lOMoARcPSD|21664974

Unit 17 - Network security

computer science (Sri Lanka Institute of Information Technology)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Mohamed Atheeb ([email protected])
Pearson

Higher Nationals in

Computing

ASSESSMENT BRIEF

Unit:
17 Network Security
Downloaded by Mohamed Atheeb ([email protected])
Downloaded by Mohamed Atheeb ([email protected])
 STUDENT ASSESSMENT SUBMISSION AND DECLARATION

When submitting evidence for assessment, each student must sign a declaration confirming that the work is their

own.

Student name & Student ID: Assessor name:

A. Afreedi

Issue date: Submission date: Submitted on:

th th

04 January 2022 28 February 2022

Programme:

BTEC Higher National Diploma in Computing

Unit:

Unit 17 : Network Security

Assignment number and title:

01 – Aliki Company’s Network Security

Plagiarism

Plagiarism is a particular form of cheating. Plagiarism must be avoided at all costs and students who break the rules, however innocently, may be penalised. It is your responsibility to ensure that you understand correct referencing practices.

As a university level student, you are expected to use appropriate references throughout and keep carefully detailed notes of all your sources of materials for material you have used in your work, including any material downloaded from the

Internet. Please consult the relevant unit lecturer or your course tutor if you need any further advice.

Student Declaration

Student declaration

I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice.

Student signature: Date:

Londontec City Campus

Page 2 of 8

Downloaded by Mohamed Atheeb ([email protected])

 1.0 Assignment Brief (RQF)

Higher National Diploma in Computing

Student Name & Student

ID:

Unit 17 : Network Security

Unit Number and Title:

2021/22
Academic Year:

A.Afreedi
Unit Assessor:

01 – Aliki Company’s Network Security

Assignment Title:
rd

03 January 2022
Issue Date:
th

28 February 2022

Submission Date:

Sanjeewa Ekanayake

Internal Verifier Name:

Date:

Submission Format:

The Assignment Should be Created using Microsoft Word Format. The Student Should Insert a Table of Content and Page Numbers as well as Your Name, Student Number and Module Title in the

Header. The Document Should Include Page Numbers in the Footer.

All Text Should be in the Font Calibri / Arial. All Normal Text Should be in Font Size 11 and Main Headings in Font Size 14 and all Sub Headings in Font Size 12.

The Student Should include all Referencing in Harward Referencing Format and the References Table should be included.

The Below Harward References Generating Site can be Suggested :

The Student Should include a plaigiarism report using a suggested software. The Final Summary of the Plaigiarism score should be included as an appendix. “Plagiarism Checker X” Software is

Recommended.

You Should Include this Completed and Signed Front Sheet along with your assignmnet during the

Londontec City Campus

Page 2 of 8

Downloaded by Mohamed Atheeb ([email protected])

Final Submission.

The Final Submission must be done to the Google Classroom portal provided by Londontec City Campus

Unit Learning Outcomes:

LO1 Examine Network Security principles, protocols and standards LO2 Design a secure network for a corporate environment

LO3 Configure Network Security measures for the corporate Environment LO4 Undertake the testing of a network using a Test Plan

Assignment Brief and Guidance:

Task 01 – Technical Information Report

Create a technical report which includes the following information. Your report will be considered as a complete report ONLY if you include all of the following.

Discuss at least 02 Network Security Devices such as Firewalls, Routers etc.. (Word Limit : 400 words
per device)
Examine the following network security protocols (200 words each)
o FTPs
o HTTPs
o POP3
o SMTP
Compare and contrast any two of the above network security protocols.
Discuss different cryptographic types of Network Security
Disscuss what is meant by Quality of Service (QoS) in Relation to Network Security Configuration.

Task 02 – Aliki’s Bank Network

* This Task can be done as groups of 02 or individually. If you grouped, clearly Include the names and student numbers of your group members in your Answer.

You are the Network Security head of the banked named aliki. Aliki is an expanded private bank network which has over 70 branches islandwide and more than 90,000 customers in sri lanka.

The above bank has a huge cloud network for managing data and transactions at the bank with public access for digital banking facilities.

As the network head of the above company, you are required to analyse and create a report to the CEO as a network security proposal. Include the following information in your Network Security Proposal (1500 words)

Discuss why network security is important in general to any network. Include examples as well.
Investigate and understand the security requirements for the above mentioned network. Deeply
discuss the security requirements.
Recommend the software and hardware to be used in this network to make this a secure nework.

Londontec City Campus

Page 2 of 8

Downloaded by Mohamed Atheeb ([email protected])

Include the advantages, disadvantages, definitions etc.. for your answer.
Include a design of your suggested network so that the CEO can understand how secure the netowrk would be. Include the netwo
Configure a secure firewall using windows Defender firewall for the network and also use at least 03 other security configurations
Include Screenshots and explain the screenshots for the above configurations you did with comments.
Any made assumptions can be included and you are free to make any assumptions for the scenario.

Task 03 – Test Plan for Aliki’s Network

You are required to create a test plan for Aliki’s Network.

After creating the test plan, you are required to test the network. Once tested, Include Screenshots and test cases.
Give some recommendations to improve security of the network. When giving recommendations, critically evaluate the design, planning and configuration also.

Londontec City Campus

Downloaded by Mohamed Atheeb ([email protected])

 Page 2 of 8

Downloaded by Mohamed Atheeb ([email protected])

Learning Outcomes and Assessment Criteria:
Learning Outcome Pass Merit Distinction

P1 Discuss the

different types of
LO1 Examine Network M1 Compare and contrast
Network Security
Security principles, at least two major
devices.
protocols and standards Network Security

protocols.
P2 Examine Network

Security protocols.
LO1 & LO2

P3 Investigate the D1 Discuss, using

purpose and examples, the

requirements of a importance of Network

secure network Security.

M2 Create a design of a
LO2 Design a secure according to a given
secure network according
network for a corporate scenario.
to a given scenario.
environment

P4 Determine which

network hardware and

software to use in this

network.

P5 Configure Network

Security for your D2 Discuss what is

LO3 Configure Network M3 Provide Network
network. meant by Quality of
Security measures for Security configuration
Service (QoS) in relation
the corporate scripts/files/screenshot s
P6 Discuss different to Network Security
environment with comments.
cryptographic types of configuration.

Network Security.

M4 Provide
P7 Create a Test Plan
scripts/files/
for your network. D3 Critically evaluate
screenshots of the
LO4 Undertake the the design, planning,
testing of your network.
testing of a network P8 Comprehensively configuration and

using a Test Plan test your network testing of your

M5 Make some
using the devised Test network.
improvement
Plan.
recommendations

Downloaded by Mohamed Atheeb ([email protected])

 Acknowledgement

I would like to express my HND to all those who gave me the possibility to complete this
Assignment. I am deeply indebted to our course Lecture ….. Whose help, stimulating
suggestion, knowledge and encouragement helped me in all
time of study and Analysis of the assignment in the pre and post
that period. Most especially to my classmates and friends, who
made all things possible.

