Software Requirements Specification

for

< Network Security>

Version< minor>

Prepared by <Chandan Rao Koshti,

Samarjeet Rana ,

Rajasthan Institute of Engineering & Technology, Jaipur

Rajasthan Institute of Engineering & Technology,Jaipur

Software Requirements Specification for <Project>

Page ii

Table of Contents
1. Introduction................................................................................................................................1
1.1 Purpose................................................................................................................................................ 1.2 Document Conventions....................................................................................................................... 1.3 Intended Audience and Reading Suggestion...................................................................................... 1.4 Project Scope....................................................................................................................................... Some inefficiency in existing system...................................................................................................... 1.5 References.......................................................................................................................................... 1 1 2 2 2 4

2. Overall Description....................................................................................................................5
2.1 Product Perspective............................................................................................................................. 5 2.2 Product Features.................................................................................................................................. 5 2.3 Design and Implementation Constraints........................................................................................... 18

3. System Features....................................................................................................................... 23

Software Requirements Specification for <Project>

Page 1

1.
1.1

Introduction
Purpose

The purpose of network security is essentially to prevent loss, through misuse of data. There are a number of potential pitfalls that may arise if network security is not implemented properly. Some of these are: 1. Each business will identify with the need to keep certain critical information private from competitor eyes. 2. Data destruction: Data is a very valuable commodity for individuals and enterprises alike. It is a testament to its importance when the proliferation of backup technology available today is considered. Destruction of data can severely cripple the victim concerned. 3. Data manipulation: A system break-in may be easily detectable, as some hackers tend to leave tokens of their accomplishment. However, data manipulation is a more insidious threat than that. Data values can be changed and, while that may not seem to be a serious concern, the significance becomes immediately apparent when financial information is in question. There are many more potential threats that can cripple a system.

1.2 Document Conventions

Main Section Titles Font: Times New Roman Sub Section Titles Font: Times New Roman Other Text Explanations Font: Times New Roman Face: Bold Size: 14 Face: Bold Size: 14 Face: Bold Size: 16

Software Requirements Specification for <Project>

Page 2

1.3

Intended Audience and Reading Suggestion

Students: The project shows an infinite path in the field of security in Internet labs. There is always a perspective of development. Developers: Project developers have an advantage of quickly understanding the methodology enabled and personalizing the product. A network designer would suggest all the clients to go through the requirement section thoroughly before using any network application. The students are expected to have certain knowledge in the terms used and hence can go for the security issues directly.

1.4

Project Scope

Some inefficiency in existing system The current system has many deficiencies and is inefficient. It does not provide facilities for proper monitoring. Good monitoring mechanisms are the basis of successful development programs and schemes. The student block is presently not connected to the network. Thus they are not getting facilities of the internet. The library is also facing the same problem. The database of the library should be maintained so that student gets the appropriate information about books. Classroom computers should also have e books to help students. Proposed system: AIM:- Developing a Security Policy The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy. A policy is a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. RFC2196 states that a "security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide." A security policy can be as simple as a brief Acceptable Use Policy for network resources, or it can be several hundred pages long and detail every element of connectivity and associated policies.

Software Requirements Specification for <Project>

Page 3

A security policy meets these goals: Assembling a security policy can be daunting if it is undertaken without guidance. For this reason, the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) have published a security standard document called ISO/IEC 27002. This document refers specifically information technology and outlines a code of practice for information security management. ISO/IEC 27002 is intended to be a common basis and practical guideline for developing organizational security standards and effective security management practices. The document consists of 12 sections. Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition, development, and maintenance Information security incident management Business continuity management Compliance Common Security Appliances and Applications Security is a top consideration whenever planning a network. In the past, the one device that would come to mind for network security was the firewall. A firewall by itself is no longer adequate for securing a network. An integrated approach involving firewall, intrusion prevention, and VPN is necessary. An integrated approach to security, and the necessary devices to make it happen, follows these building blocks: Threat control-Regulates network access, isolates infected systems, prevents intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are: Cisco ASA 5500 Series Adaptive Security Appliances Integrated Services Routers (ISR) Network Admission Control Cisco Security Agent for Desktops Cisco Intrusion Prevention Systems

