Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

CSI3207/CSI5212 Network Security Fundamentals

Verified

Added on 2023/06/11

AI Summary

This article discusses the major vulnerabilities in network security, the role of firewall, IDS/IPS, honeypot, router/switches, and VLAN in securing the network. It also covers the importance of system admin, audit, network, and security policies. The article includes a network design and answers to questions related to scanning server and HTTP packets. The content is relevant to CSI3207/CSI5212 Network Security Fundamentals course.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: CSI3207/CSI5212 NETWORK SECURITY FUNDAMENTALS
CSI3207/CSI5212 Network Security Fundamentals
[Student Name]
[University Name]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Part 1..........................................................................................................................................3
Part 2..........................................................................................................................................4
Part 3..........................................................................................................................................5
Part 4..........................................................................................................................................6
Part 5..........................................................................................................................................6
Part 6..........................................................................................................................................8
Part 2........................................................................................................................................10
Scanning Server...................................................................................................................10
Answer to question 4............................................................................................................11
Answer to question 5............................................................................................................11
References................................................................................................................................14

Part 1
Some of the major vulnerability, which are majorly seen within the concept of the network,
are stated below:
Missing patches: All it takes for an attacker to indulge into different illegal activity
within the concept of the network is a missing patch on the server. This directly allows an
unauthenticated command prompt or other backdoor path into the environment of the web.
The main aspect, which should be taken into consideration in the aspect, is that the patches
should be applied very carefully (Raines, 2017).
Weak or default password: The main vulnerability in the concept of the weak
password or a default password. The main aspect, which is taken into consideration in the
aspect, is that any type of intruders can directly indulge into different types of activity. The
activity can range from accessing of the data of the user or of the system. The password
should be always secured and it should be taken care of that, it does not go into the hand of
another person exact the authorized user. This would be directly securing the networking
channel and helping to build a more secured aspect of the networking.
Misconfigured firewall rule base: It can be stated here that the concept of the
misconfigured firewall rule base can be considered as one of the most important vulnerability
in the concept of the network. It can be considered as an assumption, which directly states
that everything is going fine in the concept of the network and everything is well inside the
concept of the firewall. The concept of the digging into the firewall rule base that has been
never analyzed can be considered inevitable with serious impact in the sector of the working
in different scenario. This directly allows unauthorized user to get into the concept of the
network and retrieve the saved data from the concept of the network (Raines, 2017).

Unauthorized access: It can be stated here that the sector of the unauthorized access
can be considered very much vital in the aspect as it could harm the overall working of the
system. In most of the cases, it can be seen that the path of the network access and the
authority to access the network should be restricted to only authorized person who would be
directly dealing with the different aspects of the network. The security of the network can be
considered as a very important point and it should be always taken care of.
Part 2
a. Firewall: A router can be considered as a connected network. The main aspect, which is
related to the concept of the router, is that it acts as a dispatcher as it decides which way
to send the packet. The router is usually located at any gateway where one network meets
another network including each point of presence on the internet. The virus attacks can
also be prevented with the implementation of the firewall, as it would be directly
involving the security of the communication channel, which is established between
different channels of communication, which is established through the implementation of
the network (Neira, Corey & Barber, 2014). The security form the channel from different
types of intruders should be the main point of concern.
b. IDS/IPS: network intrusion detection system is usually related to the aspect if the
monitor system behavior and the alert, which is related to the potential malicious,
network traffic. The IDS can be set inline attached to a spanning port relating to the
switch or make use of a hub in place of a switch. The network intrusion prevention
system can be considered as a component of the network traffic which can be considered
as a key component relating to protection of the system of information. It acts very much
like a firewall and is placed in the junction of the network.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

