PRACTICAL LESSON 1.

1) Explain the operation and role of the IP protocol stack.

a) Application layer
Application layer defines TCP/IP application protocols and how host programs interface with
Transport layer services to use the network. Application layer includes all the higher-level
protocols like DNS (Domain Naming System), HTTP (Hypertext Transfer Protocol), FTP (File
Transfer Protocol), SMTP (Simple Mail Transfer Protocol) etc.

b) Transport layer
The third layer of the four layer TCP/IP model. Under the application layer in the protocol stack
is the TCP layer. When applications open a connection to another computer on the Internet, the
messages they send (using a specific application layer protocol) get passed down the stack to
the TCP layer. TCP is responsible for routing application protocols to the correct application on
the destination computer. To accomplish this, port numbers are used. Ports can be thought of as
seperate channels on each computer.

c) Network layer
The second layer of the four layer TCP/IP model. Internet layer pack data into data packets
known as IP datagrams, which contain source and destination address (logical address or IP
address) information that is used to forward the datagrams between hosts and across networks.
The most famous protocol included at Internet layer is IP (Internet Protocol).

d) Datalink layer

The first lowest layer of the TCP/IP model. It defines details of how data is physically sent
through the network, including how bits are electrically or optically signaled by hardware devices
that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted pair
copper wire. The protocols included in Network Access Layer are Ethernet, Token Ring, FDDI
etc.
2. Provide information regarding the key network devices for these layers.

a) Application Layer.

This is where end-user services, such as email, file transfers, and web browsing, take place.
Servers and gateway devices that facilitate communication at this layer are key components.

Key Protocols: HTTP, HTTPS, FTP, SMTP

Key Network Devices: Web servers, Email servers, Proxy servers, Gateways

b) Transport Layer.
Responsible for end-to-end communication and data flow control. Devices like firewalls and load
balancers operate at this layer to manage traffic and ensure reliable communication.

Key Protocols: TCP (Transmission Control Protocol), UDP (User Datagram Protocol)

Key Network Devices: Gateways, Firewalls, Load balancers

c) Network Layer.
Focuses on routing and forwarding data packets between devices in different networks. Routers
are the primary devices operating at this layer, making decisions about the best path for data to
travel.

Key Protocols: IP (Internet Protocol), ICMP (Internet Control Message Protocol), Routing
Protocols (e.g., RIP, OSPF, BGP)

Key Network Devices: Routers, Layer 3 Switches, IP Addressing

d) Data Link Layer.

Deals with the physical addressing of data frames. Switches and bridges operate at this layer to
forward data within the same network based on MAC addresses

Key Protocols: Ethernet, PPP (Point-to-Point Protocol), MAC (Media Access Control)

Key Network Devices: Switches, Bridges, NICs (Network Interface Cards)

3. Network monitoring systems (NMS) is a tool that can track various aspects of a network and
its operation, such as health status, bandwidth utilization, security risk and uptime. The
process of discovering, mapping, and monitoring the network is important for keeping the
availability of operations and to ensure that the business can run smoothly.

Based on the statement above, you are required to explore and generate your findings briefly
regarding the NMS.

a) Find an NMS on any website and explain the characteristics and the functionality. (Why
is it different from the other NMS? How optimized is the system when handling multiple
networks?)

Auvik is a Canadian software company that builds monitoring tools for enterprise networks,
security, and other IT infrastructure components.

Key features: The key features of Auvik include:

Detailed analytics: Auvik analyzes distributed networks to surface clear and natural language
insights through its TrafficInsights™ capability.

Broad compatibility: It is compatible with all your network devices, software apps, and
protocols.

Streamlined dashboards: It has smartly designed dashboards that present the most relevant
insights at a glance.

Customizable alerts: You can choose between pre-configured alerts and fully customized,
organization-specific alerts.

Multiple user interfaces: Auvik works via web-based, desktop, and mobile interfaces.

b) Show the interface of the NMS (network performance, health status, security risk, etc).
Provide a screenshot to support your evidence.
c) Explain how to examine network performance report based on the following
components:
i) List of Discovered Devices:
1) Inventory Analysis:

Review the list of discovered devices to ensure it includes all network components, such
as routers, switches, servers, and endpoints.

Check for any missing or unauthorized devices that might pose a security or compliance
risk.

2) Categorization and Organization:

Organize the list by device type, location, or other relevant categories to facilitate easier
analysis.

