Wireless Network Security Analysis
VerifiedAdded on  2020/03/23
|17
|2110
|63
AI Summary
This assignment delves into the crucial topic of wireless network security. It examines prevalent security threats and vulnerabilities in wireless networks, such as data interception and DDoS attacks. The analysis discusses essential security measures employed to protect wireless communications, including Virtual Private Networks (VPNs), virtual circuits for secure data transmission, and physical layer security techniques. Moreover, it highlights the significance of understanding these concepts for ensuring the confidentiality, integrity, and availability of wireless network resources.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: ADVANCED NETWORK SECURITY
Advanced Network Security
Name of the Student
Name of the University
Author’s Note
Advanced Network Security
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
ADVANCED NETWORK SECURITY
Table of Contents
Answer to Question 1: Firewalls.........................................................................................2
Answer to Question 2: WiFi Security..................................................................................3
a. WPA.............................................................................................................................3
b. Antennas, transmit power and AP positioning for controlling range of radio.............4
c. RADIUS.......................................................................................................................4
d. Manual detection of rogue Aps....................................................................................5
Answer to Question 3: Access Control................................................................................6
Answer to Question 4: HTTPS and Certificates................................................................11
Answer to Question 5: Internet Privacy.............................................................................13
Bibliography......................................................................................................................15
ADVANCED NETWORK SECURITY
Table of Contents
Answer to Question 1: Firewalls.........................................................................................2
Answer to Question 2: WiFi Security..................................................................................3
a. WPA.............................................................................................................................3
b. Antennas, transmit power and AP positioning for controlling range of radio.............4
c. RADIUS.......................................................................................................................4
d. Manual detection of rogue Aps....................................................................................5
Answer to Question 3: Access Control................................................................................6
Answer to Question 4: HTTPS and Certificates................................................................11
Answer to Question 5: Internet Privacy.............................................................................13
Bibliography......................................................................................................................15
2
ADVANCED NETWORK SECURITY
Answer to Question 1: Firewalls
Rule No. Transport Source IP Source
Port
Destination
Port
Destination
IP
Action
1 TCP 10.4.10.0 –
10.4.10.255
143 143 142.66.13.10 Allow
2 TCP Any 143 143 142.66.13.10 Deny
3 TCP Any 1433 1433 142.66.13.30 Allow
4 TCP Any 1023 Any 142.66.13.20 Deny
5 TCP 142.66.13.10 1023 Any 142.66.13.30 Allow
6 TCP 142.66.13.30 1023 Any 142.66.13.20 Allow
ADVANCED NETWORK SECURITY
Answer to Question 1: Firewalls
Rule No. Transport Source IP Source
Port
Destination
Port
Destination
IP
Action
1 TCP 10.4.10.0 –
10.4.10.255
143 143 142.66.13.10 Allow
2 TCP Any 143 143 142.66.13.10 Deny
3 TCP Any 1433 1433 142.66.13.30 Allow
4 TCP Any 1023 Any 142.66.13.20 Deny
5 TCP 142.66.13.10 1023 Any 142.66.13.30 Allow
6 TCP 142.66.13.30 1023 Any 142.66.13.20 Allow
3
ADVANCED NETWORK SECURITY
7 TCP 10.40.10.2 1234 1234 10.4.10.4 Allow
8 TCP 10.40.20.2 1234 1234 10.40.10.3 Allow
9 TCP 10.40.10.3 1234 1234 Any Deny
Explanation of the rules:
ï‚· Rule 1 & 2: They are created to block the external access to the network.
ï‚· Rule 3: This rule would prohibit the researchers and the students from accessing
the mail server.
ï‚· Rule 4: This rule would block the other host addresses from accessing the web
server.
ï‚· Rule 5: This rule allows authorization for the request that are outside the network.
ï‚· Rule 6: This rue defines the accessibility of the web server.
ï‚· Rule 7 & 8 & 9: This rule is used to enable the SSH accessibility of the server.
c. The two common default policies are intrusion prevention policy and device or application
control policy in the firewall. The intrusion prevention can be configured by blocking the
unauthorized host to connect in the network and the application or device control can be applied
with the enforcement of routing rules such as blocking UDP connection in the network.
