SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE

Semester: 6 Sub: Network Security

SHREE SWAMI NARAYAN COLLEGE OF COMPUTER SCIENCE

BCA Semester – 6

Subject: Network Security

Unit - 3

- Switch.
- Router.
- Network Management System.
- Administrative Practice.
- Centralize Account Management.

Prepared By: Niyati S. Rajyaguru Page 1 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security
❖ Network Device: -

➢ In this growing world of Internet, a single network could not provide connectivity
to everyone. So, network designers have break a network into smaller portions
and connected them using various networking devices such as bridges, gateways
and switches. etc.

➢ Devices are chosen carefully as per the complexity of the network.

➢ The networking devices are categorized as:

• Networking Devices: -

✓ The devices which are used to connect computers/systems are

networking devices. Such devices are Repeaters, Hub, and Switch.

• Internetworking Devices: -

✓ The devices which are used to connect two networks are called
Internetworking Devices. Such devices are bridge, router, gateway
etc.

✓ They could be used to transfer data or may convert the format of

data.

✓ Let us understand the few of network devices & security aspects of

the devices.

❖ Network Device Security: -

➢ The most common protocol use in today is TCP/IP (Transmission

Control Protocol/Internet Protocol) as it provides all the necessary components and
mechanism totransmit data between two computers over a network.

➢ Each Computer on a network has two address one is MAC (Media Access Control)
address and it is unique to every system and it is called Hardware/Physicaladdress.

➢ Another one is IP (Internet Protocol) address that is given by network provider

and is also called Logical address. Each IP address is unique.

Prepared By: Niyati S. Rajyaguru Page 2 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

➢ To communicate over a network, each network must know the IP as well as MAC
address of each system.

➢ IP address could be determined using Domain Name System (DNS) protocol and
to determine MAC address, the computer uses Address Resolution Protocol (ARP).

❖ Switch: -
➢ Network switches are essential components in any network, responsible for
directing network traffic between devices.

➢ They provide connectivity points to the devices of network, therefore switches are
attractive targets for cyberattacks.

➢ Hub forwards data to all the devices within system whereas switch forwards the
data only to the intended device/system.

➢ Switch learn MAC(Media Access Control) addresses of connected devices and

use this information to forward data packets only to the intended recipient.

➢ As switch forwards data only to the intended system, network traffic is reduced.

➢ As all the packets are not broadcasted, there is less chance of collision.

Prepared By: Niyati S. Rajyaguru Page 3 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security
➢ Although many precautions are taken regarding the security in the switch, a
switched network cannot completely eliminate the ability to sniff (monitoring of
Internet in real time.) the traffic completely due to ARP poisoning.

❖ ARP Protocol and ARP Poisoning: -

➢ ARP is used as communication protocol for discovering the link layer(MAC)
address, associated with a given Internet layer address(IPv4).

➢ When an opponent is able to get through the ARP table of the switch and change
the MAC address, so that an IP address points to another machine is called as ARP
poisoning.

➢ Example: If an attacker changes MAC address of some node with his own MAC
address, then he will be able to steal the information of the system/network.

➢ In some cases, when the MAC address may be of network connecting device, the
access to the web or other networks could be disabled by the attacker.

➢ As we know, the switch receives the data as frame and then forwards it to desired
node, a switch can use for techniques in forwarding a frame. Let us understand
them in brief : -

1. Cut – through method: -

• The packet (frame) is begins to be forwarded as soon as it is received in a

Cut – through switch forwarding.
Prepared By: Niyati S. Rajyaguru Page 4 of 17
 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security
• Speed of forwarding -> fast.
• (Possibility of error propagation) -> high
• Accuracy – Low (as there is no error checking)

2. Store and Forward: -

• In this method, the entire packet / frame is received first, then checked for
error and then forwarded to the destination node.

✓ Speed of Forwarding -> Slow compare to cut through as error

checking is done for each packet / frame.

✓ Accuracy -> High (as errors are not propagated with frames.)
3. Fragment Free: -
• In this method, the packet will be checked for collision only. As the
collision status is determined, the packet is forwarded.
• For that it examines first few bytes (64 bytes) of the frame & from that it
determines whether it is proper or not.
• This technique is no longer used but with this speed and accuracy both are
achieved.
• It is also known as Modified cut-through method.

To ensure network switch security, following practice should be considered:

• Use strong passwords: Protect switch management interfaces with strong, unique
passwords.
• Disable unused ports: Deactivate unused ports to prevent unauthorized access.
• Implement port security: Configure port security to limit the number of MAC
addresses allowed on each port.
• Segment the network: Use VLANs to segment the network and isolate sensitive data.
• Monitor network traffic: Regularly monitor network traffic for suspicious activity.
• Keep firmware updated: Stay up-to-date with the latest firmware releases to patch
security vulnerabilities.

