switching is the
dominant logical topology in LAN design.
Twisted pair is two insulated copper wires that are twisted around each other to
minimize interference and noise from other wires. Based on the presence of
individual shield and overall (outer) shield, there are three types of twisted pair, i.e.
UTP, STP, and ScTP. Individual shield encloses a single twisted pair, while outer
shield encloses all twisted pairs in a cable. A shield is a protective sheath that is
made from conductive material (metal) and functions to protect the twisted
7
pair from external interference. An insulator is made from non-conductive material,
such as plastic.
UTP (Unshielded Twisted Pair) is a cable containing several twisted pairs that is only
insulated but not shielded. UTP is the most widely used cable in telephone and
computer networks because it is relatively cheaper than other cables and performs
well in normal electrical environment such as inside an office or a house.
Coaxial cable contains a solid or stranded wire in the core that is insulated with a
dielectric layer, then protected with a solid or braided metallic shield, and covered
with an outer insulator. Electromagnetic wave propagation in a coaxial cable is
confined within the space between the core and the outer conductors. The structure
of a coaxial cable makes it less susceptible to interference, noise, and crosstalk than
the twisted pair cable.
Coaxial Cable
1.3.2 Glass or plastic - Uses optical technology to transmit data using light waves
e.g. fiber optics
8
Fiber-optic cable or optical fiber provides a medium for signals using light
interference and crosstalk. Optical fiber can be used for much longer
distances before the signal must be amplified. Data transmission using optical
microwaves travel in a straight line and will not follow the earth’s
9
atmospheric noise, and noise from electronic devices. Above 10 GHz,
the signal is attenuated by atmospheric absorption.
Transport Layer – The Transport Layer provides flow control, error control, and
serves as an interface for network applications. An example of the transport layer
10
would be Transmission Control Protocol (TCP) - a protocol suite that is connection-
oriented. We may also use UDP- a connectionless means of transporting data.
Application Layer – Lastly, we have the Application Layer. We use this layer for
troubleshooting, file transfer, internet activities, and a slew of other activities.
This layer interacts with many types of applications, such as a database manager,
email program, or Telnet.
11
Physical Layer – They Physical Layer converts data into streams of electric or analog
pulses- commonly referred to as ―1‘s and 0‘s.‖ Data is broke down into simple
electric pulses, and rebuilt at the receiving end.
Data Link Layer – The Data Link layer provides an interface with the network
adapter, and can also perform basic error checking. It also maintains logical
links for subnets, so that subnets can communicate with other parts of the
network without problem.
Network Layer – Much like the Transport Layer of the TCP/IP model, the Network
Layer simply supports logical addressing and routing. The IP protocol operates on
the Network Layer.
Transport Layer – Since we left out the error and flow control in the Network
Layer, we introduce it into the Transport Layer. The Transport Layer is responsible
for keeping a reliable end-to-end connection for the network.
12
Review Questions
i) Define a the following terms:
a) Protocol
b) Network
c) Physical Topology
d) Logical Topology
ii) Differentiate between TCP/IP and OSI protocols and give the benefits
of each.
iii) Describe the biggest limitation of bus topology.
13
In most cases the physical topology will almost certainly be a star, and the logical
topology is almost always switching. Ethernet switches are typically used on a LAN,
but you might consider other logical topologies for reasons such as:
Use of legacy equipment – such as token ring
Network size – using hub-based bus topology
Cost restrictions – using hub instead of switch
Difficulty to run cables – consider wireless ?
14
A baseline can be used to determine current network performance and to help
determine future network needs.
Baseline studies should be ongoing projects, and not something started and
stopped every so many years.
To perform a baseline study, you should:
Collect information on number and type of system nodes, including
workstations, routers, bridges, switches, hubs, and servers.
Create an up-to-date roadmap of all nodes along with model numbers,
serial numbers and any address information such as IP or Ethernet
addresses.
Collect information on operational protocols used throughout the system.
List all network applications, including the number, type and
utilization level.
Create a fairly extensive list of statistics to help meet your goals. These
statistics can include average network utilization, peak network
utilization, average frame size, peak frame size, average frames per
second, peak frames per second, total network collisions, network
collisions per second, total runts, total jabbers, total CRC errors, and
nodes with highest percentage of utilization.
How will the building‘s physical architecture influence decisions,
such as whether to use a wired or wireless topology, or both?
Which topology or topologies will you use?
15
2.7 Network Development Life Cycle(NDLC)
The NDLC is a model that summarizes the network design process, from initial
problem/needs assessment to implementation.
Analysis
Management Design
Simulation/
Prototyping
Monitoring
Implementation
16
Characterize the existing network: logical and physical topology,
and network performance
Analyze current and future network traffic, including traffic flow and
load, protocol behavior, and QoS requirements
17
Network Layout Diagram
The remaining 24 bits of a Class A address are used for the host number. Once
again, the two special cases apply to the host number part of an IP address.
Each Class A network can therefore have a total of 16,777,214 hosts (224 -2).
Class A addresses are assigned only to networks with very large numbers of hosts
(historically, large corporations). An example is the 9.0.0.0 network, which is
assigned to IBM.
The Class B address is more suited to medium-sized networks. The first two
bits of the address are predefined as 10. The next 14 bits are used for the
network number and the remaining 16 bits identify the host number. This gives
a possibility of 16,382 networks each containing up to 65,534 hosts.
The Class C address offers a maximum of 254 hosts per network and is
therefore suited to smaller networks. However, with the first three bits of the
address predefined to 110, the next 21 bits provide for a maximum of 2,097,150
such networks.
The remaining classes of address, D and E, are reserved classes and have a
special meaning. Class E addresses are reserved for future use while Class D
addresses are used to address groups of hosts in a limited area. This function is
known as multicasting.
Review Questions
i) Describe the process of gathering user requirements for a small network.
ii) Why is it important to consider future expansion when planning for a
20
network?
iii) Briefly describe the five network classes.
iv) Differentiate between a public and a private IP address
v) How many hosts can the following network have : 172.16.0.0
21
CHAPTERTHREE: NETWORK HARDWARE AND SOFTWARE COMPONENTS
22
Network Adapter Cards
3.1.2 Modem
Modem means modulator-demodulator. At the sending end, a modem modulates a
carrier with the data (baseband signal) to prepare it for transmission. At the
receiving end, the modulated carrier is demodulated (i.e. converted back to the
original shape) and the data is extracted. A modem also performs other functions,
such as digital-to-analog/analog-to-digital conversion, compression/decompression,
error correction, and encryption/decryption.
3.1.3 Repeater
Repeater receives signal from a transmitter, amplifies it, and retransmits it to a
receiver. A repeater is put in a network to extend the network to a longer distance
or a greater area. There can be more than one repeater between a transmitter and
a receiver, however the number of repeaters is not unlimited, because additional
repeaters may introduce more interference or noise.
Repeater
3.1.4 Hub
Hub is the central connection point in a network. Hub is used in a network that
uses star topology. A sending computer transmits its signal to a hub, the hub then
retransmits the signal to all other computers. A passive hub functions as a relay
station that receives and retransmits signal. An active hub functions as a
repeater that regenerates signal before retransmitting.
23
Hub
Using a hub, the network bandwidth (capacity) is shared by all available computers,
therefore each computer only uses a portion of bandwidth. That's why hub is mostly
used in small networks where there are only a few connected devices or computers.
However, hub is not required if there are only two computers in a network. In that
case, a direct connection using cable or wireless link can be used to connect both
computers.
3.1.5 Switch
Like hub, switch works as the central connection point in a network. However
when a switch receives a packet from a sending computer, it examines the
destination address (i.e. MAC address of the destination computer) from the packet
header and retransmits the packet to the destination computer only. That's
possible because a switch maintains a table that maps all its ports with all
connected devices' MAC addresses.
Switch
3.1.7 Router
Router functions to forward packets across different networks. Router maintains a
routing table. The routing table contains IP addresses of other networks routers. In
a static router the routing table is configured manually, while a dynamic router
can communicate with other routers and configure the routing table according to
information it receives from other routers.
Residential Gateway
By using a residential gateway to connect your home network to the Internet, you
don't need to always turn on a computer as an ICS host.
With a residential gateway, you don't have to manually set an IP address for each
computer in your network because a residential gateway usually has DHCP
server. Using DHCP, IP address for each computer is assigned dynamically by the
residential gateway.
25
A residential gateway also keeps your computers anonymous on the Internet
because it translates the IP address of each computer to an IP address assigned
by the ISP. This function is called Network Address Translation (NAT).
Besides, a residential gateway protects your home network from intruders that try
to gain access through certain applications in your computers because it has built-
in firewall.
Residential gateway is also known as broadband router or Internet gateway device
(IGD).
3.1.9 Gateway
Gateway
The following table summarizes network components along with their functions and
the corresponding layers in the OSI Model:
26
B r i d g e connects networks with Data Link
different Layer 2 (Layer 2)
protocols; divides a
network into several
segments to filter traffic.
H u b connects computers in a Physical
network; receives a (Layer 1)
packet from a sending
computer and transmits
it to all other computers.
S w i t c h connects computers in a Data Link
network; receives a (Layer 2)
packet from a sending
computer and transmits
it only to its destination.
A c c e s sP o i n t Connects computers in a Data Link
wireless network; (Layer 2)
connects the wireless
network to wired
networks; connects it to
the Internet.
R o u t e r Forwards a packet to its Network
destination by examining (Layer 3)
the packet destination network
address.
Residential Gateway Connects a home network Network
to the Internet; hides all (Layer 3)
computers in the home
network from the
Internet.
G a t e w a y Connects two totally All layers
different networks;
translates one
signaling/protocol into
another.
The early versions of Microsoft Windows did not provide any computer networking
support. Microsoft added basic networking capability into its operating system
starting with Windows 95 and Windows for Workgroups. Microsoft also introduced
its Internet Connection Sharing (ICS) feature in Windows 98 Second Edition (Win98
SE). Contrast that with Unix, which was designed from the beginning with
networking capability. Nearly any consumer O/S today qualifies as a network
operating system due to the popularity of the Internet.
Client systems contain specialized software that allows them to request shared
resources that are controlled by server systems responding to a client request. The
NOS enhances the reach of the client PC by making remote services available as
extensions of the local native operating system.
