Professional Documents
Culture Documents
01 133202 146 10505081714 25062023 025943pm
01 133202 146 10505081714 25062023 025943pm
l
ahAbbas
i
01
-133202-
146
s
ECTI
ON/
sEmEs
TER:
BEE–6{
a}
I
NsTRUCTOR:dRadI
lal
IRaJ
a
COmpUTERCOmmUNI CaTI
ON&
NETwORks
BaHRI
aUNI
VERs
ITYI
sl
amaBad(
H-1
1/4)
Hammad_
039
Ques
tion:1
Hammad_
039
Ques
tion:
2
Phys
ical
Net
wor
kDes
ign
Thephysi
cal
net
wor
kdes
ignf
ort
hiscampusnet
wor
kcons
ist
soft
hreel
ayer
s:cor
e,di
str
ibut
ion,
and
acces
s.
Cor
eLayer
Thecor elayerisr
espons
ibl
eforcarryi
ngtheheaviesttr
aff
ici
nthenetwork
.Itistypi
cal
lymadeupof
high-speedrouterst
hatconnectt
hedi f
fer
entbuil
dingsoncampus.Thecoreroutersare
i
nt er
connect edusi
ngafull
mes htopol
ogy,whichens ur
esthatt
her
ear emult
iplepathsbet
weenany
twopoi ntsinthenetwor
k.
Di
str
ibut
ionLayer
Thedis
tri
butionlayerisr
esponsibl
efordistr
ibuti
ngtr
affi
cbet weenthecor
elayerandtheaccesslayer
.
I
tist
ypicall
ymadeupofs witchesthatconnectthedif
ferentdepart
mentsandclassr
oomsoncampus .
Thedis
tri
butionswitchesareint
erconnectedus i
ngapartialmeshtopol
ogy,whichensur
esthatthere
aremulti
plepathsbetweenanyt wopointsinthenetwork,butnotasmanyasi nthecor
elayer
.
Hammad_
039
Acces
sLayer
Theaccesslayeri
srespons i
blef
orprovi
dingaccesst
othenet workforendusers
.Iti
stypi
call
ymadeupof
swit
chesthatconnectindivi
dualdevi
ces,suchascomputers,
print
ers,andphones.Theaccessswi
tchesar
e
i
nterconnectedus
ingas tartopol
ogy,whichensur
esthattherei
sonlyonepat hbetweenanyt wopoint
sin
thenetwork.
Hammad_
039
I
PSubnetDes
ign
TheIPsubnetdes
ignforthiscampusnet workusesahierar
chi
cal
approach.Theent
ir
enet workis
divi
dedint
oanumberofs ubnets
, eachofwhichisassi
gnedauni
querangeofIPaddresses.The
subnet
sarethenfur
therdividedintosmall
ersubnets
,eachofwhichi
sassignedtoaspecif
ic
depart
mentorbuil
ding.
Forexampl
e,theuniversi
tymighthaveasubnetforeachofit
sacademicdepar
tment
s,suchas
ComputerSci
ence,Engineer
ing,andBusi
ness.
Eachdepar t
mentsubnetmightt
henbefurtherdi
vi
ded
i
ntosmall
ersubnet
s, s
uchasonef oreachcl
assroom orl
ab.
VLANs
VLANsar eus
edt ologi
call
ysegmentthenet work.Thisal
lowsf
ordif
fer
entdepar
tmentsorgroupsof
user
st obeisolat
edf rom eachother,whichcani mprovesecur
it
yandper f
ormance.VLANsar e
conf
iguredontheswitchesinthedi
str
ibut
ionlayer.
Forexample,t
heunivers
itymi
ghtcr eat
eaVLANforeachofi
tsacademicdepar
tments
.Thi
swould
all
owusersindif
fer
entdepart
ment stocommuni
catewit
heachother,butt
heywouldnotbeabl
eto
seeoraccessthetr
aff
icfr
om otherdepart
ment
s.
Secur
it
yMeas
ures
Anumberofs
ecur
it
ymeas
uresar
eimpl
ement
edi
nthi
scampusnet
wor
k.Thes
eincl
ude
Hammad_
039
AccessControlLi
sts(
ACLs)
:ACLsar
eus edtorest
ri
ctacces
stocert
ainpart
softhenetwork.
For
example,anACLcoul dbeusedt
opreventusersf
rom onedepar
tmentfr
om access
ingtheserver
sin
anotherdepart
ment .
I
mper
va
I
ntr
usi
onDetecti
onSyst
ems( I
DSs)
:IDSsareusedt
omonitort
henetwor
kformalici
ousact
ivi
ty.
Ifan
I
DSdetect
ssuspi
cioust
raf
fi
c,i
tcangenerateanal
ertt
othenetwor
kadmini
str
ator.