By understanding the security aspects and forwarding techniques of network switches,

organizations can build a secure and efficient network infrastructure that protects their
valuable data and resources.

Prepared By: Niyati S. Rajyaguru Page 5 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

Q. Write a short note on: Router or Discuss briefly about Router.

Ans. Router: -
➢ A router is a networking device that forwards data packets between computer
networks. Routers perform the "traffic directing" functions on the Internet.
➢ Routers perform ‘Traffic Directing’ functions on the Internet.
➢ They simply connects your system/area to the Internet. It acts as ‘Gateway’ to
your home network.
➢ Routers are smartest as well complicated device.
➢ A router derives its name from its functionality that it receives a packet of data,
reads it header and determines the destination address then forwards through best
possible route.
➢ Following points to be considered while discussing security of router:

1. Firewall:
• Most routers have a built-in firewall that acts as a barrier between your network and the
internet. It inspects incoming and outgoing traffic, blocking unauthorized access and
potential threats.
• You can often customize firewall rules to control which devices or applications can
access the internet or specific network resources.

2. Network Address Translation (NAT):

• Hides your devices: NAT translates the IP addresses of devices on your local network to
a single public IP address. This hides your devices from the internet, making it harder for
attackers to target them directly.

3. Wireless Security:
• Encryption: Routers offer various encryption protocols to secure your Wi-Fi network.
These protocols encrypt the data transmitted over your wireless network, preventing
unauthorized access and eavesdropping.
• Guest networks: Many routers allow you to create a separate guest network with its own
password. This isolates guest devices from your main network, enhancing security.

4. Access Control:
• Strong passwords: It's crucial to set a strong and unique password for your router's
administration interface. This prevents unauthorized users from accessing and changing
your router settings.
• MAC address filtering: Some routers allow you to restrict network access based on the
Media Access Control (MAC) address of devices. This adds an extra layer of security by
only allowing authorized devices to connect.
Prepared By: Niyati S. Rajyaguru Page 6 of 17
 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security
5. Firmware Updates:
• Security patches: Router manufacturers regularly release firmware updates to patch
security vulnerabilities and improve performance. Keeping your router's firmware up to
date is essential for maintaining security.

6. Other Security Features:

• VPN support: Some routers support Virtual Private Networks (VPNs), allowing you to
create secure connections to remote networks or access the internet through a secure
tunnel.
• Intrusion detection: Some advanced routers include intrusion(unauthorized access)
detection systems that monitor network traffic for suspicious activity and can alert you to
potential attacks.

➢ There are two ways of gathering information of the routing table:-

1. Static Routing
2. Dynamic Routing

1. Static Routing: -

➢ Manual Configuration: In static routing, a network administrator manually

configures the routing table on each router. This means they define the specific
paths that data packets should take to reach their destination networks.

➢ Fixed Paths: The routes in a static routing table remain fixed unless the
administrator manually updates them. They do not change dynamically based on
network conditions.

➢ Simple Implementation: Static routing is relatively simple to implement,

especially in small networks with a limited number of routers.

➢ Predictable Behavior: Since the routes are fixed, static routing provides
predictable network behavior. This can be useful for specific applications that
require consistent latency and throughput.

➢ Limited Scalability: Static routing is not scalable for large and complex networks.
Maintaining the routing tables manually becomes cumbersome and error-prone as
the network grows.

➢ No Automatic Adaptation: Static routing does not adapt to network changes or

failures. If a link goes down, the data will not be rerouted unless the administrator
manually updates the routing table.

Prepared By: Niyati S. Rajyaguru Page 7 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

Dynamic Routing: -

➢ In dynamic routing, routers use routing protocols to communicate with each other
and automatically update their routing tables. They exchange information about
network topology and calculate the best paths for data packets.
➢ Adaptive Paths: Dynamic routing allows routers to adapt to network changes and
failures. If a link goes down, the routers will automatically find alternative paths
for data to travel.
➢ Complex Implementation: Dynamic routing protocols can be more complex to
configure and manage than static routing. They require a deeper understanding of
network behavior and routing algorithms.
➢ Scalability: Dynamic routing is highly scalable and suitable for large and
complex networks. It automates the process of maintaining routing tables,
reducing the administrative overhead.
➢ Efficient Resource Utilization: Dynamic routing protocols can optimize network
resource utilization by dynamically adjusting to traffic conditions and finding the
most efficient paths.
➢ Overhead: Dynamic routing protocols introduce some overhead due to the
communication and processing required for route updates.
➢ Main task of dynamic routing algorithm is to find the optimum path. Following
protocols are used for dynamic routers :

1. Distance Vector Protocols

2. Link State Protocol

➢ Difference between the two protocols is the way in which they calculate the
optimum path.