Software Requirements Specification for <Project>

Page 4

Secure communications: Secures network endpoints with VPN. The devices that allow an organization to deploy VPN are Cisco ISR routers with Cisco IOS VPN solution, and the Cisco 5500 ASA and Cisco Catalyst 6500 switches. Network admission control (NAC): Provides a roles-based method of preventing unauthorized access to a network. Cisco offers a NAC appliance. Cisco IOS Software on Cisco Integrated Services Routers (ISRs): Cisco provides many of the required security measures for customers within the Cisco IOS software. Cisco IOS software provides built-in Cisco IOS Firewall, IPSec, SSL VPN, and IPS services. Cisco ASA 5500 Series Adaptive Security Appliance: At one time, the PIX firewall was the one device that a secure network would deploy. The PIX has evolved into a platform that integrates many different security features, called the Cisco Adaptive Security Appliance (ASA). The Cisco ASA integrates firewall, voice security,SSL and IPsec VPN, IPS, and content security services in one device. Cisco IPS 4200 Series Sensors: For larger networks, an inline intrusion prevention system is provided by the Cisco IPS 4200 series sensors. This sensor identifies, classifies, and stops malicious traffic on the network.
Cisco NAC Appliance: The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources.

Cisco Security Agent (CSA): Cisco Security Agent software provides threat protection capabilities for server,desktop, and point-of-service (POS) computing systems. CSA defends these systems against targeted attacks, spyware, rootkits, and day- zero attacks to assist with the compliance of a security policy, the Security Wheel, a continuous process, has proven to be an effective approach. The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis. To begin the Security Wheel process, first develop a security policy that enables the application of security measures. A security policy includes the following: Identifies the security objectives of the organization. Documents the resources to be protected. Identifies the network infrastructure with current maps and inventories. Identifies the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis.

1.5 References
Websites:

Software Requirements Specification for <Project>

Page 5

http://www.google.co.in http://www.cisco.netacad.com

2.
2.1

Overall Description
Product Perspective Web Server FTP Server Mail Server DNS Server Cisco Switch 2960 Router 2811 Wireless Router (Linksys) Laptop Personal Computer Ethernet cables (straight and cross) Product Features DNS Server : The Domain Name System is a standard technology for managing the names of Web sites and other Internet domains. DNS technology allows you to type names into your Web browser like compnetworking.about.com and your computer to automatically find that address on the Internet. A key element of the DNS is a worldwide collection of DNS servers. The Domain Name System (DNS) Server service provides the following: An RFC-compliant DNS server

2.2

DNS is an open protocol and is standardized by a set of Request for Comments (RFCs). Microsoft supports and complies with these standard specifications. Interoperability with other DNS server implementations Because the DNS Server service is RFC-compliant and can use standard DNS data file and resource record formats, it can successfully work with most other DNS server implementations, such as those that use the Berkeley Internet Name Domain (BIND) software.

Software Requirements Specification for <Project>

Page 6

Web Server: There are many advantages to using a web server within your development environment. Of course, in a production hosting environment, a web server is essential. And, depending on your website, a web server could indeed be essential in your development environment. Most web servers have features that allow you to do the following: Create one or more websites. (No I don't mean build a set of web pages. What I mean is, set up the website in the web server, so that the website can be viewed via HTTP) Configure log file settings, including where the log files are saved, what data to include on the log files etc. (Log files can be used to analyse traffic etc)

Configure website/directory security. For example, which user accounts are/aren't allowed to view the website, which IP addresses are/aren't allowed to view the website etc. Create an FTP site. An FTP site allows users to transfer files to and from the site. Create virtual directories, and map them to physical directories Configure/nominate custom error pages. This allows you to build and display user friendly error messages on your website. For example, you can specify which page is displayed when a user tries to access a page that doesn't exist (i.e. a "404 error"). Specify default documents. Default documents are those that are displayed when no file name is specified. For example, if you open "http://localhost", which file should be displayed? This is typically "index.html" or similar but it doesn't need to be. You could nominate "index.cfm" if your website is using ColdFusion. You could also nominate a 2nd choice (in case there is no index.cfm file), and a 3rd choice, and so on.