Downloaded by Mohamed Atheeb ([email protected])

Table of Contents
1. Network security principles, protocols and standards.........................................................6
1.1 Network Security in contemporary economic, legal, defense, political landscape of a
country....................................................................................................................................6
1.1.1 Importance of network security in contemporary economic of a country..............6
1.1.2 Importance of network security in legal landscape of a country............................7
1.1.3 Importance of network security in defence landscape of a country..........................9
1.1.3 Importance of network security in political landscape of a country...................10
1.2 Network security devices and usage..........................................................................11
1.2.1 Proxy server........................................................................................................11
1.2.2 Firewall....................................................................................................................12
1.2.3 Host-based intrusion detection systems..............................................................13
1.2.4 Network access control (NAC)................................................................................13
1.3.1 Kerberos..............................................................................................................14
1.3.2 Public key encryption..............................................................................................14
1.4 Network Security protocols and its historical evolution............................................15
2. Network design..................................................................................................................16
2.1 Network diagram and IP design for ABC Education.................................................16
2.1.1 Network diagram................................................................................................16
2.1.2 IP design.............................................................................................................17
2.2 Suitable Software and Hardware for the network......................................................18
2.3 Adequate security to the network...............................................................................22
2.4 VPN can help this organization if implemented........................................................23
3. Network Security measures for the corporate environment..............................................24
3.1 Evidence for network security configuration.............................................................24
3.1.1 Firewall configuration.........................................................................................25
3.1.2 Router configuration...........................................................................................27
3.1.3 Server configuration...........................................................................................28
3.2 QoS integration into network security configurations...............................................29
3.2.1 QoS configuration...............................................................................................31
3.3 Different cryptographic types of network security....................................................36
3.3.1 Simple code.........................................................................................................36
3.3.2 Symmetric cryptographic....................................................................................36

Downloaded by Mohamed Atheeb ([email protected])

 3.3.3 Asymmetric cryptographic.................................................................................37
3.3.4 Hash Functions...................................................................................................38
4. Testing of a network and future improvements.................................................................39
4.1 Testing of a network...................................................................................................39
4.1.1 Nmap........................................................................................................................39
4.1.2 Nessus.....................................................................................................................39
4.2 Future improvements in security and performance....................................................40
4.3 Evaluation of network design, planning, configuration, and testing of network............40

Downloaded by Mohamed Atheeb ([email protected])

Table Of figures

Figure 1 Comparison between Public Key encryption and Kerberos......................................14

Figure 2 Network Diagram......................................................................................................16
Figure 3: Configuring devices................................................................................................. 24
Figure 4 Firewall configuration 01.......................................................................................... 25
Figure 5 Firewall configuration 02.......................................................................................... 26
Figure 6 Firewall configuration 03.......................................................................................... 26
Figure 7 Router configuration..................................................................................................27
Figure 8 Gateway configuration.............................................................................................. 28
Figure 9 IP configuration.........................................................................................................28
Figure 10 QoS..........................................................................................................................29
Figure 11 Router 01 Configeration..........................................................................................31
Figure 12 Policy map...............................................................................................................32
Figure 13 before sending traffic router 01...............................................................................32
Figure 14 QoS Configuration Router 02..................................................................................33
Figure 15 Setting precedence...................................................................................................33
Figure 16 Policy Map router 02...............................................................................................34
Figure 17 Browsing Facebook.com.........................................................................................34
Figure 18 Ping Test..................................................................................................................35
Figure 19 After sending http and icmp traffic router 01..........................................................35
Figure 20 Symmetric Encryption.............................................................................................37
Figure 21 Asymmetric cryptographic...................................................................................... 37

Downloaded by Mohamed Atheeb ([email protected])

Table Of Table

Table 1 IP design..................................................................................................................... 17
Table 2 Software and hardware devices.................................................................................. 21
Table 3 Nmap commands........................................................................................................ 39

Downloaded by Mohamed Atheeb ([email protected])

1. Network security principles, protocols and standards

1.1 Network Security in contemporary economic, legal, defense, political landscape

of a country

Network security encompasses a broad range of technology, devices and procedures.

Network security. In the easiest definition, it is a collection of rules and settings aimed to
safeguard computer networks and data, utilizing both software and hardware
technologies, integrity, confidentiality and accessibility. Each company has to develop a
range of network security solutions to safeguard it from today's ever-growing cyber
threats landscape, irrespective of size, industry or architecture. The current network
architecture is complicated and confronts a constantly changing threat environment and
vulnerability exploitation by attackers. In a variety of sectors, including devices, data,
apps, people and locations, these vulnerabilities can exist. There are therefore various
tools and apps for network security management that target specific risks and operations
as well as regulatory non-conformity. If a few minutes of outage may create huge
disruption and damages to the basic outcome and reputation of a business, these
protective measures are vital. It is necessary to implement them. (Forcepoint, 2019)

1.1.1 Importance of network security in contemporary economic of a country

The global economy is founded upon data flows. Data as an input in the industry, and this is
not just in terms of information industries but also other manufacturing and traditional
industries, has increased with the present acceleration of digitisation in global enterprises
supported by rapidly taking up evolving technologies like cloud computing and data
analytics. According to McKinsey report, in conventional sectors 75 percent of the value
generated by the Internet. Adoption on the Internet is closely tied to economic growth. The
fact that increased internet penetration is very closely tied to a variety of economic success
metrics shows that obtaining universal access requires reforms not only in the
telecommunications sector but also policies to enable individuals and enterprises benefit
from the internet. The Internet, around a half of the world's 7.7 billion inhabitants, is
connected to four billion individuals. According to the Global Ecommerce Association,
global ecommerce is expanding dramatically, with 1 billion customers planning to shop
beyond national countries in 2020 (compared to 390 million in 2016). (ISACA, 2019)

Downloaded by Mohamed Atheeb ([email protected])

In terms of cybercrime around 1 percent of the global GDP is lost annually, according
to McAfee and the Centre for strategic and international studies and the costs of
cybercrime may amount to 600 billion USD. As cybercrime black market improves and
digital currency usage, it appears that it has become less difficult to monetize robbed
information(mcafee, 2019)

Cybercrime is one of the biggest and most serious threats for all enterprises worldwide,
according to the 2019 Official Annual Cybercrime Report by the Cyber security
Ventures, sponsored by Herjavec group. Cyber security Ventures forecasts cybercrimes
will cost the globe more than 6 trillion dollars a year by 2021, up from 3 trillion dollars in
2015. ISACA, 2019)

Obviously, network security plays an important role in ensuring the safety and well-
being of global business and its infrastructure, and ensuring the prosperity of the global
economy.

1.1.2 Importance of network security in legal landscape of a country

Data protection refers to rules and legislation designed to limit privacy intrusions, which
are mostly due to data collecting, storage and distribution. The person's personal data are
known to all information or data that pertains to a person identifiable with that
information or data. Privacy refers to an individual's right to decide how much
information/data he or she wants to share about him or herself. Some such instances
include passwords, financial information like the bank account or credit card or debit card
or other information on payment instruments, physical, physiological and mental health,
sexual orientation, history and medical recordings, biometric information etc. The High
Court acknowledges the basic right to privacy. (www.ETCISO.in, 2019)

The safety of cyber space depends mostly on the data and the security of the ICTs.
Unintentional accidents or weaknesses and negligence might be the sources of cyber-
threats. Screwdrivers, crackers or terrorists can be attackers. Their on-line presence is
strongly dependent upon banking institutions, energy, state agencies, hospitals,
companies, education and even social affairs. Personal data, cash and assets, as well as
national security, are being increasingly protected. (Al-achkar, n.d.)

