CCM 4223

COMPUTER NETWORKS:
OPERATION AND APPLICATION

DEADLINE FOR SUBMISSION

19 APRIL 2007-04-19

STUDENT NAME : BALAMURUGAN GANESAN

STUDENT NUMBER : M00121430
CAMPUS : HENDON

Dr .A.LASEBAE
SCHOOL OF COMPUTING SCIENCE

1
 CONTENTS

ABSTRACT 3

INTRODUCTION 4

INTERNET PROTOCOL STRUCTURE 5

SUBNET 6

SECURITY FOR SUBNET 8

CONCLUSION 11

REFERENCES 12

2
 ABSTRACT

This report involves designing a subnet for a small company with two
floors.The company is divided into many sections and hosts. The company
assigns different IP addresses for each system inside the building that
relatively helps to design a secured subnet. This subnet is also made sure
that it is more secured so that it is not affected by security threats and
breaches.The organisations have learned the benefits of protecting their
information processing infrastructure from unauthorised actions by intruders.
This is usually achieved through a variety of security mechanisms including
the use of filtering routers and firewall systems.Many organisations leave
key systems open to attack due to poor network design. The iTekx
Company discusses typical scenarios which examines ways to overcome
these problems. Also, in order to have a secured subnet, the company must
be organised such that it should be adopted to the basic security policies
that it must possess.

3
 INTRODUCTION

This coursework is based on designing a subnet scheme for a Company named iTekx Company Plc
and suggesting suitable security measures for the company to reduce the security threats arising
from various classes of unauthorised access on networked systems. Basically , iTekx Company is
a small building of size 230 square metre with a single floor. The ground floor consists of 2 Training
rooms ( T1 and T2 ) with10 PC .The first floor consists of Multimedia Center ( MMC ) with 16
machines and Research and Development ( R’n’D ) with 24 machines.

The IP address of the company being 200.5.6.0 is supplied with a speed of 64Kbps from
telecommunication company. The company with an excellent network architecture will have to pass
informations from one place to another place. There will also be necessity to transform the business
and other critical informations from the static place. Eventually the probability of security threats
attacking the system would be high and when a wide range of informations are transformed. To
reduce this impact , the company has provided its own firewalls and IDS which protects the
network infrastructures as well.

The Network layers represent the first three layers in the OSI model namely, the physical link layer,
the link layer, and the Network layer

Switch Admin

Training Room 1

Training Room 2

Internet Firewall Premise Router

MMC

Ethernet Hub

R 'n'D

4
Internet protocol Adressess Structure

The Internet Protocol (IP) transmits packets from one node on an IP network to another. In this
case, both nodes have their own unique IP address. There are two versions of IP: version 4 and
version 6. The data is normally sent in the form of packets on the internet address protocol. Each
packet carries the addresses of the source and the destinations. These addresses on IP networks
are then of course called IP addresses. Every node (computer) on an IP network needs to have its
own IP address.

IP version 4 addresses:
This version is currently used by almost all IP networks.The address is a 32-bit number that is
typically written as four decimal numbers separated by periods. For example, "145.152.1.6". Also,
IP address that ends in ".1" refers to a gateway or router on a particular network and an address
that ends in ".255" is called as broadcast address.

IP version 6 addresses:
The address hereis a 128-bit number that is typically written as eight groups of four hexadecimal
digits. The groups are separated by colons. For example,"3005:630:153b:50a1::123".

The Internet will address each device on the network and also allocates space for it. These
numbers are called Internet Protocol addresses, or IP addresses. Each computer is allocated a
unique IP address In an IP network.

Basically, the IP (version 4) addresses were handed structured in blocks.

There are three classes of blocks:

 Class A network,
 Class B network,
 Class C network,
 Class D network and
 Class E network.

There are different types of Classes of Network .It varies for each classes.The Network addresses
with first byte between 1 and 126 are class A, and can have about 17 million hosts each. The
Network addresses with first byte between 128 and 191 are class B, and can have about 65000
hosts each. The Network addresses with first byte between 192 and 223 are class C, and can have
256 hosts. All other networks are class D, used for special functions or class E which is reserved.
There are some IP addresses that are reserved for special purposes and therefore it is not possible
to assign these addresses to the nodes.

For example,

 Network address of all 0s - Interpreted to mean “this network or segment.”

 Network address of all 1s - Interpreted to mean “all networks.”
 Network 127.0.0.0 - Reserved for loopback tests. This address designates the local node
and allows that node to send a test packet to itself without generating network traffic.

5
 Node address of all 0s - Interpreted to mean “network address” or any host on a specified
network.
 Node address of all 1s - Interpreted to mean “all nodes” on the specified network, for
example, 128.2.255.255 means all nodes on network 128.2 (which is a Class B address).
 Entire IP address set to all 0s - Used by Cisco routers to designate the default route.This
address could also mean “any network.”
 Entire IP address set to all 1s - (same as 255.255.255.255) Broadcast to all nodes on the
current network.
 The class A is the largest among all and has different first number where its network is
addressed by the others

The class B is smaller, and Similarly, class B addresses have the first two bytes different, and has
the authority over 2 to the power of 16, or 65536 devices on it

The class C is the smallest among others and class C addresses have one byte of address space,
or 2 to the power of 8, or 256 devices on them smaller.

