Name: Hira Waheed

Roll no: Bcsm-f18-530

Assignment: Computer Networks
Q 1: Describe the Following?

a) Describe TCP vs UDP?

TCP

1. TCP is a connection-oriented protocol. Connection-orientation means

that the communicating devices should establish a connection before
transmitting data and should close the connection after transmitting
the data.
2. TCP is reliable as it guarantees the delivery of data to the destination
router.
3. TCP provides extensive error checking mechanisms. It is because it
provides flow control and acknowledgment of data.
4. Sequencing of data is a feature of Transmission Control Protocol
(TCP). this means that packets arrive in-order at the receiver.
5. TCP is comparatively slower than UDP.
6. Retransmission of lost packets is possible in TCP, but not in UDP.
7. TCP has a (20-60) bytes variable length header.
8. TCP is heavy-weight.
9. TCP doesn’t support Broadcasting.
10. TCP is used by HTTP, HTTPs, FTP, SMTP and Telnet.

UDP

1. UDP is the Datagram oriented protocol. This is because there is no

overhead for opening a connection, maintaining a connection, and
terminating a connection. UDP is efficient for broadcast and multicast
type of network transmission.

2. The delivery of data to the destination cannot be guaranteed in UDP.

3. UDP has only the basic error checking mechanism using checksums.
 4. There is no sequencing of data in UDP. If the order is required, it has
to be managed by the application layer.

5. UDP is faster, simpler, and more efficient than TCP.

6. There is no retransmission of lost packets in the User Datagram
Protocol (UDP).

7. UDP has an 8 bytes fixed-length header.

8. UDP is lightweight.
9. UDP supports Broadcasting.
10. UDP is used by DNS, DHCP, TFTP, SNMP, RIP, and VoIP.

b) VLAN and Inter-VLAN Routing?

VLAN
A VLAN is a group of devices on one or more LANs that are configured to
communicate as if they were attached to the same wire, when in fact they
are located on a number of different LAN segments. Because VLANs are
based on logical instead of physical connections, they are extremely
flexible.

Inter-VLAN
Inter-VLAN routing can be defined as a way to forward traffic between
different VLAN by implementing a router in the network. As we learnt
previously, VLANs logically segment the switch into different subnets, when
a router is connected to the switch, an administrator can configure the
router to forward the traffic between the various VLANs configured on the
switch. The user nodes in the VLANs forwards traffic to the router which
then forwards the traffic to the destination network regardless of the VLAN
configured on the switch.

c)Differentiate between NAT (Network Address Translation and PAT (Port

Address Translation)?

NAT
1. NAT stands for Network Address Translation.
2. In NAT, Private IP addresses are translated into the public IP address.
3. NAT can be considered PAT’s superset.
4. NAT uses IPv4 address.
 5. It have 3 types: Static, Dynamic NAT and PAT/ NAT Overloading/IP
masquerading.

PAT
1. PAT stands for Port Address Translation.

2. In PAT, Private IP addresses are translated into the public IP address via
Port numbers.

3. PAT is a dynamic NAT.

4. PAT also uses IPv4 address but with port number.

5. It also have two types: Static and Overloaded PAT.

Q 2: Describe the Following?

a) Describe Routing (Static vs Dynamic) also explain the basics of
Routing Table?

Dynamic versus Static Routing

Routing tables can contain directly connected, manually configured static
routes and routes learned dynamically using a routing protocol. Network
professionals must understand when to use static or dynamic routing. This
section compares static routing and dynamic routing.

Using Static Routing

Before identifying the benefits of dynamic routing protocols, consider the

reasons why network professionals use static routing. Dynamic routing
certainly has several advantages over static routing; however, static routing
is still used in networks today. In fact, networks typically use a combination
of both static and dynamic routing.

Static routing has several primary uses, including:

 Providing ease of routing table maintenance in smaller networks that

are not expected to grow significantly.
 Routing to and from a stub network, which is a network with only one
default route out and no knowledge of any remote networks.
 Accessing a single default route (which is used to represent a path to
any network that does not have a more specific match with another
route in the routing table).

