ICON College of Technology and Management Faculty of Information Technology and Engineering
BTEC HND in Computing and Systems Development (CSD) Coursework Unit 45: Wide Area Networking Technology Tutor: M J Hasan
<Submitted by> ID No: < â&#x20AC;Ś>
Unit 45: Wide Area Networking Technologies
Contents Scenario Background...............................................................................................................................2 Task 1......................................................................................................................................................3 1-2 “WAN is open to many security threats and performance degradation; discuss WAN concerns in terms of network reliability, Security and performance? Include a critical evaluation of different trust systems....................................................................................................................................................8 Task 2 Network Design which takes cae of the given scenario for my company...................................10 “2-1. Design with the aid of diagram the WAN network infrastructure to meet the requirement of the above scenario, your design should include....”:....................................................................................11 Task 2.2“Critically evaluate your choice of WAN network device showing the suitability of your components and design in terms of (Scalability, Cost and Availability)”...............................................13 “Task 3...................................................................................................................................................15 3-1. The company director asked you to build and configure the WAN infrastructure to meet your designed WAN infrastructure?”.............................................................................................................15 “Task 3-2 finalise the process of implementation and show the suitability of you network design”......16 To finalize the design we will now discuss the details of the below 2 protocls and their suitability......16 VTP.......................................................................................................................................................16 Spanning-Tree Protocol.........................................................................................................................16 “4-1. There are many tools available in the market to monitor the performance and network security. Explain the use and importance of network monitoring tools, include some examples of troubleshooting by using one of tool you selecte”.................................................................................17 “4-2 Wide Area network known to be open for many external threats, produce a report to improve on security, reliability and performance”....................................................................................................19 Report....................................................................................................................................................19 “4-3. Critically evaluate the performance of your design in view of the technology you selected”.......26 Task 5 Lab Work....................................................................................................................................26 References.............................................................................................................................................26
Scenario Background I am IT engineer and I am appointed to provide a solution, so that my organization can connect and establish Wide Area Network (WAN) among the four branches of the company located at London, New York, Tokyo & Sydney. The organization required to set up the best innovation to
2
Unit 45: Wide Area Networking Technologies
associate all the branches and give information and voice (IP Telephony) system between the 4 branches. It is normal that all the branches must be equipped for speaking with each other with information and voice. WAN incorporates the primary web server and mail server which is put at the base camp (London) and these servers ought to associate with alternate branches. The organization utilizes an open IP address between branches, which is: 130.140.150.160/29. The branches have a document server each, with under 100 gadgets and under 50 IP Phones. The branches are geologically exceptionally far off and a legitimate WAN must be set up so that there is an appropriate system correspondence of voice and information setup. The head office at London has the servers and around 120 gadgets, including 60 IP Phones. The organization recommends the accompanying Topology:
The organization has requested that satisfy the accompanying necessities:
3
Unit 45: Wide Area Networking Technologies
Task 1 We will cover the protocols and technologies that are involved in the implementation long distance networks (WAN - Wide Area Network). This will touch on the basis for long-haul networks, types of services provided, and encapsulation Optional Links. We also discuss the point to point links, the switch packets and virtual circuits. A WAN is a data communications network that operates beyond the field of LANs action. One of the fundamental differences compared to LAN lies in the fact that they can not function without an operator of Telecommunications such as Bell or AT & T or some Internet Service providers. A WAN uses data links, such as Digital Networks Integrated Services (ISDN) and Frame Relay or some other latest technology provided by carrier services to access bandwidth across a large area geographical. A WAN connects the different units of a company, or connects different units to units belonging to other companies, external services (Databases, etc.), remote users . This is a set of technologies used to connect LANs together, or remote connecting sites. It can be installed in several countries or worldwide. Ultimately, the WANs operate beyond the geographical area of LAN. By this feature, the WAN transport a range of information, such as data, voice, images, etc. The type of architecture used for WAN includes a computer network which must provide a general connectivity to many of computers in terms of profitability and performance. However, networks do not use a fixed technology, but must evolve to take into account the technology changes on which they are based as well as changes in demands of the applications. We talk about network architecture to identify all principles that help in the design and implementation of networks. The architecture of a network mainly describes the connection equipment, software resources, access methods, protocols and links it uses to transmit data. the point to point connection include, services connectionless services connection-oriented and virtual circuits. The point to point connection The point to point connection depends on leased lines to connect two computers spaced from each other in a network. Figure 1 illustrates this type of connection.