Most class A and B addresses have already been allocated, leaving only class C available. This
means that total number of available addresses on the Internet is 2,147,483,774.

These private IP's have allowed the Internet to grow in the IPV4 address space without having to
expand the number of addresses since you neighbour can have the same firewall router with the
same internal IP addresses. What makes this work, is that when your Internet packets flow through
the router, they are changed, or morphed, into the ip address that your access provider gives you.

Subnets

A block of IP addresses can be divided into smaller groups each of which can be assigned to
different organizations. A subnet is a separate part of an organization's network. Typically, a subnet
may represent all the machines at one location or in a single building, or on the same local area
network .

For example, in the iTekx Company Plc building , there are R&D departments, Multimedia Center
and training rooms so each one could be given their own respective subnets. These subnets are
then to be managed with their own firewalls or separate connections to the Internet. Each
communication in the internet carries the address of the source and destination networks and the
particular machine within the network associated with the user or host computer at each end.This
32-bit IP address has two parts: one part identifies the network called as the network number and
the other part identifies the specific machine or host within the network called as the host number.
An organization may sometime use the bits in the machine or host to identify a specific subnet.
Hence, the IP address is defined to have the network number, the subnet number, and the machine
number.

The 32-bit IP address is often termed as the dot address. For example, 140.3.6.48

Each of the decimal numbers represents a string of eight binary digits. Thus, the above IP address
really is this string of 0s and 1s:

10001100.00000011.00000110.00110000

6
As you can see, we inserted periods between each eight-digit sequence just as we did for the
decimal version of the IP address. Obviously, the decimal version of the IP address is easier to read
and that's the form most commonly used.

Some portion of the IP address represents the network number or address and some portion
represents the machine address or the host number . There are different classes in the IP
addresses each of which determining the number bits in network number and number of bits in the
host number. The most common class used by large organizations (Class B) allows 16 bits for the
network number and 16 for the host number. Using the above example, here's how the IP address
is divided:

<--Network address--><--Host address-->

140.3 . 6.48

If you wanted to add subnetting to this address, then some portion (in this example, eight bits) of the
host address could be used for a subnet address. Thus:

<--Network address--><--Subnet address--><--Host address-->

140.3 . 6 . 48

The itekx company uses the same method for the class C addresses.

Subnet Masking

A mask is used to determine to which subnet an IP address belongs to. An IP address has two
components, the network address and the host address. For example, for our iTekx Company Plc
consider the IP address 200.5.6.0. the first two numbers (200.5) represent the Class C network
address, and the second two numbers (6.0) will identify a particular host on this network.

The two fields of the IP address is presented with the subnet mask. The computer performs a
binary-AND operation of the IP address and the subnet mask. For example,

11000000 10101000 00000001 01100101 IP address

bitwise-AND 11111111 11111111 11111100 00000000 subnet mask
-----------------------------------
11000000 10101000 00000000 00000000 network address

It is possible to point the number of hosts the company prefers in the subnet and use this to
calculate the subnet mask and network address. Let's assume that you need a subnet with at least
1400 addresses. Since we have to pick a power of two, and 1024 is not large enough, we have to
take 2048. A subnet that has 2048 host addresses in it needs to have log22048 = 11 bits to hold the
address. There are 32 bits total, so this leaves 21 bits for the network address.

Subnetting for the iTEkx Company

Consider the Ip addresses for the different hosts in the network. The Admin which has 10 in
mumber is assigned a IP address of 192.43.32.0 is used for Admin, the next one 192.43.64.0 ,
192.43.96.0 is used for the training rooms,the others are defined for the R’n’D, MMC and the other
the premise router.

7
192.43.32.0  Admin

192.43.64.0  T1

192.43.96.0  T2

192.43.128.0 R’n’D

192.43.160.0  MMC

192.43.192.0  Premise Router

The subnet mask for the above representation is 255.255.255.240. Using the values in the subnet
masks and AND operation iis performed with the Network Address Translation.The values is thus
obtained and assigned for each hosts. The subnet values are thus calculated using relative
procedures usin decimal and binary transformations.

Security Measures for the iTeks Company.

As the company grows and the network becomes larger and more complex. For instance, small
companies like iTEks often look to their ISPs or hosting services for e-mail, Web site hosting, etc.
But when the company grows and if they develop a different department to handle such things, the
company may want to implement its own e-mail servers and Web servers. This would introduce
new security risks and it is also a cost effective solutin for the company.

