EIGHT WEEKS INDUSTRIAL

TRAINING
REPORT
On
“NETWORK SECURITY”
In partial fulfillment of the Diploma in Computer Science Engineering
AT
Solitaire Infosys

Guided by Submitted by
NETWORK SECURITY HEAD
Mrs. Neetu Kunal Verma

ACKNOWLEDGEMENT
While presenting this report we would like to express my deep sense of
gratitude to entire Solitaire staff that were indispensable part of my training
giving me unending guidance, inspiration, encouragement and providing me
excellent environment throughout my training at Solitaire Infosys Pvt. LTD.
The training was an extremely productive & enriching experience, not only
technically but also from providing practical skills.
We are extremely thankful to Mrs.Neetu who had devoted a lot of time in
guiding and supervising me during my training. We place our gratitude
towards Mrs. Neetu for her valuable advice and guidance in carrying out this
enjoyable and productive experience, which provided me a great
opportunity to search new horizons.

COMPANY PROFILE
Solitaire Infosys Pvt. Ltd.
Complete IT Solution Provider

Overview
SOLITAIRE INFOSYS is a leading Software and Web Application
Development Company, based in Mohali (Chandigarh), that
provides high quality comprehensive services to enterprises across
a wide range of platforms and technologies. Our major areas of
expertise are in providing quality, cost effective software or web
development. Our focus is on understanding the diverse and
mission-critical needs of each of our clients. To understand is to be
able to deliver. The competence and experience of our company
gives us a competitive edge by making sure we provide the best
services and products to our clients. Our high quality standards
enable us to deliver reliable and error-free software applications,
despite their complexity. We provide Web design/Web
development, B2B & B2C E-commerce solutions, SEO & Web
Promotions strategies implementation consulting services to both
domestic as well as international clients at the most affordable
 rates less

Courses offered
• WEBSITE DESIGN
• WEBSITE DESIGNING SERVICES
• PSD TO XHTML CONVERSION
• WP THEME CUSTOMIZATION
• FLASH AND 3D ANIMATION
• LOGO HYPERLINK
"HTTP://WWW.SLINFY.COM/LOGO-IDENTITY-
DESIGN"& HYPERLINK
"HTTP://WWW.SLINFY.COM/LOGO-IDENTITY-DESIGN"
IDENTITY DESIGN
• WEB DEVELOPMENT
• PHP DEVELOPMENT
• .NET DEVELOPMENT
• CMS DEVELOPMENT
• E-COMMERCE DEVELOPMENT
• MOBILE APPLICATIONS
• UNITY 3D
• PHONE GAP
• IPHONE APP DEVELOPMENT
• ANDROID APP DEVELOPMENT
• WI HYPERLINK
"HTTP://WWW.SLINFY.COM/WINDOW-APP-
DEVELOPMENT"NDOW APP DEVELOPMENT
• DIGITAL MARKETING
• SEO SERVICES
• SMO SERVICES
• PPC
 • EMAIL MARKETING
• MAINTENANCE
• APP MAINTENANCE
• CMS HYPERLINK "HTTP://WWW.SLINFY.COM/CMS-
MAINTANANCE" APP MAINTENANCE

PREFACE
Technology has rapidly grown in past two-three decades. An engineer
without practical knowledge and skills cannot survive in this technical
area. Theoretical knowledge does matter but it is the practical knowledge
that is the difference between the best and the better. Routeranizations also
prefer experienced engineers than fresher ones due to practical knowledge
and industrial exposure of the former. The practical training is highly
conductive for solid foundation for:-

1. Knowledge and personality

2. Exposure to industrial environment.
3. Confidence building.
4. Enhancement of creativity.
5. Practicality
 List of Figures
Figure No. Title Page No.

1. Introduction of Networking

2. Network Design & List of figures

3. Network Encoding

4. Project Implementation

5. Network Security

6. Conclusion and Future scope

7. References

• Introduction of Networking
1.1 Network
 • It is the interconnection of multiple devices, generally termed as
Hosts connected using multiple paths for the purpose of
sending/receiving data or media.
There are also multiple devices or mediums which helps in the
communication between two different devices which are known
as Network devices. Ex: Router, Switch, Hub, Bridge.
The layout pattern using which devices are interconnected is called
as network topology. Such as Bus, Star, Mesh, Ring, Daisy chain.
• OSI: OSI stands for Open Systems Interconnection. It is a
reference model that specifies standards for communications
protocols and also the functionalities of each layer.
• Protocol: A protocol is the set of rules or algorithms which define
the way how two entities can communicate across the network and
there exists different protocol defined at each layer of the OSI
model. Few of such protocols are TCP, IP, UDP, ARP, DHCP, FTP
and so on.