4
Unit 45: Wide Area Networking Technologies
Figure 1: Diagram of a point to point connection Data can be transmitted through the connection in following two ways: (1) Packet Forwarding TCP-IP: data transmitted packet by packet; (2) Transmission sequence data: data are transmitted byte by byte. In the latter case, the line is always dedicated to the client. Those with the limited means, however, may have recourse to the discounted connections, such as switching circuits; the point to point connection is quite expensive. Switching, whatever kind it is, involves moving data to through a series of intermediate steps, or segments, rather than by direct displacement a starting point to a finishing point. Trains, for example, can change lanes, instead of always driving on the same, and still achieve the intended destination. The switching in networks works much the same way: instead of depending on a permanent connection between the source and the destination, it relies on a series of temporary connections that relay messages from station to station. It serves to same purpose as the direct connection, but with more efficient use of resources transmission. WANs (and local networks like Ethernet and Token Ring (token ring) depend first on the packet, but they also make use of the switching circuit, message switching, and more recently, high speed packet Switching technology, known as the cell relay naming (Cell relay). Circuit Switching Circuit switching corresponds to the creation of a physical connection between the sender and recipient, preserved as both parties must communicate. For it to happen, the connection must be installed before a course communication can occur. Once in place, however, sender and recipient are sure to have all the bandwidth allocated to them for the duration of their connection.
5
Unit 45: Wide Area Networking Technologies
Although the sender and recipient have to respect the same transfer speed data, circuit switching allows a constant bit rate (and fast). Its main drawback is that of any unused bandwidth. Since the connection is limited to two communicating parties, unused bandwidth can be "borrowed" by any other transmission. The most common form of circuit switching occurs in the most familiar of networks, the telephone system. It is also involved in some networks. The lines ISDN available today, called narrowband ISDN, and the type of line called T1 switched T1 are two examples of telecommunication technologies circuit switching.
Figure 2: Diagram illustrating the circuit switching ADSL While ADSL is still not deployed on the entire territory, it represents currently the best quality / price ratio to access broadband Internet. This is true both for individuals and for businesses. Indeed, because of its speed, pricing and permanence of the connection, ADSL positioned as the ideal technology for connecting local networks of Small to Medium Enterprises (SMEs) to the Internet, or to individuals. After an exhaustive presentation of ADSL and some derivatives, we shall see detailed operation of this technology as well as coding techniques used and unbundling various modes. Finally, we conclude with a comparative study with the advantages and disadvantages ADSL, various offers of Internet Service Providers, and developments future of ADSL.
6
Unit 45: Wide Area Networking Technologies
ADSL technology Was Developed in the US laboratory BellCore in 1987. Operators are interested in this technology due to the massive deployment of fiber optic cables. The deregulation in the United States ended the monopolies in local telephony, opening the competition for the entry of cable operators , long distance carriers and ISPs. PRINCIPLE OF ADSL THE ADSL TECHNOLOGY ADSL, Asymmetric Digital Subscriber Line, is a technology to pass high flow rates on the copper pair used for telephone lines of the local loop. The technique is to use the above voice frequencies left free by the traditional service telephone. The telecom operator offering the ADSL service installs equipment in its distribution frames (DSLAM) and a modem at the customer premises. The reported rates are 10 to 25 times higher than a conventional 56K modem. PRESENTATION OF THE PAIR OF COPPER In the chain that connects the user to the world, the weak point is the part connecting the modem to the telephone exchange particular. In fact, the possibilities of copper were underutilized because the telephone network originally designed to carry voice and in this context, bandwidth used by conventional communication equipment is around 3.3 KHz. However, the physical characteristics of subscriber lines in practice helping to support the transmission of signals at frequencies up to 1 MHz. In a telephone network, multiple pairs of telephone are grouped in the same cable. The signals created magnetic interference: the crosstalk. Moreover, often the telephone network is old and copper pair is degraded. These problems limit the volumetric flow. New Technologies Networks - ADSL 6/32 : ASYMMETRY By studying different scenarios, we realized that it was possible to transmit data more quickly from a central site to a user. When the user sends information to the exchange, they are more sensitive to noise. The idea is to use an asymmetric system, imposing a lower rate of the subscriber to the central site. Technically, ADSL enables 8Mbps flows downstream and 1 Mbps upstream. To take advantage of these speeds must be very close to the center. The following terms are used:
7
Unit 45: Wide Area Networking Technologies
