2. 2
Introduction
Fibotics is an organization specializes in Fiber Optic Security Systems. Fibotics provides wider
range of security solutions across the globes such as Military, Oil and Gas, Transportation, and
Physical Data. As of now company has small office located in Fareham and has team of 30 sales
and support personal across the world. After the successful of company, the company has grown.
IT employees usually has their own PCs or laptops connected to office router via Wi-Fi or UTP
cable. Information are shared using personal Google Docs accounts and private information are
stored on individual pcs. Users rarely change their own password and have different version of
antivirus installed.
Task 1 – Networking Infrastructure and Protocols
a) A star topology is layout for LAN and is suitable for Fibotics, where nodes are individually
connected to router or central device router or central connection point. All data are enter
exchanged through the central connection point. End devices does not communicate to
another end devices directly, all data are passed through central connection point. A hub or
switch act as the central connection point. This network layout requires more cable than
other network layout. (Orosk, 2017)
A twisted pair cable RJ-45 of cat7 will be the most suitable for Fibotics. Data transfer
rate of cat 7 is 10GBps and has max length of 100m.
Advantages of Star topology (omnisecu, 2017)
Crash or faults are easily repairable.
Easily upgradeable and allows the inspection of traffic through network.
Crash or a fault does not affect the whole network.
Easy to install and wire the whole network.
No disruptions on the network when connecting new device or removing existing
device from network.
Easy to detect faults and to remove parts.
Centralized management helps in monitoring the network.
Disadvantages of star topology
3. 3
If central device fails then whole layout falls.
Performance depends on the capacity of the central device.
Star topology requires more cable then a linear bus topology.
Star topology is more expensive then linear bus topology because of the cost of the
connecting devices.
Wires and uses of hubs, switches increases the costs of network.
Figure 1 Star Topology
b) Layered architecture is an architecture in which data flows from one level to another level of
processing. Layered architecture is used in designing computer software, hardware, and
communications in which system or network components are isolated in layers so that
changes can be made in middle in one layer without affecting the others. Communication
protocols are the good example of layered architecture. (TheFreeDictionary, 2017)
(LoveToKnow, 2017)
OSI stands for Open Systems Interconnection. OSI is a reference model on how
applications and devices can communicate over a network. OSI model consist of 7 layers.
(Techtarget, 2017) (Microsoft, 2017)
4. 4
1) Application Layer: It provides platform for applications and utilities to send and
receive data over the network. It serves as interface for users and applications.
Example protocols are FTP, SNMP, DNS, Telnet, SMTP, POP3 etc.
2) Presentation Layer: Presentation layer prepares data. It takes data from application
and marks it with extension such as .mp3, .mp4, .txt etc. These file extension make
it easier to realize that files are formatted with presentation layer. Presentation layer
also deals with compression, encapsulation and handles encryption decryption.
Example Server Message Block (SMB) etc.
3) Session Layer: Session layer deals with connection and establish communication
between processes running on different station. It provides session establishment,
session support etc. Example Apple Talk Session Protocol (ATSP), Network Basic
Input Output System (NetBIOS) etc.
4) Transport Layer: It ensures that data are delivered without any error and no frames
are lost or duplicated. It provides traffic control and message acknowledgement etc.
Examples Transmission Control Protocol (TCP), User Diagram Protocol (UDP) etc.
5) Network Layer: It provides logical addressing and control the operation of the
subnet, deciding with path the data should flow Network link provides routing, subnet
traffic control, frame fragmentation. Example Internet Protocol (IP), Distributed Data
Protocol (DDP), IPX etc.
6) Data Layer: It provides error free transmission of frames from one node to another
over physical layer. It handles link establishment and termination, frame traffic
control etc.
Example protocols are ARP, CDP, FDDI, LLDP, STP, PPP, ATM etc.
7) Physical Layer: It is the lowest layer and is concerned with the transmission and
reception of the raw data over the physical medium. It receives frames from data link
and convert them in bits.
5. 5
Example are RJ45, Ethernet, FDDI, NRZ etc.
c)
Devices OSI Layer Reason
Hub Physical Layer It is used to connect one or
many devices on same
network.