1.2 REQUIREMENTS
To complete the work on network security, I take help from some software
requirements. Software requirements as

• Operating System : Windows7 ultimate

• Front end tools : Cisco Packet Tracer, GNS 3

Windows 7 is a personal computer operating system developed

by Microsoft, a version of Windows NT. Development of 7 occurred as early
as 2006 under the codename "Blackcomb". Windows 7 was released to
manufacturing on July 22, 2009, and became generally available on October
22, 2009, less than three years after the release of its predecessor, Windows
Vista. While retaining a similar appearance to Vista, 7's interface was
streamlined, with the addition of a redesigned taskbar that allows
applications to be "pinned" to it, and new window management features.
Other new features were added to the operating system, including libraries,
the new file sharing system HomeGroup, and support for multitouch input. A
new "Action Center" interface was also added to provide an overview of
system security and maintenance information, and tweaks were made to
the User Account Control system to make it less intrusive. 7 also shipped
with updated versions of several stock applications, including Internet
Explorer, Windows Media Player, and Windows Media Center. Windows 7
was a major success for Microsoft; even prior to its official release, pre-
order sales for 7 on the online retailer Amazon.com had surpassed the record
set. In just six months, over 100 million copies had been sold worldwide,
increasing to over 630 million licenses by July 2012, and a market share of
47.49% as of February 2014 according to Net Applications, making it the
most widely used version of Windows.

Hardware Requirements:

Operating system architecture

Component
32-bit 64-bit
Processor 1 GHz IA-32 processor 1 GHz x86-64 processor
Memory (RAM) 1 GB 2 GB
DirectX 9 graphics processor with WDDM driver model
Graphics card 1.0
(Not absolutely necessary; only required for Aero)
Free hard
16 GB 20 GB
drive space
DVD-ROM drive[94] (Only to install from DVD-ROM
Optical drive
media)

Table 3: Minimum hardware requirements for Windows 7

Cisco Packet Tracer Packet Tracer is a protocol simulator developed by

Dennis Frezzo and his team at Cisco Systems. Packet Tracer (PT) is a
powerful and dynamic tool that displays the various protocols used in
networking, in either Real Time or Simulation mode. This includes layer 2
protocols such as Ethernet and PPP, layer 3 protocols such as IP, ICMP, and
ARP, and layer 4 protocols such as TCP and UDP. Routing protocols can
also be traced.
Purpose: The purpose of this lab is to become familiar with the Packet
Tracer interface.
 Fig 3: Cisco Packet Tracer Lab
Hardware requirements:
SWITCHES: 1 × cisco 2960 series 24 port
8 × Dlink 16 port
CABLES: cat 5 and cat 6
Console cable, serial cable
Length as per requirement
Clients/Nodes: Pentium 4
Windows XP Professional
512 MB RAM
80 GB Hard Disk

Switches: A switch is a device that is used for switching. It forward and

filters OSI layer 2 data grams between ports. Switch has numerous ports.
Switches can operate on one or more layer of OSI model including physical,
data link, network or transport. A device which operates on more than one
layer is known as Multilayer switch.
Every port has its own buffer memory. A port has two queues one is input
queue and second is output queue. When switch receives the frame, the
frame is received in input queue and forward from output queue. So in case
of switch there is no chance or place for collisions. In case of switch, the
media access method is used CSMA/CA (Carrier Sense Multiple Access/
Collision Avoidance). Switches provide more efficiency, more speed and
security.