c. Honeypot: The honeypot generally consist of data, which directly appears to be a
legitimate part of the site but is very much isolated and monitored. The main role of the
honeypot can be considered as a protection device which directly protects the system.
d. Router/switches: The router/ switch can be placed in the gateway, which directly links
one sector to another sector in the network. A router can also be used in the practice of
switching of packets (Raines, 2017).
Part 3
 Firewall: a firewall is placed at the junction of the network due to factor of protecting the
network from intruders. The main activity, which is related to the concept, is the securing
of the system or the network, which would be enhancing the quality of the network,
which would be involved into the process. There can be different types of attack form
intruders, which would be directly effecting the overall performance of the system. It can
be stated that the main functionality of the firewall would be in the sector of the securing
the overall process and the different components which would be involved into the aspect
of the networking.
 IDS/IPS: The deployment of the IDS/IPS in the network is also related to the securing of
the network from different types of attack, which can be applied in the concept of the
network.
 Honeypot: The main implementation of the honeypot is in the sector of the providing a
means of communication for the network which would be directly helping the service of
the network.
 Router/switches: A router and a switch is used for the aspect for the redirecting of the
different packets of the network. In most of the cases, it can be stated that the placement
of the router/ switch is very much important in the network due to the factor that the

decision of which packet goes where is taken into consideration by this device. The
function of the router can be considered to be very much vital due to the factor that it
would be dealing with the overall functionality of the network. If it were seen that router
is not working properly it would be directly affecting the overall networking aspect.
Part 4
The concept of VLAN is very much beneficial in the network. This is due to the
factor that a VLAN allows a network manager to logically segment a LAN into the different
broadcast domain. Since the concept of the VLAN is logically segmented and not a physical
device it sometimes does not need to be implemented physically. Different network, which
are located on the same channel, can directly become one communication channel with the
help of the VLAN (Ghali, Frayret & Robert, 2016).
The main advantage, which can be related to the aspect of the VLAN, is that in the
concept of high percentage of multicast and broadcast VLAN concept can directly decrease
the need of such traffic to unnecessary destination. When comparing a switch with router it
can be stated that a router requires more processing of the incoming traffic. As the volume of
the traffic passes through the router the aspect of the latency in the router can be decreased
which would be directly helping the implementation of the network. The use of VLAN can
directly reduce the number of routers which are required in the network channel since the
concept of the VLAN’s create a broadcast domain using the switch instead of the concept if
the router.
Part 5
Source(Required) Description
Log (optional) Logs a match to this rule. This is mainly

recommended when a rule directly indicates
a security breach such as a data packet on a
policy that is meant only for the use in the
voice channel.
Queue (optional) Mirrors session of the packet to data path or
the remote destination.
Time range(optimal) The queue in which a packet matching the
rules would be placed. Select of high for the
higher priority and low for low level
packets.
Black list Automatically blacklist a client when a
traffic is present which may include some
sort of intruder activity.
White list A rule, which directly explains the aspect,
which is related to the working of the
packets and how they would be nearing into
the network and what, would be the main
function of the packet (Neira, Corey &
Barber, 2014).
TOS The TOS must be marked at the end of each
of the header which would be directly
securing the packets and would be
restricting the intruders to be indulged into

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

the different
Part 6
 The packets, which enter into the network, should be very much free of any sort of virus,
which is indulged into the aspect.
 It should be taken care of that no malware are detected in the system
 The passing of packets which be taken care of so that no packets go missing in the aspect
of transferring from one point to another.
 It should be taken care of that, most of the components of the network work properly and
so not indulge into any false activity in the network.
 An acknowledgement should be received from the end of the receiver at the time they
actually receive the packet.
 There should not be any gap or time framework delay between the different packets
which are transferred in the process
 In most of the time, it can be stated that the respond time relating to a packet transfer is
not more than few millisecond (Neira, Corey & Barber, 2014).
Part 7
Sys admin: The system admin has the overall power of the network. He has the role of taking
care of the overall functionality of the network and intend to work for the network. He should
be able to deal with any problem, which is associated with the network. In case of any risk
factor, he should be able to deal with the different functionality of the system and take care of
the aspect.