Static Routing Scorecard

Static routing is easy to implement in a small network. Static routes stay the
same, which makes them fairly easy to troubleshoot. Static routes do not
send update messages and, therefore, require very little overhead.

Advantages
1. Easy to implement in a small network.
 2. Very secure. No advertisements are sent, unlike with
dynamic routing protocols.
3. It is very predictable, as the route to the destination is always
the same.
4. No routing algorithm or update mechanisms are required.
Therefore, extra resources (CPU and memory) are not
required.

Disadvantages
1. Suitable for simple topologies or for special purposes such
as a default static route.
2. Configuration complexity increases dramatically as the
network grows. Managing the static configurations in large
networks can become time consuming.
3. If a link fails, a static route cannot reroute traffic. Therefore,
manual intervention is required to re-route traffic.

Using Dynamic Routing Protocols

Dynamic routing protocols help the network administrator manage the time-
consuming and exacting process of configuring and maintaining static
routes.
What if the company grew and now has four regions and 28 routers to
manage, as shown in Figure 3-4? What happens when a link goes down?
How do you ensure that redundant paths are available?

Dynamic Routing Scorecard

Dynamic routing protocols work well in any type of network consisting of

several routers. They are scalable and automatically determine better
routes if there is a change in the topology. Although there is more to the
configuration of dynamic routing protocols, they are simpler to configure in
a large network.
There are disadvantages to dynamic routing. Dynamic routing requires
knowledge of additional commands. It is also less secure than static routing
because the interfaces identified by the routing protocol send routing
updates out. Routes taken may differ between packets. The routing
algorithm uses additional CPU, RAM, and link bandwidth.

Advantages

1. Suitable in all topologies where multiple routers are required.

2. Generally independent of the network size.
3. Automatically adapts topology to reroute traffic if possible.

Disadvantages

1. Can be more complex to initially implement.

2. Less secure due to the broadcast and multicast routing updates.
Additional configuration settings such as passive interfaces and
routing protocol authentication are required to increase security.
3. Route depends on the current topology.
 b)Describe ICMP IGMP & ARP?

ICMP

Being a supporting protocol in the Internet protocol suite, ICMP is often

preferred by network devices to send error messages and similar information.
Keep reading to learn more!

In order to maintain the security and safety of networks, maintaining a

successful communication between devices is essential. That is why protocols
like ICMP are very important and popular as of today. In this article, we will
discuss what ICMP is and why you need it.

What is ICMP?

ICMP (Internet Control Message Protocol) is a transport level protocol. Simply

put, it is a supporting layer protocol in the Internet protocol suite. The very first
definition of the ICMP was penned by Jon Postel who is considered as one of
the founding fathers of the Internet. The original definition of the ICMP has
been altered several times and the latest description of ICMP is specified in
RFC 792 in detail. This latest description was published in September 1981.

ICMP is stacked on the Internet Layer and supports the core Internet protocol.
It is considered as one of the most essential systems that allow the internet to
work flawlessly.

What is the purpose of ICMP?

IP does not have a built-in mechanism that sends control messages and error
messages. That is why a protocol like ICMP is needed. Practically, ICMP
offers error control and often it is employed to report errors,
send management queries and operations information.

Network devices like routers need to use the ICMP in order to send the error
messages. That is why ICMP is considered as a supporting protocol.
It is a known fact that the lower Internet Layer does not need to be concerned
with assuring the connection, yet ICMP is very much needed for important
feedback when things go out of order.

What are the ICMP message codes?

ICMP offers feedback and information regarding errors, control messages and
management queries. The first code field in the ICMP block singlehandedly
manages to convey a great deal of information. Below you can find some of
the most relevant values the first code field can have and their meaning:

0: Echo Reply. It is used for ping.

3: Destination is unreachable.

4: Source quench. It means that the router is overloaded.

5: Redirect. It denotes the use of another router.

8: Echo Request. Similar to 0, it is used for ping.

9: Router advertisement reply.

10: Router solicitation.

11: Time Exceeded. It is used for traceroute.

Smurf attacks and ICMP

Sometimes, equipment owners might prefer turning the ICMP features off. It
might sound odd at first since ICMP capabilities provide an important service
for the router yet there is a reason behind why people shut ICMP off: Smurf
attacks!