Answer to Question 2: WiFi Security
a. WPA
Wifi protected access is referred to as WPA and it is an encryption technique used for
securing the wireless access point from unauthorized access. It is the revised version of WEP and
ADVANCED NETWORK SECURITY
7 TCP 10.40.10.2 1234 1234 10.4.10.4 Allow
8 TCP 10.40.20.2 1234 1234 10.40.10.3 Allow
9 TCP 10.40.10.3 1234 1234 Any Deny
Explanation of the rules:
ï‚· Rule 1 & 2: They are created to block the external access to the network.
ï‚· Rule 3: This rule would prohibit the researchers and the students from accessing
the mail server.
ï‚· Rule 4: This rule would block the other host addresses from accessing the web
server.
ï‚· Rule 5: This rule allows authorization for the request that are outside the network.
ï‚· Rule 6: This rue defines the accessibility of the web server.
ï‚· Rule 7 & 8 & 9: This rule is used to enable the SSH accessibility of the server.
c. The two common default policies are intrusion prevention policy and device or application
control policy in the firewall. The intrusion prevention can be configured by blocking the
unauthorized host to connect in the network and the application or device control can be applied
with the enforcement of routing rules such as blocking UDP connection in the network.
Answer to Question 2: WiFi Security
a. WPA
Wifi protected access is referred to as WPA and it is an encryption technique used for
securing the wireless access point from unauthorized access. It is the revised version of WEP and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
ADVANCED NETWORK SECURITY
it uses the TKIP temporal key integrity protocol for the initialization and checking the integrity
of the authentication.
WPA can operate with the WEP and increases the security of Access point. There are
different version of WPA and the most recent version is the WPA 2 and it uses the CCMP
Counter Mode Cipher Block Chaining Message Authentication Code Protocol as the encryption
algorithm for authentication and verification of the integrity of the wireless network. There are
some vulnerability related to WPA 2 such as unauthorized access of the wireless network where
the intruders have the access of the WPS access points. For the removal of the threat the WPS is
required to be disabled and increase the security of the network.
b. Antennas, transmit power and AP positioning for controlling range of radio
The performance of the wireless network depends on different factors such as the range
of the access point and the radio frequency of the wireless signals. The antennas are used for the
propagation of the radio waves and a transmitter is used for transmitting the radio waves. The
transmit power of the antenna should depend on the requirement of the wireless network and the
coverage area of the wireless access point is required to be analyzed for the development of the
wireless network. The wireless access point is required to be installed in the range of the
organization and the obstruction is required to be removed for increasing the efficiency of the
wireless network.
c. RADIUS
RADIUS stands for remote authentication dial in user service and is used for the
management of the client server and enabling remote access of the servers for communicating
with the central server. Dial up connection is used for the communication and access the
ADVANCED NETWORK SECURITY
it uses the TKIP temporal key integrity protocol for the initialization and checking the integrity
of the authentication.
WPA can operate with the WEP and increases the security of Access point. There are
different version of WPA and the most recent version is the WPA 2 and it uses the CCMP
Counter Mode Cipher Block Chaining Message Authentication Code Protocol as the encryption
algorithm for authentication and verification of the integrity of the wireless network. There are
some vulnerability related to WPA 2 such as unauthorized access of the wireless network where
the intruders have the access of the WPS access points. For the removal of the threat the WPS is
required to be disabled and increase the security of the network.
b. Antennas, transmit power and AP positioning for controlling range of radio
The performance of the wireless network depends on different factors such as the range
of the access point and the radio frequency of the wireless signals. The antennas are used for the
propagation of the radio waves and a transmitter is used for transmitting the radio waves. The
transmit power of the antenna should depend on the requirement of the wireless network and the
coverage area of the wireless access point is required to be analyzed for the development of the
wireless network. The wireless access point is required to be installed in the range of the
organization and the obstruction is required to be removed for increasing the efficiency of the
wireless network.
c. RADIUS
RADIUS stands for remote authentication dial in user service and is used for the
management of the client server and enabling remote access of the servers for communicating
with the central server. Dial up connection is used for the communication and access the
5
ADVANCED NETWORK SECURITY
resources of the network. It can be used in an organizational network for the management of the
database and share it with the remote users for maintaining transparency of the network. The
RADIUS servers helps an organization to improve its security and helps to set an organizational
policy for the administration of the single point network. It is an industrial standard and can be
used for tracking the statistics of the network and review the policy of the network.
d. Manual detection of rogue Aps
For the detection of the rogue access point manually the functionality and the ability of
the wireless network is required to be analyzed and if it is found that the wireless access point is
unauthorized and connected with the wired network then it is considered as the rogue. On the
other hand if the access point is found in the RF environment and not connected with the wired
network it is considered as interfering access point. The wireless access point is directly related
with the security threats since it is connected with the wired network. An attacker gaining the
access of the access point can intrude into the network and cause a threat for the organization. A
strong authentication is required to be used for the wireless access point for the mitigation of the
threats and increase the security of the network.