In order to secure trust of the information society, cyber security involves creating trust and
security in the usage of ICTs. It offers huge prospects for human progress. It also promotes
broader access to information and training. It leads to policy and strategy creation. It
imposes new forms of business, business and societal paradigms. Many states fear that
ICTs may have a harmful influence on their own populations. Special care is required to
avoid that cyberspace becomes a hazard to nations and citizens. With strong leadership and
vision, the Arab world must seriously confront cyber security concerns.

Downloaded by Mohamed Atheeb ([email protected])

There should be particular focus to enhancing cyber security responsibility at all
levels. (Al-achkar, n.d.)

The soft target for cybercriminals in Sri Lanka can be recognized. Under the Sri Lankan
National Cyber Security Strategy, Sri Lanka proposed the Cyber Security Act. Poor
cyber security standards and inadequate inter-entity partnerships will cause several
cybercrimes. Cyber crime has also been disseminated through the Internet of Things
(IoT) and the exposure to connection, which has enabled cyber assaults to play an
important leading role in global relations. This study provides an overview of the safety
landscape, the lessons gathered from the field and proposed best practices in relation to
the safety occurrences last year. It covers major insights and trends from data collected
from a variety of sources from January 2018 to January 2019. (Perera, 2020)

Advantages of Cyber law to a country:

• The legal framework established for by the Act may allow organisations,
to execute e-commerce.
• The legal validity and sanction of digital signatures was granted in the Law.
• It allows the government to notify e-governance via the web.
• It opened the doors for corporate enterprises that provide certificates of
digital signatures in the field of certification.
• The cyber legislation also covers significant security problems that are so vital
to the success of electronic transactions.

Following are some of the Acts under SLCERT:

• Computer Crimes Act, No. 24 of 2007

• Electronic Transaction Act

• Payment Devices Fraud Act, No. 30 of 2006

Downloaded by Mohamed Atheeb ([email protected])

1.1.3 Importance of network security in defence landscape of a country

During the last decade, the defence sector has altered rapidly. Worms and virus cyberattack,
including zero-day assaults, Dynamic Trojan Horse Network (DTHN) internet worms and
Stealth Bot. Enhanced tactics. An increasing danger of cyberstrikes by organized criminals
and technical progress in the cyber security market to essential infrastructures remains the
fundamental driver for the expansion of cyber security solutions for the defence sector. The
defence and the homeland security agencies are expected to cover around 40% share of the
global cybersecurity market in 2015. Growth in investments on military programs and
allocation of resources for research and development of cybersecurity solution for the battle
field communication systems is expected to remain as the most upcoming trends. (sharma,
2015)

The Middle East area is predicted to increase dramatically during the next decade, especially in
Saudi Arabia, the UAE and Qatar. Enormous investment in security solutions for cloud
networks. The key factors leading to the growth of the cyber security market in the defence are
the development of network security and cloud security software. (sharma, 2015)

Visit the official website at: www.mailonline.co.uk to purchase more information about this
report. Qatar established in 2015 a National ICT Plan to upgrade its regulatory and
legislative framework. Countries such as the United States and the United Kingdom are also
likely to have a solid expansion in the cyber security industry needing solutions. Growing
dependency on the internet network for management of weapon systems remain as the key
drivers for the growth of cyber security market in these countries. The 2016 fiscal year
budget proposed by the United States highlighted an overall $14 billion fund allocation for
enhancement of cybersecurity systems. (sharma, 2015)

Physical warfare and attacks are less prevalent now as cyber-attacks are increasing. As cyber
threats rise, the defence industry is focused more on cyber safety and network security. But
the defence business in Sri Lanka says that cyber defence capabilities in very low levels is in
fact not effective in defence sector, as are other popular nations.

Downloaded by Mohamed Atheeb ([email protected])

 1.1.4 Importance of network security in political landscape of a country

The Russian government has increased cyber security in international relations with the
attack of the Democratic National Committee. There have also been growing economic and
political motivations to use the network for malice. The head-of-state attention was paid to
cyber security. International relations scholars are increasingly focusing on the consequences
of technology for national and international security, Zhiqun Zhu says. He believes the
evolution is not amazing. (Maurer and Ebert, 2017)

A third of the world's population has access to technology at the beginning of the 21st
century with a further 1.5 billion projected by 2020. He added that the significance of cyber
security and security of information was significantly challenged. Zhu adds that the G20
declaration on cyber security standards in 2015 with precise language is a rare step
forward. Zhu: Cyber security is now a subject of policy handled by the US President, since
few political topics ever increase up to the president's level. Researchers are discussing
whether or not cyberwar will occur. (Maurer and Ebert, 2017)

Cyber security, together with foreign and security policy, has become a key aspect of
government defence. Efforts to create cyber road rules focus on the applicability of
international current law, possible gaps, the establishment of standards, efforts to foster trust
and to postulate dissuasiveness. In the end, the cybersecurity and its influence on
international relations are developing rapidly, and remain at the top of the global leaders'
agendas in recent years, adds Nye. During American elections, the hack-and-leak operation
rekindled the decades-old debate over the link between information and cyber activities.
(Maurer and Ebert, 2017)

Downloaded by Mohamed Atheeb ([email protected])

 1.2 Network security devices and usage

The company can assist safeguard the network by using the right equipment and solutions.
The network security devices that help to safeguard the network from external threats are the
most frequent.

1.2.4 Proxy server

Proxy servers operate as negotiators on client program requests requesting other servers'
resources. Proxies may be open or non-transparent. The reverse proxy is an internal server,
which is used as the front end of a private network to monitor (and safeguard) server access.
Proxy servers in businesses are frequently used to filter traffic (web filters) and to increase
performance (load balancers) (Melnick, 2019)

1.2.5 Intrusion prevention system (IPS)

Firewall capabilities and intrusion detection systems together to prevent intrusion. Effective
implementation of an IPS can be costly, so that companies need to evaluate their IT risks
attentively. An IPS must do wire velocity packet inspection and analysis. Detailed packet
inspection systems for intrusion detection, including applications, and zero-day assaults
should be carried out by intrusion detection systems. It's important to have an IPS that can
identify and stop them in the first attempt to defend them from DDoS attacks. (Melnick,
2019)
System or host intrusion protection equipment at the operating system level are also inline.
They can intercept system calls, access to files, memory, processes and other system
activities to thwart assaults. Several technologies for intrusion prevention exist, among them:

• System memory and process protection - The system sits in this sort of intrusion
prevention approach. Memory protection is a way to prevent the memory of an
other process operating on the same system from being corrupted. Process
protection is a process monitoring method that enables processes suspected of being
attacked to be killed.
• Inline network devices - This sort of method for intrusion prevention inserts a
network device on the network communication channel with the capacity to alter and
block attack packets while passing through the device's interfaces. It functions similar
to a router or firewall in combination with the IDS capability to match the signatures.
Detection and reaction occurs before the packet is sent to the target network in real
time.

Downloaded by Mohamed Atheeb ([email protected])

 • Session sniping - Such an incursion approach ends a TCP session with a TCP RST
packet sent to both ends of the connection. The TCP RST is delivered and the exploit
of the attempt is snapped from the buffers and so blocked if an attempt to attack is
identified. Note that the right sequence and accreditation numbers should be available
for the RST TCP packets to be effective.
• Gateway interaction devices — A detection device can communicate
dynamically with Networking Portal equipment like routers or firewalls via this
sort of intrusion prevention approach. The detector can guide the router or firewall
to prevent the attack when an attempted attack is identified.