Mail Server: A mail server is a computer that serves as an electronic post office for email. Mail exchanged across networks is passed between mail servers that run specially designed software. This software is built around agreed-upon, standardized protocols for handling mail messages, the graphics they might contain, and attachment files. Internet Service Providers (ISPs) each have a mail server for handling their clients

Software Requirements Specification for <Project>

Page 7

mail messages, sometimes referred to as private mail servers. Some websites also offer public email services, utilizing their own mail servers. An email client or email program allows a user to send and receive email by communicating with mail servers. There are many types of email clients with differing features, but they all handle email messages and mail servers in the same basic way. When an email message is sent, the email program contacts the authors ISP mail server to pass it the message. The mail server is normally named mail.[isp].com or it might be named after the Send Mail Transfer Protocol, smtp.[isp].com. The mail server scans the messages imbedded headers for addressing information. These headers are not usually visible in an email client unless the user configures the program to show the headers, but critical information is contained here. FTP Server: FTP or file transfer protocol is the convention for connecting computers over a Internet connection in order for one computer to transfer files and execute file commands on a different computer. FTP is generally used for transferring files over a network using the TCP/IP protocol. The 2 main components are usually a FTP Client and FTP Server. The server listens for a connection request from the client computer, and once connected, the client may send commands to the server to execute operations on files such as uploading, downloading, deleting and renaming to name the basic operations. FTP is normally used on ports 20 and 21 but may be configured to use different ports or port ranges. The FTP Server will listen for incoming connections from a FTP client on the specified port. Commands are then sent to the server. The purpose of FTP is to promote file sharing between computers on a network in a secure, efficient and reliable manner. Cisco catalyst 2960 switch: The Cisco Catalyst 2960 series switches provide Fast Ethernet and Gigabit Ethernet connectivity in a standalone, fixed-configuration form factor that can deliver enhanced LAN services to the midmarket and branch office network environments. Cisco Catalyst switches features a comprehensive range of products of increasing functionality, for Ethernet-based platforms. These switches provide diverse interfaces, high port densities, and extensible functionality suitable for converged network access or backbone applications. Catalyst switches provide the scalable network

Software Requirements Specification for <Project>

Page 8

infrastructure with intelligent services that enables organizations to deploy converged internet business solutions to maximize their productivity and competitive advantage. Router 2811: Benefit Modular Architecture A wide variety of LAN and WAN options are available. Network interfaces can be upgraded in the field to accommodate future technologies. Several types of slots are available to add connectivity and services in the future on an "integrate-as-you-grow" basis. The Cisco 2800 supports more than 90 modules, including WICs, VICs, network modules, PVDMs, and AIMs (Note: the Cisco 2801 router does not support network modules). Embedded Security Hardware Acceleration Each of the Cisco 2800 Series routers comes standard with embedded hardware cryptography accelerators, which when combined with an optional Cisco IOS Software upgrade help enable WAN link security and VPN services. Integrated Dual Fast Ethernet or Gigabit Ethernet Ports The Cisco 2800 Series provide two 10/100 on the Cisco 2801 and Cisco 2811 and two 10/100/1000 on the Cisco 2821 and Cisco 2851 Support for Cisco IOS Software The Cisco 2800 helps enable end-to-end solutions with full support for the latest Cisco IOS Software-based QoS, bandwidth management, and security features. Common feature and command set structure across the Cisco 1700, 1800, 2600, 2800, 3700 and 3800 series routers simplifies feature set selection, deployment, management, and training. Optional Integrated Power Supply for Distribution of Power Over Ethernet (PoE) An optional upgrade to the internal power supply provides in-line power (802.3afcompliant Power-over-Ethernet [PoE] and Cisco standard inline power) to optional integrated switch modules. Optional Integrated Universal DC Power Supply On the Cisco 2811, 2821, and 2851 routers an optional DC power supply is available that extends possible deployments environments such as central offices and industrial environments (Note: not available on the Cisco 2801). Integrated Redundant-Power-Supply (RPS) Connector On the Cisco 2811, 2821, and 2851 there is a built in external power-supply connector that eases the addition of external redundant power supply that can be