NOSs also support multiple user accounts at the same time and enables
concurrent access to shared resources by multiple clients. A NOS server is a
multitasking system.
28
Several clients in a network
Performance
Management and monitoring tools
Security
Scalability
Robustness/fault tolerance
3.2.2 Types
There are two popular competing NOS families. Windows based and Unix based.
The former is proprietary whereas the latter is open source.
Windows NOS
29
Windows NT domains and Windows 2000 domains, although similar in function,
interact with one another differently. In Windows NT 4.0, the Domain Structure of
Windows NT was entirely different from the Domain Structure in Windows 2000.
Unix/Linux
The UNIX NOS was developed in 1969, and it has evolved into many varieties.
The source code is opened, that is, available at no cost to anyone who wants to
modify it. It is written in C programming language so businesses, academic
institutions, and even individuals can develop their own versions. There are
hundreds of different versions of UNIX. Linux is sometimes referred to as "UNIX
Lite", and it is designed to run on Intel-compatible PCs. Linux brings the advantages
of UNIX to home and small business computers.
• Linux Mandrake
30
• Debian GNU/Linux
• Corel Linux
• Turbo Linux
• Ubuntu
A popular use of a Linux system is a web server. Web server software uses
Hypertext Transfer Protocol (HTTP) to deliver files to users that request them,
using a web browser from their workstation.
A Mail Server is a system that is configured with the proper programs and services
that enable handling the exchange of e-mail sent from one client to another.
Review Questions
31
CHAPTER FOUR: PROCURING NETWORK RESOURCES
4.1 Introduction
The term ‗acquisition‘ refers to all the stages from buying, introducing, applying,
adopting, adapting, localizing, and developing through to diffusion. The set of
processes for the build, lease, or buy decision must be identical for every instance
or business opportunity that arises. The processes determine the strategic value
and potential savings of the proposed acquisition, as well as factors like business
transformation versus drive for competitive advantage.
Prior to the acquisition process, the detail requirements of the process should have
already been identified clearly. More importantly, the business objectives should
be identified for the solution being sought and the management decision whether
building, leasing, or buying the resources should consider a value-versus-risk matrix
to determine which options can be applied. Both IT auditors and corporate
32
management should evaluate offerings over the long term and compare the
"trickling" investment over time to the one-time cost of buying and implementing
a network. Moreover, this technology acquisition process requires an extensive
evaluation considering the system requirements, feasibility analysis, and risk
management assessment. ]
The acquisition process should involve the identification and analysis of alternative
solutions that are each compared with the established business requirements. The
decision making to acquire a device primarily consists of the following stages:
One of the most essential assessments in decision making process is identifying the
business objective after first knowing the problems being solved. The management
should primarily identify the business processes involved in the organization. The
first phase of the acquisition process should align the business process with the
company objectives and the business plan. Note that specific process may need to
be prioritized to fully obtain the benefits of the implementation. Moreover, each
process should be carefully analyzed to ensure that it will have the certain
functionality to meet the requirements of the business process and the users, as
well as the benefits which can be justified with its cost.
Analyzing alternatives
34
also may work with some experts from Computer Law Association to
make sure this analysis strictly enforced. Thus, the underlying theme will
protect the company and the establishment of the remedy process
should the vendor or contractor fail to perform as promised.
Upon completion of the series of feasibility analyses, the risk analysis review most
likely will be conducted. Risk analysis evaluate the security of proposed system,
potential threats, vulnerabilities, impacts, as well as the feasibility of other
controls can be used to minimize the identified threats.
Selection Procedure
Selection procedure is the process of identifying the best match between the
available options and the identified requirements. In this process, the company
requests for a proposal from prospective providers, evaluates the proposal, and
selects the best available alternative. There are various ways to solicit responses
from providers. Some of the common methods comprise request for information
(RFI), request for bid (RFB), and request for proposal (RFP). An RFI is used to seek
information from vendors for a specific intention. RFI should act as a tool for
determining the alternatives or associated alternatives for meeting the
organization‘s needs. An RFB is designed to procure specific items or services and
used where either multiple vendors are equally competent of meeting all of the
technical and functional specifications or only one provider can meet them.
Furthermore, an RFP specifies the minimal acceptable requirements, including
functional, technical, and contractual aspects. This document offers flexibility to
respondents to further define the requested requirements. RFPs can be a lead to
a purchase or continued negotiation.
All of these processes should be structurally proceeded to ensure the process would be
completed neatly in a timely fashion. If done properly, this process turns out to be a
purchasing decision for the selected application. Note that the entire process must be
documented in a written letter before moving to the next step. This is an important
issue to avoid a bid protest that may be filled from any other potential
35
vendors. Management, IT auditor and also legal counsel must review every point
in detail before the proposal evaluation process begins.
Proposal evaluation is a crucial process in the acquisition since one of more key
stakeholders reviews submitted proposals using a list of objective selection criteria
and decide the best match between the product features and functionality with
the identified requirements.
Negotiating a contract
Once the vendor is selected, then the company can move to the contract
negotiation, in which the company can specify the price of the job and the type of
the support to be provided by the vendor. The contract must describe the detailed
specifications, all the included services provided by the vendor, and other detail
terms of the system. Contract is a legal document so the company should involve
the experienced staff in IT and legal matters. Since the contract can be very tricky
so these legal counsel should be involved from the beginning of selection process.
Establishing a service level agreement (SLA) SLA is formal agreement regarding the
distribution of work between the organization and its vendor. Such agreement is
created according to a set of agreed-upon objective, quality tests, and some what-if
situations. Overall, SLA defines: (1) company and vendor responsibilities,
(2) framework for designing support services, (3) company privilege to have most
of the control over their system.
36
with organizational issues such as conversion strategies, training, and resistant
to change.
The first three octets of an IP address should be the same for all computers in the
LAN. For example, if a total of 128 hosts exist in a single LAN, the IP addresses
could be assigned starting with 192.168.1.x, where x represents a number in the
range of 1 to 128. You could create consecutive LANs within the same company in
a similar manner consisting of up to another 128 computers. Of course, you are not
limited to 128 computers, as there are other ranges of IP addresses that allow you
to build even larger networks.
There are different classes of networks that determine the size and total possible
unique IP addresses of any given LAN. For example, a class A LAN can have over 16
million unique IP addresses. A class B LAN can have over 65,000 unique IP
addresses. The size of your LAN depends on which reserved address range you use
and the subnet mask(explained later) associated with that range. (see Table
below.).
37
Table 1. Address ranges and LAN sizes
Address range Subnet mask Provides Addresses per LAN
38
5.4 Domain name
The domain name, or network name, is a unique name followed by a standard
Internet suffixes such as .com, .org, .mil, .net, etc. You can pretty much name
your LAN anything if it has a simple dial-up connection and your LAN is not a server
providing some type of service to other hosts directly. In addition, our sample
network is considered private since it uses IP addresses in the range of
192.168.1.x. Most importantly, the domain name of choice should not be
accessible from the Internet if the above constraints are strictly enforced. Lastly,
to obtain an "official" domain name you could register through InterNIC, Network
Solutions or Register.com.
5.5 Hostnames
Another important step in setting up a LAN is assigning a unique hostname to each
computer in the LAN. A hostname is simply a unique name that can be made up and is
used to identify a unique computer in the LAN. Also, the name should not contain any
blank spaces or punctuation. For example, the following are valid hostnames that
could be assigned to each computer in a LAN consisting of 5 hosts: hostname 1
- Simba; hostname 2 - Chui; hostname 3 - Duma; hostname 4 - Nyati; and hostname
5 - Ndume. Each of these hostnames conforms to the requirement that no blank
spaces or punctuation marks are present. Use short hostnames to eliminate
excessive typing, and choose a name that is easy to remember.
Table 2 summarizes what we have covered so far in this article. Every host in the
LAN will have the same network address, broadcast address, subnet mask, and
domain name because those addresses identify the network in its entirety. Each
computer in the LAN will have a hostname and IP address that uniquely identifies
that particular host. The network address is 192.168.1.0, and the broadcast
address is 192.168.1.128. Therefore, each host in the LAN must have an IP address
between 192.168.1.1 to 192.168.127.
39
Network address 192.168.1.0 Same for all hosts
There are two ways to assign IP addresses in a LAN. You can manually assign a
static IP address to each computer in the LAN, or you can use a special type of
server that automatically assigns a dynamic IP address to each computer as it
logs into the network.
40
one end and allows a connection to the Internet on the opposite end. Furthermore,
the DHCP server will also assign the network and broadcast addresses. You will not
be required to manually assign hostnames and domain names in a dynamic IP
addressing scheme.
Also make sure that the hardware of choice is compatible with the operating
system. This hardware/software compatibility information is usually found in the
Requirements section on the back of the box of each product. Alternatively, you
could ask a computer sales person about hardware/software requirements. You
can usually save money by purchasing LAN cards as a package vs. purchasing them
individually.
When choosing an Ethernet hub ensure that it contains at least as many ports as
there are computers that will participate in the LAN. It is always best to choose a
hub with additional ports to allow for expansion.
If you plan to use all of the computers in the LAN to access the Internet via a local
Internet Service Provider (ISP), the router/Ethernet combo is an ideal choice. The
router/Ethernet unit is normally configured using any computer that is connected to
the LAN. Assuming that all computers in the LAN will be running the Red Hat
41
Linux operating system, a router will be required that can be configured using
a Linux configuration program such as LinuxConf.
Finally, choose network cables to allow for expansion. Typically, most Ethernet
networks use 10BaseT cables with RJ45 jacks at each end. It's always a good idea to
purchase cables that are 1 or 2 times longer than the required length in case the
structure (topology) of the LAN changes in the future.
Find a convenient but safe location for the Ethernet hub, preferably a centralized
location in the same building or room along with the computers. Next, run the
cable from the NIC in each computer to the Ethernet hub ensuring all cables are
out of the way of users who will need physical access to each computer in the
LAN. Moreover, make sure you follow all instructions provided with the LAN
hardware before starting up any of the computers that will participate in the LAN.
If you are using a router to connect the LAN to the Internet or using a DHCP server,
you will need to do some configuration as required by the user's manual. Lastly,
assuming all computers are attached to the Ethernet hub via the NIC and a specific
port on the hub, you can now begin the software configuration process using the
Red Hat operating system.