Hackers can use ICMP properties in order to conduct a smurf attack. Since

smurf attacks employ a reflector strategy, the echo request of the ICMP can be
exploited for hacking purposes. The hacker finds their way into the broadcast
address on the network and manipulates the system to send out echo requests.
As a result, devices on the network replies the host router of that broadcast IP
address with an echo.

IGMP
IGMP is acronym for Internet Group Management Protocol. IGMP is a
communication protocol used by hosts and adjacent routers for
multicasting communication with IP networks and uses the resources
efficiently to transmit the message/data packets. Multicast communication
can have single or multiple senders and receivers and thus, IGMP can be
used in streaming videos, gaming or web conferencing tools. This protocol
is used on IPv4 networks and for using this on IPv6, multicasting is
managed by Multicast Listener Discovery (MLD). Like other network
protocols, IGMP is used on network layer. MLDv1 is almost same in
functioning as IGMPv2 and MLDv2 is almost similar to IGMPv3.
The communication protocol, IGMPv1 was developed in 1989 at Stanford
University. IGMPv1 was updated to IGMPv2 in year 1997 and again
updated to IGMPv3 in year 2002.

Applications:
 Streaming –
Multicast routing protocol are used for audio and video streaming over
the network i.e., either one-to-many or many-to-many.
 Gaming –
Internet group management protocol is often used in simulation games
which has multiple users over the network such as online games.
 Web Conferencing tools –
Video conferencing is a new method to meet people from your own
convenience and IGMP connects to the users for conferencing and
transfers the message/data packets efficiently.

Types:
There are 3 versions of IGMP. These versions are backward compatible.
Following are the versions of IGMP:
 1. IGMPv1 :
The version of IGMP communication protocol allows all the
supporting hosts to join the multicast groups using
membership request and include some basic features. But,
host cannot leave the group on their own and have to wait for
a timeout to leave the group.
The message packet format in IGMPv1:

 Version –
Set to 1.
 Type –
1 for Host Membership Query and Host Membership Report.
 Unused –
8-bits of zero which are of no use.
 Checksum –
It is the one’s complement of the one’s complement of the sum of IGMP
message.
 Group Address –
The group address field is zero when sent and ignored when received in
membership query message. In a membership report message, the group
address field takes the IP host group address of the group being reported.
 2. IGMPv2 :
IGMPv2 is the revised version of IGMPv1 communication protocol. It has
added functionality of leaving the multicast group using group
membership.
The message packet format in IGMPv2:
 Max Response Time –
This field is ignored for message types other than membership query. For
membership query type, it is the maximum time allowed before sending a
response report. The value is in units of 0.1 seconds.
 Checksum –
It is the one’s complement of the one’s complement of the sum of IGMP
message.
 Group Address –
It is set as 0 when sending a general query. Otherwise, multicast address
for group-specific or source-specific queries.

3. IGMPv3 :
IGMPv2 was revised to IGMPv3 and added source-specific multicast and
membership report aggregation. These reports are sent to 224.0.0.22.
The message packet format in IGMPv3:
 Max Response Time –
This field is ignored for message types other than membership query. For
membership query type, it is the maximum time allowed before sending a
response report. The value is in units of 0.1 seconds.
 Checksum –
It is the one’s complement of the one’s complement of the sum of IGMP
message.
 Group Address –
It is set as 0 when sending a general query. Otherwise, multicast address for
group-specific or source-specific queries.
 Resv –
It is set zero of sent and ignored when received.
 S flag –
It represents Suppress Router-side Processing flag. When the flag is set, it
indicates to suppress the timer updates that multicast routers perform upon
receiving any query.
 QRV –
It represents Querier’s Robustness Variable. Routers keeps on retrieving the
QRV value from the most recently received query as their own value until the
most recently received QRV is zero.
 QQIC –
It represents Querier’s Query Interval Code.
 Number of sources –
It represents the number of source addresses present in the query. For
 general query or group-specific query, this field is zero and for group-and-
source-specific query, this field is non-zero.
 Source Address[i] –
It represents the IP unicast address for N fields.
Working:
IGMP works on devices that are capable of handling multicast groups and
dynamic multicasting. These devices allows the host to join or leave the
membership in the multicast group. These devices also allows to add and
remove clients from the group. This communication protocol is operated
between host and local multicast router. When a multicast group is created, the
multicast group address is in range of class D (224-239) IP addresses and is
forwarded as destination IP address in the packet.