• The rising rate: the rate offered by the subscriber to the server (up to 640 Kbit / s). • The downstream rate: the rate offered in the other direction (up to 8Mbit / s). On these two rates are grafted two other features: • The minimum guaranteed speed: it sets the rate that we guarantee 100% customer at the time. This rate is guaranteed from beginning to end, subject to certain design rules the central site. The peak rate (which can also be called "Burst") is the instantaneous flow that the customer can potentially achieve for a limited time. To achieve this burst, it is imperative that the site that concentrates flows from ADSL access is dimensioned to absorb the burst. However, these rates are not fixed for all and depend on the distance of the subscriber with respect to its local switch. For quality satisfactory service, distance from the latter two must be less than 3 kilometers, although it is possible up to 6 kilometers. ACL An ACL (Access Control List) is a sequential list of criteria used for filtering packets. ACLs are able to authorize or prohibit the packets, either in input or output. WAN protocols Frame Relay Technology The frame relay (FR) is a switching protocol packet located at the link layer (level 2) of the Open Systems Interconnection mode (OSI) model, used for intersite exchanges (WAN) it was invented by Eric Scace, an engineer at Sprint International. PVC (Permanent Virtual Circuit) identify at the DTE and DCE interfaces through DLCI (Data Link Connection Identifiers) in order to distinguish the flow from different PVC. DLCIs are generally identification numbers only local value (an interface) which equates to a sub-interface in some contexts: for example on a router, each PVC on an interface may well have its own associated IP address. Private Line Technology A dedicated line (LS) or leased line is in computer science or telecommunications, a connection between two points, permanently connected together. It contrasts sharing resources like a VPN
8
Unit 45: Wide Area Networking Technologies
network type (X25, FrameRelay, ATM, MPLS ...).The dedicated line is often dedicated between the client and the network access point the operator, after the data is transported either on a TDM network, ATM or MPLS where Bandwidth is dedicated. NAT and PAT NAT and PAT are two protocols that allow machines on a network internal / local access to the Internet with their IP addresses "non-public", so they include a translate these addresses into public IP addresses which are limited, hence the need for this translation. 1-2 “WAN is open to many security threats and performance degradation; discuss WAN concerns in terms of network reliability, Security and performance? Include a critical evaluation of different trust systems Many companies have suffered major data breaches in 2014. Although several security technology levels and alerts were in place in these organizations, the attackers were nevertheless able to compromise their activities, to browse the network undetected and steal data. The size and complexity of the current business network fueled widespread ‘attack surface’ which makes it impossible to block all attacks threatening the network. In addition, the attackers create highly targeted attack campaigns, combining attacks, evasion techniques and interference that are the result of extensive research and are designed specifically for the network. The response to incidents involving the identification and analysis of events affecting our business, and the response to these events are necessary. Regarding safety, this may include attacks distributed denial of service (DDoS), a data breach or harm to the network or loss of equipment or data. The response to incidents or at least the tools and processes used to produce an effective, are not necessarily limited to solve problems ‘after the fact’. By implementing tools that establish bases of activity of your network from the perspective of incident response, security teams can ‘peel’ the network to detect any activity indicating that some assets (such as bots ) were compromised. By tracking the threats in the network - and then analyzing the critical attributes of these threats - teams can take steps to minimize the impact of an attack event, for example by interrupting communications bots before of other malware can be installed or by stopping data exfiltration. In addition, these details of the attacks can be used to strengthen defenses against future threats.
9
Unit 45: Wide Area Networking Technologies
Malware is a piece of software designed to perform malicious activity. Advanced attack is a combination of threat activities - DDoS zombies, malware, phishing - each of which runs at a different time and is a different area of the network. The goal is to create a battery of attacks that take advantage of any vulnerability present on the network area. As we have already mentioned, the size and complexity of today's enterprise networks result in a larger area that is more difficult to monitor - and protect. These attackers are using a specific combination of synchronized event, types of attack, evasion techniques and tools ‘cleansing’ designed according to each company and / or outcome. The advanced attacks are designed to block your current protection technologies and divert attention from a network sector to another. In short, they are designed and tested like any other: with a purpose, a specific buyer and a set of target results. It is more than likely. As we have already mentioned, attacks and attack kits are built just like any other product - and are also bought, sold or bartered as commercial products. Attacks that are ‘new’ or which employ different techniques that can not be identified by conventional detection tools have a higher value. The attack kits offering easy to deploy weapons - malware or other attacks that can exploit network vulnerabilities - are also in demand. And the buyers of these types of attacks are not lacking, be it companies wishing to steal data to competition from countries seeking to weaken their opponents or even attackers wanting respond with a public act what they perceive as an injustice. The possibilities are endless and, given the possible motives and different types of attacks, it is highly likely that our network is compromised, even if it is something benign, as, for example, an attack DDoS leading our users to serve as hosts of a botnet army.