False positives can create a denial-of-service condition for legitimate traffic. Session sniping
system identification is another concern when deploying active response IPSs. It is always
recommended to run IPS and active response technologies in test mode for a while to
thoroughly understand their behaviour. writer should carefully monitor and tune systems
and be aware of the risks involved. A look at some of the challenges faced by IT security
professionals in the fight against cyber-attacks. (Melnick, 2019)

1.2.2 Firewall

Firewall is one of the network's initial lines of protection, because it separates one of its
networks. Firewalls can either be autonomous or other infrastructure devices might
contain them. Both firewall software and hardware solutions are available. Two types of
firewall policies are typically employed. (Melnick, 2019)

• Whitelisting — All the connections are denied save those specified as permitted
by the firewall.
• Blacklisting — The firewall enables all connections, with the exception of those
which are not expressly designated.

There are four types of firewalls: packet-filtering firewalls, stateful packet-filtering

firewalls, proxy firewalls and web application firewalls.

• Packet-filtering firewall - A firewall packet is a main and simple firewall type for
network security. It has filters which compares incoming and outgoing packages
with established criteria to determine if they can pass. In most situations, the ruleset
is specified (also referred to as access lists), depending on a range of metrics. Rules
might contain IP addresses of source/destination, port/destination numbers, and
utilized protocols. Layer 3 and layer 4 of OSI model are used for packet filters.

Downloaded by Mohamed Atheeb ([email protected])

 • Stateful packet-filtering firewall - Firewall is one of the network's initial lines of
protection, because it separates one of its networks. Two types of firewall rules are
typically used: Stateful packet filtering and dynamic inspection. The integration of a
dynamic status table and other functions in the firewall will complexify the design
which decreases the operating performance directly. Some firewalls may be stand-
alone, or other infrastructure devices, such routers or servers, may contain them. The
key point is that the connection pairs function at layer 4 and normally consist of these
four parameters: source address, port, destination address and port of address.
• Proxy firewall - Application proxy firewalls are effective for sensitive applications.
They can be used to shield a user from the identity of the server he or she is
communicating with. The main disadvantage is speed. authentication schemes, such
as passwords and biometrics, can be set up for accessing the Proxy Firewalls. For
instance, writer can set the firewall to filter out all incoming packets belonging to
EXE files, which are often infected with viruses and worms. Nevertheless, application
proxies offer some of the best security of all the firewall technologies, writer say.
Writer believe writer can use them to protect writer system from attack.
• Web application firewall (WAF) - Web application firewalls are built to provide
web applications security. Because applications are online, they have to keep
certain ports open to the internet. This means attackers can try specific website
attacks against the application and the associated database. WAFs can detect
distributed denial of service (DDoS) attacks in their early stages. (Melnick, 2019)

1.2.6 Host-based intrusion detection systems

Host-based IDSs are designed for monitoring, detecting, and reacting to host activities
and assaults. In most situations, attackers target specific systems with secret information
in business networks. Host-based IDS technologies include policy management, analysis
and host data forensics. (Melnick, 2019)

1.2.4 Network access control (NAC)

NAC is a network security control device limiting the accessibility of network resources to
security-conforming devices. Some NAC systems may fix unsupported devices
automatically to ensure they are secure before network access is granted. In order to verify
compliance with present safety regulations, NAC verifies the security settings for the device.
For instance, it may check if the host has the latest antivirus software and updates. The
gadget can enter the network if the prerequisites are met. If not, NAC will isolate or connect
to the guest network until the necessary security improvements are performed in order to
conform to the policy. (Melnick, 2019)

Downloaded by Mohamed Atheeb ([email protected])

 1.3 Compare and contrast about Public Key encryption and Kerberos.

1.3.4 Kerberos

Kerberos is an authentication computer network technology used when logging in to the

system for authenticating user information. Kerberos relies on symmetric key encryption
and reliably depends on a third party and during the authentication stages works on private
key encryption. Various Kerberos versions are created to improve authentication security.
In Microsoft products like as Windows 2000, Windows XP and newer windows, Kerberos
is widely deployed. (Geeks for Geeks, 2020)

1.3.2 Public key encryption

Encryption includes a key and an algorithm. Depending on the precise key used in that
moment the algorithm provides a distinct outcome. The algorithm output is altered by
changing the key. RSA (Rivest–Shamir–Adleman) is the most often used public-key crypto-
system. It is the backbone of RSA that it difficult to determine the main elements of a
composite number. (Geeks for Geeks, 2019)

In the knowledge of the cryptographic technique and the encryption key, the decryption key
cannot be determined. For encryption with different decryption keys, either of the two keys
(public and private key) can be utilized. Public keys may be shared freely, making it easy and
convenient for users. (Geeks for Geeks, 2019)

Kerberos Public key encryption

Represents Symmetric Cryptography.
Tickets are used to authentication users, and
the tickets are issues via online Key
Distribution Center (KDC).
Password is required to authenticate users.
The Key Distribution Center (KDC) must
register every user to able to have access to
the network.
Figure 1 Comparison between Public Key encryption and Kerberos.
Represents Asymmetric Cryptography.
With such architecture, each user has a pair
of key, private key and public key. Where
public key is published to users, the private
key is kept secret. Private key is used to
generate a digital signature, while the public
key is used to verify such signature.
Private Key is used to authenticate users. The
private key is stored on disk, and maintain by
users.
Pre-registration is not required in this case.

Downloaded by Mohamed Atheeb ([email protected])

 1.4 Network Security protocols and its historical evolution

The Internet usage started to grow fast in the late 1980s. There is a greater requirement for
security between colleges, administrations and military facilities. The ARPANET was the
first automated worm in 1988. The Morris Worm, devised by a Cornell student, may
leverage a system for preventing intrusion that is lacking and connect to another computer,
replicate itself with flaws and deliver it to the new place. (Gorti, 2020)

With the Internet growing, it became a platform for business purposes. SSLv3 was safe enough
for the period in the beginning of the 2000s. The safety of web transactions remained an issue.
The lack of IPv4 addresses led to first IPv6 deployments. In the late 2000's, social networking
platforms appeared and consumers sought an experience "always." (Gorti, 2020)

Introducing technologies like DNSSEC such as TLS and TCP adaptive congestion control
and DNS. They are both crucial for continued, Internet-based personal communications and
e-commerce. A number of security procedures and standards have been developed for calls,
security and privacy. Network security protocols are such that the data is preserved through
a network to ensure security and integrity. (Reddy, 2020)