L2 or Level-2 devices such as switches are used in between host and multicast
router for IGMP snooping. IGMP snooping is a process to listen to the IGMP
network traffic in controlled manner. Switch receives the message from host
and forwards the membership report to the local multicast router. The multicast
traffic is further forwarded to remote routers from local multicast routers using
PIM (Protocol Independent Multicast) so that clients can receive the
message/data packets. Clients wishing to join the network sends join message
in the query and switch intercepts the message and adds the ports of clients to
its multicast routing table.
Advantages:
 IGMP communication protocol efficiently transmits the multicast data to
the receivers and so, no junk packets are transmitted to the host which
shows optimized performance.
 Bandwidth is consumed totally as all the shared links are connected.
 Hosts can leave a multicast group and join another.
Disadvantages:
 It does not provide good efficiency in filtering and security.
 Due to lack of TCP, network congestion can occur.
 IGMP is vulnerable to some attacks such as DOS attack (Denial-Of-
Service).
ARP
Address Resolution Protocol (ARP) is a protocol or procedure that connects an ever-
changing Internet Protocol (IP) address to a fixed physical machine address, also
known as a media access control (MAC) address, in a local-area network (LAN). 

This mapping procedure is important because the lengths of the IP and MAC addresses
differ, and a translation is needed so that the systems can recognize one another. The
most used IP today is IP version 4 (IPv4). An IP address is 32 bits long. However, MAC
addresses are 48 bits long. ARP translates the 32-bit address to 48 and vice versa.

There is a networking model known as the Open Systems Interconnection (OSI) model.

First developed in the late 1970s, the OSI model uses layers to give IT teams a
visualization of what is going on with a particular networking system. This can be helpful
in determining which layer affects which application, device, or software installed on the
network, and further, which IT or engineering professional is responsible for managing
that layer. 

The MAC address is also known as the data link layer, which establishes and
terminates a connection between two physically connected devices so that data transfer
can take place. The IP address is also referred to as the network layer or the layer
responsible for forwarding packets of data through different routers. ARP works
between these layers.
HOW DOES ARP WORK?

When a new computer joins a LAN, it is assigned a unique IP address to use for
identification and communication. 

Packets of data arrive at a gateway, destined for a particular host machine. The

gateway, or the piece of hardware on a network that allows data to flow from one
network to another, asks the ARP program to find a MAC address that matches the IP
address. The ARP cache keeps a record of each IP address and its matching MAC
address. The ARP cache is dynamic, but users on a network can also configure a
static ARP table containing IP addresses and MAC addresses.

ARP caches are kept on all operating systems in an IPv4 Ethernet network. Every time
a device requests a MAC address to send data to another device connected to the LAN,
the device verifies its ARP cache to see if the IP-to-MAC-address connection has
already been completed. If it exists, then a new request is unnecessary. However, if the
translation has not yet been carried out, then the request for network addresses is sent,
and ARP is performed.

An ARP cache size is limited by design, and addresses tend to stay in the cache for
only a few minutes. It is purged regularly to free up space. This design is also intended
for privacy and security to prevent IP addresses from being stolen or spoofed by
cyberattackers. While MAC addresses are fixed, IP addresses are constantly changing.

In the purging process, unutilized addresses are deleted; so is any data related to
unsuccessful tries to communicate with computers not connected to the network or that
are not even powered on.
WHAT ARE THE TYPES OF ARP?