It may be that our network has been the victim of attacks using social engineering (phishing), identity theft or other jamming techniques. It can be difficult to spot these means of attack because some can remain dormant for long periods or in case of identity theft, the activities can be difficult to detect. The existence of measurable results - showing the value of technology investments - is an essential part of determining the most suitable solution to our case. Before
10
Unit 45: Wide Area Networking Technologies
deciding ‘how’ measure, it must first be established ‘only’ measure. This involves classification of assets prioritize, possibly focusing on the most important assets for our business or those who are subject to a compliance audit. It is also essential to determine the types of performance statistics to measure. The response to incidents, safety analyzes and retrospective analysis technologies often present a challenge for security teams because it is impossible to measure ‘what was arrested.’ To measure the performance optimally, consider the key indicators such as: Time time lapse between the incident and its discovery. Time lapse between the discovery and the report of the team. Time required to close an incident Cost labor hours, lost productivity, notification, additional software, etc.”
Task 2 Network Design which takes cae of the given scenario for my company. My company required to set up the best innovation to associate all the branches and give information and voice (IP Telephony) system between the 4 branches. It is normal that all the branches must be equipped for speaking with each other with information and voice. WAN incorporates the primary web server and mail server which is put at the base camp (London) and these servers ought to associate with alternate branches. The organization utilizes an open IP address between branches, which is: 130.140.150.160/29. The branches have a document server each, with under 100 gadgets and under 50 IP Phones. The branches are geologically exceptionally far off and a legitimate WAN must be set up so that there is an appropriate system correspondence of voice and information setup. The head office at London has the servers and around 120 gadgets, including 60 IP Phones. The organization recommends the accompanying Topology:
11
Unit 45: Wide Area Networking Technologies
The organization has requested that satisfy the accompanying necessities:
â&#x20AC;&#x153;2-1. Design with the aid of diagram the WAN network infrastructure to meet the requirement of the above scenario, your design should include....â&#x20AC;?:
The standard model of architectural design is one of the essential steps to facilitate the speed and stability of a network. If a network is not designed properly, many unforeseen problems can occur, which may hinder its operation. The design is truly a deep process. This chapter provides an overview the design process of a standard configuration. Overview of model types The design shall provide a logical design divided into blocks: ď&#x201A;ˇ The heart of the network and the data center: it will block high-speed connectivity and routing between sub distributor network and hosting all customer business applications,
12
Unit 45: Wide Area Networking Technologies
ď&#x201A;ˇ Access the seat: this bloc represents access to the LAN and connects all users, ď&#x201A;ˇ The device layer: This block represents the interconnection of local network with sites remote through two extensive networks and access to all PCs via the Internet. High availability must be present at all levels and each block in infrastructure must respect the principles of design of a modular enterprise network. this architecture completely modular approach provides a scalable with operating simplicity, management and maintenance at all levels. This architecture follows the division into four blocks and offers a separation both logical and physical. The diagram below (Figure 3) is a block diagram of a standard composed by a Central site, two sites and a WAN.