Verify that devices are correctly categorized and labeled for efficient management.

3) Status Indicators:

Look for status indicators next to each device to quickly identify any that are offline,
experiencing issues, or require attention.

ii) Performance:
1) Real-time Monitoring:

Examine real-time performance metrics for each device, such as response time, latency,
and packet loss.

Identify any anomalies or spikes in performance that may indicate potential issues.
 2) Historical Performance Trends:

Analyze historical data to identify trends in performance over time.

Look for patterns or recurring issues that may require further investigation.

3) Threshold Alerts:

Check if the performance report includes threshold alerts. These alerts notify you when
certain performance metrics exceed predefined limits.

Investigate instances where thresholds are breached to proactively address potential

problems.

iii) Utilization:
1) Bandwidth Utilization:

Examine bandwidth utilization reports for network links and devices.

Identify high-traffic periods and ensure that there is sufficient bandwidth to meet
demand.

2) Resource Utilization:

Evaluate resource utilization on servers and other critical devices.

Look for signs of resource exhaustion, such as high CPU or memory usage.

iv) Uptime:
1) Uptime Percentage:

Review the overall uptime percentage for the network.

Identify any periods of downtime and assess their impact on operations.

2) Downtime Analysis:

Investigate the causes of downtime by examining event logs or incident reports.

Identify recurring issues and implement preventive measures.

3) SLA Compliance:

If applicable, check if the network's uptime aligns with service level agreement (SLA)
commitments.

Address any deviations from agreed-upon service levels.

Providing an optimize network is important to the users to ensure that they have an excellent
experience when accessing the Internet. In order to analyse the performance of the network, we
have to make sure that every detail regarding the network has been recorded in network
documentations.

4. Explain the component of the network report that consists of the following:

a. List of discovered devices

This section of the network report provides a comprehensive list of all the devices that are currently
connected to the network. It includes information such as the device name, IP address, MAC address,
and possibly other details like device type and manufacturer. This list is essential for network
administrators to keep track of all active devices on the network and to identify any unauthorized or
suspicious devices.

b. Performance

The performance section of the network report focuses on the overall speed, responsiveness, and
efficiency of the network. It may include metrics such as latency, throughput, and packet loss.
Monitoring performance is crucial for ensuring that the network meets the required standards and is
capable of handling the data traffic without significant delays or disruptions.

c. Utilization

Utilization refers to the usage or consumption of network resources such as bandwidth, CPU, memory,
and storage. This section of the report provides information on how these resources are being utilized
across various components of the network. High utilization in certain areas may indicate potential
bottlenecks or areas that require optimization to ensure smooth network operation

d. Uptime

Uptime is a measure of the time that a network or a specific device has been operational without any
interruptions or downtime. This component of the network report shows the percentage or duration of
time that the network has been up and running successfully. Monitoring uptime is crucial for assessing
the reliability and stability of the network, and it helps identify any issues that may be affecting
continuous operation.
5. What is the difference between health status report, network security risk report and network
performance report?

i) Health Status Report:

Focus: The health status report provides an overall assessment of the general well-being
and operational status of the network.

Content: It typically includes information about the status of network devices, connectivity,
and overall system stability. This report may cover aspects such as device availability,
uptime, and the presence of any faults or issues.

Purpose: The primary goal of a health status report is to give network administrators a quick
overview of the network's current state, helping them identify and address any potential
problems affecting its functionality.

ii) Network Security Risk Report:

Focus: The network security risk report concentrates on evaluating the security posture of
the network and identifying potential vulnerabilities or risks.

Content: It includes information about security incidents, vulnerabilities, and risks that may
compromise the confidentiality, integrity, or availability of data. This report may cover topics
such as firewall logs, intrusion detection/prevention system alerts, and information about
security patches or updates.

Purpose: The main objective of a network security risk report is to assist in maintaining a
secure network environment. It helps administrators prioritize and address security
concerns, ensuring the confidentiality and integrity of sensitive data.

iii) Network Performance Report:

Focus: The network performance report centers on assessing the efficiency and
effectiveness of the network in terms of data transfer, responsiveness, and overall user
experience.

Content: It typically includes metrics such as latency, throughput, packet loss, and
bandwidth utilization. This report may also cover trends in network performance over time
and provide insights into the usage patterns of network resources.