There are different versions and use cases of ARP. Let us take a look at a few.
PROXY ARP

Proxy ARP is a technique by which a proxy device on a given network answers

the ARP request for an IP address that is not on that network. The proxy is aware of the
location of the traffic's destination and offers its own MAC address as the destination. 
GRATUITOUS ARP

Gratuitous ARP is almost like an administrative procedure, carried out as a way for a
host on a network to simply announce or update its IP-to-MAC address. Gratuitous ARP
is not prompted by an ARP request to translate an IP address to a MAC address.
REVERSE ARP (RARP)

Host machines that do not know their own IP address can use the Reverse Address
Resolution Protocol (RARP) for discovery.
INVERSE ARP (IARP)

Whereas ARP uses an IP address to find a MAC address, IARP uses a MAC address to
find an IP address.
WHY IS ARP NECESSARY?

ARP is necessary because the software address (IP address) of the host or computer
connected to the network needs to be translated to a hardware address (MAC address).
Without ARP, a host would not be able to figure out the hardware address of another
host. The LAN keeps a table or directory that maps IP addresses to MAC addresses of
the different devices, including both endpoints and routers on that network.

This table or directory is not maintained by users or even by IT administrators. Instead,

the ARP protocol creates entries on the fly. If a user's device does not know the
hardware address of the destination host, the device will send a message to every host
on the network asking for this address. When the proper destination host learns of the
request, it will reply back with its hardware address, which will then be stored in the
ARP directory or table. 

If ARP is not supported, manual entries can be made to this directory. 

c)What are the four basic requirements of a reliable

network?

The four basic requirements for a reliable network include fault tolerance, scalability, quality
of service, and security. These requirements are explained below

FAULT TOLERANCE
The first requirement for a reliable network is that it needs to be fault-tolerant. The fault
tolerance of a network means that it requires having the capability to continue data
deliverance in case of any hardware failure. For fault-tolerance network, there need to be
backups for the network hardware. The users trust more fault-tolerant networks, which has
backups instead of the one with a single hardware and no backup.

SCALABILITY
Scalability is an important requirement for reliable networks, as, with the increasing amount
of smart devices, every network needs to be scalable, to quickly adopt new devices in the
network. There are also various algorithms or structure designs which are used to increase
the scalability of a network, such as a tree structure. Scalability is more important in the
case of large networks.

QOS
QoS (Quality of Service) is also important for providing a reliable network to users. QoS is
responsible for the reliable delivery of communications in the network. It also has the
responsibility of avoiding congestions in the network. The QoS of a network can be
maintained through different algorithms, that can also be used for traffic congestions.

SECURITY
It is a significant factor for a reliable network. Security of a network consists of the main
elements, such as confidentiality, integrity, and availability. These three aspects of security
define the security policies for the network, and the network is considered secure if the
security policies cover all loopholes in the network.

d)What are some basic security threats and solutions to

both small and large networks?
WHAT IS A NETWORK?
 The computers connected through intranet together in an order to serve a number of
users in a particular area like in an office can be termed as a Network.

WHAT IS NETWORK SECURITY?

Network security deals with aspects like prevention of unauthorized access, termination
of misuse and denial of the service problems. Security may be referred to as
complementing factors like: confidentiality, integrity and availability (CIA). If you are
thinking that this is it, you are absolutely wrong.

DIFFERENT TYPES OF NETWORK THREATS

Following are the types of threats against which a network is vulnerable to:

THREAT #1 DOS ERROR & DDOS ERROR

DOS, a short form of Denial of Service and DDOS short form of Distributed Denial of
Service are superior amongst all the threats as they are very difficult to get rid of. In

addition, they easily get launched and are cumbersome to track.

How can one generate such an attack?

It is very simple; just keep sending more and more requests to the system than that it
can handle all along. With the invention of the toolkit, it has become way easy to disturb
any website’s availability. In DOS an attacker’s program will establish a connection on a
service port, obviously counterfeiting the packet’s header details and then leaves the
connection. Now if the host can handle 20 requests per second and the attacker is
sending 50 requests per second, then it may cause the host server down due to mass
fake requests. In this case, the server cannot accept the legitimate requests as well due
to fake requests and it shows the unavailability of the server to a legitimate user.

S ECURITY S OLUTIONS

 Monitoring the packets to save your server from the entrance of the counterfeit packets.
 Timely upgrading of the security patches on your host’s operating system.
 Beware of the running your server very close to the last level of the capacity.