Switch Data Link Layer Switch is a physical
component, which governs
the signal flow.
WAP Data Link Layer It is a set of communication
protocols that allow wireless
device to access the
network.
Router Network Layer Router job is to determine
the best way to forward the
data to its destination.
d) Protocols are formal standards and policies comprised of rules, procedures and format that
define communications between two or more devices on a network. Network protocols
govern the end-to-end processes of timely, secure and managed data or network
communication. Every task or process that operate on network uses protocols.
Below are the few protocols and its operating layer on OSI model. (Techopedia, 2017)
(Quizlet Inc., 2017)
1. TCP: Transmission Control Protocol (TCP). It is a connection- oriented protocol,
which assure reliable transport, if it detects segment drop in a network, then it
transmit the dropped segment. After transmission receiver acknowledge segment
that it receives and based on the acknowledgement sent by receiver, the sender
determines which segments were successfully transmitted. Transmission Control
Protocol operates at transport layer of the OSI model.
6. 6
2. FTP: File Transfer Protocol provides facilities of uploading and downloading small to
large amount of data from the remote server running ftp software. It provide facilities
to view the files, folders and has functions like rename, delete if the user have the
necessary required permissions. FTP sends and receives data between sender and
receiver in an unencrypted format, which makes it less secure and more venerable
to attacks. File Transfer protocol operated at application layer of the OSI model.
3. SMTP: Simple Mail Transfer Protocol defines how mail messages are sent between
hosts. SMTP relies on TCP to ensure error free delivery of the messages. SMTP can
be used to both send and receive mail but Post Office Protocol version 3 (POP3)
and Internet Message Access Protocol version 4 (IMAP4) can be used to only
receive mail. Simple Mail Transfer Protocol operates on application layer of the OSI
model.
4. HTTPS: Hyper Text Transfer Protocol Secure is the secure version of HTTP. HTTPS
used a system known as Secure Socket Layer (SSL), which encrypts the information
sent and received between client and hosts. It operates at application layer of OSI
layer.
5. ARP: Address Resolution Protocol is responsible for resolving IP address to Media
Access Control (MAC). ARP used table canned ARP cache to maintain correlation
between MAC address and IP address. It provides rules for making this correlation
between MAC and IP. ARP works in network layer of OSI model.
6. DHCP: Dynamic Host Configuration Protocol is a client/server protocol, which is
used to dynamically assign IP to any device on a network so the device can
communicate using IP. DHCP operates at application layer of OSI model.
7. UDP: User Datagram Protocol is a connectionless protocol, which provide unreliable
transport. If a segment is dropped and the sender is unaware of the drop then UDP
does not retransmit those dropped segment. UDP operates at transport layer of OSI
model.
7. 7
e) Here is the table with the data and frequency of the given WI-FI standard.
WI-FI Standard Frequency Data rate Indoor range
802.11g 2.4 GHz 54 Mbps Over 150 feet.
802.11n 2.4 GHz 5 GHz 600 Mbps Over 175 feet.
802.11ac 2.4 GHz 5 GHz 13000 Mbps Over 230 feet.
I recommend using 802.11ac as it has ability to operate on 5 GHz, which is less crowded.
As company has products that already supports 802.11ac so it is fully compatible and no
other end device upgrade is necessary.
Connecting entire network through wireless is not suggested because of the following
reason:
WI-FI are venerable to hack, as the hacker does not have to be physically connected
to network using cables.
Man in the middle attacks are common hack, which can track packages travelling
without being physically connected.
WI-FI has coverage issue where getting constant coverage can be difficult, leading
‘black-spots’ where no signal is available.
8. 8
Task 2 – Addressing
a) Mac (Media access control) Address is the physical Address on the network, which is
unique. It is static and does not change on restart. Mac Address consists of 48 Bits
hexadecimal and is hardcoded in NIC of the device. ARP receives MAC Address of the
device. MAC address are received by data link. MAC address cannot be changed.
IP address is logical connection address on the network. IP address is dynamic and
changes every time connection is changed or reset. IPV4 is made up of 32-bit address while
IPV6 is made up of 128-bit address. IP address is provides by network admin or ISP. RARP
receives IP address of device.
