Security + Computer System Security

DCOM 258 E31

Name: Shaamim Ahmed
Chapter 05: Network Design Elements

I.

Define the following key terms: (12 points)

1. MAC flooding,
Sends numerous packets to a switch in an attempt to use all the switches
memory
2. CAM table,
CAM table, the Content Addressable Memory table, a table that is in a switchs
memory that contains ports and their corresponding MAC addresses.
3. Fail open mode,

Fail-open mode, when a switch broadcasts data on all ports the way a hub does

4. 3-leg perimeter,
3-leg perimeter, a type of DMZ where a firewall has three legs that connect to
the LAN, the Internet, and the DMZ.
5. Back-to-back perimeter,

Back-to-back perimeter, a type of DMZ where the DMZ is located between the
LAN and the Internet.

6. VLAN hopping,
VLAN hopping, the act of gaining access to traffic on other VLANs that would
not normally be accessible by jumping from one VLAN to another.
7. War-dialing,

War-dialing, the act of scanning telephone numbers by dialing them one at a

time and adding them to a list, in an attempt to gain access to computer
networks.

8. Cloud computing,

Cloud computing, a way of offering on-demand services that extend the

capabilities of a persons computer or an organizations network.
9. Software as a service (SaaS),

Software as a Service (SaaS), a cloud computing service where users access

applications over the Internet that are provided by a third party.

10. Infrastructure as a service (IaaS),

Security + Computer System Security

DCOM 258 E31
Infrastructure as a service (IaaS): A service that offers computer networking,
storage, load balancing, routing, and VM hosting. More and more organizations
are seeing the benefits of offloading some of their networking infrastructure to
the cloud.
11. Platform as a service (PaaS),

Platform as a service (PaaS): a service that provides various software solutions

to organizations, especially the ability to develop applications in a virtual
environment without the cost or administration of a physical platform. PaaS is
used for easy-to-configure operating systems and on-demand computing. Often,
this utilizes IaaS as well for an underlying infrastructure to the platform.

II. Short Answer Section(8)

1. What is the difference between Private & Public IP addresses?
1.1 Network Address Translation (NAT)
1.1.1
The process of changing an IP address while it is in transit across a
router
1.1.2
Often used so one larger address space (private) can be remapped
to another address space or single IP
1.2 Private versus public IP addresses
IP Class

Assigned Range

Class A

10.0.0.010.255.255.255

Class B

172.16.0.0172.31.255.255

Class C

192.168.0.0192.168.255.255

2. Describe the differences between LANs and WANs.

LANs can be secured by using private IPs, using antimalware programs,
and placing clients behind a router.
WAN connections should be monitored and firewalled to secure them.

Security + Computer System Security

DCOM 258 E31
2.1

Comparison chart
LAN versus WAN comparison chart
LAN

WAN

Stands
For

Local Area Network

Wide Area Network

Covers

Local areas only (e.g., homes,

offices, schools)

Large geographic areas (e.g., cities,

states, nations)

Definition

LAN (Local Area Network) is a

computer network covering a
small geographic area, like a
home, office, school, or group
of buildings.

WAN (Wide Area Network) is a computer

network that covers a broad area (e.g.,
any network whose communications links
cross metropolitan, regional, or national
boundaries over a long distance).

High speed (1000 mbps)

Less speed (150 mbps)

Data
transfer
rates

LANs have a high data transfer

rate.

WANs have a lower data transfer rate

compared to LANs.

Example

The network in an office

building can be a LAN

The Internet is a good example of a WAN

Speed

Technolog
y

Tend to use certain connectivity WANs tend to use technologies like MPLS,
technologies,
ATM, Frame Relay and X.25 for
primarily Ethernetand Token
connectivity over longer distances
Ring

Connectio
n

One LAN can be connected to

other LANs over any distance
via telephone lines and radio
waves.

Computers connected to a wide-area

network are often connected through
public networks, such as the telephone
system. They can also be connected
through leased lines or satellites.

Componen
ts

Layer 2 devices
Layers 3 devices Routers, Multi-layer
like switches and bridges. Layer Switches and Technology specific devices
1 devices like hubs and
like ATM or Frame-relay Switches etc.
repeaters.

Fault
Tolerance

LANs tend to have fewer

WANs tend to be less fault tolerant as
problems associated with them, they consist of large number of systems.
as there are smaller number of
systems to deal with.

Security + Computer System Security

DCOM 258 E31
LAN versus WAN comparison chart
LAN

WAN

Data
Transmissi
on Error

Experiences fewer data

transmission errors

Experiences more data transmission

errors as compared to LAN

Ownership

Typically owned, controlled, and WANs (like the Internet) are not owned
managed by a single person or by any one organization but rather exist
organization.
under collective or distributed ownership
and management over long distances.

Set-up
costs

If there is a need to set-up a

couple of extra devices on the
network, it is not very
expensive to do that.

For WANs since networks in remote areas

have to be connected the set-up costs
are higher. However WANs using public
networks can be setup very cheaply
using just software (VPN etc).

Geographi
cal Spread

Have a small geographical

range and do not need any
leased telecommunication lines

Have a large geographical range

generally spreading across boundaries
and need leased telecommunication lines

Maintenan
ce costs

Because it covers a relatively

small geographical area, LAN is
easier to maintain at relatively
low costs.

Maintaining WAN is difficult because of

its wider geographical coverage and
higher maintenance costs.

Bandwidt
h

High bandwidth is available for

transmission.

Low bandwidth is available for

transmission.

Less congestion

More congestion

Congestio
n

3. Describe the Internet and DMZs.

3.1

A DMZ is a special area of the network (sometimes referred to as a

subnetwork) that houses servers that host information accessed by
clients or other networks on the Internet.

In computer security, a DMZ or demilitarized zone (sometimes referred to as a

perimeter network) is a physical or logical subnetwork that contains and
exposes an organization's external-facing services to a larger and untrusted
network, usually the Internet.

Security + Computer System Security

DCOM 258 E31

4. Describe the differences between intranets and extranets.

Enable access from remote employees or partner companies.
An intranet is generally when only one company is involved.
An extranet is generally when a second company is involved.