I
ntr
usi
onDet
ect
ionSys
tems(
IDSs
)incampusnet
wor
kOpensi
nanewwi
ndow
Fi
rewal
l
s:
Hammad_
039
Fi
rewall
sar
eusedtoprotectt
henetworkf
rom unauthori
zedacces
s.Theycanbeconf
igur
edt
obl
ock
cert
aint
ypesoft
raf
fi
c,suchasincomi
ngtr
aff
icfrom thei
nter
net.
I
mpl
ement
ati
on
Thi
scampusnetwor
kinf
ras
truct
urecanbeimplement
edusingavar
iet
yofhardwareandsof
twar
e.
Thespeci
fi
char
dwareandsoft
warethati
susedwil
ldependonthesi
zeandcomplexi
tyoft
he
net
work.
Benef
it
s
Thi
scampusnet
wor
kinf
ras
truct
urepr
ovi
desanumberofbenef
it
s,i
ncl
udi
ng:
Scal
abi
l
it
y:Thenet
wor
kcanbeeas
il
yscal
edast
heor
gani
zat
iongr
ows
.
Per
for
mance:Thenet
wor
kcanpr
ovi
dehi
ghper
for
mancef
orevent
hemos
tdemandi
ngappl
i
cat
ions
.
Secur
it
y:Thenet
wor
kiswel
l
-secur
edagai
nstunaut
hor
izedacces
s.
Hammad_
039
Manageabi
l
it
y:Thenet
wor
kiseas
ytomanageandmai
ntai
n.
Hammad_
039
Model
:
Hammad_
039
VLANandSubnet
ti
ng:
Def
ini
ti
on Logi
cal
divi
si
onofanet
wor
k Phys
ical
divi
si
onofanet
wor
k
Conf
igur
ati
on Conf
igur
edons
wit
ches Conf
igur
edonr
out
ers
Cr
it
eri
a Department,
locat
ion, I
Paddr
essr
ange
appl
icati
on
Benef
it
s Secur
it
y,manageabi
l
it
y Ef
fi
ci
ency,
secur
it
y
Showvl
anbr
ief
Hammad_
039
Subnet
ti
ng:
Ass
igns
ubnet
stoeachVLANbas
edont
hees
timat
ednumberofdevi
cesi
neach
depar
tment
.
Li
brar
y:1
92.
168.
1.
0/24(
255.
255.
255.
0)
St
udentCent
er:1
92.
168.
1.
0/24(
255.
255.
255.
0)
Admi
nis
trat
ionBui
l
ding:1
92.
168.
1.
0/24(
255.
255.
255.
0)
Res
idenceHal
l
:192.
168.
2.
0/24(
255.
255.
255.
0)
Technol
ogy:1
92.
168.
3.
0/24(
255.
255.
255.
0)
Mat
h:1
92.
168.
4.0/
24(
255.
255.
255.
0)
PEDept
:192.
168.
5.0/
24(
255.
255.
255.
0)
Li
ber
alAr
ts:1
92.
168.
6.0/
24(
255.
255.
255.
0)
Sci
ence:1
92.
168.
7.
0/24(
255.
255.
255.
0)
Bus
ines
s:1
92.
168.
8.0/
24(
255.
255.
255.
0)
Andatt
heendwes
har
ether
out
ingt
abl
ebyus
ingt
heRI
Ppr
otocol
.
Hammad_
039
S
Hammad_
039
ecur
it
ymeas
ures(
Acces
sCont
rol
Lis
ts)
:
AccessControlLi
s t
s( ACLs)areasecurit
ymechanismthatcanbeusedto
contr
olwhohasacces st
ocer t
ainresourcesonanetwor
k.ACLsareconfi
gured
onroutersands witches,andtheycanbeus edtoal
l
owordenytraff
icbasedon
avari
etyofcriter
ia,suchass ourceanddes ti
nat
ionI
Paddress
es,por
tnumber s
,
andprotocols
.
ACLscanbeus
edt
oimpl
ementavar
iet
yofs
ecur
it
ypol
i
cies
,suchas
:
Pr
eventi
ngunaut hori
zedaccesstosensi
ti
vedat
a:ACLscanbeusedtodeny
tr
aff
icfrom cert
ainI
Paddressesornetwor
kstosens
iti
ver
esour
ces
,such
asfi
l
es erversordat
abases.
Pr
otect
ingagainstmali
ci
oustr
aff
ic:ACLscanbeusedt
obl ocktr
aff
icf
rom
knownmaliciouss
ources
,suchasbotnetsormal
ware-
infect
edhosts.
Contr
oll
ingaccesstonet
workres
our
ces
:ACLscanbeusedtoall
owordeny
tr
affi
ctodiff
erentpar
tsoft
henet
work,
suchasdi
ff
erentdepar
tment
sor
buil
dings
.