13
Unit 45: Wide Area Networking Technologies
Figure 3: Block diagram of the standard model Task 2.2“Critically evaluate your choice of WAN network device showing the suitability of your components and design in terms of (Scalability, Cost and Availability)” The design is composed by the following modules: Module switching (central site): composed of two network switches with switches devices, distribution switches, and access switches,
14
Unit 45: Wide Area Networking Technologies
To ensure the high availability and continuity function, each switch is linked with all distribution switches and peripheral switches (eg SW-Cœur1 is linked with SW-Dist-G-1, SW-Dist-G-2, SWDist-D-1, SW-Dist-D-2, SW-SW-Periph1 and Periph2). Of even distribution of each switch is connected to two access switches (eg SW-Dist-G-1 linked to SW-Access-G-1 and SW-Access-G2), routing module (central site): composed by a router Specialized line (LS) connected to Switch device (SW-Periph2), a router Frame Relay (FR) connected to the switch device (SW-Periph1) and an Internet router connected to the device as switch(SW-Periph1) WAN Module (WAN): we have the technology of Frame Relay (FR) and the line specialized (LS) Remote Sites: composed by two switches and two routers connected by the central site. Also, both cores switches are connected by two wires; in case of power one, the communication between the two switches is maintained. The components used and shown in the above diagram are suitable for a very high available, better perfornace, scalable and cost effective network design. We informed that To ensure the high availability and continuity function, each switch is linked with all distribution switches and peripheral switches is linked with other switches. Each switch is connected to two access switches. To make the design scalable and cost effective we have designed a secure network. To measure the performance optimally, we considered the key indicators such as: Time time lapse between the incident and its discovery. Time lapse between the discovery and the report of the team. Time required to close an incident Cost labor hours, lost productivity, notification, additional software, etc. The design will enable us to deploy the tools and confire parameters which will help to measure these key perfornace indicators (KPIs).
15
Unit 45: Wide Area Networking Technologies
â&#x20AC;&#x153;Task 3 3-1. The company director asked you to build and configure the WAN infrastructure to meet your designed WAN infrastructure?â&#x20AC;? Overview of equipment used Network equipment used are presented in Table 1: Facilities such type model and brand Switch Table 1: Cisco Switch Catalyst3560 Switch Cisco Catalyst 2960 distribution Cisco Catalyst 2960 Switch Device Cisco Catalyst 2960 Switch to access Cisco ISR 2800 List of equipment used and descriptions of interfaces
Table 2: Name of the central site equipmen
16
Unit 45: Wide Area Networking Technologies
â&#x20AC;&#x153;Task 3-2 finalise the process of implementation and show the suitability of you network designâ&#x20AC;? To finalize the design we will now discuss the details of the below 2 protocls and their suitability. VTP VTP is used to design the WAN. The VLAN Trunking Protocol (VTP) VTP is a Cisco proprietary protocol to circulate information of Vlans on different switches without the need to configure VLANs on each switch. During the deployment phase, we will configure one of two switch (SWCoeur1) as VTP Server while the other switches will be Client VTP. After we have completed the synchronization between the VTP server and VTP Client, all switches will put in transparent mode. Table below shows how the VTP will be configured:
Spanning-Tree Protocol Spanning-Tree Protocol (STP) is a Layer 2 protocol designed to run on switches. The main purpose of STP is to avoid loop situations where roads redundant are used in a LAN. In this project we used the RapidSpanningTree by Zap represents an advanced version of SpanningTree. This mode is be enabled on all switches in the central site. To enable load balancing layer 2 traffic between switches central site, we have made sure that the switch coeur1 (SWCoeur1) will be the root bridge priority for VLANs 1-2,10-11,20-21,30,40,50,100-101 4096 while the distribution switches is the root bridge for VLAN 1-2,10-11,20-21,30,40,50 priority 12288 STP finally quenched on interfaces connected to PCs of access switches and routers related interfaces in peripheral switches.
