Network Security Assignment

Verified

Added on 2019/09/16

AI Summary

This homework assignment focuses on network security concepts. It consists of four questions. Question 1 involves designing a firewall decision diagram to protect a private network with specific access rules for different IP ranges and services (email, DNS). Question 2 explores the advantages and disadvantages of using firewalls and proxy servers to isolate a network, suggesting VPN as an alternative and outlining specifications for a CS department setup. Question 3 defines NAT (Network Address Translation), explains its mechanism, and discusses its security implications. Finally, Question 4 addresses the optimal placement of a web server within an organization's network for enhanced security using a DMZ and firewall protection.

network security assignment
Student name:
12 November, 2016

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Q1. This homework problem requires you to design a firewall decision diagram for a firewall that
protects a private network. In this private network, there is only one server that serves as both an
email server and a DNS server. The IP address of this server is 192.168.0.1. This network currently
has 49 computers other than the server. The IP addresses used by these 49 computers range from
192.168.0.2 to 192.168.0.50. The firewall has two interfaces: interface 0 which connects the firewall
to the outside Internet, and interface 1 which connects the firewall to the private network. The
function of this firewall is as follows:
A. The 10 computers, whose IP addresses range from 192.168.0.2 to 192.168.0.11, are not
allowed to be accessed from the outside Internet.
B. The server only accepts TCP packets or UDP packets. The value of the protocol type field of
any TCP packet is 6, and the value of the protocol type field of any UDP packet is 17.
C. The server is dedicated only to email services and DNS services. The email protocols used by
the email services include SMTP (which uses TCP port number 25), POP2 (which uses TCP port
number 109), and POP3 (which uses TCP port number 110). To efficiently process multiple
connection requests, the email server uses TCP port redirection. The port numbers used in port
redirection range from 10000 to 30000. The DNS service uses UDP port number 1949. The traffic to
the server that does not belong to any of the above two services is discarded.
D. The computers, whose IP addresses range from 192.168.0.12 to 192.168.0.50, are not
allowed to run any of the services that are run by the server, but they are allowed to run any other
services.
Answer:
Q2. We need to isolate the CS department network from the rest of the campus network. Some of
the reasons are to improve the performance of both parts of the network as well as improve the
security of within our CS network. We have discussed the possibility of setting up a firewall / proxy
server to facilitate this separation of the network.
A. Discuss the advantages and disadvantages of setting up a firewall and / or proxy server.
Answer:
The advantages are:
1. Log maintenance of the users who are using the web.

2. Protect the network from illegal access
3. Block data or bypass the blocked data
4. Enhances privacy and securities.
5. Uses cache hence speeds up browsing process.
The disadvantages are:
1. Configuring them is a difficult task
2. The proxy servers are less secure when it comes to storing user passwords in active
directory
3. The installation and maintenance is costly
4. The cost effectiveness is not good when the internet bandwidth is low.
B. Are there any alternative solutions.
Answer:
Since proxy server are less secure, an alternative to this is VPN use. VPN are used to
connect a computer to the LAN. In VPN, encryption algorithms and tunnelling protocols
are used to create a secure network between laptop or remote PC and the LAN. Through
VPN we can initiate a web request as well.
C. Describe the specifications of a firewall / proxy server for the CS Department.
Answer:
Q3. What does NAT stand for, and how does the mechanism work? Describe what, if any, security
NAT provides (or fails to provide).
Answer: NAT stands for Network Address Translators. This was first designed to solve the IP address
problem. But now it has been considered as a standard for connecting the devices over the network.
It translates the IP address and the port number. In the process, when packet is received by the NAT
device, it replaces the source IP address with its own IP address. Then the packet is sent to the
destination. The device has a NAT table which is used to store source and destination IP address and
port number. Same process is followed on the response received. NAT address is translated to
internal IP and sent to device. We can hide many addresses under one address. So this ensures

security up to an extent but the protocols like IPsec and VOIP are not fully compatible with NAT
rather their use with NAT increases complexity in things like video conferencing.
Q4. Where would you place a web server in an organization assuming that you can use a network
firewall and why?
Answer: to provide security via firewalls and to protect internal network, all the servers to and from
which the information travels, should be placed in the DMZ where DMZ will be a separate subnet
that will be present outside the network of the company yet will be protected by firewall as the
scenario says.. The servers may include web servers, DNS, email servers etc. next we will allow the
traffic to go to DMZ from network but not vice a versa. This will be done because even if the servers
are hacked, the hacker will not be able to reach the company’s network.