• IPSec protocol - IPSec protocol is a working group of IETF IPSec, which provides
data authentication, integrity and data protection between two entities. Manual or
dynamic combination of cryptographic key management is achieved via the Internet
Key Exchange IETF-specific key management protocol (IKE).
• Secure Shell (SSH) – In the year 1995, a cryptographic security protocol for the secured
transfer of data over the network was created for Secure Shell (SSH). It allows for remote
login to the command line and remotely performance of certain activities. SSH
incorporates some FTP features. The newest of its sort is SSH-1 and SSH-2.
• Hyper Text Transfer Protocol Secure (HTTPS) - A safe protocol for secure data
exchange among two or more computers is HyperText Transfer Protocol Secure
(HTTPS). The Secure Socket Layer (SSL) is now known as Transportation Layer
Security. This link is encrypted (TLS). Because HTTPS transfers are crypted, fraudsters
are stopped from interpreting and altering data while the transferral from the browser to
the website is complete. Even if the cyber thieves seize the data packets, they cannot read
them since the data packets are strongly encrypted.
• Kerberos - Kerberos is another network validation protocol meant to provide the
secret key cryptography to provide a robust authentication between client-server
applications. The protocol for validation of the Kerberos Network states that all of its
services and working sites are a safe and responsible network.
• OSPF (Open Shortest Path First) - Opening shortest path is the first dynamic routing
protocol to allow messages authentication and integrity of OSPF routing messages, using
OSPF MD5 security protocol as stated in RFC2328. OSPF MD5 authentication
guarantees, without detecting OSPF routing messages, that rogue IP resources cannot be
integrated into the network, guaranteeing the integrity of the OSPF rooting network
routing table(Reddy, 2020)

Downloaded by Mohamed Atheeb ([email protected])

2 Network design

2.1 Network diagram and IP design for ABC Education

2.1.4 Network diagram

Figure 2 Network Diagram

Downloaded by Mohamed Atheeb ([email protected])

 2.1.5 IP design

Department VLAN Ip Range Note

CEO and Director Board 1 10.0.1.0/24 User, PC, Printer etc…

Finance 2 10.0.2.0/24 User, PC, Printer etc…

Sale and Marketing 3 10.0.3.0/24 User, PC, Printer etc…

Customer Care 4 10.0.4.0/24 User, PC, Printer etc…

HR 5 10.0.5.0/24 User, PC, Printer etc…

Student 6 10.0.6.0/24 User, PC, Printer etc…

User -Reserved 7 10.0.7.0/25 User, PC, Printer etc…

IT team 172 172.16.1.0/24 Servers and Apps, directly

connect to the firewall

Server Farm 173 172.16.2.0/24 Servers and Apps, directly

connect to the firewall

Links from Switches to Router and 192 192.168.1.0/29 Link between core switch
Firewall and firewall

Table 1 IP design

Downloaded by Mohamed Atheeb ([email protected])

 2.2 Suitable Software and Hardware for the network

Product Specification Quantity Price per unit

HP Elite Desktop • Model: HP Professional 178 Rs.135,969.00
Desktop (Finance =
• CPU: Intel Core i5 25, Sales and
Processor Marketing =
• RAM: 8 GB DDR3 40, Customer
• Hard Drive: 1 TB SATA care = 3, HR
• Operating System: Windows = 5 , Students
10 Home = 105)
• Optical: DVD
• USB: (10) USB 2.0 ports for
connectivity
• Network: Onboard Gigabit
Network Adapter
• RENEWED 19" LCD
Monitor (Brand May Vary)
• NEW USB Keyboard
(Brand May Vary)
• NEW USB Mouse (Brand
May Vary)

ACER VES2735G • Processor- Intel® 8th Gen 20 Rs 156,900.00

Desktop Core™ i7 (CEO and
• Memory – 8GB Director
• Display – ACER 18.5” board = 10 ,
Monitor IT team = 10)
• Storage – 1TB HDD
• OS – Windows 10
professional
• Warranty – 3 years
TP-Link TL- • Transmission rate 2 Rs 9,500.00
WA901ND 450M - 450Mbps
WAP • Frequency - 2.4- 2.4835GHz
• Advanced Functions-Up to
30 meters PoE is supported
• Power Consumption - 5.8W
Canon image class • Functions- print, scan, 1 Rs 32,500.00
MF 235 copy, fax
multifunction A4 • Print Speed (A4) Up to
monochrome laser

Downloaded by Mohamed Atheeb ([email protected])

printer 23ppm
• Print Resolution Up to 1200
x 1200dpi
• Copy Resolution Up to 600
x 600dpi
• Scan Resolution Up to 9,600
x 9,600dpi
Cisco Catalyst • Ports – 48 2 Rs 512,979.00
Sg350x-48p switch • Supports IPv6, IPv4
• Security - including IP-
MAC Port Binding,
RADIUS, and
TACACS+
• 3MB packet buffer
• Physical stacking Up to 4
units
• GUI and CLI
interface options
• Virtual Router
Redundancy Protocol
support
• Smart power management to
minimize power
consumption
Cisco Catalyst • Ports - 24 x 10/100/1000 + 2 2 Rs 220,761.91
Sg350x-24p switch x 10GE copper/SFP+ combo
+ 2 x 10GE SFP+
• Switching capacity - 128
Gbps
• Routing protocol - Static
IPv4 /IPv6 routing
• Switching – Layer 2 &
Layer 3
• Capacity (active VLANS)
– 4000
• Forwarding performance
(64-byte packets) - 95.23
Mpps
Cisco ASA 5516- X • 1 RJ-45 and Mini USB 2 Rs 677,025.88
with FirePOWER console serial ports
Services Friewall • Memory – 8GB
• Maximum AVC and NGIPS
throughput - 600 Mbps
• 2000 Cisco Cloud Web

Downloaded by Mohamed Atheeb ([email protected])

 Security users
• Maximum application
visibility and control
(AVC) throughput - 850
Mbps
• Solid-state drive - 100 GB
mSata
Cisco 4461 • Integrated WAN Ports - 2 x 2 ₨2,173,015.54
Integrated Services PoE GE/SFP; 2 x GE/SFP;
Router 2 x 10 GE SFP+
• Performance - 1.5 Gbps
• Performance with Boost
license - 10+ Gbps
• 7-Gbps encrypted
throughput
• 3 Network Interface
Modules (NIM)
Catalyst 9600 • Granular port options 2 ₨1,204,393.42
10G/25G/40G/100G
• Secure segmentation with
SD-Access
• State-of-the-art high
availability with N+1 power
redundancy
• SD-Access and WebUI help
close IT skills gaps created
by cloud, virtualization, and
automation technologies.
• Exceptional MTBF and
high-availability features
such as ISSU, GIR, and hot
patching for maximum
resiliency help keep your
network running smoothly.
• Enhanced Limited Lifetime
Warranty (E-LLW)
DELL PowerEdge • Processor - Intel® Xeon 3 ₨587,547.61
T440 Server Bronze 3106
• 1TB 7200rpm Hard Disk
Drive
• Chassis: Tower
• 16GB UDIMM 2400MHz
Memory

Downloaded by Mohamed Atheeb ([email protected])

 • Consoles - Open Manage
Enterprise, Open Manage
Power Center
• DIMM Speed - Up to 2666
MT/s
• Network Options - 2 x
1GBE
• Software RAID - S140
Windows Server • Native support for persistent 1 (Supports Rs 674,719.00
OS 2019 memory 16 core)
• Nested resiliency for two-
node hyperconverged
infrastructure at the edge
• Windows Admin Centre
support
• Server Core App
Compatibility feature on
demand (FOD)
• Windows Defender
Advanced Threat
Protection
(ATP)
• HTTP/2 for a faster
and safer Web
• Scale up to 4 PB per cluster
Table 2 Software and hardware devices

Downloaded by Mohamed Atheeb ([email protected])

