NETWORK ADMINISTRATION AND SECURITY

1. Introduction to network admin

2. Network design and setup
3. Network maintenance
4. Network monitoring

 Security;
-Is the state to be free from danger zones.

Network security
- Is the state of network to be free from threat. E.g. malware, cyber
attacker, unauthorized access;
Security issues
 Authentication
-Is the process of identifying the user.

 Kind of authentication to consider

i. You know
ii. What you posses
iii. What you are e.g. fingerprint, facial express

 Data confidentiality(privacy)
 Data integrity(no modification)
-refer to the accuracy, consistency and reliability of data thought its lifecycle.
 DoS (denial of services)
NETWORK VULNERABILITY; extent degree of weakness of a network and users

1) Technological vulnerabilities:
2) Configuration weakness:
 Use of easily guessed password
 Use of default settings
 Unencrypted storage

3) ICT Policy
 Procurement of ICT equipment tools
 Deployment
 Maintenance
  ICT security
 Backup and recovery
 Disaster recovery
 Disposal of ICT equipment
 Acceptable user

ICT Policy weakness:

 Weak policy
 Hidden policy

4) Implementation failure
 Low budget/lack of resources
 Lack of skilled ICT personnel/lack of technical experts
 Institution politics/lack of government support
 Ignorance/lack of awareness
 Poor infrastructure

5) Absence of policy

THREATS; is a person or thing that is capable of using the vulnerabilities to launch an attack

1. Physical threats;
-Theft and vandalism; distraction is not accentual destroy the infrastructure
2. Electrical threats; fluctuations, and cutoff
-may lead to burning if electricity is high
-may lead to poor functionality of an equipment’s if electricity is low
3. Environmental threats; e.g. rainfall, sun rays, humidity, dust
4. Maintenance threats; expose the system to the personal who are not interested

ATTACKS; Is an attempt to gain an access or block services of a given network without

permission
1. Man in the middle attack
-this is the type of attacker that sits in between two communication
partners
 *the attacker may be listening or editing the conversation between
the partners. The attacker may be active or passive

2. Malware attack
-viruses; attack the executable files of the computer

-worms; creates duplicated copies of themselves finally disturbed

memory
-Trojan horse; what you develop is what you don’t desires to develop
Harsh function; is the solution that is used to detect the data integrity or changes

3. Trust exploitation attack

- An attacker attack the client in order to get a path to access
the server.
- the attacker use the client’ by advantage of being trust by
server to exploit them

4. DoS (denial of services)

- is a cyberattack that prevents legitimate users from accessing
network resources and services
- this is usually done by flooding the target network or host with
traffic until is crashes or cant responds
5. Phishing attack;

- a social engineering attack that involves tricking a victim into sharing

sensitive information, such as login credentials or credit card numbers.

- Attackers often pose as a trusted entity, such as a bank representative, in

an email, instant message, or phone call e.g. through
-redirection
-attachments with viruses
6. Password attack

- to any of the various methods used to maliciously

authenticate into password-protected accounts.

- These attacks are typically facilitated through the use of

software that expedites cracking or guessing passwords. E.g.
 -social engineering
- Tools, dictionary guess

7. DNS spoofing Attack

-also referred to as DNS cache poisoning, is a form of computer

security hacking in which corrupt Domain Name System data is introduced into
the DNS resolver's cache, causing the name server to return an incorrect result
record, e.g.
- An IP address. This results in traffic being diverted to any computer that
the attacker chooses.

TYPES OF SECURITY
1. Firewall security

-network security devices that protect networks from unauthorized access

and threats by regulating incoming and outgoing traffic.
-They work by analyzing network packets and applying security rules to
determine if they are safe to pass through
2. Antimalware security

-is a type of software that protects a computer from malware by scanning

incoming data and removing identified malware.
-Antimalware can also help prevent malware from spreading to other
computers on a network.
3. System information and event management (SIEM)

- is a system that helps organizations detect, analyze, and respond to cybersecurity

threats.

- SIEM tools combine security information management (SIM) and security

event management (SEM) functions into one system.
4. Access security

-a set of tools and processes that limit access to resources, such as networks,
applications, and other assets.
 -It's a key component of data security and privacy, and can be used to protect
sensitive information, such as health records or cardholder data. E.g.
- Port security
5. Application security

- Or AppSec, is the process of identifying and fixing vulnerabilities in software

applications to prevent unauthorized access, modification, or misuse.

- It's an important part of software engineering and application management.

E.g.,
- limit access
- encrypting data
- Regular penetration testing
6. Physical security

- is the use of measures to protect people, property, and assets from harm or loss. It
involves preventing unauthorized access to facilities, equipment, and resources.

-Physical security can also include protecting against damage, theft, vandalism,
natural disasters, and other threats.