Software Requirements Specification for <Project>

Page 9

shared with other Cisco products to decrease network downtime by protecting the network components from downtime due to power failures. Wireless router: Before deciding on buying a specific router ask yourself if you want computers to be able to connect wired or wirelessly to your network. A wireless router is a network device that enables you connect several computers to the Internet without using cables, rather by using wireless access points, or WLAN. Some of the reason we go wireless networking include freedom and affordability. But you need to keep other factors in mind. Advantages of Wireless Routers a. Wireless routers are equipped with modem, network switch (a device that has multiple connection ports for connecting computers and other network devices), wireless access points. b. Wireless Router can be connected to / from anywhere in your immediate environment or house. That means you can log on and surf the Internet from anywhere around your surrounding. c. Some of the wireless routers are equipped with a built in firewall to ward of intruders. The configuration options of the firewall are an important consideration when buying a router. Virtually everyone buys and sell online someway or the other, buying a wireless router with good firewall configuration options can be helpful for security and privacy. d. The broadband router wireless VoIP technology is a technology that enables you to can connect to the Internet, using any ordinary phone device. You can then make calls to anybody in the world via your Internet connection. Wireless router provides strong encryption (WPA or AES) and features the filters MAC address and control over SSID authentication. The following bullet points outline the different Ethernet media requirements: 10Base2 50-ohm coax, called thinnet. Up to 185 meters and 30 hosts per segment. Uses a physical and logical bus with AUI connectors. 10Base5 50-ohm coax called thicknet. Up to 500 meters and 208 users per segment. Uses a physical and logical bus with AUI connectors. Up to 2500 meters with repeaters and 1024 users for all segments.

Software Requirements Specification for <Project>

Page 10

10BaseT EIA/TIA category 3, 4, or 5, using two-pair unshielded twisted-pair (UTP) wiring. One user per segment; up to 100 meters long. Uses an RJ-45 connector with a physical star topology and a logical bus. UTP Connections (RJ-45) The RJ-45 connector is clear so we can see the eight colored wires that connect to the connectors pins. These wires are twisted into four pairs. Four wires (two pairs) carry the voltage and are considered tip. The other four wires are grounded and are called ring. The RJ-45 connector is crimped onto the end of the wire, and the pin locations of the connector are numbered from the left, 8 to 1. The UTP cable has twisted wires inside that eliminate cross talk. Unshielded cable can be used since digital signal protection comes from the twists in the wire. The more twists per inch, the farther the digital signal can Supposedly travel without interference. For example, categories 5 and 6 have many more twists per inch than category 3 UTP does. Different types of wiring are used when building internetworks. We will need to use either a straight-through or crossover cable. Straight-Through In a UTP implementation of a straight-through cable, the wires on both cable ends are in the same order. We can determine that the wiring is a straight-through cable by holding both ends of the UTP cable side by side and seeing that the order of the wires on both ends is identical. We can use a straight-through cable for the following tasks: Connecting a router to a hub or switch Connecting a server to a hub or switch Connecting workstations to a hub or switch

Crossover In the implementation of a crossover, the wires on each end of the cable are crossed. Transmit to Receive and Receive to Transmit on each side, for both tip and ring. Pin 1 on one side connects to pin 3 on the other side, and pin 2 connects to pin 6 on the opposite end. We can use a crossover cable for the following tasks:

Software Requirements Specification for <Project>

Page 11

Connecting uplinks between switches Connecting hubs to switches Connecting a hub to another hub Connecting a router interface to another router interface Connecting two PCs together without a hub or switch When trying to determine the type of cable needed for a port, look at the port and see if it is marked with an X. Use a straight-through cable when only one port is designated with an X. Use a crossover when both ports are designated with an X or when neither port has an X. Cabling the Wide Area Network To connect our wide area network (WAN), we need to understand the WAN Physical layer implementation provided by Cisco as well as the different WAN serial connectors. Cisco serial connections support almost any type of WAN service. The typical WAN connections are dedicated leased lines using High-Level Data Link Control (HDLC), Point-to-Point Protocol (PPP), Integrated Services Digital Network (ISDN), and Frame Relay. Typical speeds are anywhere from 2400bps to 1.544Mbps (T1). HDLC, PPP, and Frame Relay can use the same Physical layer specifications, but ISDN has different pinouts and specifications at the Physical layer.

Serial Transmission WAN serial connectors use serial transmission, which is one bit at a time, over a single channel. Parallel transmission can pass at least 8 bits at a time. All WANs use serial transmission. Cisco routers use a proprietary 60-pin serial connector, which we must buy from Cisco or a provider of Cisco equipment. The type of connector we have on the other end of the cable depends on our service provider or enddevice requirements. The different ends available are EIA/TIA-232, EIA/TIA-449, V.35 (used to connect to a CSU/DSU), X.21 (used in X.25), and EIA-530. Serial links are described in frequency or cycles-per-second (hertz). The amount of data that can be carried within these frequencies is called bandwidth. Bandwidth is the amount of data in bits-per-second that the serial channel can carry.

Software Requirements Specification for <Project>

Page 12

Data Terminal Equipment and Data Communication Equipment Router interfaces are, by default, Data Terminal Equipment (DTE) and connect into Data Communication Equipment (DCE), for example, a Channel Service Unit/Data Service Unit (CSU/DSU). The CSU/DSU then plugs into a demarcation location (demarc) and is the service providers last responsibility. Typically, the demarc is a jack that has an RJ-45 female connector located close to our equipment. If we report a problem to our service provider,theyll always tell us it tests fine up to the demarc and that the problem must be the CPE, or Customer Premise Equipment, which is our responsibility. The idea behind a WAN is to be able to connect two DTE networks together through a DCE network. The DCE network includes the CSU/DSU, through the providers wiring and switches, all the way to the CSU/DSU at the other end. The networks DCE device provides clocking to the DTE connected interface (the routers serial interface).

DATA FLOW DIAGRAMS:

INTEGRATED NETWORK SECURITY:

Software Requirements Specification for <Project>

Page 13

INTEGRATED SECURITY DIAGRAM:

Software Requirements Specification for <Project>

Page 14

NETWORK DOCUMENTATION PROCESS:

Software Requirements Specification for <Project>

Page 15

Software Requirements Specification for <Project>

Page 16

Software Requirements Specification for <Project>

Page 17

Operating Environment: Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and current Cisco network switches. (Earlier switches ran CatOS.) IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a multitasking operating system. The IOS CLI provides a fixed set of multiple-word commands the set available is determined by the "mode" and the privilege level of the current user. "Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege. Through the CLI, the commands available to each privilege level can be defined.

Operating System Supporting Components :-

CPU

Software Requirements Specification for <Project>

Page 18

The CPU executes operating system instructions, such as system initialization, routing functions, and switching functions. RAM RAM stores the instructions and data needed to be executed by the CPU. RAM is used to store these components: Operating System Running Configuration File IP Routing Table ARP Cache Packet Buffer ROM: ROM is a form of permanent storage. Cisco devices use ROM to store: The bootstrap instructions Basic diagnostic software Scaled-down version of IOS. Flash Memory: Flash memory is nonvolatile computer memory that can be electrically stored and erased. Flash is used as permanent storage for the operating system, Cisco IOS. Flash memory does not lose its contents when the router loses power or is restarted. NVRAM: NVRAM is used by the Cisco IOS as permanent storage for the startup configuration file (startup-config). All configuration changes are stored in the running-config file in RAM, and with few exceptions, are implemented immediately by the IOS. To save those changes in case the router is restarted or loses power, the running-config must be copied to NVRAM, where it is stored as the startup-config file. 2.3 Design and Implementation Constraints