Configure trunk ports and access
17
Unit 45: Wide Area Networking Technologies
The interfaces between all access switches, distribution, core, peripheral and remote are configured mode trunk so that they can carry information to different Vlans. The interfaces that are connected to workstations will be configured in mode access. The list of VLAN and addressing plan are considered key points to the success of the setting up the WAN. The VLANs are distributed according to the nature of traffic data, voice or administration . It is used in this model in the method of creating static VLANs. These are called the access ports Vlans. The VLAN is indeed the port depending on which user it is connected to. The addressing scheme is based on: private addresses as specified in RFC1918, routable addresses: Internet and WAN (RFC1878) Administration facilities The management VLAN "VLAN 1" will be used for administration of equipment. The management of IP addresses will be assigned to models equipment as shown above. The above network is therefore suitable for the given requirement as it uses all the standards components as required to configure a secure WAN. “4-1. There are many tools available in the market to monitor the performance and network security. Explain the use and importance of network monitoring tools, include some examples of troubleshooting by using one of tool you selecte” As part of the project requirements, I have designed and tested the Unified Threat Management system (Enterprise Firewall) using open software Snort. I am quite familiar with this software which is also very efficient monitoring system. The solution addresses the firewall needs of my company, including the installation of the software, configuration of the ACLs, and developing of test cases to check the complete functionality of the rules. The details of the implementation are given below: Line iNumber 1
SNORT iRULE
alert itcp i192.168.2.0/24 iany i-> i![192.168.2.2] iany i i i(content: i"HTTP"; imsg: i"Rogue iWeb iServer
idetected"; isid:1000984; irev:1;)
18
Unit 45: Wide Area Networking Technologies
2
alert itcp iany iany i-> iany iany i(content:"GET"; icontent:"6400"; imsg: i"Rogue iSetup idetected";
isid:1000983;) 3
alert iip iany iany i-> iany iany i(msg: i"IP iPacket idetected"; isid:1000982; irev:1;)
4
alert iip iany iany i-> i192.168.1.0/24 iany i(msg: i"Same iIP"; isameip;)
5
alert itcp iany iany i-> iany iany i(content:"GET"; icontent:"6400"; imsg: i"Rogue iSetup idetected";
ireact: iblock;) 6
alert itcp i192.168.1.0/24 iany i-> iany iany i\
i(content: i"HTTP"; ioffset: i4; imsg: i"HTTP imatched";) 7
alert itcp i192.168.1.0/24 iany i-> iany iany i(content: i\
i"HTTP"; ioffset: i4; idepth: i40; imsg: i"HTTP imatched";) 8
alert itcp i192.168.2.0/24 iany i-> i![192.168.2.2] iany i i i(content: i"HTTP"; imsg: i"Rogue iWeb iServer
idetected"; ireact: iwarn, imsg;)
Snort iRule iExplanations A. iHTTP isnort irules i(HTTP iheaders) 1. ialert itcp i192.168.1.0/24 iany i-> iany iany i\ i(content: i"HTTP"; ioffset: i4; imsg: i"HTTP imatched";) The iabove irule istarts isearching ifor iany ikeyword i“HTTP” ifrom ithe ioffset i4th ibyte 2. ialert itcp i192.168.1.0/24 iany i-> iany iany i(content: i\ i"HTTP"; ioffset: i4; idepth: i40; imsg: i"HTTP imatched";) The iabove irule isearches ifor i“HTTP” iupto ithe idepth iof i40 ibytes. B. iContent iSnort iRules 1. i ialert itcp i192.168.2.0/24 iany i-> i![192.168.2.2] iany i i i(content: i"HTTP"; imsg: i"Rogue iWeb iServer idetected"; ireact: iwarn, imsg;)
19
Unit 45: Wide Area Networking Technologies
The iabove irule isearches ifor ithe iHTTP icontent iin ithe ipacket iand iif ifound iit ireports ias ia irogue iserver ias ithe itraffic iis igoing ito ithis iserver, iinstead iof ithe iauthentic iweb iserver. 2. ialert itcp iany iany i-> iany iany i(content:"GET"; icontent:"6400"; imsg: i"Rogue iSetup idetected"; isid:1000983;) GET iword iis iused iin imany iof ithe iHTTP irelated iattacks ior ifor irogue iservers. iThe iabove irule ifetches ithe ipacket ihaving i“GET” ias ipart iof ithe icontent “4-2 Wide Area network known to be open for many external threats, produce a report to improve on security, reliability and performance” Report Snort is responsible for preventing the threats and attacks which can potentially make the system unreliable and reduce the performance. Following report shows the configuration which helps to reduce the threats and attacks which can potentially make the system unreliable and reduce the performance # fSetup fthe fnetwork faddresses fyou fare fprotecting ipvar fHOME_NET f192.168.2.0/24 # fSet f up fthe fexternal fnetwork faddresses. fLeave fas f"any" fin fmost fsituations ipvar f EXTERNAL_NET fany # fList fof fDNS fservers fon fyour fnetwork f ipvar fDNS_SERVERS f$HOME_NET #f List fof fSMTP fservers fon fyour fnetwork