How you configure the computers on the LAN will depend on whether the Red Hat
OS was installed before or after the LAN hardware. If you installed the LAN
hardware before installing Red Hat you will be prompted for network configuration
during the Red Hat installation process. However, if you installed the Red Hat OS
after the LAN hardware, a program called "Kudzu" will detect the newly installed
42
Ethernet card and initiate the configuration process automatically. Follow these
steps when configuring each Ethernet card using the "Kudzu" program:
1. During the bootup process look for a dialog box titled "Welcome to Kudzu."
Press Enter to begin the configuration process.
2. Next, you should see another dialog box that displays the brand name for the
installed Ethernet card. Press Enter again to continue.
3. After a brief delay you should see "Would You Like to Set up Networking".
4. Select the NO option using the Tab key and then press Enter. I will describe
setting up networking using a utility called LinuxConf later in this article.
At this point, the bootup process should continue normally and you will be
required to log on to the computer as the root user. You should have been given
the opportunity to create a root account during the initial installation of Red Hat.
44
5. Left-click the Accept button to activate all changes.
1. In the left column of LinuxConf, open the Routing and Gateways category.
2. Select the Host Name Search path option.
3. In the right column of LinuxConf, select the Multiple IPs for One Host option.
4. Select the hosts, dns option in the right portion of LinuxConf.
5. Left-click the Accept button to activate all changes.
After you have done steps 1-7 for all computers, the /etc/hosts tab of LinuxConf
should list one entry for every computer in your LAN, in addition to the local
host's loopback interface. The local host name should appear as localhost. Finally,
you can save all changes and exit the LinuxConf application by following the steps
below:
1. Left-click the Quit button in the /etc/host screen after all hostnames and IP
addresses have been entered.
2. To exit the LinuxConf application, left-click the Quit button at the bottom-
left corner.
3. Left-click the Activate the Changes button to activate all changes and
exit LinuxConf.
Now that you have configured one computer in your LAN, you will need to go
back and repeat all the above steps for each computer starting with the section
"Configuring the LAN". If you would prefer a less time-consuming procedure of
configuring each computer, you can modify the /etc/hosts file on each computer
manually using a copy method.
You can copy the /etc/hosts file that you have just created to a flash disk or CD-
ROM (if you have a writeable CD-ROM drive) and copy that file to the /etc directory
of each computer in your LAN.
Next, take the flash to each computer in the LAN and type the command cp
/flash/ hosts /etc/host in a terminal window. This will copy the hosts file to the
/etc directory on each host. The /etc/hosts file, as you probably noticed, is just a
text file with a list of hostnames and IP addresses separated into three columns.
Lastly, make sure that the local computer and its associated IP address are listed
twice and all the other computers in the LAN are listed only once.
46
5.10 Testing the LAN
To test the completely configured LAN, make sure that the computers are able
to communicate with each other after the bootup process. You can start by
typing reboot at the command prompt at a command terminal on each
computer. This allows you to monitor the testing information that scrolls down
the screen as a standard procedure during the Linux boot process. Look for the
following information:
The Setting hostname field should display the hostname that you assigned for
this computer. The lo and eth0 interfaces should display [OK] to indicate that
both tests were successful.
To determine whether each computer can communicate with every other computer
in the LAN, use the ping command. Open any terminal window on the current host
and type the command ping <IP address> or <hostname>, where <IP address> or
<hostname> is the IP address and/or the hostname that you assigned to this
computer. Note that you must type either the IP address or the hostname in order
for the ping command to work properly.
If you have configured the DNS nameserver specification properly, the ping
<hostname> command should resolve the hostname into a corresponding IP address.
Otherwise, you will need to use the IP address that you should currently already
have listed for all computers in the LAN. The ping command will send messages
across the LAN to the designated IP address or computer. You should see several
messages or packets (consisting of bytes of information) if the computers are
"talking" or communicating with each other. These packets look similar to the
following:
Note that the "192.168.1" represents the LAN that this particular host is a
member of and the x indicates the specific host number that you are attempting
to ping (e.g. such as Oracle) which jointly makes up the IP address. You can press
the Ctrl+C to terminate the test and you should see the following basic
information about the entire ping test:
Verify that the packet loss is 0%, which is an immediate indication that the test
was successful. However, there is a problem if the ping command results in the
following message:
This is an immediate indication that the two computers are not communicating at
all. If the computers are not communicating, see the next section,
"Troubleshooting the LAN". Otherwise, when you can successfully ping all other
computers in the LAN from one designated computer, the overall basic
communications functionality is indeed a success. At this point, you can consider
this LAN to be a fully functional network that you can install and on which you
can configure various network services as desired.
If you are unable to ping another computer in the LAN, here's how to get to the
source of the problem. First of all, it's a good idea to shut down every computer in
the LAN using the shutdown command. At the command prompt on each computer,
48
type shutdown. The main reason for shutting down all computers is to monitor
feedback from the boot process when each computer is started up again.
Check all cable connections between every computer, making sure that all
RJ45 jacks are connected properly. After verifying that all the cables are
secured properly, start each computer one at a time and look for the following
response during the boot process:
You can turn on the interactive mode by typing I at the LILO boot prompt during
the initial bootup process of Red Hat to get a closer view of the feedback. Ensure
that the hostname and network name that was assigned to this computer is spelled
correctly. If this is not the case, you will need to return to the Basic Host
Information section of LinuxConf. In interactive mode you will be prompted to start
several services. Respond to each question with Yes and pay close attention to
results of various tests. If the Kudzu program detects an Ethernet card, then this an
indication that the card was not properly configured the first time around. Proceed
to let Kudzu configure the card. When you are prompted to configure the network,
choose "Yes" and type the correct IP address and other related information for this
particular computer.
This line indicates whether the Ethernet card is working properly. If this test fails
you should check all network settings using LinuxConf to ensure that the card was
configured properly. If the network settings are correct, there is probably a defect
in the Ethernet card itself. In order to verify this, consult the manufacturer of the
Ethernet card or a computer technician to determine whether or not the card is
49
defective. Repeat the preceding troubleshooting procedures on each new
Ethernet card installed.
There are several ways to do connect your computers to the internet. According
to this manual, there are at least 3 :
50
some work and thus they want to be paid for it. It also means that
intervention by your ISP is required, i.e. you can't do it all on your own.
This is in contrast with the next two strategies.
Proxy servers
Routing works great for businesses which are connected to the Internet 24
hours a day. But what if you're not, and you still want to hook up a whole
LAN to the Internet once in a while? One solution would be if somehow a
workstation computer could ask the gateway computer to send and receive
data on it's behalf. The software which does the trick is called a proxy
server. A well known example is WinGate. As far as the operating system is
concerned, the proxy server is a normal TCP/IP application. A workstation
computer sends a request to the gateway asking it to send data to the
Internet. The data is sent using the gateway's IP address, and any response
comes back the same way. Any number of computers on your LAN can use
the connection in this way at the same time, as long as the data for separate
requests is kept separate. The gateway computer can be a 'normal' PC with a
standard Internet connection. There are several different way to do
proxying: using the SOCKS protocol, socket relays and application proxies.
With socket relay (also known as "port mapping"), the proxy server mirrors ports
from the remote machine on the Internet and makes them available as though
it was providing the services. In this case, when a workstation on the internal
network connects to for instance the SMTP port on the proxy server, the proxy
server opens a matching socket on the connection to the Internet and then just
ferries data between the two connections. Unlike SOCKS, a socket relay does
not require any special support on behalf of the client
51
program, so it can be used with most applications. The disadvantage of
socket relays is that not all protocols can be handled. For instance, using
the FTP protocol in non-passive mode is very problematical, and is not
normally possible with a socket relay system.
IP Masquerading (NAT)
Some operating systems, most notably Linux, have the capability to perform
IP routing with the addition of changing the IP address in the packets on the
fly, i.e. as the data is passed through from the LAN to the Internet. When
there is a mapping of multiple addresses on an internal LAN to one particular
IP address of the gateway, this is called IP Masquerading. When the mapping
is a bit broader (any IP address to any other IP address) the feature is called
Network Address Translation (NAT). NAT is a superset of IP Masquerading and
is often used in firewalls for security reasons. Note that ISPA also has a
feature called NAT (used for a different purpose).
Let's say in the following example that you use IPRoute for NAT. IPRoute
changes the addresses in the packets it receives from the workstation
machines into the address it is using itself. For example, 2 workstation
machines can each run a webbrowser. IPRoute changes the addresses so the
ISP thinks both webbrowsers are running on one and the same machine!
There's nothing strange with that, it has always been possible to run multiple
webbrowsers on one machine.
52
time. That means that the gateway machine can remap a port to only one
workstation machine. So, if you want to run more than one webserver on
your internal network which must all be reachable from the outside, there is
a problem. Fortunately, there is also a solution. Let's say you have
webservers on each port 80 of the workstation machines 192.168.0.2,
192.168.0.3 and 192.168.0.4. You can remap port 80 on the gateway
machine to port 80 on 192.168.0.2, port 81 to port 80 on 192.168.0.3 and
port 82 to port 80 on 192.168.0.4. People on the outside will have to specify
URLs with "non-standard" ports for the last two workstation machines, say
http://www.example.com:81/ and http://www.example.com:82/ It works
but it isn't very elegant...
One of the major problems with using the SOCKS protocol is that it requires
that clients be able to perform name lookups for external addresses, usually
via DNS. This means that as well as implementing a SOCKs server, the proxy
server must also provide a full DNS service to it's clients. Additionally, some
protocols do not lend themselves to transport via SOCKs. The FTP protocol,
in non-passive mode, can be particularly difficult. It is also possible to use a
socket relay server without access to a DNS server, but this is not always
the case.
If you have several workstation machines who all hit the same webpage at
the same time, a caching proxy server may be provide better performance
than a system with IP Masquerading. That is because the webpages can be
served from the cache (local harddisk) instead of getting each of them over
the modem/ ISDN link. On the other hand, a caching proxy may require a
more powerful machine with a big harddisk.