Network administration start from the following aspects

1. Setting up the infrastructure
2. Provision of services
3. Monitoring and security
4. maintenance
1. Setting up the infrastructure

Proper LAN design

Layered LAN Architecture

1. access
2. Distribution
3. core
1. Access
- It’s a layer containing end user devices
- Wireless access points are also found layer

2. Distribution layer
- Aggregate traffics from access layer to core
- Security policies are implemented (firewall)
- It containing redundant pairs of switches
3. Core
- Aggregate traffics from distribution layer to the external
network
- The switches in this layer are in redundant pair

Switch features
1. Access layer
- Power over Ethernet(PoE)
2. Port security

3. VLAN

-should support VLAN. Is logical grouping of devices on a network, regardless of their physical
location.
Are powerful tool for network administrators to improve security, performance and manageability

4. Port speed
- In access layer required port speed with fast Ethernet speed –
100mbps
- Is standard for most local area networks (LAN)
5. Port aggregation.
- Allow the speed of unused ports to be accessed by the port in
use;
Unused port speed dedicate nits port speed to used port to
increase speed
6. Quality of services(QS)
- Should support both data and video and provide priority to the
traffic particularly video and provide priority to the traffic
particularly video/audio
 - Switch should provide high priority for data required high
bandwidth to reduce delay time.
2. Distribution switch features
a) Inter VLAN routing
- should be able to forward traffics between different VLANs
b) Should support security policy access control list (ACL) firewall.
c) Should be a layer 1 and 2 functionality

 Layer 1-pc
 Layer 2- switch
 Layer 3 router
- Switch functioning like router.
d) Port speed.
It require high port speed with at least high bits or 10 high bits port speed.
e) High forward rates
- Switch with high capacity in forwarding the packets transmitted.
f) Link aggregation/port aggregation
g) Quality of services
3. Core switch features
a) Inter VLAN routing
b) Should be a layer 3 switch
c) Port speed
d) Higher forward rates than in distributed switch
e) Link aggregation
f) Quality of services
VLAN

Virtual Local Area Network, is the logical separation of the same physical network infrastructure
to behaves as separate networks
Aims/Objectives of VlAN
i) Enhanced security
By default pc available in separate network cannot communicate. Through IP

 Isolation; VLAN isolate network traffics, preventing unauthorized access to sensitive data
and limit. The spread of malware within the network e.g. VLAN for guest Wi-Fi can be
separated from the internal network, restricting access to critical resources
 Controlled access; by defining which devices can communicate with a VLAN,
administrator can control access to specific network resources and enforce security policies
ii) Improve performance;
- Due to limited broadcast domain; all broadcast occur in a
specific VLAN group not in a LAN.
. Reduce broadcast traffic: VLAN significantly reduce the
amount of broadcast traffics on the network. Broadcast traffic
sent to all devices on a network segment.
So by segmenting the network, broadcast traffic VLAN
minimizing its impact on other parts of the network.
iii) Simplify network management

- Easy troubleshooting: VLANS make it easier to troubleshoot

network issues by isolating problems to specific segments.
- Flexible network design, it provides flexibility in designing,
allowing administrator to easy create, modify and reconfigure
network segments without major physical changes to the
network infrastructure

iv) Cost

- It reduces cost; because need of building multiple physical

LAN/ NETWORK within one organization
- The segments in VLAN can represent physical infrastructures
v) scalability
- easy to expand the network
II: provision of services

 Server
- Is a device or application that provides services, resources or
data to other machines added client?
Common features/ x’stics of computer server/ server machine

a) High performance, based on a processor, memory, storage (high storage)

b) Scalability, should provide chance to expand or add requirement. Example ability to add
CPU, RAM, Storage, network interfaces.
c) Connectivity, particularly network connectivity should include
- High speed Ethernet ports 1Gigabits-> 10gigabits port speed.
- Redundant Ethernet ports, this help to ensure high availability
of service since the failures of one port cannot affect the whole
server services
- So high availability of service it ensures high reliability of
services
d) Fault tolerance
- Due to , multiple storage; automatic backup
- It can automatically switch to another memory after
failure.(memory switchover)
e) Reliability
- Due to fault tolerance, redundant Ethernet ports
- Scalability
- Disaster recovery(data backup and recovery)
- Redundancy. Have multiple copies of critical components
available
- Physical security
f) Server operating system
- For resources management, security networking, system
administration and application hosting
g) Efficient energy utilization
- Low energy power supply
- Powerful cooling system

Question
Factor that ensures server machine services reliability

i.) Reality refers to a systems ability to operate continuously without failure and to
maintain data integrity. While
System availability ; refer to ability of a system to recover to an operation state
after failure, with minimal impacts
i.) Redundancy
ii.) Regular maintenance and update
iii.) Robust security measures
 iv.) Scalability
v.) Monitoring and Alerting
vi.) Disaster recovery planning
vii.) Qualified personnel
viii.) Environmental control

The server operating system services

i.) Network services such as DHCP, DNS
ii) Directory services.
_ provides services for user accounts, groups with policies ”admin create groups with
policies for user. Hence after creation of group admin should add user to a specific
group and user will be assigned the group policies automatically. also in this admin can
set the time limits for user to use the network or system”)