The Server department in the Admin in the Iteks department will have controls to receive emails
from the others users outside the LAN.It becomes more vulnerable to attack.Ther are possibility for
the attacker to attack the system,

The company provides a mechanism for protecting your internal computers is to put those systems
that need to interact with external computers on a separate subnet, with a firewall not only at the
Internet edge to protect them from external threats, but also with a firewall between the subnet and
the internal LAN to ensure that attacks that make it into the subnet aren't able to cross on over to
the LAN. Thus it is clear that the company uses perimeter network, and a screened subnet.

In order to protect the networks, the company uses point products such as IPS systems, VPN
routers, and firewalls.In order to make the network layer stronger they useNetwork Address
Translations(NAT). In this network, the entire enterprise is primarily protected by a firewall.The
company has also implemented the Intrusion Prevention technologies for filtering againsts the
attacks. The iTeks company uses PPTP, IPSec or SSL protocols to create secure Virtual Private
Networks.

A firewall is basically a protective device.for the data ,company resources,etc For this particular
company , firewalls play a very important role in watching for the security threats that disturb the

8
network. It also helps in protecting the confidentiality , integrity and availability. There are also
possibilities that if the data is not kept secret , it could be hacked .

In iTekx company,the firewall splits the network into many subnets. The firewall is allows the
network administrators to assign a different security policy to each interface. The iTeks firewall
examines each and every data stream going to or coming from an untrusted network of the
company and also keeps track of the flow of traffic. It has the policy of receiving, inspecting, and re-
transmiting all internet packets.The one-time-password systems and add-on authentication
software is merged with the iTeks firewall directly ,whereas giving a firewall for each system would
not be a cost-effective solution.

As shown from the figure, the premise router separates the two workgroups.The upper workgroup is
using a switched segment to discourage packet sniffing on the local subnet and to provide better
network bandwidth utilization for the training rooms (T1 and T2). The lower workgroup is shown
using a hub that acts as a security protection for the R’n’D and MMC. A firewall greatly improves
network security and reduces risks to servers on your network by filtering insecure services.This
makes sure that only secured protocols can pass through.

The company uses special methods for administration the firewall.Basically the company slits the
firewall into many components,They are the Policy, Authentication, gateway and Packet filtering.
The company uses the network security policy that includes the firewall design policy ,service
access policy,information policy and security policy.

Basically , the backdoors in the iTeks company is not protected by firewalls.This would provide a
lead to the hackers to enter the system. The company has introduced a Serial Line Protocol and a
Point to point protocol connectiion inside the subnet,which improves the protection of the company
on all sides.

The iTeks company has effectively adopted a solution for maintaining a secure network.It could
either be one of the following :Types of Attacks ,for example,Intrusion ,Information theft and Denial
of service and the other one is Types of Attackers ad it includes , Joyriders, Vandals, Scorekeepers,
Theoritical Attacks, Spies and Accidents.

The Virtual Private Networks (VPNs) allows the R’n’d and MMC and also different other hosts in the
company to exchange data using a secure channel.The VPN is used as a connection between two
endpoints or between many endpoints. You can connect two offices over an Internet connection, or
connect several offices to create a secure private network. Remote VPN clients are also supported.

The company uses separate products to watch all the contents in the web and also the Peer-to-peer
traffic. It has adopted methods to inspect the entire frameworks at regular time and intervals .It
stops the spyware and viruses that is proven to be not associated with the company .This really
improves the network security of the company

The iTeks company uses web filtering capabilities. The company sets related security policies for a
large number of sites. All the updates and transactions across the websites are watched for security
purposes.The company has also the policy of encrypting and signing the emails ,which improves
the email security ,so that the data are not stolen from their view.This is mainly done because most
of the company details are sent through the emails.

9
In cases of emergencies in the company , the company has provisions to back up the system, so
that it could avoid many threats .

The itekx company is integrated with the VPN tunnels to safeguard the confidentiality and integrity
for data over internet. This is highly responsible for authenticating the users and transferring the
data to the right individual. The company uses the Point-to-Point Tunneling Protocol (PPTP),
Internet Protocol Security (IPsec), and the Secure Sockets Layer protocol (SSL) for securing the
network architecture.

The Access control controls at the Application layer in the network checks for the access requests
made through proxy servers.By implying this technique , we can attain a higher level of security
thanwhci is far better than packet filtering.

10
 CONCLUSION

Thus the subnetting is done for the iTekx company .Though it is relatively
small, the network architecture seems to be completely planned for the
company.The architecture is integrated with firewalls that plays a major
cause in blocking the security threats.The company has also adapted good
number of security policies that keeps the security substaining for a long
time .The company has provided proper backing up facilities and
inspection facilities.The company has designed each and every section
gently so that it would have a flow in updating the measures
simultaneously as the company is developing to a bigger one. The
company would be protecting itself with the best network architecture that
are subnetted effectively in the near future.

References

11
 Subnet masking design for networks by Keith Sutherland and
BOB Denham
 IP Adressing and subnetting by JD Wegner,Robert
Rockell,Syngress.
 http://www.ralphb.net/IPSubnet/
 http://www.cisco.com/techtools/ip_addr_help.html
 http://www.geekronomicon.com/?q=node/22

12