Audit: The sector of the audit play a very vital role in the sphere of the networking due to the
factor of involving of the different sectors of the functionality, which is archived from the
system. The main policy, which can be applicable in the concept, is that most of the devices
should be upmost and should be performing according to the requirement of the system. The
concept of the audit should be done in some period of time which directly the responsibility
of the main in charge of the person (Ghali, Frayret & Robert, 2016). If any type of error are
found in the network it should be directly be secured and the system should be maintained
properly. Sometimes an initial planning has to be done in the aspect of the audit policy due to
the factor that there can be different types of alteration into the system, which would be
directly affecting the normal functionality of the system and the network as well.
Network: The main policy, which is related to the aspect, can be in the sector that all the
packets, which enter the network, are transferred to the port, which has to be accessed. In
most of times it can be stated that overall main motive of the network is to reduce the overall
time which is involved in the delivery of the packets from one part to another part. The
network should be highly secured due to the aspect of there can be different types of crucial
activity, which are done in the form of the network, and it can include different types of
packets, which may include different types of vital information.
Security: The aspect of the security can be considered as one of the most important parts in
the concept of the networking. This is due to the factor that there can be different types of
attack, which can be initiated into the system which would be directly affecting the overall
functionality of the system. The main policy, which can be applicable in the concept, is that
the security enhancement of the different components of the system should be done properly
so that the it would not be effecting the internal as well as external working of the
organization. In most of the times, there are different policies, which are included into the

concept of the working of the network, which would be maintained in the internal as well as
external working of the system (Ghali, Frayret & Robert, 2016).
Network Design
Figure 1: Network Design
(Source: Created by author)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Part 2
Scanning Server
TCP SYN scan
Sudo nmap –sS scanme.namp.org
Enable OS detection and version detection.
Quick scan
Scan a single port
Scan a range of ports

Scan all ports
Answer to question 4
Command used to scan server Sudo nmap scanme.namp.org
IP address of the server 45.32.33.156
Ports open in the server 22 – ssh
25 – smtp
30 - http
Sunning Web server Http Server, port 30
web server version in use is patched No
Answer to question 5
HTTP packets

Exclude HTTP packets
Difference Between the capture filter and Display filter

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

A capture filter is used to select which packets should be saved to disk while capturing. For
capture filters Wireshark uses the BPF syntax. BPF is module that runs in the kernel and can
therefor maintain high rates of capturing because the packets do not have to move from
kernel space to user space when filtering. The things that can be filtered on are predefined
and limited (compared to display filters) as full dissection has not been done on the packets.
Display filters are used to change the view of a capture file. They take advantage of the full
dissection of all packets. This makes it possible to do very complex and advanced filtering
when analyzing a network trace file.

References
Ghali, M. R., Frayret, J. M., & Robert, J. M. (2016). Green social networking: concept and
potential applications to initiate industrial synergies. Journal of Cleaner Production,
115, 23-35.
Kreutz, D., Ramos, F. M., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S.
(2015). Software-defined networking: A comprehensive survey. Proceedings of the
IEEE, 103(1), 14-76.
Li, X., Wu, H., Gruenbacher, D., Scoglio, C., & Anjali, T. (2016). Efficient routing for
middlebox policy enforcement in software-defined networking. Computer Networks,
110, 243-252.
Maina, J. N. (2016). Networking and Firm Performance Among Manufacturing Small and
Medium Enterprises In Kenya (Doctoral dissertation).
Mowbray, J., Hall, H., Raeside, R., & Robertson, P. (2017). The role of networking and
social media tools during job search: an information behaviour perspective.
Information Research, 22(1).
Neira, B., Corey, J., & Barber, B. L. (2014). Social networking site use: Linked to
adolescents' social self‐concept, self‐esteem, and depressed mood. Australian Journal
of Psychology, 66(1), 56-64.
Raines, P. (2017). Cluster policy-does it exist?. In Cluster development and policy (pp. 31-
44). Routledge.

Ranathunga, D., Roughan, M., Kernick, P., Falkner, N., Nguyen, H. X., Mihailescu, M., &
McClintock, M. (2016, July). Verifiable Policy-defined Networking for Security
Management. In SECRYPT (pp. 344-351).

1 out of 16

+13062052269

info@desklib.com

CSI3207/CSI5212 Network Security Fundamentals

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Desklib - Online Library for Study Material with Solved Assignments, Essays, Dissertations

Network Security Fundamentals - Vulnerabilities, Devices, Segregation, Firewall Policies and Rules

Network Security Fundamentals: Vulnerabilities, Security Devices, Policies and More

Home Network Vulnerabilities

Vulnerabilities in Network Security: An Analysis

Network Security Assessment Report