Types of switch:-
• Manageable switch

• Unmanageable switch

WORKGROUP SWITCH: Workgroup switches add more intelligence to

data transfer management. Switches can determine whether data should
remain on a LAN or not, and they can transfer the data to the connection that
needs that data.
Router: Routers are networking devices that forward data packets on a
network. It is a WAN link device. It works on Layer-3 i.e. Network layer of
OSI model or Internet layer of TCP/IP model. Files are transferred in the
form of packets. It is a manageable device. It creates internetwork by
connecting two different networks. Routers can regenerate signals,
concentrate multiple connections, convert data transmission formats, and
manage data transfers. They can also connect to a WAN, which allows them
to connect LANs that are separated by great distances.
There are two types of routers:
• Hardware Routers are developed by Cisco, HP.
• Software Routers is configured with the help of routing and
remote access. This feature is offered by Microsoft. This feature
is by default installed, but you have to enable or configure it.
Hardware routers are dedicated routers. They are more efficient. But in case
of software routers, it has less features, slow performance. They are not very
much efficient.

Cables: These are used to connect computers or other devices in a network.

There are many types of cables used with LAN as:
• Coaxial Cable: Coaxial cable or Coax is a type of cable that has an
inner conductor surrounded by insulating layer and enclosed by
conducting shield. It is used as a transmission line for radio frequency
signals. It is difficult too install coaxial cabling.
Types:
• Thick coaxial: Thick coaxial cable also referred to as thick net.
10Base5 is the specification of coaxial cable carrying Ethernet signals.
It has extra protective plastic cover.
• Thin coaxial: Thin coaxial cable is also referred to as thinnet.10Base2
refers to the specification for thin coaxial cable carrying Ethernet
signals. It is popular in school networks.
 • Twisted Pair Cable- It is a type of cabling in which conductors of
single circuit are twisted together for cancelling out electromagnetic
interference from external source.

Types:
• STP (Shielded Twisted Pair Cable): It is suitable for environments
with electrical interference. STP is used on networks using Token ring
Topology.

• UTP (Unshielded Twisted Pair Cable): It is most popular and it is

best option for school networks. It contains four twisted-pairs
(Orange, Green, Blue, and Brown).It is basically used for networking
applications.

The standard connector for UTP cabling is an RJ-45.

• Crossover Cable- It is used to connect same type of devices as:

• Connect 2 computers directly
• Connect 2 routers/switches
Both sides of a cable have different wire arrangement.
1 Orange white - Green white
2 Orange - Green
3 Green white - Orange white
4 Blue - Blue
5 Blue white - Blue white
6 Green - Orange
7 Brown white - Brown white
8 Brown - Brown

• Straight Cable- It is used to connect different type of devices as:

• Connect a computer to switch/hub

 • Connect a router to a switch/hub
• Straight Cable is mainly used in networking.
• Both sides of a cable have wire arrangement with same color.
1 Orange white - Orange white
2 Orange - Orange
3 Green white - Green white
4 Blue - Blue
5 Blue white - Blue white
6 Green - Green
7 Brown white - Brown white
8 Brown - Brown

• Rollover cable- It is used to connect a computer terminal to a router’s

console port. It gets name rollover as pin outs on one end are reserved
from the other. This cable is not used in these days.
2. Network Designing
2.1 Network Designing: There are 4 countries which are interconnected
with each other. Some of the countries use the network security in which
some of the websites are blocked. The countries are America, India, Iraq,
and Australia.

2.2 Hardware Used

• Routers : Cisco 2811 Series.

• Switches : Cisco 2960 Series.

• Devices : Computers, Servers, Wireless Routers.

• Other Media : Console cables, Ethernet cables, Serial cable etc.

2.3 Software Used

• Operating System : Windows 2012 SERVER, Windows7 etc.
• Front end tools : Cisco Packet Tracer.

List of Figures of Network routing of OSPF & EIGRP with different

autonomous system
• Internet topologies
• Configuration view of internet topologies
• Routing OSPF with different autonomous system
 • IP configuration
• Routing EIGRP with different autonomous system
• Redistribution of EIGRP 10 & 20
• Redistribution of OSPF & EIGRP
• Web server
• DNS server
• Exchange server
• Access list security
• Standard access list security
Ex-standard access list security

• Network encoding:
3.1 Interface
A server is a system (software and suitable computer hardware) that
responds to requests across a computer network to provide, or help to
provide, a network service. Servers can be run on a dedicated computer,
which is also often referred to as "the server", but many networked
computers are capable of hosting servers. In many cases, a computer can
provide several services and have several servers running. Many servers do
not have a graphical us HYPERLINK
"http://en.wikipedia.org/wiki/Graphical_user_interface"er interface (GUI) as
it is unnecessary and consumes resources that could be allocated elsewhere.
Similarly, audio and USB interfaces may be omitted. With the help of
GUI(Graphic User Interface), server works and perform multitasks.
3.2 Module Description
3.2.1 Server
3.2.2 Domain Name System
3.2.3 Dynamic Host Control Protocol
3.2.4 Network Switch
3.2.5 Internet Information Services