HARDWARE REQUIREMENT: We can use the Cisco three-layer model to determine what type of product to buy for our internetwork. By understanding the services required at each layer and what functions the internetworking devices perform, We can then match Cisco products to your academic requirements. To select the correct Cisco products for our network, start by gathering information about where devices need to operate in the internetworking hierarchy, and then consider issues like ease of installation, portcapacity requirements and other features. If we have remote offices or other WAN needs, we need to first find out what type of service is available? It wont do us any

Software Requirements Specification for <Project>

Page 19

good to design a large Frame Relay network only to discover that Frame Relay is only supported in half the locations we need. After our research and find out about the different options available through our service provider, we can choose the Cisco product that fits your requirements. We have a few options, typically: dial-up asynchronous connections, leased lines up to 1.544Mbps, Frame Relay, and ISDN, which are the most popular WAN technologies. However, xDSL is the new frontrunner to take over as the fastest, most reliable, cheapest WAN technology. We need to consider our usage before buying and implementing a technology. For example, if our users at a remote branch are connected to the office more than three to four hours a day, then we need either Frame Relay or a leased line. If they connect infrequently, then we might get away with ISDN or dialup connectivity. A) Hubs . Before we buy any hub, we need to know which users can use a shared 10Mbps or shared 100Mbps network. The lower-end model of hubs Cisco offers supports only 10Mbps,while the middle-of-the-road one offers both 10 and 100Mbps auto-sensing ports. The higher-end hubs offer network-management port and console connections. If we are going to spend enough to buy a high-end hub, we should consider just buying a switch. Different hub products Cisco offers. Cisco 1500 Micro Hub Cisco 1528 Micro Hub 10/100 Cisco FastHub100 Cisco FastHub200 Cisco FastHub300 Cisco FastHub400 These are the selection issues we need to know: Business requirements for 10- or 100Mbps Port density Management Ease of operation

B)Routers A key criterion when selecting router products is knowing what feature sets us need to meet our requirements. For example, do we need IP, Frame Relay, and VPN support? How about IPX, AppleTalk, and DECnet? The other features we need to

Software Requirements Specification for <Project>

Page 20

think about when considering different product-selection criteria are port density and interface speeds. As we get into the higher-end models, we see more ports and faster speeds. For example, the new 12000 series model is Ciscos first gigabit switch and has enormous capability and functionality. Cisco 700/800 series Cisco 1600/1700 series Cisco 2500 series Cisco 2600 series Cisco 3600 series Cisco 4000 series Cisco 7000 series Cisco 12000 GSR series AS 5000 series We can tell how much a product is going to cost by looking at the model number. A stripped-down 12000 series switch with no cards or power supplies starts at about $12,000. The price can end up at well over $100,000 for a loaded system. We also need to think about WAN support when buying a router. We can get anything we want in a router, but we just have to be familiar with the service provided for our area. The Cisco 800 series router has mostly replaced the Cisco 700 series because the 700 series does not run the Cisco IOS. In fact, I hope Cisco will soon stop selling the 700 series routers altogether. They are difficult to configure and maintain. The main selections involved in choosing Cisco routers are listed below: Scale of routing features needed Port density and variety requirements Capacity and performance Common user interface

C) Switches

It seems like switch prices are dropping almost daily. About four years ago a 12-port 10/100 switch card for the Catalyst 5000 series switch was about $15,000. Now we can buy a complete Catalyst 5000 with a 10/100 card and supervisor module for about $7500 or so. My point is that with switch prices becoming reasonable,It is now easier to install switches in our network. We must consider whether we need 10/100