Mac address is 48 bits (6 bytes) hexadecimal address where IPV4 is 32-bit (four bytes)
address, and IPV6 is 128 bits (16 bytes) address.
b) Mac address hardcoded into computer NIC (Network interface card) which is static. When
purchasing devices mac address are already build in and user cannot change it.
ARP receives mac address of device.
IP address is dynamic and is not assigned by manufacturer like Mac. IP address is assigned
dynamically through DHCP (Dynamic Host Configuration Protocol). Most of the time ISP or
network admin provides IP address. IP address can also be manually assigned to have
static IP address.
Yes devices need both of the address to function properly. A network contain many devices
and communication is vital in the network. In order to send and receive information sender
and receiver information is required. Without sender and receiver address it would be
impossible to know where to send data. So in order to solve this issue computer uses Mac
and IP address. Mac is used to uniquely identify device on network whereas IP is virtual and
used to group computers in the network.
9. 9
c) ARP (Address Resolution Protocol) is used to map an IP address to a physical machine.
ARP is the function of IP layer of TCP/IP protocol. Host devices used ARP to determine
address of another host. ARP works on Network layer.
d) Default gateway is used to allow one device to communicate other devices in another
network. Default gateway is exit point on the local network, which handles outgoing
connection from local network. (Lifewire, 2017)
Subnet mask separates IP address into network and host address. It is 32-bit number that
masks an IP address. Subnet is made by setting network bits to all 1’s and setting hosts bits
to all 0’s.
Default network is required because it helps to communicate device to other devices outside
the network. Default gateway acts as exit point to outgoing connections.
Subnet mask if needed on network because of the following reasons:
I. It helps computers to communicate easily.
II. It helps in security as it prevents communication from computers on other
subnets.
III. It limits IP address available on a network.
e) Sub-netting is the process of partitioning a single physical network into more than one
smaller logical sub-network calls subnets. Subnet mask helps to determine the type and
number of the IP address required for a given local network. (Technopedia, 2017)
Yes, I would recommended subletting in this case as the company works for different
sectors such as Military, Oil and Gas, Transportation etc. so it would be better to divide
networks for each of these different sectors. For each of the sectors different networks can
be made. Sub netting reduces network traffic and secures the network.
f) Routing table is a table, which consists of rules. Routing table is viewed in table format and
used to determine where data are travelling over an IP. All IP enabled devices uses routing
tables. (SearchNetworking,2017) It is predefined path used to routers and other devices to
forward packets. Routing table consists of IP address of destination device and how they
10. 10
can be reached. Router consists of database where IP of every connected devices are
stored. When a package is received router, know in which IP address to send the data
because it has already mapped all the connected devices IP address into its routing table.
Every packets hold information about origin and destined address. Router determines the
packets and matched to routing table providing best path for its destination. (Techtarget,
2017)
Figure 2 Package tracer diagram
13. 13
Task 3 – Security
a) As the company staffs has to bring their own devices to office here are the weakness in
access control measures:
I. Outside member or hacker can easily get into staff devices as they bring their own
devices.
II. Data may be compromise if the devices are stolen or lost.
III. If one staff has inflected device every devices on office are inflected as well.
IV. Users may or may not have antivirus installed or may have different version of
software which may cause incompatible issue.
V. Mobile phones OS has a lot of flaw which can leak pin and passwords which out
user acknowledgment.
b) Here are the measures that should to taken to keep the network safe.
I. Firewall filtering: I recommend enabling firewall so that external as well as internal
threats and other harmful behavior could be eliminated.
II. Mac address filtering: Mac address filtering enable us to connect to those devices
which is authorized. Unauthorized devices are not able to connect the network even
if the password is known.
III. Antivirus and anti-malware software: Antivirus or ant malware software should be
installed in order to prevent spyware, malware or other harmful threats. Antivirus
also improves system performance by removing threats.
IV. Access security: This is to ensure that user has access to only those network
elements and applications required to perform the job.
V. Sub netting: Sub netting would be a good way to protect the information from one
section of workers from other section of workers as they are logically divided.