SERVER: A server is a computer program that provides services to other

computer program (and their users), in the same or other computer. The
physical computer that runs a server program is also often referred to as
server. Services can be supplied centrally by the use of a server; in other
cases all the machines on a network have the same status with no dedicated
server, and services are supplied peer -to- peer.
Server used as an adjective, as in server operating system, refers to the
product’s ability to handle multiple requests, and is said to be “ server-
grade”. A server operating system is intended or better enabled to run server
applications. The differences between the server and workstation versions of
a product can vary from the removal of an arbitrary software limits due to
licensing, as in the case of window 2000, or the addition of bundled
applications as in Mac OS X Server.
A server can also refer to a computer that has been set aside to run a specific
server application. Server application can be divided among server
computers over an extreme range, depending upon the workload. A web
server application (such as the multi platform "Apache HTTP Server"). This
web server software can be run on any capable computer. For example,
while a laptop or personal computer is not typically known as a server, they
can in these situations fulfill the role of one, and hence be labeled as one. It
is, in this case, the machine's role that places it in the category of server.
In the hardware sense, the word server typically designates computer models
intended for hosting software applications under the heavy demand of
a network environment. In this client–server configuration, one or more
machines, either a computer or a computer appliance, share information with
each other with one acting as a host for the other.
While nearly any personal computer is capable of acting as a network server,
a dedicated server will contain features making it more suitable for
production environments. These features may include a faster CPU,
increased high-performance RAM, and increased storage capacity in the
form of a larger or multiple hard drives. Servers also typically
have reliability, availability and serviceability (RAS) and fault
tolerance features, such as redundancy in power supplies, storage (as
in RAID), and network connections.
Modern operating systems such as Microsoft Windows or Linux
distributions seem to be designed with a client–server architecture in mind.
These operating systems attempt to abstract hardware, allowing a wide
variety of software to work with components of the computer. In a sense, the
operating system can be seen as serving hardware to the software, which in
all but low-level programming languag HYPERLINK
"http://en.wikipedia.org/wiki/Low-level_programming_language"es must
interact using an API.
Domain Name System (DNS) is a hierarchical distributed naming system
for computers, services, or any resource connected to the Internet or
a private network. It associates various information with domain
names assigned to each of the participating entities. Most prominently, it
translates easily memorized domain names to the numerical IP
addresses needed for the purpose of locating computer services and devices
worldwide. The Domain Name System is an essential component of the
functionality of the Internet.
An often-used analogy to explain the Domain Name System is that it serves
as the phone book for the Internet by translating human-friendly
computer hostnames into IP addresses.
For example, the domain name www.example.com translates to the
addresses
• 93.184.216.119 (IPv4) and
• 2606:2800:220:6d: 26bf:1447:1097:aa7 (IPv6).
Unlike a phone book, the DNS can be quickly updated, allowing a service's
location on the network to change without affecting the end users, who
continue to use the same host name. Users take advantage of this when they
use meaningful Uniform Resource Locators (URLs), and e-mail
addresses without having to know how the computer actually locates the
services.
The Domain Name System distributes the responsibility of assigning domain
names and mapping those names to IP addresses by designating authoritative
name servers for each domain. Authoritative name servers are assigned to be
responsible for their supported domains, and may delegate authority over
sub-domains to other name servers. This mechanism provides distributed
and fault tolerant service and was designed to avoid the need for a single
central database.
The Domain Name System also specifies the technical functionality of this
database service. It defines the DNS protocol, a detailed specification of the
data structures and data communication exchanges used in DNS, as part of
the Internet Protocol Suite.
The Internet maintains two principal namespaces, the domain name
hierarchy[1] and the Internet Protocol (IP) address spaces.[2] The Domain
Name System maintains the domain name hierarchy and provides translation
services between it and the address spaces. Internet name servers and a
communication protocol implement the Domain Name System. [3] A DNS
name server is a server that stores the DNS records for a domain name, such
as address (A or AAAA) records, name server (NS) records, and mail
exchanger (MX) records (see also list of DNS record types); a DNS name
server responds with answers to queries against its database.