53
Review Questions
i) Describe the structure of an IP- address.
ii) You have been given an IP address 172.16.1.1 determine
i. Network address
ii. The range of addresses you can assign to individual hosts
iii. Broadcast address
iv. Network address
v. Subnet mask
54
CHAPTER SIX: NETWORK SECURITY
Introduction
This chapter discusses security issues regarding TCP/IP networks and provides an
overview of solutions to resolve security problems before they can occur. The
field of network security in general and of TCP/IP security in particular is too
wide to be dealt with in an all encompassing way in this manual, so the focus of
this chapter is on the most common security exposures and measures to
counteract them. Because many, if not all, security solutions are based on
cryptographic algorithms, we also provide a brief overview of this topic for the
better understanding of concepts presented throughout this chapter.
Wire tapping: listening a link to get access to cleartext data and passwords
Impersonation: to get unauthorized access to data or to
create unauthorized e-mails, orders, etc.
55
Denial-of-service: to render network resources non-functional
Replay of messages: to get access to and change information in transit
Guessing of passwords: to get access to information and services that
would normally be denied (dictionary attack)
Guessing of keys: to get access to encrypted data and passwords (brute-
force attack, chosen ciphertext attack, chosen plaintext attack)
Viruses, trojan horses and logic bombs: to destroy data
Though these attacks are not exclusively specific to TCP/IP networks, they
should be considered potential threats to anyone who is going to base his/her
network on TCP/IP, which is what the majority of enterprises, organizations and
small businesses around the world are doing today. Hackers (more precisely,
crackers) do likewise and hence find easy prey.
58
How to prevent the Use a multi-layer access Application security
improper use of services by control model based on (DBMS, Web servers, Lotus
otherwise properly ACLs. Notes, etc.).
authenticated users?
Server file systems
(UNIX, NTFS, NetWare,
HPFS-386, etc.). System
security services (RACF,
DCE,
UNIX, NT, etc.).
How to obtain information Observe security http://www.cert.org
on possible security directives by organizations
exposures? such as CERT and your
hardware and software
vendors
How to make sure that only Use access control at link RADIUS (optionally using
those people, that you want establishment by virtue of Kerberos, RACF, etc.),
dial into your network? central authentication TACACS. Security
services, two-factor Dynamics'
authentication, etc. SecureID ACE/Server, etc.
How do you know that your Use extensive logging and Application/Service access
system has been broken examine logs frequently. logs
into? Use intrusion detection (Lotus Notes, DB2/UDB,
programs. Web
servers, etc.). System logs
(UNIX, Windows NT,
AS/400,
etc.). Firewall logs and
alerting
(IBM firewalls, etc.).
59
Systems
management and alerting
(Tivoli, etc.)
How to prevent wire tappers Encrypt messages, SET, SSL, IPSec, Kerberos,
from reading messages? typically PPP
using a shared secret key.
Secret keys offer a
tremendous performance
advantage over
public/private
keys.)
It is important to point out that you cannot implement security if you have not
decided what needs to be protected and from whom. You need a security policy,
a list of what you consider allowable and what you do not consider allowable,
upon which to base any decisions regarding security. The policy should also
determine your response to security violations.
An organization's overall security policy must be determined according to
security analysis and business requirements analysis. Since a firewall, for
instance, relates to network security only, a firewall has little value unless the
overall security policy is properly defined. The following questions should provide
some general guidelines:
Exactly who do you want to guard against?
Do remote users need access to your networks and systems?
How do you classify confidential or sensitive information?
Do the systems contain confidential or sensitive information?
60
What will the consequences be if this information is leaked to
your competitors or other outsiders?
Will passwords or encryption provide enough protection?
How much access do you want to allow to your systems from the Internet
and/or users outside your network (business partners, suppliers, corporate
affiliates, etc.)?
What action will you take if you discover a breach in your security?
Who in your organization will enforce and supervise this policy?
This list is short, and your policy will probably encompass a lot more before it is
complete. Perhaps the very first thing you need to assess is the depth of your
paranoia. Any security policy is based on how much you trust people, both inside
and outside your organization. The policy must, however, provide a balance
between allowing your users reasonable access to the information they require to
do their jobs, and totally disallowing access to your information. The point where
this line is drawn will determine your policy.
If you connect your system to the Internet then you can safely assume that your
network is potentially at risk of being attacked. Your gateway or firewall is your
greatest exposure, so the following is recommended:
The gateway should not run any more applications than is absolutely
necessary; for example, proxy servers and logging because applications
have defects that can be exploited.
The gateway should strictly limit the type and number of protocols allowed
to flow through it or terminate connections at the gateway from either side,
because protocols potentially provide security holes.
Any system containing confidential or sensitive information should not
be directly accessible from the outside.
Generally, anonymous access should at best be granted to servers in a
demilitarized zone.
All services within a corporate intranet should require at least password
61
authentication and appropriate access control.
Direct access from the outside should always be authenticated
and accounted.
The network security policy defines those services that will be explicitly
allowed or denied, how these services will be used and the exceptions to
these rules.
Every rule in the network security policy should be implemented on a
firewall and/or Remote Access Server (RAS). Generally, a firewall uses
one of the following methods.
This approach blocks all traffic between two networks except for those
services and applications that are permitted. Therefore, each desired service
and application should be implemented one by one. No service or application
that might be a potential hole on the firewall should be permitted. This is the
most secure method, denying services and applications unless explicitly
allowed by the administrator. On the other hand, from the point of users, it
might be more restrictive and less convenient.
6.3.3 Everything not specifically denied is permitted.
This approach allows all traffic between two networks except for those
services and applications that are denied. Therefore, each untrusted or
potentially harmful service or application should be denied one by one.
Although this is a flexible and convenient method for the users, it could
potentially cause some serious security problems.
Remote access servers should provide authentication of users and should ideally
also provide for limiting certain users to certain systems and/or networks
within the corporate intranet (authorization). Remote access servers must also
determine if a user is considered roaming (can connect from multiple remote
locations) or stationary (can connect only from a single remote location), and if
the server should use callback for particular users once they are properly
authenticated.
62
6.4 Incorporating Security into Your Network Design
You have seen throughout previous chapters that the design of an IP network is
sometimes exposed to environmental and circumstantial influences that dictate
certain topologies or strongly favor one design approach over another. One such
influential topic is IP security.
63
Review Questions
i) What is network security?
ii) Describe three security compromises that can be performed on data.
iii) Explain why it is necessary for an organization to have a network security
policy.
iv) Explain how a firewall works to enforce a security policy.
v) You are network administrator in an organization. How will you know that
the network has been broken into? What will you do?
vi) How does a security plan differ from a security policy?
vii) Why is it important to achieve buy-in from users, managers, and technical
staff for the security policy?
viii) What are some methods for keeping hackers from viewing and
changing router and switch configuration information?
ix) How can a network manager secure a wireless network?
64
65
66
CHAPTER SEVEN: TROUBLESHOOTING NETWORK PROBLEMS
7.1 Introduction
67
If, however, the card does not have any lights or has orange or red
lights, it is possible that either the card is bad, the card is not connected
properly, or that the card is not receiving a signal from the network.
If you are on a small or local network and have the capability of checking
a hub or switch, verify that the cables are properly connected and that
the hub or switch has power.
Verify that the network card is capable of pinging or seeing itself by using
the ping command. Windows / MS-DOS users ping the computer from a
MS-DOS prompt. Unix / Linux variant users ping the computer from the
shell. To ping the card or the localhost, type either ping 127.0.0.1 or ping
localhost
If your computer network utilizes a firewall, ensure that all ports
required are open. If possible, close the firewall software program or
disconnect the computer from the firewall to ensure it is not causing the
problem.
Network management refers to the activities, methods, procedures, and tools that
pertain to the operation, administration, maintenance, and provisioning of
networked systems.
There exists a wide variety of software and hardware products that help network
system administrators manage a network. Network management covers a wide
area, including:
68
Network management involves keeping an eye on the following:
Network Operations: keeping the network (and the services that the network
provides) up and running smoothly. It includes monitoring the network to spot
problems as soon as possible, ideally before users are affected.
Administration: deals with keeping track of resources in the network and how they
are assigned.
Maintenance: concerned with performing repairs and upgrades. Maintenance also
involves corrective and preventive measures to make the managed network run
"better‖.
Provisioning: is concerned with configuring resources in the network to support a
given service.
We Monitor
System & Services
o Available, reachable
Resources
o Expansion planning, maintain availability
Performance
o Round-trip-time, throughput
Changes and configurations
o Documentation, revision control,
logging We Keep Track of
Statistics
o For purposes of accounting and metering
Faults (Intrusion Detection)
o Detection of issues,
o Troubleshooting issues and tracking their history
69
Ticketing systems are good at this
Help Desks are a useful to critical component
7.4 Expectations
A network in operation needs to be monitored in order to:
Deliver projected SLAs (Service Level
Agreements)
SLAs depend on policy
What does your management expect?
What do your users expect?
What do your customers expect?
What does the rest of the Internet expect?
Review Questions
i) what is the first thing you will do if you discover your computer is not
connecting?
ii) What is network management? Why do networks need to be managed?
iii) Describe the five functional areas of network management.
71
CHAPTER EIGHT: DISASTER RECOVERY
8.1 Introduction
72
8.2 What Is Risk With Respect To Network Systems?
Risk is the potential harm that may arise from some current process or from
some future event.
Risk is present in every aspect of our lives and many different disciplines focus on
risk as it applies to them. From the network security perspective, risk management
is the process of understanding and responding to factors that may lead to a failure
in the confidentiality, integrity or availability of an information system. Network
security risk is the harm to a process or the related information resulting from
some purposeful or accidental event that negatively impacts the process or the
related information.
Risk is a function of the likelihood of a given threat-source’s exercising a
particular potential vulnerability, and the resulting impact of that adverse event
on the organization.
Threat: The potential for a threat source to exercise (accidentally trigger
or intentionally exploit) a specific vulnerability.
Threat-Source: Either (1) intent and method targeted at the intentional
exploitation of a vulnerability or (2) a situation and method that may
accidentally trigger a vulnerability. The threat is merely the potential for the
exercise of a particular vulnerability. Threats in themselves are not actions.
Threats must be coupled with threat-sources to become dangerous.
This is an important distinction when assessing and managing risks, since each
threat-source may be associated with a different likelihood, which, as will be
demonstrated, affects risk assessment and risk management. It is often expedient
to incorporate threat sources into threats. The list below shows some (but not
all) of the possible threats to information systems.