Hammad_
039
AsPr
ivat
e33cannotcommuni
cat
edi
rect
lywi
thpr
ivat
e55andpubl
i
c6
Butpubl
i
c2cancommuni
cat
ewi
thpubl
i
c6.
Concl
usi
on:
Ques
tion”
#2
Phys
ical
Net
wor
kDes
ign
Thephysi
cal
net
wor
kdes
ignf
ort
hiscampusnet
wor
kcons
ist
soft
hreel
ayer
s:cor
e,di
str
ibut
ion,
and
acces
s.
Cor
eLayer
Thecor elayerisr
espons
ibl
eforcarryi
ngtheheaviesttr
aff
ici
nthenetwork
.Itistypi
cal
lymadeupof
high-speedrouterst
hatconnectt
hedi f
fer
entbuil
dingsoncampus.Thecoreroutersare
i
nt er
connect edusi
ngafull
mes htopol
ogy,whichens ur
esthatt
her
ear emult
iplepathsbet
weenany
twopoi ntsinthenetwor
k.
Hammad_
039
Di
str
ibut
ionLayer
Thedis
tri
butionlayerisr
esponsibl
efordistr
ibuti
ngtr
affi
cbet weenthecor
elayerandtheaccesslayer
.
I
tist
ypicall
ymadeupofs witchesthatconnectthedif
ferentdepart
mentsandclassr
oomsoncampus .
Thedis
tri
butionswitchesareint
erconnectedus i
ngapartialmeshtopol
ogy,whichensur
esthatthere
aremulti
plepathsbetweenanyt wopointsinthenetwork,butnotasmanyasi nthecor
elayer
.
Hammad_
039
Acces
sLayer
Theaccesslayeri
srespons i
blef
orprovi
dingaccesst
othenet workforendusers
.Iti
stypi
call
ymadeupof
swit
chesthatconnectindivi
dualdevi
ces,suchascomputers,
print
ers,andphones.Theaccessswi
tchesar
e
i
nterconnectedus
ingas tartopol
ogy,whichensur
esthattherei
sonlyonepat hbetweenanyt wopoint
sin
thenetwork.
Hammad_
039
I
PSubnetDes
ign
TheIPsubnetdes
ignforthiscampusnet workusesahierar
chi
cal
approach.Theent
ir
enet workis
divi
dedint
oanumberofs ubnets
, eachofwhichisassi
gnedauni
querangeofIPaddresses.The
subnet
sarethenfur
therdividedintosmall
ersubnets
,eachofwhichi
sassignedtoaspecif
ic
depart
mentorbuil
ding.
Forexampl
e,theuniversi
tymighthaveasubnetforeachofit
sacademicdepar
tment
s,suchas
ComputerSci
ence,Engineer
ing,andBusi
ness.
Eachdepar t
mentsubnetmightt
henbefurtherdi
vi
ded
i
ntosmall
ersubnet
s, s
uchasonef oreachcl
assroom orl
ab.
VLANs
VLANsar eus
edt ologi
call
ysegmentthenet work.Thisal
lowsf
ordif
fer
entdepar
tmentsorgroupsof
user
st obeisolat
edf rom eachother,whichcani mprovesecur
it
yandper f
ormance.VLANsar e
conf
iguredontheswitchesinthedi
str
ibut
ionlayer.
Hammad_
039
Forexample,t
heunivers
itymi
ghtcr eat
eaVLANforeachofi
tsacademicdepar
tments
.Thi
swould
all
owusersindif
fer
entdepart
ment stocommuni
catewit
heachother,butt
heywouldnotbeabl
eto
seeoraccessthetr
aff
icfr
om otherdepart
ment
s.
Secur
it
yMeas
ures
Anumberofs
ecur
it
ymeas
uresar
eimpl
ement
edi
nthi
scampusnet
wor
k.Thes
eincl
ude:
AccessControlLi
sts(
ACLs)
:ACLsar
eus edtorest
ri
ctacces
stocert
ainpart
softhenetwork.
For
example,anACLcoul dbeusedt
opreventusersf
rom onedepar
tmentfr
om access
ingtheserver
sin
anotherdepart
ment .
I
mper
va
I
ntr
usi
onDetecti
onSyst
ems( I
DSs)
:IDSsareusedt
omonitort
henetwor
kformalici
ousact
ivi
ty.
Ifan
I
DSdetect
ssuspi
cioust
raf
fi
c,i
tcangenerateanal
ertt
othenetwor
kadmini
str
ator.
I
ntr
usi
onDet
ect
ionSys
tems(
IDSs
)incampusnet
wor
kOpensi
nanewwi
ndow
Hammad_
039
\
Fi
rewall
s:Fi
rewal
l
sareusedtoprot
ectthenetwor
kfrom unaut
hori
zedacces
s.Theycanbe
conf
iguredtobl
ockcer
tai
ntypesoftr
affi
c,s
uchasincomingtr
aff
icf
rom t
heinter
net
.