2.3 Adequate security to the network

The initial implementers should consider ensuring enough security for a secure
network while building a network in the organization. Accordingly, the ABC
education network has sufficient safety. The network design contains two firewalls;
firewall activated and firewall standing. Assume the standby firewall provides
network security while the active firewall is down. The firewalls are both Firepower
Services and Cisco ASA 5516-X. Cisco Firewalls. This firewall provides:
• Precise application visibility and control (AVC) - With more than
3,000 application levels and risk-based checks, customised IPS threat
detection rules may be used to enhance security effectiveness.
• Industry-leading Cisco ASA with FirePOWER NGIPS - It helps to
identify multi-sector attacks and automate defence actions through
extremely effective threat prevention, and full contextual knowledge of
people, infrastructure, apps and content.
• Reputation - and category-based URL filtering - It delivers extensive
notifications and monitoring of questionable online traffic through URL
filtering setup and applies policies to hundreds of millions of URLs in more
than 80 categories.
• Advanced malware protection - The effective violation with low TCO
delivers protection value in this design. Find, understand, and stop any
malware and other security layers' developing dangers. These are the suitable
security features implemented with FirePOWER Services Friewalls using
Cisco ASA 5516-X. In addition to firewall security, the deployment of the
ABC education network also takes greater account of the security. Writer
has chosen the 2019 Standard Edition for Server OS for Windows Server.
Windows Server 2019 security features as full as possible
• Windows Defender Advanced Threat Protection (ATP) - This is a new set
of host intrusion control capabilities from Windows Defender ATP Exploit
Guard. must enable this option while setting the OS server. Once that
functionality is activated, Windows Defender Exploit Guard's four
components are now preventing devices from various attack channels,
inhibiting common malware attack behaviors, and balancing security risk
and productivity needs. The four components are: ASR, Netsafety, Folder
Access Control and Exploit Protection, Attack Surface Reduction.
• Security with Software Defined Networking (SDN) The new features
of SDN is Windows Server 2019 are; Encrypted networks: The virtual
network encryption enables virtual network traffic to be configured to be
encrypted between virtual machines that communicate within the
"encoded" designated sub-net. It employs the Transport Layer Security
Datagram (DTLS) for encrypting packets on the

Downloaded by Mohamed Atheeb ([email protected])

 virtual subnet. DTLS protects everyone with access to the physical network
from eavesdropping, manipulation and forging.
Firewall auditing: Auditing firewall is a new feature of the 2019
Windows Server SDN firewall. Once the SDN firewall has been activated,
logging is activated on all flows processed using the SDN firewall rule
(ACL). (JasonGerend, 2019)

In the IT department there are two backup servers, where all ABC education
backup data are saved. In the server farm, the IT staff will be able to retrieve
backups from two back up servers if any server goes down.

2.4 VPN can help this organization if implemented.

With both enterprises and private persons, VPN's become increasingly popular. Use
encryption methods to provide virtual P2P connections for VPNs to access a number of
dedicated links. When a cyber thief tries to access the supplied data, encryption assures they
can't do anything.

• VPNs greatly reduce the risk of security breaches and cyberattacks.

o Targeted by a hacker might sound like something else and other firms do.
Only the major breaches, though, generate news. More than ever, and
Symantec claims that the number of zero-day vulnerabilities grew 125 percent
between 2014 and 2015.user take a huge step in reducing the chances of user
firm employing a VPN and keeping user staff off public networks.
• VPNs encourage productivity.
o If user know about internet vulnerabilities, user are probably careful not to
enter into public networks. And if they're traveling so much? user can bet they
don't feel like they can work on the road for lengthy periods of time.
Productivity depends on peace of mind.
• VPNs make clients feel secure.
o user may assist to address the concerns by using a VPN by collecting data
from clients, consumers or patients. True, many of them may not grasp what
a VPN means, but there may be a little bit of education. Would user not rely
on an enterprise to go the extra step in ensuring user data is safe?
• VPNs let user "stay in the U.S." while traveling abroad.
o It might be a requirement to replace user real IP address with user VPN (in
the United States) if user or user staff are traveling a lot for work. Some
nations limit what user can access (for example, Facebook is not available to
Chinese IP addresses), so that user can remain connected and user job is
completed by a VPN. In addition, some consumers are leery about trusting an
e-mail from abroad. With a VPN, user can ensure that emails, postings and
more from user organization are user true home base. (Bourque, 2017)

Downloaded by Mohamed Atheeb ([email protected])

3 Network Security measures for the corporate environment

3.1 Evidence for network security configuration

Figure 3: Configuring devices

Downloaded by Mohamed Atheeb ([email protected])

 3.1.4 Firewall configuration

Figure 4 Firewall configuration 01

Downloaded by Mohamed Atheeb ([email protected])

Figure 5 Firewall configuration 02

Figure 6 Firewall configuration 03

Downloaded by Mohamed Atheeb ([email protected])

 3.1.5 Router
configuration

Figure 7 Router configuration

Downloaded by Mohamed Atheeb ([email protected])

 3.1.6 Server
configuration:

Figure 8 Gateway configuration

Figure 9 IP configuration

Downloaded by Mohamed Atheeb ([email protected])

 3.2 QoS integration into network security configurations

Providing acceptable service quality (QoS) over IP networks is a feature of today's

commercial IT infrastructure more critical. The quality of service (QoS) of a multi-
application service network, such as delays and bandwidth intensive applications. By
regulating network-wide latency, flashes, bandwidth, and packet loss, QoS may deliver a
security, predictable, measurable and safe service for this application. Certain kinds of
security network attacks influence the performance of the application. The basic task of
QoS is to ensure application performance. Well-known attacks, such as IP spoofing, SYN
inundation, and sequence number devaluation were investigated with regard to existing
networks with the highest effort. These assaults could be more motivated by a QoS enabled
network and a larger scale. (Wexler, 2004)

Figure 10 QoS

Downloaded by Mohamed Atheeb ([email protected])

Configure QOS as follows:

On Router1:
1) Match traffic:
- Voice traffic using NBAR (rtp)
-> Set DSCP to EF
- HTTP using NBAR (http)
-> Set DSCP to AF31
- ICMP using NBAR (icmp)
-> Set DSCP to AF11

2) Bind outbound on s0/1/0

- Voice should get priority bandwidth of 100kbps
- HTTP should get minimum bandwidth of 50kbps
- ICMP should get minimum bandwidth of 25kbps

On Router2:
1) Match traffic:
- Voice traffic using DSCP EF
-> Set IP Precedence to 5
- HTTP using DSCP AF31
-> Set IP Precedence to 3
- ICMP using DSCP AF11
-> Set IP Precedence to 0

2) Bind inbound on s0/2/0

Verification:
1) Open browser on PC1 and PC2 and browse to cisco.com and facebook.com
- Verify matches in policy
2) Ping cisco.com from PC1 and PC2
- Verify matches in policy
3) Use simulation mode to view DSCP and IP Precedence Packet markings

Downloaded by Mohamed Atheeb ([email protected])

 3.2.4 QoS configuration

Figure 11 Router 01 Configeration

Downloaded by Mohamed Atheeb ([email protected])

Figure 12 Policy map

Figure 13 before sending traffic router 01

Downloaded by Mohamed Atheeb ([email protected])

Figure 14 QoS Configuration Router 02

Figure 15 Setting precedence

Downloaded by Mohamed Atheeb ([email protected])

Figure 16 Policy Map router 02

Figure 17 Browsing Facebook.com

Downloaded by Mohamed Atheeb ([email protected])

Figure 18 Ping Test

Figure 19 After sending http and icmp traffic router 01

Downloaded by Mohamed Atheeb ([email protected])

 3.3 Different cryptographic types of network security

Cryptography is a code-protection strategy for information and communication so that it can

only be read and processed by those for whom the information is meant. Cryptography in
computer science relates in a number of rule calculi and mathematical ideas known as
algorithms to secure data and communication strategies that turn a message into a form which
is difficult to decrypt. (educba, 2019)

• Confidentiality - It indicates that the communication should only be available to the

sender and the recipient or the recipient. If an authorized individual is able to view
a communication, confidentiality is gone.
• Authentication - The sender and destination of information can be confirmed by the
intended recipient. It indicates a user or computer system to rely on.
• Integrity - It verifies that during transmission from sender to receiver the contents of
a message cannot be changed.
• Non-repudiation – It indicates that in the event of a dispute the sender of a
communication cannot be denied having subsequently transmitted it.