20
Unit 45: Wide Area Networking Technologies
ipvar fSMTP_SERVERS f$HOME_NET # fList fof fweb f servers fon fyour fnetwork ipvar fHTTP_SERVERS f$HOME_NET # fList fof fsql fservers fon fyour f network f ipvar fSQL_SERVERS f$HOME_NET # fList fof ftelnet fservers fon fyour fnetwork ipvar f TELNET_SERVERS f$HOME_NET # fList fof fssh fservers fon fyour fnetwork ipvar fSSH_SERVERS f $HOME_NET # fList fof fftp fservers fon fyour fnetwork ipvar fFTP_SERVERS f$HOME_NET # fList fof f sip fservers fon fyour fnetwork ipvar fSIP_SERVERS f$HOME_NET # fList fof fports fyou frun fweb f servers fon portvar fHTTP_PORTS f
21
Unit 45: Wide Area Networking Technologies
[80,81,82,83,84,85,86,87,88,89,90,311,383,591,593,631,901,1220,1414,1741,1830,2301, 2381,2809,3037,3057,3128,3443,3702,4343,4848,5250,6080,6988,7000,7001,7144,7145,751 0,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,8118,8123,8180,8181,8222,8243,8 280,8300,8500,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,10000,11371,34443,3 4444,41080,50000,50002,55555] f # fList fof fports fyou fwant fto flook ffor fSHELLCODE fon. portvar fSHELLCODE_PORTS f!80 # fList fof fports fyou fmight fsee foracle fattacks fon portvar f ORACLE_PORTS f1024: # fList fof fports fyou fwant fto flook ffor fSSH fconnections fon: portvar f SSH_PORTS f22 # fList fof fports fyou frun fftp fservers fon portvar fFTP_PORTS f[21,2100,3535] #f List fof fports fyou frun fSIP fservers fon portvar fSIP_PORTS f[5060,5061,5600] # fList fof f file fdata fports ffor ffile finspection portvar fFILE_DATA_PORTS f[$HTTP_PORTS,110,143]
22
Unit 45: Wide Area Networking Technologies
List fof fGTP fports ffor fGTP fpreprocessor portvar fGTP_PORTS f[2123,2152,3386] fother f variables, fthese fshould fnot fbe fmodified ipvar fAIM_SERVERS f [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3 .0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/2 4,205.188.248.0/24] # fPath fto fyour frules ffiles f(this fcan fbe fa frelative fpath) # fNote f for fWindows fusers: f fYou fare fadvised fto fmake fthis fan fabsolute fpath, # fsuch fas: f fc: \snort\rules var fRULE_PATH fc:\snort\rules var fSO_RULE_PATH fc:\snort\rules var f PREPROC_RULE_PATH fc:\snort\preproc_rules
# fIf fyou fare fusing freputation fpreprocessor f set fthese # fCurrently fthere fis fa fbug fwith frelative fpaths, fthey fare frelative fto fwhere f
23
Unit 45: Wide Area Networking Technologies
snort fis # fnot frelative fto fsnort.conf flike fthe fabove fvariables # fThis fis fcompletely f inconsistent fwith fhow fother fvars fwork, fBUG f89986 # fSet fthe fabsolute fpath f appropriately var fWHITE_LIST_PATH fc:\snort\rules var fBLACK_LIST_PATH fc:\snort\rules
################################################### # fStep f#2: fConfigure fthe f decoder. f fFor fmore finformation, fsee fREADME.decode ###################################################
# fStop fgeneric fdecode fevents: config fdisable_decode_alerts # fStop fAlerts fon fexperimental fTCP foptions config f disable_tcpopt_experimental_alerts # fStop fAlerts fon fobsolete fTCP foptions config f
24
Unit 45: Wide Area Networking Technologies
disable_tcpopt_obsolete_alerts # fStop fAlerts fon fT/TCP falerts config f disable_tcpopt_ttcp_alerts # fStop fAlerts fon fall fother fTCPOption ftype fevents: config f disable_tcpopt_alerts # fStop fAlerts fon finvalid fip foptions config fdisable_ipopt_alerts # fAlert fif fvalue fin flength ffield f(IP, fTCP, fUDP) fis fgreater fth felength fof fthe f packet # fconfig fenable_decode_oversized_alerts # fSame fas fabove, fbut fdrop fpacket fif fin f Inline fmode f(requires fenable_decode_oversized_alerts) # fconfig f enable_decode_oversized_drops # fConfigure fIP f/ fTCP fchecksum fmode config f checksum_mode: fall config fpcre_match_limit: f3500 config fpcre_match_limit_recursion: f
25
Unit 45: Wide Area Networking Technologies
1500 # fConfigure fthe fdetection fengine f fSee fthe fSnort fManual, fConfiguring fSnort f- f Includes f- fConfig config fdetection: fsearch-method fac-split fsearch-optimize fmaxpattern-len f20 # fConfigure fthe fevent fqueue. f fFor fmore finformation, fsee f README.event_queue config fevent_queue: fmax_queue f8 flog f5 forder_events fcontent_l
â&#x20AC;&#x153;4-3. Critically evaluate the performance of your design in view of the technology you selectedâ&#x20AC;? Both the tools and the technology which i have selected makes sense as it defienitly provides cost effectiveness. Snort is open source tool. MPLS is cost effective solution as it was proven. Snort can help to thwart many attacks as shown in the above report. MPLS needs the security which can be provided effectively by snort. Snort can be installed at one of the servers and it also helps in monitoring the performace of the network.