Hammad_
039
I
mpl
ement
ati
on
Thi
scampusnetwor
kinf
ras
truct
urecanbeimplement
edusingavar
iet
yofhardwareandsof
twar
e.
Thespeci
fi
char
dwareandsoft
warethati
susedwil
ldependonthesi
zeandcomplexi
tyoft
he
net
work.
Benef
it
s
Thi
scampusnet
wor
kinf
ras
truct
urepr
ovi
desanumberofbenef
it
s,i
ncl
udi
ng:
Scal
abi
l
it
y:Thenet
wor
kcanbeeas
il
yscal
edast
heor
gani
zat
iongr
ows
.
Perf
ormance:Thenet
wor
kcanpr
ovi
dehi
ghper
for
mancef
orevent
hemos
tdemandi
ng
appl
icat
ions
.
Secur
it
y:Thenet
wor
kiswel
l
-secur
edagai
nstunaut
hor
izedacces
s.
Manageabi
l
it
y:Thenet
wor
kiseas
ytomanageandmai
ntai
n.
Hammad_
039
Hammad_
039
Hammad_
039
Model
:
VLANandSubnet
ti
ng:
Def
ini
ti
on Logi
cal
divi
si
onofanet
wor
k Phys
ical
divi
si
onofanet
wor
k
Conf
igur
ati
on Conf
igur
edons
wit
ches Conf
igur
edonr
out
ers
Cr
it
eri
a Department,
locat
ion, I
Paddr
essr
ange
appl
icati
on
Benef
it
s Secur
it
y,manageabi
l
it
y Ef
fi
ci
ency,
secur
it
y
Hammad_
039
Showvl
anbr
ief
:
Hammad_
039
Subnet
ti
ng:
Ass
igns
ubnet
stoeachVLANbas
edont
hees
timat
ednumberofdevi
cesi
neach
depar
tment
.
Li
brar
y:1
92.
168.
1.
0/24(
255.
255.
255.
0)
St
udentCent
er:1
92.
168.
1.
0/24(
255.
255.
255.
0)
Admi
nis
trat
ionBui
l
ding:1
92.
168.
1.
0/24(
255.
255.
255.
0)
Res
idenceHal
l
:192.
168.
2.
0/24(
255.
255.
255.
0)
Technol
ogy:1
92.
168.
3.
0/24(
255.
255.
255.
0)
Mat
h:1
92.
168.
4.0/
24(
255.
255.
255.
0)
PEDept
:192.
168.
5.0/
24(
255.
255.
255.
0)
Li
ber
alAr
ts:1
92.
168.
6.0/
24(
255.
255.
255.
0)
Sci
ence:1
92.
168.
7.
0/24(
255.
255.
255.
0)
Bus
ines
s:1
92.
168.
8.0/
24(
255.
255.
255.
0)
Andatt
heendwes
har
ether
out
ingt
abl
ebyus
ingt
heRI
Ppr
otocol
.
Hammad_
039
Hammad_
039
Secur
it
ymeas
ures(
Acces
sCont
rol
Lis
ts)
:
AccessControlLi
s t
s( ACLs)areasecurit
ymechanismthatcanbeusedto
contr
olwhohasacces st
ocer t
ainresourcesonanetwor
k.ACLsareconfi
gured
onroutersands witches,andtheycanbeus edtoal
l
owordenytraff
icbasedon
avari
etyofcriter
ia,suchass ourceanddes ti
nat
ionI
Paddress
es,por
tnumber s
,
andprotocols
.
ACLscanbeus
edt
oimpl
ementavar
iet
yofs
ecur
it
ypol
i
cies
,suchas
:
Pr
eventi
ngunaut hori
zedaccesstosensi
ti
vedat
a:ACLscanbeusedtodeny
tr
aff
icfrom cert
ainI
Paddressesornetwor
kstosens
iti
ver
esour
ces
,such
asfi
l
es erversordat
abases.
Pr
otect
ingagainstmali
ci
oustr
aff
ic:ACLscanbeusedt
obl ocktr
aff
icf
rom
knownmaliciouss
ources
,suchasbotnetsormal
ware-
infect
edhosts.
Contr
oll
ingaccesstonet
workres
our
ces
:ACLscanbeusedtoall
owordeny
tr
affi
ctodiff
erentpar
tsoft
henet
work,
suchasdi
ff
erentdepar
tment
sor
buil
dings
.
•
Hammad_
039
AsPr
ivat
e33cannotcommuni
cat
edi
rect
lywi
thpr
ivat
e55andpubl
i
c6
Butpubl
i
c2cancommuni
cat
ewi
thpubl
i
c6.
Concl
usi
on:
Hammad_
039