Here are some very easy codes and more complex modern encryption technologies used
on the Internet today

3.3.4 Simple code

This category is any means to write a message that anybody else has difficulty reading.
In other alphabets, this includes writing something. Here, writer see Icelandic runes and
IPAs as well as alphabets like Deseret Alphabet designed in a different niche. Writer can
utilize code in this language. Writer examined the creation of constructed languages
like Elvish, Esperanto and others. The Code Talker book by Chester Naz and Judith
Schiess Avila discusses why Navajo is used as a code in the Second World War and
never under extreme circumstances. (educba, 2019)

3.3.5 Symmetric cryptographic

Symmetric cryptographic is a kind of encryption that is employed by a single key to encrypt

and decode electronic data. For large amounts of information, for example for database
encryption symmetric encryption is standard. Asymmetric key encryption includes one
encryption key and another decryption key. If a database is installed, only the database itself
may encrypt and decode the secret key. (educba, 2019)

Downloaded by Mohamed Atheeb ([email protected])

Figure 20 Symmetric Encryption

3.3.6 Asymmetric cryptographic

Asymmetric key cryptographic (public key encryption) is the use of a pair of keys as an
algorithm, a public key related to the sender for the encryption of communications and a
private key that can be decoded only by the creator (if it is not exposed or decides to
reveal it). Anyone wishing to send a message will have an available public key, but a
second personal key is kept in secret to decode and comprehend only by the recipient

The private communication from the public to the owner of the unlocking key is possible
with the publicized encryption key. The mechanism functions as the signature check of
documents locked by the owner of the private key if the decryption key is disclosed.
Everyone has a public key to encrypt communications for the receiver and may decode
communications only by the receiver (educba, 2019)

Asymmetric key cryptography includes RSA, commonly used on the Internet; the Bitcoin
used Elliptic Curve Digital Signature Algorithm (ECDSA), the Federal Information
Processing Standard (FIPS) Digital Signature Algorithm (DSA), adopted by NIST as the
Federal Information’s Processing Standard for Digital Signatures 186-4 (educba, 2019)

Figure 21 Asymmetric cryptographic

Downloaded by Mohamed Atheeb ([email protected])

 3.3.7 Hash Functions

Hashing is a cryptographic technique which converts data in a single string of all types.
Regardless of the size or nature of the algorithm used, users may havened any data. It takes
random input and transforms it into a fixed hashed value. This algorithm does not use a key.
Message digest is termed or just hash values that are returned by the hash function. In order
to map data to a certain data size, the Hash functions provide a predictable output from an
input value to ensure cryptogram integrity. Hashes may be disguised and the input value for
a hash function from its output should be difficult to determine. Hash functions are collision
free; which means that no two input hashes should map to the same output hash. (educba,
2019)

Cryptographic hash methods for passing transaction information on anonymously are

commonly employed in cryptocurrencies. The SHA-256 cryptographic function in its
algorithm is, for example, used by Bitcoin, the largest crypto currency originally. Iota, which
has its own cryptographical hacking function called Curl, also has the Internet of Things
platform. Password Verification, Signature Creation and Check and Message Integrity are
some of the most frequent real-life cryptography applications. (educba, 2019)

Downloaded by Mohamed Atheeb ([email protected])

4 Testing of a network and future improvements

4.1 Testing of a network

The Network tested the vulnerability with tools Nmap Security Scanner and Nessus.

4.1.1 Nmap
Nmap is an open-source free utility for scanning and discovering vulnerabilities. It can be
useful for monitoring individual hosts and large networks with hundreds of thousands of
devices. It is a port-scan tool at heart, which collects information through the transmission
of raw packets to system ports. It listens to the answers and decides if the ports are open,
closed or somehow filtered. (Ferranti, 2018)

The following commands are used to test the network through Nmap Security Scanner:

Command Goal
nmap 192.168.1.1 To scan a single target
nmap 192.168.1.0-254 To Scan a range
nmap 192.168.1.0/24 To scan entire subnet
nmap 192.168.1.0 -p- To scan all ports
nmap 192.168.1.0 -F Fast port scan (100 ports)
nmap 192.168.1.1 -O Remote OS detection using TCP/IP stack
fingerprinting
nmap 192.168.1.1 -A Enables OS detection, version detection,
script scanning, and traceroute
nmap 192.168.1.1 -f Requested scan (including ping scans) use
tiny fragmented IP packets. Harder for
packet filters
Table 3 Nmap commands
4.1.2 Nessus

Nessus is a remote tool to scan a computer and warn if any vulnerabilities are detected. This
is done by running more than 1200 cheques on a particular machine to determine whether any
such assaults may be used to break in or otherwise damage the computer. Nessus is merely a
program that scans your systems for weaknesses that hackers use. Nessus doesn't actively
prevent assaults. It is a modest aspect of a smart safety plan rather than a whole security
solution. In order to build a security solution, the system administrator can fix these
vulnerabilities. To test that computer, the utility doesn't have to be installed on a computer.
Only one computer can be installed and the same number of pcs tested to ensure that there are
no vulnerabilities that might be used to conduct a hostile attack by a hacker. Nessus is
available free of charge and can be downloaded from the Google Play store in the UK and in
the USA. (Nessus, 2019)

Downloaded by Mohamed Atheeb ([email protected])

 4.2 Future improvements in security and performance

There are enough security features supplied in accordance with the present network
implementation. However, there are additional means of ensuring network security when it
comes to future developments. In the Colombo branch network, two firewalls are now in
operation; support the firewall and an active firewall. However, at the Maldives branch there
is no firewall. If an attacker wants to crash or steal credentials from the network, an attacker
must enter the network on the Maldives branch. This is the only way to assault by assailants.
The implementation of FirePOWER Services Friewall will thereby enhance network safety
by adopting Cisco ASA 5516-X.

Network should not only be dependent on hardware security for future developments, but
also additional network security should be provided by software-based firewalls. For
custody filtering and alarm sending functions and for cleaning and repair of a PC, software-
based firewalls such as SolarWinds Network Firewall Security Management and System
Mechanic Ultimate Defense.

In addition to firewalls, establishing robust antivirus software ensures that the network
and devices are protected against computer viruses and enhances performance. The
leading antivirus software is Kaspersky anti virus and Bitdefender Antivirus Plus. In the
present network there are just two WAPs. User access to WAPs is limited. In the case of
mobile operators, because of the limited WAPs, it is tough to utilize the personal
devices in the company. Obviously, a greater number of WAPs will be required to
improve network performance and guarantee they are enough.