Operation:
• Address resolution mechanism- Domain name resolvers determine the
appropriate domain name servers responsible for the domain name in
question by a sequence of queries starting with the right-most (top-
level) domain label.
• DNS resolver- The client-side of the DNS is called a DNS resolver. It
is responsible for initiating and sequencing the queries that ultimately
lead to a full resolution (translation) of the resource sought, e.g.,
translation of a domain name into an IP address.

A DNS query may be either a non-recursive query or a recursive query:

• A non-recursive query is one in which the DNS server provides a
record for a domain for which it is authoritative itself, or it provides a
partial result without querying other servers.
• A recursive query is one for which the DNS server will fully answer
the query (or give an error) by querying other name servers as needed.
DNS servers are not required to support recursive queries.
• Circular dependencies and glue records- Name servers in delegations
are identified by name, rather than by IP address. This means that a
resolving name server must issue another DNS request to find out the
IP address of the server to which it has been referred. If the name
 given in the delegation is a sub-domain of the domain for which the
delegation is being provided, there is a circular dependency. In this
case the name server providing the delegation must also provide one
or more IP addresses for the authoritative name server mentioned in
the delegation. This information is called glue. The delegating name
server provides this glue in the form of records in the additional
section of the DNS response, and provides the delegation in
the answer section of the response.
• Record caching- The DNS Resolution Process reduces the load on
individual servers by caching DNS request records for a period of
time after a response. This entails the local recording and subsequent
consultation of the copy instead of initiating a new request upstream.
The time for which a resolver caches a DNS response is determined
by a value called the time to live (TTL) associated with every record.
The TTL is set by the administrator of the DNS server handing out the
authoritative response. The period of validity may vary from just
seconds to days or even weeks.

Dynamic Host Configuration Protocol (DHCP) is a network configuration

protocol for hosts on Internet Protocol (IP) networks. Computers that are
connected to IP networks must be configured before they can communicate
with other hosts. The most essential information needed is an IP address, and
a default route and routing prefix. DHCP eliminates the manual task by a
network administrator. It also provides a central database of devices that are
connected to the network and eliminates duplicate resource assignments.
In addition to IP addresses, DHCP also provides other configuration
information, particularly the IP addresses of local caching DNS resolvers,
network boot servers, or other service hosts.
DHCP is used for IPv4 as well as IPv6. While both versions perform much
the same purpose, the details of the protocol for IPv4 and IPv6 are
sufficiently different that they may be considered separate protocols.
Hosts that do not use DHCP for address configuration may still use it to
obtain other configuration information. Alternatively, IPv6 hosts may use
stateless address auto configuration. IPv4 hosts may use link-local
addressing to achieve limited local connectivity
Depending on implementation, the DHCP server may have three methods of
allocating IP-addresses:
• Dynamic allocation: A network administrator reserves a range of IP
addresses for DHCP, and each client computer on the LAN is
configured to request an IP address from the DHCP server during
network initialization. The request-and-grant process uses a lease
concept with a controllable time period, allowing the DHCP server to
reclaim (and then reallocate) IP addresses that are not renewed.
• Automatic allocation: The DHCP server permanently assigns an IP
address to a requesting client from the range defined by the
administrator. This is like dynamic allocation, but the DHCP server
keeps a table of past IP address assignments, so that it can
preferentially assign to a client the same IP address that the client
previously had.
• Static allocation: The DHCP server allocates an IP address based on a
preconfigured mapping to each client's MAC address. This feature is
variously called static DHCP assignment by DD-WRT, fixed-
address by the dhcp documentation, address reservation by
Netgear, DHCP reservation or static DHCP by Cisco and Linksys,
and IP address reservation or MAC/IP address binding by various
other router manufacturers.
DHCP is used for Internet Protocol version 4 (IPv4), as well as IPv6.
While both versions serve the same purpose, the details of the
protocol for IPv4 and IPv6 are sufficiently different that they may be
considered separate protocols.
• Operations
• DHCP discovery
• DHCP offer
• DHCP request
• DHCP acknowledgement
• DHCP information
• DHCP releasing