THREAT #2 UNAUTHORIZED ACCESS

This is the most harmful threat as it leads to the loss of significant information and also
to further attacks which could be worse than this. An attacker unknowingly gains access
to your authorized section and steals sensitive resources. Suppose a host also playing
the role of a web server has to provide web pages as per the request. But the host
 should not allow anybody to access the command shell without being sure about the
identity of the user.

S ECURITY S OLUTIONS

 Enforce strong authentication strategies.

 Keeping usernames and passwords secret from the unreliable sources.
 Not providing unnecessary access to any user or even to any employee.

THREAT #3 EAVESDROPPING
Another greatest security threat in the network. During eavesdropping, an intruder
intercepts the packages of data transferred over HTTP (through monitoring software),
modifies the data and misuses them in order to harm the network. It is really a
dangerous threat as there are many tools named as Sniffers available and developed
frequently to intercept the data packages.

S ECURITY S OLUTIONS

 Entertaining encryption strategy will secure you a way out from eavesdropping. Using encryption
measures like digital certificates (SSL certificates) will definitely lessen the risk of eavesdropping attacks.
 Apply network segmentation which will prevent eavesdropping as well as other network attacks.
 Employing Network Access Control enhances the security of your network by checking the
authenticity of every device before establishing any connection.

 PRODUCTS
o Single Domain SSL
o Domain Validation SSL
o Organization Validation SSL
o EV SSL Certificates
o Wildcard SSL Certificates
o Multi-Domain / SAN SSL
o Exchange Server SSL
o Code Signing Certificates
 SSL BRANDS
o Comodo
o RapidSSL
o GeoTrust
o Thawte
o DigiCert
o Symantec
 DEALS
 PARTNERS
 FREE TOOLS
 12 NETWORK SECURITY THREATS AND THEIR
SOLUTIONS
Posted on February 8, 2021 by ClickSSL

Security plays a very critical factor in almost every field either it is an organization, a
governmental entity, a country, or even your house. Computers, mobile devices, and
Internet are also facing a surplus amount of security challenges day by day.

Computers/mobiles are now included in the list of the basic necessities of a human
being. From simple mathematical calculation to storing data, building applications,
communicating with the world and so on we all depend completely on these devices.

As far as the security risks in mobiles/computers are concerned, virus attacks, stealing

of data, deletion of data and damage to hardware can be taken into consideration.

Single Domain SSL certiifcate – Affordable Solution for

Eavesdropping, IP Spoofing and Man-in-the-middle-attack

WHAT IS A NETWORK?
The computers connected through intranet together in an order to serve a number of
users in a particular area like in an office can be termed as a Network.
 WHAT IS NETWORK SECURITY?
Network security deals with aspects like prevention of unauthorized access, termination
of misuse and denial of the service problems. Security may be referred to as
complementing factors like: confidentiality, integrity and availability (CIA). If you are
thinking that this is it, you are absolutely wrong.

DIFFERENT TYPES OF NETWORK THREATS

Following are the types of threats against which a network is vulnerable to:

THREAT #1 DOS ERROR & DDOS ERROR

DOS, a short form of Denial of Service and DDOS short form of Distributed Denial of
Service are superior amongst all the threats as they are very difficult to get rid of. In
addition, they easily get launched and are cumbersome to track.

How can one generate such an attack?

It is very simple; just keep sending more and more requests to the system than that it
can handle all along. With the invention of the toolkit, it has become way easy to disturb
any website’s availability. In DOS an attacker’s program will establish a connection on a
service port, obviously counterfeiting the packet’s header details and then leaves the
connection. Now if the host can handle 20 requests per second and the attacker is
sending 50 requests per second, then it may cause the host server down due to mass
fake requests. In this case, the server cannot accept the legitimate requests as well due
to fake requests and it shows the unavailability of the server to a legitimate user.

S ECURITY S OLUTIONS

 Monitoring the packets to save your server from the entrance of the counterfeit packets.
 Timely upgrading of the security patches on your host’s operating system.
 Beware of the running your server very close to the last level of the capacity.