4.3 Evaluation of network design, planning, configuration, and testing of network

This network was developed in accordance with the Cisco Campus Principles of Architecture
and Design. In general Campus is recognized as part of an enterprise network, which gives
the end users and devices in a single geographical place with access to network
communication services and resources. Cisco Campus Architecture fundamentally splits the
following access, distribution and core layers into the network or their building parts.
However, this network is not sophisticated, so that the network is created with Access Layer
according to the collapsed distribution and core.

• Access layer: Gives network access to workgroup/user

• Distribution layer: Provides policy-based connectivity and regulates the access line and
core layers

• Core layer: Provides rapid transport throughout enterprise campus between

distribution switches

Downloaded by Mohamed Atheeb ([email protected])

A "Cold core" is used when a single device implements the capabilities of the distribution
and core layers. For the collapsed core architecture the major aim is to reduce network costs
while retaining most of the advantages of the tri-tier hierarchical paradigm.

The characteristics of this network as follow:

• Scalability – The network is capable of adapting the network to expansion in the

future. Cisco Campus Architecture makes it easier to alter the network for future
expansion
• Security - With its robust firewalls, this network is highly secure.
• Redundancy and fault tolerance - The network is redundant so, if one link is not
accessible the other one will work. All the switches are two ways connected to the
Collapsed Core. A fault-tolerant system can endure component failure (or failures)
but still function normally. If the active firewall is down, the firewall remains secure
for the network.

The network has been setup in accordance with network and security policies and
standards. Without defects, all configurations were exact.

Some vulnerability tests have been carried out in the Internet to ensure the network
vulnerability.

However, the existing system has several disadvantages. The biggest disadvantage is that
the Maldives branch does not have firewall security. If a security hole target for an
attacker is entering the network, then the attacker can access the main network to violate
the Maldives branch network. The creation in each gadget of antiviral software will
provide a high degree of safety. Increasing the WAPs will enable the job to be carried out
across mobile platforms and boost the organizational network performance. Then, the
present network has disadvantages. These are the significant prospective advancements,
apart from the disadvantages.

Downloaded by Mohamed Atheeb ([email protected])

Reference list

Al-achkar, M. (n.d.). Importance of Cyber Security. [online] World Justice Project. Available
at: https://worldjusticeproject.org/news/importance-cyber-security [Accessed 4 Jun. 2021].

Bourque, A. (2017). 5 ways your company can benefit from using a VPN. [online]
Computerworld. Available at: https://www.computerworld.com/article/3184651/5-ways-
your-company-can-benefit-from-using-a-vpn.html [Accessed 8 Jun. 2021].

educba (2019). Cryptography Techniques | Security Principle & Technique of

Cryptography. [online] EDUCBA. Available at: https://www.educba.com/cryptography-
techniques/ [Accessed 7 Jun. 2021].

Ferranti, M. (2018). What is Nmap? Why you need this network mapper. [online] Network
World. Available at: https://www.networkworld.com/article/3296740/what-is-nmap-why-
you-need-this-network-mapper.html [Accessed 7 Jun. 2021].

Forcepoint (2019). What is Network Security? [online] Forcepoint. Available at:

https://www.forcepoint.com/cyber-edu/network-security [Accessed 30 May
2021].

Geeks for Geeks (2019). Public Key Encryption. [online] GeeksforGeeks. Available
at: https://www.geeksforgeeks.org/public-key-encryption/ [Accessed 5 Jun. 2021].

Geeks for Geeks (2020). Difference between Kerberos and SSL. [online] GeeksforGeeks.
Available at: https://www.geeksforgeeks.org/difference-between-kerberos-and-ssl/ [Accessed
5 Jun. 2021].

Gorti, S. (2020). The Evolution of Web protocols. [online] Open Source For You.
Available at: https://www.opensourceforu.com/2020/03/the-evolution-of-web-protocols/
[Accessed 6 Jun. 2021].

ISACA (2019). Cybersecurity and its Critical Role in Global Economy. [online]
www.isaca.org. Available at: https://www.isaca.org/resources/news-and-trends/isaca-now-
blog/2019/cybersecurity-and-its-critical-role-in-global-economy [Accessed 31 May
2021].

Downloaded by Mohamed Atheeb ([email protected])

JasonGerend (2019). What’s new in Windows Server 2019. [online] Microsoft.com. Available
at: https://docs.microsoft.com/en-us/windows-server/get-started-19/whats-new-19 [Accessed
6 Jun. 2021].

Maurer, T. and Ebert, H. (2017). The impact of cybersecurity on international

relations. [online] OUPblog. Available at: https://blog.oup.com/2017/02/impact-cyber-
security- international-relations/ [Accessed 5 Jun. 2021].

mcafee (2019). mcafee. [online] Available at: https://www.mcafee.com/enterprise/en-

us/assets/executive-summaries/es-economic-impact-cybercrime.pdf [Accessed 31 May
2021].

Melnick, J. (2019). Network Security Devices You Need to Know About. [online]
Netwrix.com. Available at: https://blog.netwrix.com/2019/01/22/network-security-devices-
you-need-to-know-about/ [Accessed 5 Jun. 2021].

Nessus (2019). Nessus. [online] Cmu.edu. Available at:

https://www.cs.cmu.edu/~dwendlan/personal/nessus.html [Accessed 7 Jun.
2021].

Perera, N. (2020). Mitigating the Risk of Cyber Crime in Sri Lanka. [online] The Lakshman
Kadirgamar Institute. Available at: https://lki.lk/blog/mitigating-the-risk-of-cyber-crime-in-
sri-lanka/ [Accessed 4 Jun. 2021].

Reddy, P. (2020). Network Protocols and Its Security. [online] Medium. Available at:
https://priya-reddy.medium.com/network-protocols-and-its-security-47d68f356666
[Accessed 6 Jun. 2021].

sharma (2015). CYBER SECURITY FOR THE DEFENCE INDUSTRY | Cyber Security
Review. [online] Cyber Security Review. Available at: https://www.cybersecurity-
review.com/industry-perspective/cyber-security-for-the-defence-industry/ [Accessed 4 Jun.
2021].

Wexler, J. (2004). Security and QoS Unite. [online] Computerworld. Available at:
https://www.computerworld.com/article/2574473/security-and-qos-unite.html [Accessed 6
Jun. 2021].

Downloaded by Mohamed Atheeb ([email protected])

www.ETCISO.in (2019). Importance of cyber law: Opinion - ET CISO. [online]
ETCISO.in. Available at: https://ciso.economictimes.indiatimes.com/news/importance-of-
cyber-law- opinion/72450598 [Accessed 4 Jun. 2021]

Downloaded by Mohamed Atheeb ([email protected])

Downloaded by Mohamed Atheeb ([email protected])
Higher Nationals - Summative Assignment Feedback Form

Student Name & ID

Unit 17 : Network Security

Unit Title

01
Assignment Number A.Afreedi
Assessor

th

28 February 2022 Date Received

Submission Date
1st submission

Date Received 2nd

Re-submission Date
submission

Assessor Feedback:

Grade: Assessor Signature: Date:

Londontec City Campus

Page 2 of 8
Downloaded by Mohamed Atheeb ([email protected])
Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

** Please note that this Result will be Provisional till the ISV Process & IV Process is Completed.

Londontec City Campus

Page 2 of 8

Downloaded by Mohamed Atheeb ([email protected])