Software Requirements Specification for <Project>

Page 21

or 1000Mbps for each desktop or to connect between switches. ATM (asynchronous transfer mode) is also a consideration; however, with Gigabit Ethernet out and 10Gbps links just around the corner, who needs ATM? The next criteria to consider are port density. The lower-end models start at 12 ports, and the higher-end models can provide hundreds of switched ports per switch. Different switches available Cisco 1548 Micro Switch 10/100 Catalyst 1900/2820 series Catalyst 2900 series XL Catalyst 2900 series Catalyst 3000 series Catalyst 8500 series Catalyst 5000 series The selection issues you need to know when choosing a Cisco switch are listed below: Business requirements for 10,100 or even 1000Mbps Need for trunking and interswitch links Workgroup segmentation (VLANs) Port density needs Different user interfaces

SOFTWARE REQUIREMNTS The Packet Tracer Packet Tracer is a self-paced, visual, interactive teaching and learning tool. It is designed to increase interaction between students and instructors, promote student learning, and enhance instructor presentations. Lab activities are an important part of networking. However, lab equipment can be a scarce resource. Packet Tracer provides a visual simulation of equipment and network processes to offset the

Software Requirements Specification for <Project>

Page 22

challenge of limited equipment. Network designers can spend as much time as they like completing standard lab exercises through Packet Tracer, and have the option to work from home. Although other simulation products for Cisco equipment are available, they do not include the unique visualization features of Packet Tracer. This technology is a new and fun way to expand teaching and learning experiences beyond the limitations of the traditional lab environment. Packet Tracer helps resolve some common challenges that instructors face on a daily basis, while enabling us to explore new frontiers in networking education.

Key Features In the Simulation and Visualization Mode, we can see and control time intervals, the inner workings of data transfer, and the propagation of data across a network. This helps us understand the fundamental concepts behind network operations. A solid understanding of network fundamentals can help accelerate learning about related concepts. The physical view of devices such as routers, switches, and hosts, presents graphical representations of expansion cards and identifies the capabilities of each card. The physical view also provides geographic representations, including multiple cities buildings, and wiring closets.

Additional Features Lab grading function Modular devices User-friendly CLI and integrated help feature Different device models for creating custom networks Tutorial International language support Simple mode
Wireshark

Software Requirements Specification for <Project>

Page 23

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues. Functionality Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.

3.

System Features
Visibility: Enables quick response to reduce the impact of attacks. Enables Network Operations Center (NOC) and Security Operations Center (SOC) staff to focus on actionable information rather than struggle to interpret millions of daily events generated by network security appliances, switches, routers, servers and applications. Risk Management: Helps universities and research centers to get visibility and control over the risks in their networks. Enterasys DSCC integrates with Enterasys Dragon intrusion prevention (IPS), network access control (NAC), and automated security management (ASM) solutions to provide a unified, real-time view of the threat landscape and effectively detect, isolate and automatically remediate threats. Quarantine: minimizes risks by isolating dangerous users, devices, and machines. Uses advanced surveillance and forensics analysis to deliver situational awareness of both external and internal threats including inappropriate content, IM file transfers, traffic from undesirable geographies, data theft, and malicious worm infections. Efficiency: enables proactive network management, facilitating prevention, notification, and simplified correction. Enterasys DSCC leverages existing

Software Requirements Specification for <Project>

Page 24

investments in network and security infrastructure while accelerating time to value through out-of-box functionality, rapid deployment, and staff efficiency gains.

QOS: QoS involves prioritization of network traffic. QoS can be targeted at a network interface, toward a given server or router's performance, or in terms of specific applications. A network monitoring system must typically be deployed as part of QoS, to insure that networks are performing at the desired level.

QoS is especially important for the new generation of Internet applications such as VoIP, video-on-demand and other consumer services. Some core networking technologies like Ethernet were not designed to support prioritized traffic or guaranteed performance levels, making it much more difficult to implement QoS solutions across the Internet.