Vulnerability: A flaw or weakness in system security procedures, design,
implementation, or internal controls that could be exercised (accidentally
triggered or intentionally exploited) and result in a security breach or a violation of
the system‘s security policy.Notice that the vulnerability can be a flaw or
weakness in any aspect of the system.
Vulnerabilities are not merely flaws in the technical protections provided by
the system.
73
Significant vulnerabilities are often contained in the standard operating procedures
that systems administrators perform, the process that the help desk uses to reset
passwords or inadequate log review. Another area where vulnerabilities may be
identified is at the policy level. For instance, a lack of a clearly defined security
testing policy may be directly responsible for the lack of vulnerability scanning.
Here are a few examples of vulnerabilities related to contingency planning/
disaster recovery:
74
methodologies aimed at allowing risk assessment to be repeatable and give
consistent results.
75
Typically, it is not cost-effective to perform a quantitative risk assessment for an
IT system, due to the relative difficulty of obtaining accurate and complete
information. However, if the information is deemed reliable, a qualitative risk
assessment is an extremely powerful tool to communicate risk to all level of
management.
76
It is valuable to compile a list of threats that are present across the
organization and use this list as the basis for all risk management activities. As a
major consideration of risk management is to ensure consistency and
repeatability, an organizational threat list is invaluable.
78
8.4.7 Sample Likelihood Definitions
Low 0-25% chance of successful exercise of threat during a one-year period
Moderate 26-75% chance of successful exercise of threat during a one-year period
High 76-100% chance of successful exercise of threat during a one-year period
The most important thing is to make sure that the definitions are consistently used,
clearly communicated, agreed upon and understood by the team performing the
assessment and by organizational management.
Acceptance
Acceptance is the practice of simply allowing the system to operate with a known
risk. Many low risks are simply accepted. Risks that have an extremely high cost to
mitigate are also often accepted. Beware of high risks being accepted by
management. Ensure that this strategy is in writing and accepted by the
manager(s) making the decision. Often risks are accepted that should not have
been accepted, and then when the penetration occurs, the IT security personnel
are held responsible. Typically, business managers, not IT security personnel, are
the ones authorized to accept risk on behalf of an organization.
Avoidance
Avoidance is the practice of removing the vulnerable aspect of the system or even
the system itself. For instance, during a risk assessment, a website was uncovered
that let vendors view their invoices, using a vendor ID embedded in the HTML file
name as the identification and no authentication or authorization per vendor.
When notified about the web pages and the risk to the organization, management
decided to remove the web pages and provide vendor invoices via another
mechanism. In this case, the risk was avoided by removing the vulnerable web
pages.
Review Questions
Explain three ways of mitigating against risk.
Describe the relationship between attack ,threat and vulnerability.
Why is it important to quantify risk before developing
mitigating mechanisms ?
How can a network manager secure a wireless network?
81
CHAPTER TEN: NETWORK MONITORING TOOLS
When you launch Microsoft Network Monitor, choose which adapter to bind to from the main
window and then click “New Capture” to initiate a new capture tab. Within the Capture tab, click
“Capture Settings” to change filter options, adapter options, or global settings accordingly and then
hit “Start” to initiate the packet capture process.
2. Nagios
Nagios is a powerful network monitoring tool that helps you to ensure that your critical systems,
applications and services are always up and running. It provides features such as alerting, event
handling and reporting. The Nagios Core is the heart of the application that contains the core
monitoring engine and a basic web UI. On top of the Nagios Core, you are able to implement
plugins that will allow you to monitor services, applications, and metrics, a chosen frontend as
well as add-ons for data visualisation, graphs, load distribution, and MySQL database support,
amongst others.
Tip: If you want to try out Nagios without needing to install and configure it from scratch,
download Nagios XI and enable the free version. Nagios XI is the pre-configured enterprise class
version built upon Nagios Core and is backed by a commercial company that offers support and
additional features such as more plugins and advanced reporting.
Note: The free version of Nagios XI is ideal for smaller environments and will monitor up to seven
nodes.
Once you’ve installed and configured Nagios, launch the Web UI and begin to configure host
groups and service groups. Once Nagios has had some time to monitor the status of the specified
hosts and services, it can start to paint a picture of what the health of your systems look like.
3. OpenNMS
OpenNMS is an open source enterprise grade network management application that offers
automated discovery, event and notification management, performance measurement, and service
assurance features. OpenNMS includes a client app for the iPhone, iPad or iPod Touch for on-the-
go access, giving you the ability to view outages, nodes, alarms and add an interface to monitor.
Once you successfully login to the OpenNMS web UI, use the dashboard to get a quick ‘snapshot
view’ of any outages, alarms or notifications. You can drill down and get more information about
any of these sections from the Status drop down menu. The Reports section allows you to generate
reports to send by e-mail or download as a PDF.
4. Advanced IP Scanner
Advanced IP Scanner is a fast and easy to use network scanner that detects any network devices
(including wireless devices such as mobile phones, printers and WIFI routers) on your network. It
allows you to connect to common services such as HTTP, FTP and shared folders if they are
enabled on the remote machine. You are also able to wake up and shut down remote computers.
The installer allows you to fully install the application on your machine or run the portable version.
When you launch Advanced IP Scanner, start by going to Settings > Options to select which
resources to scan and how fast/accurate you want the results to be. You can then choose which
subnet to scan and proceed with pressing the “Scan” button. Once the scan is complete, expand
the results to see which resources you are able to connect to for each discovered device.
5. Capsa Free
Capsa Free is a network analyzer that allows you to monitor network traffic, troubleshoot network
issues and analyze packets. Features include support for over 300 network protocols (including the
ability to create and customize protocols), MSN and Yahoo Messenger filters, email monitor and
auto-save, and customizable reports and dashboards.
When you launch Capsa, choose the adapter you want it to bind to and click “Start” to initiate the
capture process. Use the tabs in the main window to view the dashboard, a summary of the traffic
statistics, the TCP/UDP conversations, as well as packet analysis.
6. Fiddler
Fiddler is a web debugging tool that captures HTTP traffic between chosen computers and the
Internet. It allows you to analyze incoming and outgoing data to monitor and modify requests and
responses before they hit the browser. Fiddler gives you extremely detailed information about
HTTP traffic and can be used for testing the performance of your websites or security testing of
your web applications (e.g. Fiddler can decrypt HTTPS traffic).
When you launch Fiddler, HTTP traffic will start to be captured automatically. To toggle traffic
capturing, hit F12. You can choose which processes you wish to capture HTTP traffic for by
clicking on “All Processes” in the bottom status bar, or by dragging the “Any Process” icon from
the top menu bar onto an open application.
7. NetworkMiner
NetworkMiner captures network packets and then parses the data to extract files and images,
helping you to reconstruct events that a user has taken on the network – it can also do this by
parsing a pre-captured PCAP file. You can enter keywords which will be highlighted as network
packets are being captured. NetworkMiner is classed as a Network Forensic Analysis Tool (NFAT)
that can obtain information such as hostname, operating system and open ports from hosts.
In the example above, I set NetworkMiner to capture packets, opened a web browser and searched
for “soccer” as a keyword on Google Images. The images displayed in the Images tab are what I
saw during my browser session.
When you load NetworkMiner, choose a network adapter to bind to and hit the “Start” button to
initiate the packet capture process.
8. Pandora FMS
Pandora FMS is a performance monitoring, network monitoring and availability management tool
that keeps an eye on servers, applications and communications. It has an advanced event
correlation system that allows you to create alerts based on events from different sources and notify
administrators before an issue escalates.
When you login to the Pandora FMS Web UI, start by going to the ‘Agent detail’ and ‘Services’
node from the left hand navigation pane. From here, you can configure monitoring agents and
services.
9. Zenoss Core
Zenoss Core is a powerful open source IT monitoring platform that monitors applications, servers,
storage, networking and virtualization to provide availability and performance statistics. It also has
a high performance event handling system and an advanced notification system.
Once you login to Zenoss Core Web UI for the first time, you are presented with a two-step wizard
that asks you to create user accounts and add your first few devices / hosts to monitor. You are
then taken directly to the Dashboard tab. Use the Dashboard, Events, Infrastructure, Reports and
Advanced tabs to configure Zenoss Core and review reports and events that need attention.
When you launch PRTG Network Monitor, head straight to the configuration wizard to get started.
This wizard will run you through the main configuration settings required to get the application up
and running, including the adding of servers to monitors and which sensors to use.
12 Splunk
Splunk is a data collection and analysis platform that allows you to monitor, gather and analyze
data from different sources on your network (e.g. event logs, devices, services, TCP/UDP traffic,
etc). You can set up alerts to notify you when something is wrong or use Splunk’s extensive search,
reporting and dashboard features to make the most of the collected data. Splunk also allows you
to install ‘Apps’ to extend system functionality.
Note: When you first download and install Splunk, it automatically installs the Enterprise version
for you to trial for 60 days before switching to the Free version. To switch to the Free version
straight away, go to Manager > Licensing.
When you execute the application, go to Tools > Preferences to configure Scanning and Port
options, then go to Tools > Fetchers to choose what information to gather from each scanned IP
address.
14 Icinga 2
Icigna is a Linux based fully open source monitoring application which checks the availability of
network resources and immediately notifies users when something goes down. Icigna provides
business intelligence data for in depth analysis and a powerful command line interface.
When you first launch the Icigna web UI, you are prompted for credentials. Once you’ve
authenticated, use the navigation menu on the left hand side to manage the configuration of hosts,
view the dashboard, reports, see a history of events, and more.
When you launch Total Network Monitor, go to Tools > Scan Wizard to have the wizard scan a
specified network range automatically and assign the discovered hosts to a group. Alternatively,
create a new group manually to start adding devices/hosts individually.
16. NetXMS
NetXMS is a multi-platform network management and monitoring system that offers event
management, performance monitoring, alerting, reporting and graphing for the entire IT
infrastructure model. NetXMS’s main features include support for multiple operating systems and
database engines, distributed network monitoring, auto-discovery, and business impact analysis
tools, amongst others. NetXMS gives you the option to run a web-based interface or a management
console.