ADVANCED NETWORK SECURITY
resources of the network. It can be used in an organizational network for the management of the
database and share it with the remote users for maintaining transparency of the network. The
RADIUS servers helps an organization to improve its security and helps to set an organizational
policy for the administration of the single point network. It is an industrial standard and can be
used for tracking the statistics of the network and review the policy of the network.
d. Manual detection of rogue Aps
For the detection of the rogue access point manually the functionality and the ability of
the wireless network is required to be analyzed and if it is found that the wireless access point is
unauthorized and connected with the wired network then it is considered as the rogue. On the
other hand if the access point is found in the RF environment and not connected with the wired
network it is considered as interfering access point. The wireless access point is directly related
with the security threats since it is connected with the wired network. An attacker gaining the
access of the access point can intrude into the network and cause a threat for the organization. A
strong authentication is required to be used for the wireless access point for the mitigation of the
threats and increase the security of the network.
6
ADVANCED NETWORK SECURITY
Answer to Question 3: Access Control
ADVANCED NETWORK SECURITY
Answer to Question 3: Access Control
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
ADVANCED NETWORK SECURITY
ADVANCED NETWORK SECURITY
8
ADVANCED NETWORK SECURITY
ADVANCED NETWORK SECURITY
9
ADVANCED NETWORK SECURITY
b. The shadow file stores all the passwords of the users created on the node 1 of the virtnet
topology. SHA algorithm is used for the encryption of the passwords stored in the shadow files.
c. It is difficult for the administrator for identification of the same password for two different
users because the password are stored in encrypted format and each of the time different key is
generated for different keys and thus it is impossible for the administrator to distinguish between
the passwords used by the different users.
d. It is difficult for the malicious users to find the password information that is stored in the
active directory of the server. If the file where the password information is stored is available to
the malicious user the user cannot decipher the password unless the key is available to the user.
ADVANCED NETWORK SECURITY
b. The shadow file stores all the passwords of the users created on the node 1 of the virtnet
topology. SHA algorithm is used for the encryption of the passwords stored in the shadow files.
c. It is difficult for the administrator for identification of the same password for two different
users because the password are stored in encrypted format and each of the time different key is
generated for different keys and thus it is impossible for the administrator to distinguish between
the passwords used by the different users.
d. It is difficult for the malicious users to find the password information that is stored in the
active directory of the server. If the file where the password information is stored is available to
the malicious user the user cannot decipher the password unless the key is available to the user.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
ADVANCED NETWORK SECURITY
All the information is stored in cipher text and it requires the public and the private key for
getting the actual content.
ADVANCED NETWORK SECURITY
All the information is stored in cipher text and it requires the public and the private key for
getting the actual content.
11
ADVANCED NETWORK SECURITY
Answer to Question 4: HTTPS and Certificates
Topology 5 in virtnet
Deployment of MyUni demo website
ADVANCED NETWORK SECURITY
Answer to Question 4: HTTPS and Certificates
Topology 5 in virtnet
Deployment of MyUni demo website
12
ADVANCED NETWORK SECURITY
b. Certificate file of the website
HTTP and .pcap file
ADVANCED NETWORK SECURITY
b. Certificate file of the website
HTTP and .pcap file
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13
ADVANCED NETWORK SECURITY
Port number 443 is used by the web server for establishment of the HTTPS connection
Symmetric key of a single bit is used for message encoding
Public key of 4 bit is utilized for the creation of a public key cipher and the RSA
algorithm is utilized for the cipher and SHA-1 algorithm is utilized for hashing
A certificate is generated on the first node of the virtnet and MyUni website is deployed
on the node number 3 and the node 1 is used for the creation of the certificate and uploaded on
the 3rd node. The web browser uses the certificates for the establishment of a single session for
the users.