Network switch is a computer networking device that connects network

segments. The term commonly refers to a network bridge that processes and
routes data at the Data Link layer (layer 2) of the OSI model. Switches that
additionally process data at the network layer (layer 3 and above) are often
referred to as layer 3 switches or multilayer switches.
The term network switch does not generally encompass unintelligent or
passive network devices such as hubs and repeaters.
Functions:
• Learning
• Forward and filtering
• Loop Avoidance

• PROJECT IMPLEMENTATIONS
4.1 ROUTING PROTOCOL
EIGRP (Enhanced Interior Gateway Routing Protocol): Advanced version
of IGRP developed by Cisco. Provides superior convergence properties and
operating efficiency, and combines the advantages of link state protocols
with those of distance vector protocols.
Features: -
• Cisco proprietary
• Hybrid protocol
 • Link State
• Distance Vector
• Multicast Updates using
• Address 224.0.0.10
• Support VLSM
• Automatic Route Summarization
• Unequal path cost load balancing
• Metric (32 bit composite)
• Bandwidth
• Delay
• Load
• Reliability
• MTU
• Neighbor Recovery
• Triggered updates
• Backup Route

• Configuring EIGRP
Router (config) #router eigrp<as no>
Router (config-router) #network <net addr.>
Router (config-router) #network <net addr.>
Router (config-router) #exit
OSPF (Open Shortest Path First): Link-state, hierarchical IGP routing
protocol proposed as a successor to RIP in the Internet community. OSPF
features include least-cost routing, multipath routing, and load balancing.
OSPF was derived from an early version of the ISIS protocol.
• Commands to configure OSPF
Router#conf t
Router (config) #router ospf<process no>
Router (config-router) #network <net address><wild mask> area <area id>
Router (config-router) #network <net address><wild mask> area <area id>
Router (config-router) #exit
• Using commands:

• interface FastEthernet0/0
• ip address 50.0.0.1 255.0.0.0
• ip access-group hcl in
• ip access-group 10 out
• ip nat inside
• duplex auto
• speed auto
• !
• interface FastEthernet0/1
• no ip address
• duplex auto
• speed auto
• shutdown
• !
• interface Serial0/0/0
• ip address 40.0.0.2 255.0.0.0
• clock rate 2000000
• !
• interface Serial0/0/1
• no ip address
• clock rate 2000000
• shutdown
• !
• interface Vlan1
• no ip address
• shutdown
• !
• router rip
• version 1
• network 40.0.0.0
• !
• ip nat inside source static 50.0.0.2 30.0.0.3
• ip nat inside source static 50.0.0.3 30.0.0.4
• ip nat inside source static 50.0.0.4 30.0.0.5
• ip nat inside source static 50.0.0.2 40.0.0.3
• ip nat inside source static 50.0.0.3 40.0.0.4
 • ip nat inside source static 50.0.0.4 40.0.0.5
• ip classless
• ip route 10.0.0.0 255.0.0.0 40.0.0.1
• ip route 20.0.0.0 255.0.0.0 40.0.0.1
• ip route 30.0.0.0 255.0.0.0 40.0.0.1
• !
• ip flow-export version 9
• !
• !
• access-list 10 deny 10.0.0.0 0.255.255.255
• access-list 10 permit any
• ip access-list extended hcl
• deny tcp host 50.0.0.2 host 30.0.0.4 eq www
• permit ip any any
• !
• !
• !
• !
• !
• line con 0
• !
• line aux 0
• !
• line vty 0 4
• login
• !
• !
• !
• End
4.2 DNS (DOMAIN NAME SERVER OR SYSTEM)
Domain Name Server The most basic task of DNS is to translate hostnames
to IP addresses. In very simple terms, it can be compared to a phone book.
DNS also has other important uses.
Above all, DNS makes it possible to assign Internet names to organizations
(or concerns they represent) independent of the physical routing hierarchy
represented by the numerical IP address.
Because of this, hyperlinks and Internet contact information can remain the
same, whatever the current IP routing arrangements may be, and can take a
human-readable form (such as "example.com"), which is easier to remember
than the IP address 208.77.188.166. People take advantage of this when they
recite meaningful URLs and e-mail addresses without caring how the
machine will actually locate them.
The Domain Name System distributes the responsibility for assigning
domain names and mapping them to IP networks by allowing an
authoritative name server for each domain to keep track of its own changes,
avoiding the need for a central register to be continually consulted and
updated.