14. 14
VI. Maintenance: Regular network maintenance such as hardware and software
upgrade should be done because old hardware and software contains flaws or
vulnerability. Upgrading regularly comes with new features for security.
VII. VPN: VPN ensures that no one is capturing or tracking our network activities. VPN
tunnels our online activities through different server so our identity and other
sensitive information is safe online.
c) In my view, virus and spyware would be the biggest threat for this system as someone with
bad intentions could inject spyware, which tracks all the information passing through
network. Someone capturing company internals activities would be considered as a major
issue. Spyware monitors everything we type, including backspacing and retyping. Spyware
can also redirect certain websites and flood screen with pop-up ads. Spyware can change
computer settings install suspicious applications which affects the stability of the computing
leading it to crash.
15. 15
Task 4 – Diagram and explanation
a) Logical diagram
Figure 5 Logical diagram
b) IP allocation table
Devices IP Default Gateway Subnet Mask
Router 1 192.168.20.1 - 255.255.255.224
Router 2 192.168.20.33 - 255.255.255.224
File Server 192.168.20.5 192.168.20.1 255.255.255.224
DHCP Server 192.168.20.6 192.168.20.1 255.255.255.224
Sage Server 192.168.20.9 192.168.20.1 255.255.255.224
Mail Server 192.168.20.8 192.168.20.1 255.255.255.224
16. 16
DNS Server 192.168.20.7 192.168.20.1 255.255.255.224
Printer 192.168.20.32 192.168.20.33 255.255.255.224
Computer 192.168.20.45-55 192.168.20.33 255.255.255.224
Access Point 192.168.20.34-40 192.168.20.33 255.255.255.224
192.168. Roll_num.___
c) Hardware components that I have choose are as follow:
Firewall – Since a company want secure network, firewall helps to eliminate internal and
external threats on the network.
Router – Router is used to connect LAN with the internet. In our case, we are connecting
out LAN with the internet so router is necessary.
Switch – Switch is like a hub but with advance features. Switch helps to connect multiple
device.
Printer – Printer is in the requirement list of the company. A network printer can be
accessed by anyone anywhere on network so one printer can fulfill everyone requirement.
Servers – They holds shared files, programs and other stuffs. They help to provide network
resources to all the users. In our case server helps to manage resources like printers and
allows users to share files and save files in secure manner.
d) Here are the local prices of the suitable hardware and software.
Device Details Price Specifications
Desktop Lenovo M710
10R80004IH
Rs.63,984 Quad Core i5 7th
generation up to 3GHZ
6 GB DDR4 Ram, Support up to 32GB
1TB Hard Disk
Laptop Lenovo Ideapad
Core
Rs.43,984 Dual core i3 6th
Generation
4GB DDR4 Ram, support up to 16GB
17. 17
1TB Hard Disk
15.6 inch Display
Server Dell PowerEdge
T30
Rs.71038 Quad core Intel Xeon E3-1225 up to
3.3GHZ
DDR4 8GB Ram
1TB Hard Disk
Printer HP LaserJet Pro
M126nw
Rs.26,768 Wi-Fi support
Print speed 20 ppm
Max resolution 600x600 dots per inch
Router ASUS AC1900
Wireless
Rs.50,417 5334 mbps speed
2GHZ and 5GHZ
8 x Antennas
Can handle up to 150 users at a time
Switch D-Link
EasySmart
Rs.40,944 Up to 52 Gbps switching capacity
Max forwarding rate of 38.69 Mbps
Flash memory of 16 Mega Byte
Firewall Netgear
FVS336G
Rs.28,784 64 MB Ram
IPv6 support
Max number of VLANS 254
18. 18
Task 5 – Remote access
a) VPN (Virtual Private Network) is a good and secure way to incorporate remote access into
the system. In VPN group of computers are networked together over public network and
these connected devices share information, which is encrypted and more secure. We can
create VPN by establishing virtual point-to-point connection using different types of
protocols to tunnel the traffic. (TechGenix, 2017)
Figure 6 Working mechanism of VPN
Components and actions required to create a working VPN
A VPN Client: VPN client is the system that is used to connect the main server using
credentials. VPN client depends on the task or options we need. VPN client can be
setup in router as well as a computer.