Purpose: The primary purpose of a network performance report is to help administrators

optimize the network for better speed, reliability, and responsiveness. It aids in identifying
bottlenecks, optimizing resource utilization, and ensuring that the network meets
performance requirements.
6. In network security risk report, provide an explanation regarding these elements below:

a. Security Patches Update:

Explanation: This element focuses on the status of applying security patches to the network devices
and systems. Security patches are updates provided by software vendors to fix vulnerabilities and
address security issues in their products. The report would assess whether all devices have the latest
security patches installed to mitigate the risk of known vulnerabilities being exploited by malicious
actors.

b. Access Control List (ACL):

Access Control Lists are sets of rules that determine what network traffic is allowed or denied. This
element in the report would examine the configuration and effectiveness of ACLs. It ensures that only
authorized users and devices have access to specific resources, preventing unauthorized access and
reducing the risk of security breaches.

c. Port Status:

Port status refers to the operational state of network ports on devices (e.g., switches, routers). In the
context of security, the report would assess whether unused or unnecessary ports are disabled to
minimize potential entry points for unauthorized access. It also checks for any open ports that might
pose a security risk and need to be properly secured.

d. DHCP Snooping:

Dynamic Host Configuration Protocol (DHCP) snooping is a security feature that helps prevent rogue
DHCP servers from distributing incorrect or malicious IP configuration information. The report would
evaluate whether DHCP snooping is enabled and properly configured on the network to mitigate the
risk of unauthorized devices distributing incorrect network settings.

e. SSH and SNMPv3 Configuration:

SSH (Secure Shell): SSH is a secure protocol used for remote access to network devices. The report
would assess the configuration of SSH, ensuring that it is enabled for secure remote administration and
that strong authentication and encryption methods are used.

SNMPv3 (Simple Network Management Protocol version 3): SNMP is a protocol used for monitoring
and managing network devices. The report would focus on the configuration of SNMPv3, which
provides enhanced security features compared to earlier versions. It checks for proper authentication
and encryption settings to protect against unauthorized access and data interception.
7. Propose the recommendations for enhancing your networks based on your findings.

To propose recommendations for enhancing your network based on the findings from the security risk
report, consider the following suggestions:

i) Security Patches Update:

Recommendation: Implement a robust patch management system to ensure timely

installation of security updates on all network devices. Regularly monitor vendor
announcements for patches and establish a schedule for testing and deploying updates to
minimize the window of vulnerability.

ii) Access Control List (ACL):

Recommendation: Review and update ACLs to adhere to the principle of least privilege.
Remove any unnecessary rules and restrict access to only essential services and devices.
Regularly audit and monitor ACL configurations to ensure they align with security policies.

iii) Port Status:

Recommendation: Conduct a thorough review of network device ports and disable any
unused or unnecessary ports to reduce the attack surface. Implement port security features
to restrict access and mitigate the risk of unauthorized connections. Regularly scan for open
ports and investigate any that may pose a security risk.

iv) DHCP Snooping:

Recommendation: Enable and configure DHCP snooping on the network devices to prevent
rogue DHCP servers. Ensure that DHCP servers are properly authorized, and only trusted
devices are allowed to distribute IP configuration information. Regularly monitor DHCP logs
for any suspicious activity.

v) SSH and SNMPv3 Configuration:

Recommendation - SSH:

Configure SSH to use strong encryption algorithms and enforce secure authentication
methods (e.g., key-based authentication).

Disable any unused or insecure versions of the SSH protocol to enhance security.

Recommendation - SNMPv3:

Implement SNMPv3 for improved security by using strong authentication and encryption
mechanisms.

Change default SNMP community strings and set proper access controls to restrict SNMP
access to authorized systems.
vi) Continuous Monitoring:

Recommendation: Implement a continuous monitoring system to detect and respond to

security incidents in real-time. Utilize intrusion detection/prevention systems, log analysis
tools, and security information and event management (SIEM) solutions to enhance visibility
into network activities.

vii) Employee Training and Awareness:

Recommendation: Conduct regular security awareness training for employees to educate

them on security best practices, phishing prevention, and the importance of reporting
security incidents promptly. An informed user base is a critical component of a secure
network.

viii) Incident Response Plan:

Recommendation: Develop and regularly update an incident response plan outlining the
steps to be taken in the event of a security incident. Ensure that the IT team is well-trained
on incident response procedures to minimize the impact of security breaches.