Week 4 Essay Questions
docx
keyboard_arrow_up
School
University of Maryland, University College *
*We aren’t endorsed by this school
Course
425
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
4
Uploaded by mdshay
WEEK 4 ESSAY QUESTIONS Instructions: Answer all questions in a single document. Then submit to the appropriate assignment folder. Each response to a single essay question should be about a half-page in length (about 150 words). 1.
Communications within a computer network rely on numerous components for data to traverse from the initial sender of a message or file to the receiver at the distant end of the communication path. In addition to the media that the data travels across, the devices that guide the data packets through the network, and
the protocols that establish end-to-end connectivity and negotiate the communication, network services play a critical role in providing the necessary addressing and name resolution services. Describe the following services and their role in network communications: ARP, DHCP, ICMP, SNMP, and DNS. Address Resolution Protocol (ARP) connects a physical address (probably a MAC) to an IP address. If a host doesn’t know the physical address of the intended recipient, it sends out an ARP request to all hosts, and it sends back the physical address. The original host then saves that correlation in a table, so it doesn’t have to repeat the request (Banzal, 2015). Dynamic Host Configuration Protocol (DHCP) is a protocol used by routers to automatically assign IP addresses to the hosts on a network. This makes it easier to manage a network, but IP addresses won’t stay static. Disconnecting and reconnecting to the network will likely mean having a different IP address.
Internet Control Message Protocol (ICMP) is used by network devices to relay issues that may have happened in communication (Goralski, 2017). For example, if a message is sent but for some reason isn’t received, an error message is sent back (so the originator doesn’t just try to keep sending).
Simple Network Management Protocol (SNMP) is a protocol used to observe and manage connected devices on
a network (Goralski, 2017). It allows all of the connected devices to be managed from a single place. SNMP is especially helpful in the management of larger networks.
Domain Name System (DNS) servers translate the internet addresses we use into actual IP addresses. When you type a internet address into a browser, your computer connects to a DNS server to find the actual IP address, so it can actually connect you.
Sources:
Banzal, S. (2015). Data and computer network communication, second edition
. [Books24x7 version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=93080
.
Goralski, W. (2017). The illustrated network: how tcp/ip works in a modern network, second edition
. [Books24x7
version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=127988
.
2.
Modern organizations rely on the Internet for information and research necessary to stay competitive but this access can come with significant risk if they don’t take the necessary steps to safeguard their internal resources from outside attackers. In this week’s reading, various types of firewalls and firewall configurations were discussed. Describe the terms bastion host, DMZ, dual-homed firewall, screened host, and screened subnet and their roles in firewall architectures. A bastion host is the first host to come into contact with data entering a private network (Stewart, 2014). It is intended to be sufficiently hardened because of this and is the most likely to be compromised. Bastion hosts are used in a number of different firewall/DMZ configurations.
A DMZ is a network that exists between the public network and private one (Schmied, 2003). This neutral network that exists between the two networks is meant to make the private network more safe. There are a few different ways to set up a DMZ, depending on the strength of security you want. The most effective version of the DMZ has a firewall on either side of the neutral network.
A dual-homed firewall has interfaces to both the private network and the internet, the two networks and not directly connected, though. All data has to travel through and be filtered by the firewall (Stewart, 2014). A screened host setup has a router on the very outside of the network that filters data and a bastion host just inside the router that is connected to the private network. The big drawback to the screened host is that if the bastion host is compromised, the entire network is vulnerable. See the example below.
A screened subnet is a kind of DMZ. There are two screening firewalls that exist on either end of the DMZ, with
bastion hosts in the middle. This is probably the most expensive and easy to set up, but it’s also probably the most secure setup. See the example below.
Sources:
Schmied, W. & Imperatore, D. (2003). Building dmzs for enterprise networks
. [Books24x7 version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=5920
.
Stewart, J. (2014). Network security, firewalls and vpns, second edition
. [Books24x7 version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=69817
.
3.
Many organizations employ a mobile workforce and/or provide the option of telework to their employees to allow them to work from home. In both situations, a secure means of accessing the corporate network remotely must be provided. Discuss the four main tunneling protocols used to provide virtual private network access between remote users and their corporate network. There are four main tunneling techniques that VPNs use to create secure remote access to corporate networks.
They are Point-to-point Tunneling Protocol (PPTP), IP Security (IPSEC), Layer 2 Tunneling Protocol (L2TP), and Layer 2 Forwarding (L2F).
PPTP was designed by Microsoft. It is probably the least secure of the different protocols because it has a less complicated encryption method. This also makes it faster, but it does come with the drawback of security. PPTP operates at level two of the OSI model.
IPSEC is a VPN tunneling protocol but is also used by other tunneling protocols for encryption purposes. IPSEC is a layer3 protocol and as such only operates at the network level (Bhaiji, 2008). Among these four, IPSEC is the most popular VPN tunneling protocol used currently.
L2F was designed by CISCO to create point-to-point tunneling connections. As the name suggests, L2F operates
at the second layer of the OSI model. One big drawback to L2F was that it did not offer its own encryption. It was eventually replaced by L2TP.
L2TP was created by using some of the better aspects from PPTP and L2F (Stewart, 2014). It also does not provide its own encryption, and is generally paired with IPSEC for that purpose. It can, however, utilize other encryption methods.
Secure Socket Layer (SSL)/Transport Level Security (TLS) is also used to provide VPN security. They usually require a web browser, as it functions on level seven of the OSI model (Stewart, 2014).
Sources:
Bhaiji, Y. (2008). Network security technologies and solutions (ccie professional development series)
. [Books24x7
version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=35321
.
Stewart, J. (2014). Network security, firewalls and vpns, second edition
. [Books24x7 version] Available from http://common.books24x7.com.ezproxy.umuc.edu/toc.aspx?bookid=69817
.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help