Once you login to NetXMS you need to first go to the “Server Configuration” window to change
a few settings that are dependent on your network requirements (e.g. changing the number of data
collection handlers or enabling network discovery). You can then run the Network Discovery
option for NetXMS to automatically discover devices on your network, or add new nodes by right
clicking on “Infrastructure Services” and selecting Tools > Create Node.
17. Xymon
Xymon is a web-based system – designed to run on Unix-based systems – that allows you to dive
deep into the configuration, performance and real-time statistics of your networking environment.
It offers monitoring capabilities with historical data, reporting and performance graphs.
Once you’ve installed Xymon, the first place you need to go is the hosts.cfg file to add the hosts
that you are going to monitor. Here, you add information such as the host IP address, the network
services to be monitored, what URLs to check, and so on.
When you launch the Xymon Web UI, the main page lists the systems and services being
monitored by Xymon. Clicking on each system or service allows you to bring up status information
about a particular host and then drill down to view specific information such as CPU utilization,
memory consumption, RAID status, etc.
18. WirelessNetView
WirelessNetView is a lightweight utility (available as a standalone executable or installation
package) that monitors the activity of reachable wireless networks and displays information related
to them, such as SSID, Signal Quality, MAC Address, Channel Number, Cipher Algorithm, etc.
As soon as you execute WirelessNetView, it automatically populates a list of all reachable Wi-Fi
networks in the area and displays information relevant to them (all columns are enabled by default).
Note: Wireless Network Watcher is a small utility that goes hand in hand with WirelessNetView.
It scans your wireless network and displays a list of all computers and devices that are currently
connected, showing information such as IP adddress, MAC address, computer name and NIC card
manufacturer – all of which can be exported to a html/xml/csv/txt file.
Once you launch Wi-Fi Inspector and choose an adapter, a list of available Wi-Fi connections is
displayed in the “Networks” pane. Details related to your current Wi-Fi connection are displayed
in the top right hand corner. Everything pretty much happens from the top ribbon bar – you can
run a test, change the layout, edit settings, refresh connections, etc.
20. WireShark
This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive
network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of
protocols and runs on multiple platforms.
When you launch Wireshark, choose which interface you want to bind to and click the green shark
fin icon to get going. Packets will immediately start to be captured. Once you’ve collected what
you need, you can export the data to a file for analysis in another application or use the in-built
filter to drill down and analyze the captured packets at a deeper level from within Wireshark itself.
After a problem has been corrected, the work of the network administrator is not over. Too many
times, network administrators end up solving the same problem repeatedly. The best way to
prevent this is to maintain a problem log and to update this log every time a network failure occurs.
There are a couple of basic commands to diagnose a network problem that every network admin
needs to know. Let’s get down to the nitty gritty.
You have an issue with a computer on your network. It cannot connect to the internet and doesn’t
have any network resources. The first thing you need to do is check the condition of the physical
connection i.e. the network cable. After that is secured, I jump to a command prompt and do a
IPCONFIG /all like so:
I check that the IP address, default gateway and subnet mask are all correct. If they are not, I make
my modifications and we are back online. Too bad the problems don’t usually go away that
easily. Next up, I attempt to ping the servers by IP address using the ping command, like so:
Now I check for DNS issues by pinging the server’s name. If this fails, it is our internal DNS issue
and I know where to move on to.
If I get a correct response, I try to ping a website like www.google.com. That tests external DNS
resolution. If that works as well, the trouble runs deeper. I would then run a Netstat ““a and see
who is connected to my machine and determine if maybe a Trojan or virus has gained control of
it.
Everything looks clean. Now I would try pathping or tracert between the machine and the internet
to diagnose any remaining network problems. This one I will not show you as all the output would
reveal my network settings and what not. I am not looking to create more problems!
During your tests you might conclude that another machine is using the same IP address or host
name as your desktop and causing issues. For this, I would recommend using Angry Ipscanner.exe
(found here here) to query for that IP address or the entire network to find the host name”¦
I have been using this application for more than a decade to diagnose network problems! If you
cannot figure out what is going on and why you cannot get to the resource you are trying to, then
the issue might be network-related and has nothing to do with your machine. First, check if you
can get to the resource from a different machine.
Then it might be time to fire up Wireshark (which used to be called Ethereal, covered here for you
old schoolers). Wireshark will listen to your network adapter for all traffic and responses. The
answer is in the data but you do need to know how to read it. There are lots of good resources
online or you could always come knocking at AskTheAdmin.com with your output and ask us to
help!
How would you troubleshoot a fidgety connection? Do you have any secret commands?
Network Performance
Internet Use
Besides network bandwidth use, violation of Internet use policies can cause network performance
problems. Unauthorized network activities typically performed during work hours include:
1. Accessing pornographic Web sites, as well as file, photo, and video sharing sites.
2. Performing online trading.
3. Accessing personal e-mails and forwarding e-mails with large attachments, such as videos,
PowerPoint presentations, and pictures.
4. Downloading unlicensed software that might contain malware which may cause attack.
To determine whether employees are adhering to established Internet use policies, internal auditors
and network administrators can monitor and analyze data packet traffic flowing between the
organization's gateway and the Internet service provider (ISP). This can be achieved by using a
switched port analyzer (SPAN) Aor placing a hub (i.e., a common connection point for devices in
a network) between the ISP and the organization's router or firewall and also the auditor can
recommend that the organization obtains an Internet use statistics report from the ISP, if possible.
Additionally, Internet use analyses can detect malware infections in the local area network (LAN)
that are the result of inappropriate Internet use or determine if applications residing in the network
are using the Internet redundantly. It also can be used to determine whether the organization needs
to upgrade its current Internet bandwidth and speed.
Cable Performance
To do this, auditors need to use a pair of hardware cable testers, which need to be connected at the
two ends of the physical network cable. When conducting the test, all lights must blink on the
cable tester. If this happens, then the network cable has perfect point-to-point connectivity.
E-Mail Server Review
Many companies implement a private or local mail server for internal and external e-mail use. For
instance, the organization may have a single mailbox for all employees that are hosted by an e-
mail service provider. The organization will then install a local mail server at their end to retrieve
information from this single mailbox, which is then segregated locally based on employee e-mail
IDs. Therefore, if an employee wishes to send an e-mail to a co-worker, the e-mail is sent through
this local mail server directly to the recipient. Otherwise, the local mail server will forward the e-
mail to its parent mail server for further delivery to the intended external recipient. Key points to
look for when reviewing e-mail server performance include:
These key points need to be analyzed and verified manually by the auditor along with the network
or system administrator. Also, a cross-verification should be performed by analyzing e-mail server
logs. For example, if spam e-mail is congesting the majority of the network's bandwidth, the
organization should upgrade its existing spam-filtering solution.
The auditor also needs to analyze the effectiveness of the processes or activities that are used to
manage the network. These activities include the network's capacity use, change management
processes, incident response activities, and log monitoring functions.
Capacity Use
The network capacity planning process compares the organization's current and future network
capacity in terms of their use and efficiency. Any variation between any user requirements and
the organization's capacity can lead to inefficient network use. Therefore, the aim of network
capacity planning is to resolve this difference.
Change Management
Change management is a logical approach that defines the policies, procedures, and controls that
need to be used for specific business functions or activities. In terms of network performance, the
organization's change management policy needs to document, for instance:
Change management policies and actions also can enable auditors and administrators to evaluate
network problems at a quick glance and determine the causes for network performance issues or,
worse, a security breach after a particular change or upgrade is made.
Before a change or upgrade is made to a network component, auditors need to recommend that
network or system administrators discuss the activity with a senior executive, such as the chief
technology, information, or security officer, to evaluate the impact the change or upgrade can have
on various network aspects
Finally, auditors need to ensure that the change management policy or document is authorized and
signed by the senior manager
Incident Response
companies need to have a standard procedure to handle network problems and provide a quick and
efficient solution to those problems. Key items internal auditors need to review when assessing an
organization's network incident response plan or document include:
The level of vendor support (i.e., how will the vendor provide support for problems
reported by the organization — will this support be provided over the phone or in person?
In addition, is the vendor support team or contact person located in a nearby location or
foreign country?).
An inventory of all network programs and applications.
Service-level agreements between the organization and the vendor for specific network
programs and applications identified in the inventory list.
Change management policies and procedures.
A list of incident response team members and their qualifications.
The organization's approach toward solving any network incidents and the steps that will
be taken for mitigating the same as specified in the business continuity or disaster recovery
plan, in addition to determining how the plan will be maintained.
Configuration backups for all network programs and applications (e.g., are these devices
tested in a test environment prior to restoration, are backups encrypted, and where are the
backups stored)?
Log Monitoring
when it comes to network performance, proactive steps apply to monitoring network activities and
identifying problems that might affect the organization in the future. One of the best ways to
monitor network activities is through data logging. Logs generated can be either from a firewall,
managed switch, operating system log, or an application log. For instance, an organization is
growing rapidly in terms of its revenue and number of employees within a short period of time.
To keep up with this growth, network administrators need to identify the effectiveness of currently
used network switches, cables, computer systems, and accessories in keeping up with network
performance. Network administrators may also need to update or increase the availability of these
and other network components within the next three months so that the company's continuity of
flow is not disrupted.
A Good Measure of Network Operations
The use of ongoing performance audits can help IT departments’ better measure the network's
effectiveness and efficiency. To this end, internal auditors need to examine key network functions
and components, such as the company's network bandwidth use, the current level of Internet use,
the performance of network cables, and e-mail server activities. These network performance audits
need to be an ongoing part of the organization's proactive measures to identify any IT system break
downs before they hinder the organization's day-to-day activities. Besides collecting and reviewing
this information, auditors can examine the network's server memory use and central processing
unit (CPU) capacity, which may also hinder network performance.
Q2. How would you handle network security for a client that allows employees to bring their
own devices?
Having outside devices connected to a network can result in major security vulnerabilities that you
should be able to address. Interviewers ask this question to assess your problem-solving skills and
determine what you would do in situations where you can't avoid certain types of risks and
vulnerabilities
Q12. What are the factors that affect the performance of the network?
Answer : Type of transmission media, Softwares, Number of users, Hardware.
Q19. What Is The Defining Difference Between Computer Security And Information
Security?
Answer : Ar 25-2
Q21. Why Does Active Ftp Not Work With Network Firewalls?