➢ One important security concern is controlling which device can find out the routes
for your network.

Prepared By: Niyati S. Rajyaguru Page 8 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

1. Data is sent to the router of the same network.

2. The router determines the destination address and forwards it to next step.

3. The data reaches its destination.

➢ Here, malicious route (suspicious routes) can disturb the normal communication or may
cause some data / information loss by routing to the unauthorized party.

➢ This selection of routing protocol is not a big thing in network security but the exchange
of routing information is considered a sensitive thing.

➢ There are number of routing protocols like Routing Information Protocol Version 2
(RIPv2), Open Shortest Path First (OSPF) etc. can perform tasks like authentication.

Prepared By: Niyati S. Rajyaguru Page 9 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

Q. Explain Network Security Management in detail.

Ans. Network Management System (NMS): -

• Definition: -

✓ The process of controlling a complex data network to maximize its

efficiency and productivity is called Network Management System.

✓ A network management system identifies, configures, monitors,

updates as well as trouble shouted network devices. (Wired as well
as wireless).

✓ The overall goal of network management is to help with the

complexity of data network and to ensure data travels with
maximum efficiency.

✓ In managing networks, systems are used to control devices,

resources by controlling its usage, access monitoring and reporting
its current as well as previous status.

✓ The key benefit of NMS is that it permits users to monitor or manage

their business operations using a control computer.

Prepared By: Niyati S. Rajyaguru Page 10 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

• Key Components and functions of an NMS: -

1. Monitoring : -

✓ NMS continuously monitors the network infrastructure , devices

and services to detect faults & performance issues in real time.

2. Configuration Management: -
✓ It allows admins to configure and manage network devices such
as routers, switches and servers centrally. This may include
tasks like firmware updates, policy enforcement etc.

3. Performance Management: -

✓ NMS collects and analyzes performance data such as bandwidth

utilization, packet loss & network traffic patterns.

✓ It helps in identifying performance so that admins could utilize

network resources optimum.

4. Fault Management: -

✓ NMS identifies and responds to network faults as well as

network failure (they can include hardware failures,
connectivity issues and service failure.)

✓ It provides alerts and notifications to the network admins for

resolution and trouble shooting.

5. Security Management: -

✓ NMS includes security failures to monitor and manage network

security policies, access control and threat election. It also
helps in enforcing security measures.

Prepared By: Niyati S. Rajyaguru Page 11 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

6. Reporting and Analysis: -

✓ NMS would generate reports and may provide statistical

analysis based on collected data to provide insights into network
performance, usage trends and security.

✓ These reports aid / help in decision – making and planning for

network improvements and upgrades.

➢ There are several functions of NMS of categorized to different aspects of Network

Management. Following are some common types :

1. Network Monitoring System (NMS): -

➢ It is designed primarily for monitoring performance and status of various network
devices and services. It collects data like bandwidth utilization, packet loss etc. to
identify issues and trends.

2. Element Management System (EMS): -

➢ It focuses on managing individual element such as firewalls, servers, etc. It
provides monitoring, trouble shooting capabilities to the element.

3. Configuration Management System (CMS): -

➢ It manages the configuration setting of network devices. It allows admins to
centrally configure and update device settings, update policies and maintain
consistency across the network reconfiguration, documentation.

4. Performance Management System (PMS): -

➢ It focuses on network performance by collecting, analyzing and optimizing
performance data. It helps improving Quality of Services (QoS) capacity, traffic,
throughput, response.

5. Security Management System (SMS): -

➢ It mainly focuses on security policies , access control and threat detection. It also
monitors security events and responds to security incidents.

Prepared By: Niyati S. Rajyaguru Page 12 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

6. Fault Management System (FMS): -

➢ It mainly focuses on detecting, diagnosing and resolving network faults and
failures. It includes real time alerts and notifications in case of fault.

Q. Explain Administrative Practices in detail.

Ans. Administrative Practices: -
➢ Administrative practices plays a crucial role in ensuring the effectiveness of
network security measures within an organization.

➢ Although many technical solutions like firewalls, encryption techniques

available, administrative practices provide a proper framework and guidelines for
implementing and maintaining security protocols.

➢ It focuses on using routers and switches to increase the security of the network as
well as provide appropriate configuration steps for protecting the devices
themself from an attack.

