Basic Concepts of Checksum or CRC Integrity Checks - Assignment Example

Computer Network 2 Table of Contents Question 1 1 Part (a) 1 Part (b) – 1 Question 2 1 Question 3 2 Question 4 4 Part (a) 4 Part (b) 5 References 7 Question 1 Part (a) Advantages of TCP for proposed application layer protocol It is independent of the operating system It supportsmultiple routing. TCP for proposed application layer protocol allows networking to other firms TCP for proposed application layer protocol allows multiple computers set up. Disadvantages of TCP for proposed application layer protocol Set up requires complex knowledge while management of TCP for proposed application layer protocol requires trained employee. TCP for proposed application layer protocol is slower than IPX TCP for proposed application layer protocol has higher overhead Advantages of UDP for proposed application layer protocol UDP allows both multicast and broadcast connections/ transmission. UDP for proposed application layer protocol allows faster operation Disadvantages of UDP for proposed application layer protocol It is not reliable since there is possibility of failure of UDP to deliver a packet, first time, second time or failure completely Requires manual breaking of the data into packets It has no has no flow control Part (b) – In PowerPoint slides Question 2 The functionality of the following socket API calls for writing a client-server application using TCP is briefly explaine as : accept()- This socket API call is used to accept incoming connection from client. The server calls accept() and incoming calls are accepted.this is blocking socket as it waits for reponse of network before returning. The example is bind()- this ensures that a certain port is reserved and associated with a certain socket and is only used by the that port. The example close()- this closes the socket by closing the connection. This will ensure that the port in use is freed for other uses. Example connect() – this helps the client connect with server. He calls connect () and a connection is established.This socket API call does block as it does returns immediately and it can be used in receiving or sending. Example i listen()- this ensures that TCP protocol to listen for any networking being made. This socket API call does not block as it returns immediately and it can not be used in receiving or sending . example recv()-this ensures that TCP protocol to recives connection from client. This socket API call does block as it returns immediately data has been received . Example send()this ensures that TCP protocol to send connection from client. This socket API call does block as it returns immediately data has been send socket()-socket call is made in chosing the socket that will be used for any function. . The example is Question 3 The link from Router A to Router B has historically shown data integrity errors at a rate of approximately 0.01% packets discarded on both ends of the link. In the last month, these have climbed to over 3% of packets discarded. Reviewing the IT support documentation repository, one of the networks team identifies that new Wiki software was installed on the web server at the same time (connected to Router A). the likely causes Thenew Wiki software has caused network intrusion leading to breach of security. The software installed was designed to gather some information even it is no harmless. The management should uninstalled the software since it is causing network problems.This technology can fundamentally allow for the division of networks into three components—the network, subnet address, and host. There are several advantages offered by subletting. It can cut down on network traffic because broadcasting to hosts becomes restrained to individual subnets. It affords flexibility by way of allowing the customization of the number of hosts and subnets for every organization. Subnets improve address utilization, minimally impacts on externally located routers, and also reflects the physical network The organisations anti-virus tool has recently identified an unusually high rate of viruses being detected in a certain computer lab space. Over the same time period, the router connected to that network shows a substantial increase in the number of active TCP connections and the volume of TCP segments being sent to and from that network. Ahigh rate of viruses being detected in a certain computer lab space is a result of increase in the number of active TCP connections and the volume of TCP segments being sent to and from that network. The sites being patronised have malware that may be harmless but intended to collect data for use. The management should stop active TCP connections to those sites are identified as having viruses.Denial-of-Service (DoS) attacks, which are essentially the sabotaging of the network server; and attacks at the application level, which means that some attacks, like the use of viruses and remote command execution, exploit application-level weaknesses. These attacks mostly boil down to either loss of confidentiality, when confidential data such as financial or research information are accessed or copied by unauthorized users; loss of integrity, when sensitive data, such as financial data, are tampered with or corrupted, say by virus, in transit; or loss of availability, when authorized users fail to access the information that should be provided in the network. Recently a site-to-site VPN connection was established between a new branch office and the router that acts as the connection point to the ISP. Since the VPN was established, the average queue lengths of packets on the router (incoming packets waiting to processed / outgoing packets waiting to be transmitted) have increased from a very small/insignificant number to a very large number. The increase of average queue lengths of packets on the router from a very small/insignificant number to a very large number is due interference. Network security breaches or attacks happen because internet communications usually involve two hosts forging connections with each other. It should be easy to note, therefore, that fundamental to network security is the question of protecting the routing and transmission of messages. Firewalls, IP security mechanisms, and VPNs, which protect communication along the manner of closed internet network, are some of the security methods of securing communications Question 4 Part (a) Basic concepts of checksum/CRC integrity checks Checksum/CRC integrity checks looks at the sequence of data by adding up chunks of data which are in sizes of 8, 16, or 32 bits. This is done when the data is being stored or transmitted. It begins by retrieving the data’s code then it calculates checksum. This is compared with Check Sequence, if the Check Sequence is different from what was stored then the data is corruption. Checksum/CRC checks are inadequate for security Checksum/CRC checks are inadequate for security since depends on the data size. If the data size is large then there is a possibilitylarge bit errors thus it will not be effective. When also thecheck sequence increases in size then there is a possibility of multiple bits errors. Basic concepts of digests Digests uses message authentication code (MAC) to verify the whether message send is the same as that send. This ensures data integrity of a message; this ensures that the received data is the same as sent. When the data is sent a code for a certain fixed size block of datais derived using a secret key and the MAC formed is attached to the message. When the data is received attached code is checked for uniformity using the secret key. If the calculated MAC is different fromthe sent MAC then there data is corrupted. This is illustrated below; MAC=C(K,M) where C is MAC function, K is shared secret key, M is input message and MAC is Message Authentication Code. Suitability of digests for security It is suitable because it can handle large amount of data with minimum errors. Part (b) Basic concepts of how SSL verifies server certificate. SSL verifies server certificateby not allowing the attacker to access the IP and port being connected to. He can not be able to access data being sent as well as encryption and compression. SSL verifies server certificateensures that the user understand when there is a third party interruption. Explanation of how students could identify insecure connection. Determination of the IP address of the other host is made using DNS, with servers 'listening' for initial contact with the client at "open" standard port. Here, security problems may transpire because, among other possible reasons, bugs affect the implementation of the servers' listening process. Network security breaches or attacks happen because internet communications usually involve two hosts forging connections with each other. It should be easy to note, therefore, that fundamental to network security is the question of protecting the routing and transmission of messages. Firewalls, IP security mechanisms, and VPNs, which protect communication along the manner of closed internet network, are some of the security methods of securing communications.Network communications may be well illustrated by how a client application hosted on network A wants to forge a connection to a server application hosted on network B. Both the client application and server application are processes made to run on the respective network hosts involving the transmission of data down the stack of protocol towards the layer of transport that, in turn, structurally adds data by way of a segment transmitted down the network layer. Herein, TCIP or transmission control protocol and UDP or user datagram protocol are two of the commonly used transport layer protocols. The IP is often the carrier of datagram that is further conveyed by medium access control layer protocol between the two hosts. References Ciampa, M. (2008).Security+ guide to network security fundamentals. Cengage Learning. Douligeris, C. and Serpanos, D. (2007).Network security: current status and future directions. John Wiley and Sons Huang, S., MacCallum, & Du, D. (eds.). (2010). Network security.Springer. Joshi, J. (2008). Network security: know it all. Morgan Kaufmann Maiwald, E. (2003). Network security: a beginner's guide. McGraw-Hill Professional Pardoe, T. and Snyder, G., (2005).Network security.Cengage Learning Read More