Answer : When a user initiates a connection with the FTP server, two TCP connections are
established. The second TCP connection (FTP data connection) is initiated and established from
the FTP server. When a firewall is between the FTP client and server, the firewall would block the
connection initiated from the FTP server since it is a connection initiated from outside. To resolve
this, Passive FTP can be used or the firewall rule can be modified to add the FTP server as trusted.
Q22. How Can You Prevent A Brute Force Attack On A Windows Login Page?
Answer : Setup a account lockout for specific number of attempts, so that the user account would
be locked up automatically after the specified number.
Q24. What do you see as the objective of information security within a business or
organization?
Answer : Network security should:
Q28. Which Feature On A Network Switch Can Be Used To Protect Against Cam Flooding
Attacks?
Answer : Port-Security feature can be used for the same. In a cam flooding attack, the attacker
sends a storm of mac-addresses (frames) with different values. The goal of the attacker is to fill up
the cam table. Port-Security can be used to limit the number of mac-addresses allowed on the port.
Q29. How informed do you keep yourself on network security-related news, and how often
do you check out these stories? Where do you get your security news from?
Answer :Network security incidents are big news today, and there have been many high-profile
news stories about data breaches and hackers in the past few years. An employer is going to want
to know how well-informed you are on the latest security news and incidents. HINT: If you don’t
make it a practice of keeping abreast of the latest network security-related news, you better start
now!
In terms of news sources, your best bets are Team Cymru, Twitter, or Reddit. Make sure to check
the sources of accuracy, though.
Pure aloha
Slotted aloha
Q38. You discover an active problem on your organization’s network, but it’s out of your
sphere of influence. There’s no doubt that you can fix it, though; so what do you do?
Answer : While the first impulse may be to immediately fix the problem, you need to go through
the proper channels. Things may be as they are for a reason. Use e-mail to notify the person in
charge of that department, expressing your concerns, and asking for clarification. Make sure your
boss is CC’ed into the email chain, and make sure that you save a copy for yourself, in case you
need to refer to it later.
Q39. Why are internal threats usually more effective than external threats?
Answer : It all comes down to a question of physical location. A disgruntled soon to be ex-
employee, a hacker posing as a deliveryman, even just a careless curious user, all end up having
better access to the system due to them being on-site. Being “inside” physically makes it easier to
get inside virtually.
Q44. What are the differences among encoding, encryption and hashing?
Answer: Encoding: Basically encoding is used to protect the integrity of data as it crosses through
communication network to keep its original message upon arriving. It is primarily an insecure
function because it is easily reversible.
Encryption: Encryption is basically designed for confidentiality and data integrity and reversible
only if you have the appropriate key
Hashing: With hashing the operation is one-way i.e. non-reversible. It takes an input (or ,message
) and returns a fixed-size string, which is called the hash value.
Q47. In An Icmp Address Mask Request, What Is The Attacker Looking For?
Answer : The attacker is looking for the subnet/network mask of the victim. This would help the
attacker to map the internal network.
Loss or corruption of sensitive data that is essential for a company’s survival and success
Diminished reputation and trust among customers
The decline in value with shareholders
Reduced brand value
Reduction in profits
What are the best defenses against a brute force login attack?
A: There are three major measures you can take to defend against a brute force login attack. For
starters, there’s an account lockout. Offending accounts are locked out until such time as the
administrator decides to open it again. Next comes the progressive delay defense. Here, the account
stays locked for a given number of days after a few unsuccessful login attempts are made. Finally,
there’s the challenge-response test, which heads off automatic submissions employed on the login
page.
What is IPS?
Answer:
An IPS is a threat prevention technology that investigates all network data flow to identify and
prevent malicious activity and to detect vulnerability in the network. IPS is helpful because it can
be configured to detect various network attacks and understand vulnerabilities in the network. IPS
is usually deployed on the perimeter of the network. There are many IPS types; some of the
approaches to prevent intrusions are signature-based, anomaly-based, protocol-based and policy-
based IPS.
What Does Your Network/security Architecture Diagram Look Like?
What are the factors that affect the performance of the network?
Type of transmission media
Software
Number of users
Hardware
What is the difference between a wired LAN and a wireless LAN?
Wired LAN used Ethernet devices like router, hub, and switch, while wireless LAN uses devices
like MiFi router and WLAN router.
Which protocols use the application layer?
SMTP
DNS
TELNET
FTP
What is an intranet?
It is a private network based on TCP/IP protocols accessible only by the company’s members or
someone with authorization.
What are the different types of network security tools?
Access control
Antivirus and antimalware software
Application security
Data Loss Prevention (DLP)
Email security
Firewalls
Intrusion prevention systems
Mobile device security
Host-based Intrusion Detection System (HIDS)
Network Intrusion Detection System (NIDS)
Behavioral analytics
Network segmentation
Virtual Private Network (VPN)
Web security
Wireless security
Security Mitigation Techniques
Mitigation
Description
Method
AAA A group of three services (authentication, authorization, and accounting) that are
Cisco ACL An ordered list of permit and deny statements that can be applied on a Cisco
to the network.
SSH A data transmission protocol that uses strong authentication and an encrypted tun-
nel to ensure secure communications between an SSH client and the SSH server.
SNMP A management protocol that monitors the network and manages configurations by
Syslog Log messages are collected from the Cisco device and are sent to a syslog server
NTP A protocol that synchronizes clocks on the local network to provide accurate local
IPsec A set of protocols that were developed to secure the transfer of packets at the
SSL A protocol that provides a secure channel between two devices at the Application
Firewall Either software or hardware that is installed to protect a network from outside
IPS An active device that is inline with the traffic path on a network. An IPS listens
IDS A passive device that may not be inline with the traffic path on a network. An IDS
also listens promiscuously to all incoming traffic to generate alerts and issue TCP
resets if necessary.
Which layers are referred to as network support layers?
Ans. The following layers are referred to as network support layers
What are the factors that affect the performance of the network?
Ans. The factors that affect the performance of the network are:
Access control
Antivirus and antimalware software
Application security
Data Loss Prevention (DLP)
Email security
Firewalls
Intrusion prevention systems
Mobile device security
Host-based Intrusion Detection System (HIDS)
Network Intrusion Detection System (NIDS)
Behavioral analytics
Network segmentation
Virtual Private Network (VPN)
Web security
Wireless security
Authentication ascertains whether a user is legitimate to use the system and the network or
not. It requires a login and password.
Authorization refers to access control rights. It means that every user on the network can
access only certain data and information, depending on his/her level in the organization.
Accounting helps in gathering all activity on the network for each use.
What are the potential consequences of a network security attack for an organization?
Ans. A network security attack can result in irreversible damage to the organization. Some of the
potential outcomes of a network security attack are:
What are the Administrator Privileges? Why they are required while trying to install a download?
Ans. Administrative Privileges refer to the permissions granted by administrators to users. These
privileges enable them to create, delete, and modify items and settings.
Without administrative privileges, we cannot perform many system modifications, such as
installing software or changing network settings. If we don’t have administrator privileges, then
we may be able to use a program, but not upgrade it.
What is network encryption? How does it work?
Ans. Network encryption is the process of encrypting or encoding data and messages transmitted
over a computer network. It includes various tools, techniques, and standards to ensure that the
messages are unreadable they are transmitting between two or more network nodes.
Network encryption helps in maintaining the confidentiality of information transmitted over a
network by making it difficult for unauthorized agents to have the information and understand it
or get anything useful from it if they intercept the information in transit. Each message is sent in
an encrypted form and is decrypted and converted back into its original form at the recipient’s end
using encryption/decryption keys.
Confidentiality refers to an organization’s efforts to keep its data private or secret. Thus,
only those who are authorized have access to specific assets while those who are
unauthorized are prevented from accessing.
Integrity refers to ensuring that data is authentic and reliable. Also, it has not been tampered
with.
Availability refers to ensuring that systems, applications, and data are up and running; and
authorized users have access to resources when they are needed.
Volume-based attacks – they use high traffic to overload the network bandwidth
Protocol attacks – their objective is to exploit server resources
Application attacks – they focus on web applications and are the most serious type of
attacks
Different types of attacks fall into categories based on the traffic quantity and the vulnerabilities
being targeted. Here are some popular types of DDoS attacks:
What is Phishing?
Ans. Phishing is the fraudulent practice of sending fraudulent emails, calls, or text messages to
targets that appear to come from a reputable source. It is a cybercrime that tricks the target into
sharing passwords, credit card numbers, and other sensitive information or installing malware on
the victim’s machine by posing as a trusted source. It is a type of social engineering attack.
1. Email Phishing: This is the most common type of Phishing. The phisher will register a
fake domain that looks like a genuine source and send generic requests to obtain
confidential information from the victims. Phishers use the data to steal money or to launch
other attacks.
2. Spear Phishing: It targets specific individuals instead of a wide group of people after
searching the victims on social media and other sites to customize their communications
and appear more authentic.
3. Whaling: In this, the attackers go after those working in senior positions. Attackers spend
considerable time profiling the target to find the best time as well as the means of stealing
their sensitive information.
4. Smishing and Vishing: In smishing, the victim is contacted through text messages while
vishing involves a telephonic conversation. The end goal of both is the same as any other
kind of phishing attack.
What does VPN stand for and state its use and types?
Ans. VPN stands for the Virtual Private Network. It creates a secure network connection over a
public network like the internet.
Ans. A VPN or virtual private network is an encrypted connection over the Internet from a device
to a network. It provides online privacy and anonymity by creating a private network from a public
internet connection. It prevents unauthorized people from spying on the traffic and allows the user
to conduct work remotely.
Ans. The different types of VPNs are:
Remote access
Site-to-site
Hardware: PCs, laptops, tablets, servers, flash drives, external drives, and smartphones
Productivity apps: Trello and Slack
Communication apps: Skype and VOIP
Packaged software
Cloud Services: Software as a Service (SaaS), Infrastructure as a Service (IaaS), and
Platform as a Service (PaaS)
Is a network engineer a good career?
Ans. Nowadays, organizations look for network security professionals to protect their business
from threats and safeguard sensitive data like personal information. Network security jobs have
become one of the most in-demand jobs in the IT industry today. Despite a strong demand for
network engineers, there is a shortage of qualified professionals who can take up that role.