➢ As a web interface could be accessed via a browser, the router can be managed or
monitored via a Simple Network Management System Protocol (SNMP), it is
important to adequate secure these services to provide adequate protection against
attack.

➢ For security concern, while configuring a network device, a banner/message

should be displayed whenever a connection is established.

➢ To prevent any data leakage / lost , it is a good practice to display a warning

message regarding unauthorized use of the device , so no one can get access
unauthorizedly.

➢ As one can identify relevant attacks against the device by using information
obtained from banners.

Prepared By: Niyati S. Rajyaguru Page 13 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

❖ Remote Command Line: -

➢ TELNET (Terminal Network) is commonly used by terminal emulation
programs that allows you to log into a remote host. It can be used for terminal to
terminal communication.

➢ The main weakness of TELNET is that it can’t protect communication while

transmission.

➢ Secure Shell (SSH) provides same interface and access as TELNET, but it
encrypts all communications.

➢ Secure Shell is a cryptographic network protocol for securing data

communication. It establishes a secure channel over an insecure network in
client server architecture.

➢ To ensure SSH, it is necessary to configure host and domain names on the

router, generate an encryption key, configure accounts and set required SSH
parameters.

➢ If the administrative connections are failed to encrypt connections to network

routers, it might allow an attacker to capture sensitive information like
passwords, configuration parameters etc. when they are being transmitted over a
network.

➢ To provide manageability, individual user accounts should be created. Default

account passwords should be changed for the security purpose.

➢ Locally such information will be stored in a form of ciphertext.

➢ TELNET enables establish a connection to a remote system in such way that

local terminal appears to be a terminal at the remote system.
Example:VMVARE

Prepared By: Niyati S. Rajyaguru Page 14 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security
Q. Write a short note on Centralize Account Management.

Ans. Centralize Management System: -

➢ To maintain security and confidentiality it is advisable to manage
routers, account centrally.

➢ It happens when there is large – scale environment, and it becomes

heavy to maintain and synchronize individual user accounts on each
network switch and router.

➢ To simplify account management, routers can be configured to

authenticate against central account storage.

➢ This also removes usernames and passwords from local configurations.

➢ There are basically few protocols are used to control access into
network are CISCO, TACAS (Terminal Access Controller Access
Control System) or RADIUS (Remote Authentication Dial-In User
Service) servers.

➢ Both the protocols have numbers of operation as difference between the

two systems, but they both provide robust authentication and
authorization services.

➢ One should keep local backups accounts for precautionary measures in

case when the server is down or unavailable. Thus authentication to the
router should not rely completely on a remote authentication.

➢ Beyond simply authentication access to the router, it is good practice to

limit the locations from which such connections can be initiated.

➢ Admins can configure ACLs (Access Control List) to restrict

administrative access to authorized hosts and subnets. They are packet
filters that will either accept or deny packets based on the packets larger
header information.

Prepared By: Niyati S. Rajyaguru Page 15 of 17

 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

❖ Simple Network Management Protocol (SNMP): -

➢ SNMP provides a centralized mechanism for monitoring and configuring
routers. It is also used to manage operations like CPU lead and link operation.

➢ In addition, managed devices could alert workers to detect problems by sending

traps to configured consoles.

➢ Traps are uninvited or unsolicited messages that a device will send when a
configured threshold is exceeded or failure occurs.

➢ The SNMP protocol is widely used management protocol for communication

with network devices like routers, switches, hubs, IP phones, servers, etc.
over a network.

➢ SNMP is used at the application layer of the TCP/IP architecture and is used
to manage network faults.

➢ Sometimes, it is also used to modify the configuration of the remote and

devices of the network.

➢ Compatible devices on which SNMP are modems, routers, switches,

printers, servers etc.
Prepared By: Niyati S. Rajyaguru Page 16 of 17
 SHREE SWAMINIRAYAN COLLEGE OF COMPUTER SCIENCE
Semester: 6 Sub: Network Security

❖ SNMP Manager: -
➢ It is the centralized node which is used to monitor the network and is also called
a Network Management System (NMS).

➢ It interfaces between NMS node and other network elements in both the
directions. Here, the network elements are switches, routers, servers, computer
hosts, etc.

❖ SNMP Agent : -
➢ The agent is the module of network management software that is installed on a
network devices like host pc , servers , router , etc.

➢ The agent upholds the database on the managed network elements.

➢ If only trap or error is encountered by the agent on a managed device, then it

sends the SNMP trap message to the SNMP manager indicating the live status.

➢ The version SNMP3 has a number of security features such as encryption,

message integrity and traffic authentication.

➢ It could be enabled as well disabled as per the need.

Prepared By: Niyati S. Rajyaguru Page 17 of 17