Answer to Question 5: Internet Privacy
a. Web Proxies
A threatening client can without a lot of a stretch out end up being more comfortable with
the machine territories of the server and the customer furthermore get data about the range and
the time of the clients. On the off chance that the NAT is utilized the mal master would be not
skilled get the IP address of C and subsequently, would be not able take after the closeness of the
client. The malicious client can in like way track the IP addresses and the region of substitute
machines that are conversing with VPN servers.
b. VPNs
ADVANCED NETWORK SECURITY
Port number 443 is used by the web server for establishment of the HTTPS connection
Symmetric key of a single bit is used for message encoding
Public key of 4 bit is utilized for the creation of a public key cipher and the RSA
algorithm is utilized for the cipher and SHA-1 algorithm is utilized for hashing
A certificate is generated on the first node of the virtnet and MyUni website is deployed
on the node number 3 and the node 1 is used for the creation of the certificate and uploaded on
the 3rd node. The web browser uses the certificates for the establishment of a single session for
the users.
Answer to Question 5: Internet Privacy
a. Web Proxies
A threatening client can without a lot of a stretch out end up being more comfortable with
the machine territories of the server and the customer furthermore get data about the range and
the time of the clients. On the off chance that the NAT is utilized the mal master would be not
skilled get the IP address of C and subsequently, would be not able take after the closeness of the
client. The malicious client can in like way track the IP addresses and the region of substitute
machines that are conversing with VPN servers.
b. VPNs
14
ADVANCED NETWORK SECURITY
The virtual private network helps the sender and the receiver to send and receive data
utilizing a public network securely. Here the client sends data to the server via n number of
routers and different paths can be used for reaching the destination address and vpn can be used
for securing the channel of communication and increasing the efficiency of the network solution.
A point to point connection is established and different proxy servers are used for the protection
of the identity and location address of the server or the client. The routers used in the network
connection is required to be configured with tunneling and different service is required to be
enabled for increasing the security of the network.
c. Tor
Tor is referred to as a network that can be used for anonymous communication between
the world wide network and it can be a software. A network surveillance is required to be traced
and analysis of the traffic is required to be performed for the protection of the personal identity
of the sender and the receiver. The tor network does not prevent the online service and the
application of the onion routing helps to increase the efficiency of the tor. Thee data are
encrypted and in the tor network including the IP address of the next node and a virtual circuit is
utilized for the decryption of the data and forwarding the data packets in the network.
ADVANCED NETWORK SECURITY
The virtual private network helps the sender and the receiver to send and receive data
utilizing a public network securely. Here the client sends data to the server via n number of
routers and different paths can be used for reaching the destination address and vpn can be used
for securing the channel of communication and increasing the efficiency of the network solution.
A point to point connection is established and different proxy servers are used for the protection
of the identity and location address of the server or the client. The routers used in the network
connection is required to be configured with tunneling and different service is required to be
enabled for increasing the security of the network.
c. Tor
Tor is referred to as a network that can be used for anonymous communication between
the world wide network and it can be a software. A network surveillance is required to be traced
and analysis of the traffic is required to be performed for the protection of the personal identity
of the sender and the receiver. The tor network does not prevent the online service and the
application of the onion routing helps to increase the efficiency of the tor. Thee data are
encrypted and in the tor network including the IP address of the next node and a virtual circuit is
utilized for the decryption of the data and forwarding the data packets in the network.
15
ADVANCED NETWORK SECURITY
Bibliography
Anwar, R.W., Bakhtiari, M., Zainal, A., Abdullah, A.H., Qureshi, K.N., Computing, F. and
Bahru, J., 2014. Security issues and attacks in wireless sensor network. World Applied Sciences
Journal, 30(10), pp.1224-1227.
Biswas, S., Bicket, J., Wong, E., Musaloiu-e, R., Bhartia, A. and Aguayo, D., 2015, August.
Large-scale measurements of wireless network behavior. In ACM SIGCOMM Computer
Communication Review (Vol. 45, No. 4, pp. 153-165). ACM.
Kavianpour, A. and Anderson, M.C., 2017, June. An Overview of Wireless Network Security.
In Cyber Security and Cloud Computing (CSCloud), 2017 IEEE 4th International Conference
on (pp. 306-309). IEEE.
Khan, S. and Pathan, A.K., 2013. Wireless networks and security. Berlin: Springer.