Moreover, salary and advancement opportunities are great. Thus, a network engineer job can be
an exciting and lucrative career choice.
What are some of the popular job titles in the network security field?
Ans. Some of the popular job titles in the network security domain are –
1. Network Engineer
2. Systems Engineer
3. Network Architect
4. Network Support
5. Systems Support Engineer
6. Network Administrator.
What does a network security professional do?
Ans. Network security professionals protect the IT infrastructure of organizations. They make the
network more secure by providing using various tools, such as intrusion detection systems,
encryption, and digital certificates.
What is the salary of a network engineer in India?
Ans. As per AmbitionBox, the average salary of a network engineer is Rs. 3.2 Lakh per year in
India.
What are the key skills required for network security professionals?
Ans. The key skills required for a network security professional are –
Technical Skills –
1. Interpersonal Skills
2. Communication
3. Innovation
4. Collaboration
5. Problem-solving
What are the major roles and responsibilities of a network engineer?
Ans. Major roles and responsibilities of a network engineer include –
IT professionals who work with network security need to be able to establish standards for how
their colleagues and other users interact with a network. Educating others about how to preserve a
network's integrity and protect their own data is one of the first steps toward preventing security
breaches, Example: "I would start by creating training documents to use in the onboarding process
so all new employees have the same expectations about device and password security. I would
also clearly post any security requirements to make it easy for all employees to reference."
These three characteristics of information security, also known as the "CIA triad," are known as
the basis of any IT security program.. Example: "Confidentiality refers to keeping information
private between authorized users. IT security measures can help keep sensitive information
confidential and protect client privacy. Integrity involves the accuracy and quality of network data,
including preventing outside users from editing and altering information. Availability involves
ensuring that authorized users can securely access information to facilitate operations."
What does it mean if your network experiences frequent, substantial cyberattack attempts?
This question addresses your knowledge of what makes a system attractive to hackers and other
threats. Network security experts should be able to determine the root cause of unusual behavior
alongside their primary role of preserving data integrity. Example: "**Dealing with basic port
scan attacks, worms and viruses are a standard part of managing network security, but more serious
attacks can indicate a problem with the entire security system. If I noticed an increase in severe
cyberattacks I would determine how the potential attacks would affect the network and establish
changes to protect those elements of the IT system."
How do you accurately diagnose and discuss network issues over the phone?
Network security professionals may have to provide direct IT support to clients, customers or
colleagues that are experiencing network problems. This question targets your ability to
communicate with others over the phone about complex network security programs. Example: "I
ask specific questions to the other person and verify their answers, carefully describing how their
screen should look at each step in the troubleshooting process."
What time management strategies would you use to balance the many aspects of network
security?
Managing network security involves a range of passive and active responsibilities, so potential
employers may ask about your time management, multitasking and organizational abilities.
Example: "I would sort my tasks by severity, with active network problems taking highest
priority. I predict how much time each network security ticket might take, then schedule
maintenance, patches and updates during downtime."
What are some of the possible consequences of poor network security?
Interviewers ask this question to ensure that you understand the impact of your work as a network
security professional. By identifying the impact of poor security practices, you can demonstrate
your ability to avoid those issues. Example: "Poor network security practices can cause a loss of
sensitive information, mistrust among customers, interruptions in network security and a decrease
in profits from inconsistent IT resources."
What procedures have you used to prevent phishing in your previous positions?
When working with network security, you may encounter phishing attempts where hackers try to
trick users into sharing information or downloading a virus. Interviewers may ask about phishing
to ensure you understand how social engineering and human error can impact a network's security.
Example: "In my last position, I scheduled mock phishing attempts to determine how many people
on staff would click an unsafe link, then use the data from the test scenario to send out helpful tips
on identifying scams."
REVISION QUESTIONS
`
1) Automation plots an essential role in service configuration management as the mechanism
makes the server reach a desirable state previously defined by provisioning scripts using
a tool’s specific language and feature. Discuss three benefits of configuration management
for server. [6 marks]
2) Umma is intending to employ a network system administrator to monitor the computing
environment. Describe any five ethical considerations to be factored in while hiring a system
administrator. [5 marks]
3) An active directory structure has two aspects of components. Briefly describe the two
aspects. [5 marks]
4) Differentiate between a local user account and a domain user account as applied in
networking. [ 4marks]
5) There are many configuration tools available in the market, each one with a different set of
features and different complexity levels. Describe factors to be considered before choosing a
configuration management tools. [8 marks]
6) Dynamic host configuration protocol (DHCP) automatically provides an internet protocol
(IP) host with the IP address and other related configuration information such as subnet
mask and default hence reducing network administration. Discuss five features that
necessitate DHEP to reduce network administration [10 marks]
7) Microsoft active directory offers some features that make it a highly flexible directory
service. Discus the five major features [10 marks]
8) Define network troubleshooting and discuss three major troubleshooting techniques as
applied in networking. [8 marks]
9) Discuss three major functions of a domain controller as applied in active directory’s physical
structure. [6 marks]
10) System administrators use a group policy object (GPO) to configure use and computer
operating environment remotely. State your functions of group policies. [4 marks]
11) Describe four software tools that can help in solving network connecting problem. [4
marks]
12) Describe what an information security blue print is identify its major components explain how
it supports the information security program. (15 marks)
13) Explain the packt-filtering router ruler set. (5 marks)
14) Alice and Bob wish to share a private message who’s each of them of two separate keys
generated. What strategy will enable them achieve confidentiality, key management and
authentication for conversation between Alice and Bob?(10 marks)
15) Network addresses are designed to be unique across the network although some networks
allow for local, private addresses or locally administered addresses that may not be
unique. Briefly discuss the difference between class A, class B and class C addresses. [6
marks]
16) Differentiate between domain Name service (DNS) and window internet service (WINS)
[4 marks]
17) Describe the role of NetBIOS (Network Basic Input/Output System) as applied in
networking [3 marks]
18) What is a Virtual Private Network (VPN)? Explain briefly what a VPN is, and how, in
general terms, it is implemented.
19) What is Network Security? And How does network security work?
20) What are the different types of network security?
21) Discuss Intrusion prevention systems (IPS)?
22) Discuss network planning
23) State and explain various network devices
24) Briefly discuss troubleshooting
25) State and explain any seven network tools
26) Discuss risk management in networking
27) Discuss IP addressing
28) What is meant by intrusion detection? Describe briefly, mentioning the role of signature
detection.
29) Imagine yourself as the sysadmin of a server which has been successfully attacked
(hacked). You have just discovered the break-in, and the attacker seems to still be
“occupying” the system. (i) How would you expect to become aware of the successful break-
in? That is, what “observable phenomena” would lead you to the conclusion that a computer
system had been compromised? Explain briefly. (ii) What, in general terms, would normally
be your first few actions on discovering the break-in? Explain briefly why you would take
these actions. (ii) Normally you will subject the compromised system to a forensic analysis
before repairing it and returning it to production use. Give an overview of the actions you
would take in preparing the system for analysis, and briefly describe the steps in performing
the analysis.
30) You have been given an IP address 182.25.18.5 determine Network address, the range of
addresses you can assign to individual hosts, Broadcast address , Network address & Subnet
mask (5 marks)
31) The caesar cipher is a secret key encryption technique that uses a set of functions and
procedures to convert plaintext into cipher text. Using a substitution technique. Use
the caser cipher substitutin technique to convert the following plaintext into the
corresponding cipher text. Show their steps clearly plaintext: COMMANDER. (5 marks)
32) Describe the steps necessary to recover from an information security incident which has
been identified in anetwork. (10 marks)
33) List and describe the components of an network security program. (8 marks)
34) Explain the processes of:
(i) Terminating a UTP cable. (3 marks)
(ii) Assigning and configuring IP addresses in an organization. (3 marks)
35) Define a network operating system (NOS) and give two examples of NOS (3 marks)
36) Define phishing and discuss its types in network security. (6 marks)
37) To filter TCP incoming or outgoing connections at a border router is very simple. How so?
Explain briefly.
38) What is NAT and how (briefly) does it work?
39) Describe with diagrams and adequate justifications, the best network media that can be
applied in the following areas:
(i) Hilly and un-even terrains that experience heavy torrential rains. (3 marks)
(ii) With transformers, generators and other heavy machineries. (3 marks)
40) As antwork security professional calculate the highest amount that could be recommended for
investment annually on a countermeasure for protecting assets valued at $US
1 million form a potential threat with an annualized rate of occurrence (ARO) of once
every 5 years on an exposure factor of 10%.(6 marks)
41) Explain the steps necessary establishing an encrypted session using a Data Encryption
Standard (DES)key. (5 marks)
42) Explain the process of vulnerability identification and assessment for different threats in a
network.(7 marks)
43) Describe while giving examples any THREE types of controls that can be used to manage
security risks in an organization. [6 Marks]
44) Justify by giving FOUR reasons why a network administrator may decide to create
VLANS in a network [4 Marks]
45) Discus any four consideration during network planning. [4 Marks]
46) Historically, many computer systems have been successfully compromised using techniques
which rely on guessing (or otherwise discovering) passwords. Briefly explain the meaning of
each of the following terms which are related to these kinds of attacks: (i) “joe” accounts (ii)
packet sniffing (iii) dictionary-based attack
47) What is a rootkit, and what does it typically provide to an attacker? Explain very briefly
48) You have an IP of 156.233.42.56 with a subnet mask of 7 bits. Determine the possible
number of hosts and subnets. Show your workings.(6 Marks)
49) In a given network, many devices share the same piece of network media, devices vie for
time on the cable through a process called media access. Discuss the three (3) media access
methods. (15 Marks)
50) Network requirements translate into four (4) primary network design goals. Explain each.
(6 Marks)
51) According to international standards organization network management process consist of
five (5) main areas. Discuss each. (10 Marks)
52) Explain any three (3) reasons that may compel a network engineer to opt for wireless
network implementation in place of cabled network implementation. (6 Marks)
53) Describe any four (4) network status monitoring tools. (6 Marks)
54) Explain fault management in the context of networking and hence describe the steps involved
in it. (8 Marks)
55) Explain any four (4) reasons that may lead to sub netting or segmenting of a network. (6
Marks)
56) Discuss any four (4) features of TCP/IP protocol that make it the most suitable protocol for
communication over the internet. (6 Marks)
82