Functionality provided to user account includes set password expire data, block account
etc.
iii) Provides remote access includes remotes desktop connection, SSH
iv) Virtualization service
- Virtual machine management; crate delete, add and monitoring
v) Security service
- Firewall; filtering traffics
- Encryption; process of converting data into a format that
cannot be understood by third part
- Logs; record events performed per day
- IDS&IPS (Intrusion Detection & Intrusion Preventions
vi) Email service
-
- Sometime it can act as email server management of email
services; send, upload, storage

Network Monitoring Tool

- Is the special tool that help to manage network
Functionalities

1. Performance monitoring
- Focus on uptime and downtime speed
2. Bandwidth utilization monitoring
- Normal consumption(trend)
- Define by administrator
 3. Configuration management
- Monetarize configuration
- Detect changes; altering
- Rollback
4. Log management
5. Device management
 Switch and router
- CPU utilization
- Port status
- Temperature
- Switch state(off/on)
End device

- Account/ name
- Device name
- Application in use
Reports and analytics

- Qualitative
- Quantitative
6 Mobile access

MAC Address Table

 Dynamic MAC Table: The switch learns MAC addresses dynamically. When a device
connects, the switch records its MAC address and the port it's connected to. These entries
can age out.
 Static MAC Table: You manually configure static MAC address entries. They are
permanently stored and do not age out. This provides more control and security. You
associate a MAC address with a specific port and VLAN. This prevents unauthorized
devices from connecting, even if they try to spoof a MAC address.
o Elements of a MAC Table Entry:
 MAC Address: The unique identifier of a network device.
 Port ID: The switch port the device is connected to.
 VLAN: The VLAN the device belongs to (if applicable).

2. Port Security

Port security allows you to control which devices can connect to a switch port.

 Configuration Commands
 #en
#config t
#interface fa0/1
#switchport mode access (Common for connecting end devices)
#switchport port-security
#switchport port-security mac address <MAC_ADDRESS> (Static MAC)
#switchport port-security mac-address sticky (Dynamically learn and
"stick" MAC)
#switchport port-security maximum <NUMBER> (Limit number of MACs)
#switchport port-security violation {restrict | protect | shutdown}

 Violation Modes:
o protect: Drops traffic from violating MAC addresses but does not shut down the
port or log violations extensively.
o restrict: Drops traffic, increments a violation counter, and logs the violation.
o shutdown: Shuts down the port, requiring manual re-enablement. This is the most
secure option.

3. Security Firewall (ACLs)

While switches don't have full firewall capabilities, ACLs provide basic traffic filtering. You
create rules to permit or deny traffic based on criteria like source/destination IP addresses,
protocols, and ports.

 Configuration Commands

R1>#en

#config t

#access-list 120 deny ip 192.168.0.192 0.0.0.63 any

#access-list 120 deny ip 192.168.0.128 0.0.0.63 any

#access-list 120 deny ip 192.168.0.64 0.0.0.63 any

#access-list 120 deny udp 192.168.0.64 0.0.0.63 any 192.168.0.64 0.0.0.63

#access-list 120 deny ip any any

#access-list 120 deny ip host 60.0.0.2 192.168.0.64 0.0.0.63

#access-list 120 permit ip 10.0.0.0 0.0.0.255 any

#access-list 120 deny ip any any

 #interface fa0/0

#ip access-group 120 in/out

 Explanation:
o access-list 120 deny ...: Creates rules to deny traffic. ACL numbers 100-
199 are typically used for extended ACLs (IP).
o ip 192.168.0.192 0.0.0.63: Specifies the source IP address range. 0.0.0.63
is the wildcard mask, defining the subnet (192.168.0.192 to 192.168.0.255).
o any: Matches any IP address.
o interface <INTERFACE> ip access-group 120 in: Applies the ACL to the
specified interface. in means incoming traffic.
 Network Segmentation: Your example suggests a network segmentation plan:
o 192.168.0.0/26 (192.168.0.0 - 192.168.0.63) - Student Network
o 192.168.0.64/26 (192.168.0.64 - 192.168.0.127) - Staff Network
o 192.168.0.128/26 (192.168.0.191) - Guest Network
o 192.168.0.192/26 (192.168.0.255) - Management or other

The ACLs are designed to isolate these networks from each other.

Key Points:

 Switches have limited firewall functionality. Dedicated firewalls are essential for robust
network security.
 ACLs provide basic traffic filtering on switches.
 Port security prevents unauthorized devices from connecting.
 Static MAC addresses provide more control than dynamic MAC addresses.

Dynamic Host Configuration Protocol DHCP

It automatically assigned the ip address to the clients
- Host ip
- Subnet mask
- Dns ip
- Gateway
Command
R1>#en

#config t

#ip dhcp excluded-address 10.0.0.1 10.0.0.2

#ip dhcp pool NIT

#network 10.0.0.0 255.0.0.0

#default-router 10.0.0.1

#dns-server 10.0.0.2