DNS server:

Facebook server:
 • Network Security
• Access-list
• NAT(Network Address Translation)
Access-list: Access Control List (ACL) are filters that enable you to control
which routing updates or packets are permitted or denied in or out of a
network.
They are specifically used by network administrators to filter traffic and to
provide extra security for the network. This can be applied to routers
(Cisco).
ACLs provide a powerful way to control traffic into and out of your
network; this control can be as simple as permitting or denying network
hosts or addresses. You can configure ACLs for all routed network
protocols.
The most important reason to configure ACLs is to provide security for your
network. However, ACLs can also be configured to control network traffic
based on the TCP port being used.
Working: A router acts as a packet filter when it forwards or denies packets
according to filtering rules. As a Layer 3 device, a packet-filtering router
uses rules to determine whether to permit or deny traffic based on source and
destination IP addresses, source port and destination port, and the protocol of
the packet.
These rules are defined using access control lists or ACLs.
To simplify how ACL or a router uses packet filtering work:
Imagine a guard stationed at a locked door. The guard’s instruction is to
allow only people whose names appear on a guest list to pass through the
door. The guard is filtering people based on the condition of having their
names on the authorized list.
When a packet arrives at the router, the router extracts certain information
from the packet header and makes decisions according to the filter rules as to
whether the packet can pass through or be dropped.
Packet filtering process works at the Network layer of the Open Systems
Interconnection (OSI) model or the Internet layer of TCP/IP.

Why use ACLs

* Limits network traffic to increase network performance.

* ACLs provide traffic flow control by restricting the delivery of routing
updates.
* It can be used as additional security.
* Controls which type of traffic are forwarded or blocked by the router.
* Ability to control which areas a client access.

For example: we have blocked dark web website in one country (INDIA)
and in one estate of America by using access-list.
When we enter the URL, the website will not open and after few second a
message will display “request timeout”.

NAT (Network Address Translation): Network address

translation (NAT) is a method of remapping one IP address space into
another by modifying network address information in the IP header of
packets while they are in transit across a traffic routing device. The
technique was originally used as a shortcut to avoid the need to readdress
every host when a network was moved. It has become a popular and
essential tool in conserving global address space in the face of IPv4 address
exhaustion. One Internet-routable IP address of a NAT gateway can be used
for an entire private network.
IP masquerading is a technique that hides an entire IP address space,
usually consisting of private IP addresses, behind a single IP address in
another, usually public address space. The hidden addresses are changed into
a single (public) IP address as the source address of the outgoing IP packets
so they appear as originating not from the hidden host but from the routing
device itself. Because of the popularity of this technique to conserve IPv4
address space, the term NAT has become virtually synonymous with IP
masquerading.
As network address translation modifies the IP address information in
packets. NAT implementations may vary in their specific behavior in various
addressing cases and their effect on network traffic. The specifics of NAT
behavior are not commonly documented by vendors of equipment containing
NAT implementations.

• Conclusion and Future scope

Network security is an important field that is getting more and more

attention as the internet expands. The security threats and internet
protocol should be analyzed to determine the necessary security
technology. The security technology consists of mostly software
based, as well as various hardware devices. In addition network
Security consists of the provisions made in an underlying computer
network infrastructure, policies adopted by the network administrator
to protect the network and the network-accessible resources from
unauthorized access and the effectiveness (or lack) of these measures
combined together. Securing the network is just as important as
securing the computers and encrypting the message.
Points that must be considered when developing a secure network are:
1) Confidentiality: Information in the network remains private
2) Authentication: Ensure the users of the network are who they say
they are
3) Integrity: Ensure the message has not been modified in transit
4) Authorization (access): providing authorized users to communicate
to and from a
5) Non‐repudiation: Ensure the user does not refute that he used the
network. An effective network security plan should be developed with
the understanding of security issues, potential attackers, needed level
of security, and factors that make a network vulnerable to attack.
Tools to reduce the vulnerability of the computer to the network
include encryption, authentication mechanisms, intrusion‐detection,
security management and firewalls.

• References
• Training from solitaire Infosys, Mohali.
• Ellis, J. and Speed, T. (2001) the Internet Security Guidebook,
Academic Press.
• Anderson, R. (2001) Security Engineering: A Guide to Building
• Dependable Distributed Systems, Wiley.

****************