A VPN Server: A VPN server acts as a point to connect for VPN client. Once an
incoming connection is authenticated, the VPN server acts as a router that provides
the VPN client with access to the private network.
19. 19
IAS Server: In order to create a working VPN we need a RADIUS (Remote
Authentication Dial In User Service). RADIUS is a mechanism for authenticating
clients who are connecting to our network though VPN.
The firewall: Once our VPN accepts connection from outside world, user have full
access to VPN server. In order to prevent other users from accessing our VPN
server we need to use firewall to block any unused ports.
Tunneling Protocol: There are many types of tunneling protocol example
Point-to-Point Tunneling Protocol (PPTP): It is a data link protocol. PPTP provides
features like connection authentication, transmission encryption and data
compression.
Layer 2 Tunneling Protocol (L2TP): L2TP does not provide encryption or
confidentiality but it relies on an encryption protocol. The entire packet on L2TP are
sent within a UDP datagram.
Internet Protocol Security (IPsec): IPsec is an open protocol suite which provides
privacy and authentication services. IPsec has two sub protocols, which are
Encapsulated Security Payload (ESP) and Authentication Header (AH). ESP
encrypts the packet’s payload with a key. AH uses hashing operation, which hides
packet header to help hide certain packet information. IPsec has two operating
modes, which are Transport Mode, and Tunnel Mode. Transport Mode encrypts only
data but not header while Tunnel Mode encrypts both data and header.
Google docs is not a proper way to share a document and other company files. As
most of the member share, the file it has risks of data being leaked. Online security
breach can leak all company data.
b) If a mobile device that use remote access to a system then the ports to allow that remote
access would be open. Open ports are as open doors to the hackers, as more door are
20. 20
open less secure the system. If an inflected phone uses remote access to a system, the
phone may transfer inflected files to the system, which may create security breach.
References
Orosk, 2017. What is star topology? [Online]
Available at: http://www.orosk.com/star-topology/
[Accessed 13 October 2017].
Techopedia, 2017. What are network protocols? [Online]
Available at: https://www.techopedia.com/definition/12938/network-protocols
[Accessed 13 October 2017]
OmniSecu, 2017. What is star topology and its advantages and disadvantages? [Online]
Available at: http://www.omnisecu.com/basic-networking/network-topologies-star-topology.php
[Accessed on 13 October 2017]
LoveToKnow, 2017. Layer architecture dictionary definition. [Online]
Available at: http://www.yourdictionary.com/layered-architecture
[Accessed 13 October 2017].
Techtarget, 2017. What is OSI reference model? [Online]
Available at: http://searchnetworking.techtarget.com/definition/OSI
[Accessed 13 October 2017]
21. 21
TheFreeDictionary, 2017. Article about layered architecture. [Online]
Available at: https://encyclopedia2.thefreedictionary.com/layered+architecture
[Accessed 13 October 2017]
Microsoft, 2017. The OSI Model's Seven Layers Defined and Functions Explained. [Online]
Available at: https://support.microsoft.com/en-us/help/103884/the-osi-model-s-seven-layers-
defined-and-functions-explained
[Accessed 13 October 2017]
Quizlet Inc., 2017. Explain the function of common network protocol. [Online]
Available at: https://quizlet.com/17832725/16-explain-the-function-of-common-networking-
protocols-flash-cards/
[Accessed on 17 October 2017]
Technopedia, 2017. What is sub netting? [Online]
Available at: https://www.techopedia.com/definition/28328/subnetting
[Accessed 13 October 2017]
Lifewire, 2017. What is a default gateway? [Online]
Available at: https://www.lifewire.com/what-is-a-default-gateway-817771
[Accessed 13 October 2017]
Techtarget, 2017. What is a routing table? [Online]
Available at: http://searchnetworking.techtarget.com/definition/routing-table
[Accessed 13 October 2017]
22. 22
TechGenix, 2017. Outlining components needed for creating a VPN server. [Online]
Available at: http://techgenix.com/outlining-components-needed-creating-vpn-server/
[Accessed on 19 October 2017]
Word count - 3623