Kumar, V., Jain, A. and Barwal, P.N., 2014. Wireless sensor networks: security issues,
challenges and solutions. International Journal of Information and Computation Technology
(IJICT), 4(8), pp.859-868.
Liang, C. and Yu, F.R., 2015. Wireless network virtualization: A survey, some research issues
and challenges. IEEE Communications Surveys & Tutorials, 17(1), pp.358-380.
Liu, J., Lai, Y. and Zhang, S., 2017, March. FL-GUARD: A Detection and Defense System for
DDoS Attack in SDN. In Proceedings of the 2017 International Conference on Cryptography,
Security and Privacy (pp. 107-111). ACM.
ADVANCED NETWORK SECURITY
Bibliography
Anwar, R.W., Bakhtiari, M., Zainal, A., Abdullah, A.H., Qureshi, K.N., Computing, F. and
Bahru, J., 2014. Security issues and attacks in wireless sensor network. World Applied Sciences
Journal, 30(10), pp.1224-1227.
Biswas, S., Bicket, J., Wong, E., Musaloiu-e, R., Bhartia, A. and Aguayo, D., 2015, August.
Large-scale measurements of wireless network behavior. In ACM SIGCOMM Computer
Communication Review (Vol. 45, No. 4, pp. 153-165). ACM.
Kavianpour, A. and Anderson, M.C., 2017, June. An Overview of Wireless Network Security.
In Cyber Security and Cloud Computing (CSCloud), 2017 IEEE 4th International Conference
on (pp. 306-309). IEEE.
Khan, S. and Pathan, A.K., 2013. Wireless networks and security. Berlin: Springer.
Kumar, V., Jain, A. and Barwal, P.N., 2014. Wireless sensor networks: security issues,
challenges and solutions. International Journal of Information and Computation Technology
(IJICT), 4(8), pp.859-868.
Liang, C. and Yu, F.R., 2015. Wireless network virtualization: A survey, some research issues
and challenges. IEEE Communications Surveys & Tutorials, 17(1), pp.358-380.
Liu, J., Lai, Y. and Zhang, S., 2017, March. FL-GUARD: A Detection and Defense System for
DDoS Attack in SDN. In Proceedings of the 2017 International Conference on Cryptography,
Security and Privacy (pp. 107-111). ACM.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
16
ADVANCED NETWORK SECURITY
Mukherjee, A., Fakoorian, S.A.A., Huang, J. and Swindlehurst, A.L., 2014. Principles of
physical layer security in multiuser wireless networks: A survey. IEEE Communications Surveys
& Tutorials, 16(3), pp.1550-1573.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
CRC press.
Prasad, N.H., Reddy, B.K., Amarnath, B. and Puthanial, M., 2016. Intervlan Routing and
Various Configurations on Vlan in a Network using Cisco Packet Tracer. International Journal
for Innovative Research in Science and Technology, 2(11), pp.749-758.
Stallings, W. and Tahiliani, M.P., 2014. Cryptography and network security: principles and
practice (Vol. 6). London: Pearson.
Tse, A. and Carley, K.M., 2017, July. Event-Based Model Simulating the Change in DDoS
Attack Trends After P/DIME Events. In International Conference on Social Computing,
Behavioral-Cultural Modeling and Prediction and Behavior Representation in Modeling and
Simulation (pp. 120-126). Springer, Cham.
ADVANCED NETWORK SECURITY
Mukherjee, A., Fakoorian, S.A.A., Huang, J. and Swindlehurst, A.L., 2014. Principles of
physical layer security in multiuser wireless networks: A survey. IEEE Communications Surveys
& Tutorials, 16(3), pp.1550-1573.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
CRC press.
Prasad, N.H., Reddy, B.K., Amarnath, B. and Puthanial, M., 2016. Intervlan Routing and
Various Configurations on Vlan in a Network using Cisco Packet Tracer. International Journal
for Innovative Research in Science and Technology, 2(11), pp.749-758.
Stallings, W. and Tahiliani, M.P., 2014. Cryptography and network security: principles and
practice (Vol. 6). London: Pearson.
Tse, A. and Carley, K.M., 2017, July. Event-Based Model Simulating the Change in DDoS
Attack Trends After P/DIME Events. In International Conference on Social Computing,
Behavioral-Cultural Modeling and Prediction and Behavior Representation in Modeling and
Simulation (pp. 120-126). Springer, Cham.
1 out of 17
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.