THREAT #2 UNAUTHORIZED ACCESS

This is the most harmful threat as it leads to the loss of significant information and also
to further attacks which could be worse than this. An attacker unknowingly gains access
to your authorized section and steals sensitive resources. Suppose a host also playing
the role of a web server has to provide web pages as per the request. But the host
should not allow anybody to access the command shell without being sure about the
identity of the user.

S ECURITY S OLUTIONS
 Enforce strong authentication strategies.
 Keeping usernames and passwords secret from the unreliable sources.
 Not providing unnecessary access to any user or even to any employee.

THREAT #3 EAVESDROPPING
Another greatest security threat in the network. During eavesdropping, an intruder
intercepts the packages of data transferred over HTTP (through monitoring software),
modifies the data and misuses them in order to harm the network. It is really a
dangerous threat as there are many tools named as Sniffers available and developed
frequently to intercept the data packages.

S ECURITY S OLUTIONS

 Entertaining encryption strategy will secure you a way out from eavesdropping. Using encryption
measures like digital certificates (SSL certificates) will definitely lessen the risk of eavesdropping attacks.
 Apply network segmentation which will prevent eavesdropping as well as other network attacks.
 Employing Network Access Control enhances the security of your network by checking the
authenticity of every device before establishing any connection.

THREAT #4 IP SPOOFING
IP spoofing means presuming the IP of a network, creating an illusion of being a valid IP
by creating Internet Protocol packets with disguised intentions of harming the actual
owner of the IP address.

By forging the headers in order to insert fallacious information in the e-mail headers to
mislead the receiver from the original destination is also a type of spoofing which is
known as Spamming.

S ECURITY S OLUTIONS

 Filtering of packets entering into the network is one of the methods of preventing Spoofing. On
other hand, filtering of incoming and outgoing traffic should also be implemented.
 ACLs help prevent Spoofing by not allowing falsified IP addresses to enter.
 Accreditation to encryption should be provided in order to allow only trusted hosts to
communicate with.
 SSL certificates should be used to reduce the risk of spoofing to a greater extent.

THREAT #5 MAN-IN-THE-MIDDLE-ATTACK
MITM is one of the most dreadful network threats. An intruder here establishes an
independent connection with both sender and receiver, intercepts their messages one
by one, modifies those messages and relays them back to the sender and receiver. This
 all occurs so smoothly that both the sender and receiver never come to know that they
are being overheard by someone. In addition, it exposes your network to several other
threats.

S ECURITY S OLUTIONS

 Using Public Key Infrastructures based authentications. It not only protects the applications from
eavesdropping and other attacks but also validates the applications as a trusted ones. Both the ends are
authenticated hence preventing (MITM) Man-in-the-middle-attack.
 Setting up passwords and other high-level secret keys in order to strengthen the mutual
authentication.
 Time testing techniques such as Latency examination with long cryptographic hash functions
confirming the time taken in receiving a message by both ends. Suppose if the time taken by a message
to be delivered at one end is 20 seconds and if the total time taken exceeds up to 60 seconds then it
proves the existence of an attacker.

THREAT #6 BRUTE FORCE ATTACKS

A brute Force attack is performed to guess the maximum combination of passwords. It
is researched that 5% of attacks are responsible for Brute Force attack. An attacker
does not interfere in the user’s task but works on each keystroke a user types and
guess the combination of username and passwords. The attacker checks all
passphrases and passwords until a correct match is not found.

S ECURITY S OLUTIONS

 A user should increase the password’s length, and the complexity of a password should be
increased.
 A limited login should be enabled like after three failed attempts; a user will be locked.
 Multi-factor Authentication can help to avert brute force attack as it works as an additional layer
when a login attempt is made.

THREAT #7 BROWSER ATTACKS

Browser attack is intended to expose sensitive information like a credit card, login
details, and other details. When a browser is compromised, the attackers gain access
end-user system. Attackers can infiltrate the network by hijacking the browser and
spread malicious code to steal the information. Browser attack includes social
engineering attack, buffer overflow, XSS attack, man-in-the-browser attack.