Task 5 Lab Work The New_WAN.pkt is attached
References Affandi, A., Riyanto, D., Pratomo, I. and Kusrahardjo, G., 2015, May. Design and implementation fast response system monitoring server using Simple Network Management Protocol (SNMP). In Intelligent Technology and Its Applications (ISITIA), 2015 International Seminar on (pp. 385-390). IEEE.
26
Unit 45: Wide Area Networking Technologies
Bonetto, E., Finamore, A., Mellia, M., and Fiandra, R., 2014. Energy efficiency in access and aggregation networks: from current traffic to potential savings. Computer Networks, 65, pp.151166. Casner, S.L., Poduri, K., Alonso, R.G., Alaettinoglu, C. and Jacobson, V., Packet Design, Inc., 2012. System and method for assisting in troubleshooting a network handling voice over internet protocol traffic. U.S. Patent 8,274,901. Caida.org. (2015). Passive Network Monitors. Available from http://www.caida.org/data/realtime/passive/?monitor=equinix-chicagodirA&row=timescales&col=sources&sources=app&graphs_sing=ts&counters_sing=bits&timesc ales=24&timescales=168&timescales=672&timescales=17520 Cahn, Robert.S. Wide Area Network Design: Concepts and Tools for Optimization. Available from http://trove.nla.gov.au/work/9036313?q&versionId=10465436 Chen, B., Pattanaik, N., Goulart, A., Butler-Purry, K.L., and Kundur, D., 2015, May. Implementing attacks for modbus/TCP protocol in a real-time cyber-physical system test bed. In Communications Quality and Reliability (CQR), 2015 IEEE International Workshop Technical Committee on (pp. 1-6). IEEE. Cherepov, M., Zawadowskiy, A., Kraemer, J.A. and Ruchansky, B., Cisco Technology, Inc., 2014. Automatic generation of policy-driven anti-malware signatures and mitigation of DoS (denial-of-service) attacks.U.S. Patent 8,806,629. Dart, E., Rotman, L., Tierney, B., Hester, M. and Zurawski, J., 2014. The Science DMZ: A network design pattern for data-intensive science. Scientific Programming, 22(2), pp.173-185. Deng, Y., Lin, H., Phadke, A.G., Shukla, S. and Thorp, J.S., 2013. Networking technologies for wide-area measurement applications. Smart Grid Communications and Networking, pp.205-233. DziubiĹ&#x201E;ski, M. and Goyal, S., 2013. Network design and defense. Games and Economic Behavior, 79, pp.30-43. Farahani, R.Z., Miandoabchi, E., Szeto, W.Y. and Rashidi, H., 2013. A review of urban transportation network design problems. European Journal of Operational Research, 229(2), pp.281-302. Fernando, R., Fang, L. and Rao, D., 2014. BGP/MPLS IP VPN Data Center Interconnect. Guo, W.H., Chen, T., and Chaohua, W.A.N., Juniper Networks, Inc., 2014.Server protection from distributed denial of service attacks. U.S. Patent 8,650,631.
27
Unit 45: Wide Area Networking Technologies
Guo, Y., Ten, C.W., Hu, S. and Weaver, W.W., 2015, February. Modeling distributed denial of service attack in advanced metering infrastructure. InInnovative Smart Grid Technologies Conference (ISGT), 2015 IEEE Power & Energy Society (pp. 1-5). IEEE. University of Texas, Austin. Minimal Spanning Tree and Shortest PathTree Problems . Available from http://www.me.utexas.edu/~jensen/exercises/mst_spt/mst_spt.html
28