S ECURITY S OLUTIONS

 Enterprise can use browser isolation where a website runs in a cloud to access it.
 Antivirus is a solution to prevent browser attack at some point.
 Operating system isolation is an option where each device is divided into multiple segments and
its operating system. Each device will connect to the invisible network virtualization layer.

THREAT #8 SSL/TLS ATTACKS

SSL creates a protected tunnel using strong authentication for data transmission
between the client and a server. The attacker uses an unencrypted session to attack
flowing plain text data. Almost 6% of total network attacks accounted for SSL attacks.
To prevent SSL attacks, network testing is performed and shielded from upcoming
attacks.

S ECURITY S OLUTIONS

 The network admin can perform penetration testing, intrusion testing, as well limit network access
control.
 Implement an HSTS policy in which a browser is forced to allow open HTTPS pages only.
 Enable HTTPS on a domain name. Educate users about the use of HTTPS.

THREAT #9 DNS QUERY ATTACK

DNS Query attack refers to a manipulated act in which an attacker finds a DNS
vulnerability (Domain Name System) and takes advantage of it. Attackers sniff a plain
text communication between the client and DNS servers. DNS converts the domain
name into an IP address. The zero-Day attack, Denial of Service, DDoS attack, DNS
amplification, Fast-Flux DNS are few types of DNS Query attack. In few cases,
attackers steal login credentials of the DNS provider’s website and use them to redirect
DNS records.

S ECURITY S OLUTIONS

 Prevent cache by limiting users’ access to resolver as hackers could not manipulate a resolver’s
cache. It would help if you closed any open resolver on the network.
 Do audit your DNS zones, including CNAME, MX records, and IP addresses. Moreover, it would
be best to keep an updated DNS server in case of your servers.
 Keep authoritative and resolving functions separately using different servers.

THREAT #10 PING SWEEP ATTACK

Ping is a utility that confirms whether the host is alive (active) or dead (shut down). The
host can be a computer, system, website, printer, or network. Ping sweep attack refers
to collect the information by finding alive hosts, which uses Internet Control Message
Protocol (ICMP) or two-way handshake protocol. Ping sweep attack includes two-way
communication like sending data from a single host and validates the data by another
 host along with acknowledgment. The acknowledgment shows either a ping was sure-
fire or not.

S ECURITY S OLUTIONS
 
ICMP functionality should be disabled about a specific router or any device. Disable the
send and receive ability of ICMP includes request processing and Echo reply.
Consequently, the device will not accept any ping request.

THREAT #11 PACKET CAPTURING ATTACK

Packet capturing attack refers to sniffing and capturing data packet that passes through
a network. Administrator watches and tracks data traffic. Attackers can capture data
packets from the network and extract information like passwords, login details,
payment-related information.

S ECURITY S OLUTIONS

 Users should avoid free public Wi-Fi or any unsecured network to avoid data sniffing over the
network.
 Use of encryption that binds travelling information between network and users.
 Scan and monitor the traffic on the network to find any suspicious activity.
 Hire a certified ethical hacker to watch over network activities.

THREAT #12 RECONNAISSANCE ATTACK

A reconnaissance attack is a piece of collecting information through physical
reconnaissance, network examining, social engineering. Ping sweep, phishing, packet
sniffing are few examples of Reconnaissance attacks. Attackers keenly observe social
media profiles and find loopholes in the network, applications, and services and search
the area to take advantage of them.

S ECURITY S OLUTIONS

 Do continuous inspect network traffic to stop port scanning.

 Run security awareness training for users to give them an idea about what to share and what not
to.
 Conduct audit of logical and physical security in the office

These were some of the vulnerabilities prevailing in network security. Other prevalent
vulnerabilities consist of data loss, data modification, sniffer attack, application-layer
attack, password-based attacks and so on.

Security stands as the toughest challenge as it gets more and more vulnerable to
attacks day by day.
 As far as the network security is concerned, paying attention to some of the aspects will
help to achieve proper secure environment such as:

 Backing up the data regularly

 Store the data on a reliable medium.
 Update your patches
 Install SSL certificates to stay ahead of threats
 Upgrading Firewalls with ACLs (Access Control Lists), Demilitarized Zone (DMZ), Proxy and
routers.