Professional Documents
Culture Documents
on
Submitted by
Ankush Prabhakar
Registration No 11509700
Programme and Section -124-L and D1401
1|Page
DECLARATION
I hereby declare that I have completed my six-week summer training at Cisco Networking Academy
from 16-06-2016 to 30-07-2016 under the guidance of Gulshan Kumar. I have declared that I have
worked with full dedication during these six weeks of training and my learning outcomes fulfil the
requirements of training for the award of degree of B.C.A, Lovely Professional University, Phagwara.
Ankush Prabhakar
Date: 31-07-2016
2|Page
ACKNOWLEDGEMENT
3|Page
INDEX
S.No.
Contents
Page No.
1.
Acknowledgement
2.
Organization Overview
3.
Technology Learnt
4.
11
5.
Learning Outcomes
12
Common
Switches
DHCP Spoofing
14
15
Routing Concepts
17
Routing Dynamically
19
22
NAT
25
Security
Attacks
12
on
13
6.
Gantt Chart
28
7.
Bibliography
29
8.
Future Scope
30
4|Page
1: Organization Overview: -
The whole training program is done under Cisco Networking Academy in Lovely
Professional University. Cisco Networking Academy is an IT skills and career building
program for learning institutions and individuals worldwide. More than 5.5 million people
have joined the Networking Academy and become a force for change in the global economy
since 1997.
LPU houses a CISCO NET Academy in its premises, for providing the Latest Technology
Experience to its students. This academy provides the latest courses on the Networking
domain to its students inside the campus to keep them updated about the latest advancements.
The support provided by CISCO for the course includes:
Student Engagement
5|Page
2. Technology Learnt: -
I have completed two modules (courses) in Cisco Networking Academy during summers: 1. Introduction to Networks
2. Routing and Switching Essentials (CCNA)
First module gives the advanced and fundamental concepts of networking technology. It
provides complete understanding of both the practical and conceptual skills that build the
foundation for understanding basic networking. It consists following:
Examine human versus network communication and see the parallels between them
Be introduced to the two major models used to plan and implement networks: OSI
and TCP/IP
Examine the OSI and TCP/IP layers in detail to understand their functions and
services
Become familiar with the various network devices and network addressing schemes
Discover the types of media used to carry data across the network
Second module focuses on learning the architecture, components, and operations of routers
and switches in a small network. This course is about how to configure a router and a switch
for basic functionality. It consists of following:
6|Page
Among all of the essentials for human existence, the need to interact with others ranks just
below our need to sustain life. Communication is almost as important to us as our reliance on
air, water, food, and shelter.
In todays world, through the use of networks, we are connected like never before. People
with ideas can communicate instantly with others to make those ideas a reality. News events
and discoveries are known worldwide in seconds. Individuals can even connect and play
games with friends separated by oceans and continents.
The globalization of the Internet has ushered in new forms of communication that empower
individuals to create information that can be accessed by a global audience.
Some forms of communication include:
Social Media Social media consists of interactive websites where people and
communities create and share user-generated content with friends, family, peers, and
the world.
Blogs - Blogs, which is an abbreviation of the word weblogs, are web pages that are
easy to update and edit. Unlike commercial websites, blogs give anyone a means to
communicate their thoughts to a global audience without technical knowledge of web
design.
Wikis - Wikis are web pages that groups of people can edit and view together.
Whereas a blog is more of an individual, personal journal, a wiki is a group creation.
As such, it may be subject to more extensive review and editing. Many businesses use
wikis as their internal collaboration tool.
7|Page
Peer-to-Peer (P2P) File Sharing Peer-to-Peer file sharing allows people to share
files with each other without having to store and download them from a central server.
The user joins the P2P network by simply installing the P2P software. P2P file
sharing has not been embraced by everyone. Many people are concerned about
violating the laws of copyrighted materials.
The Internet is used for traditional forms of entertainment. We listen to recording artists,
preview or view motion pictures, read entire books, and download material for future offline
access. Live sporting events and concerts can be experienced as they are happening, or
recorded and viewed on demand.
Networks enable the creation of new forms of entertainment, such as online games. Players
participate in any kind of online competition that game designers can imagine. We compete
with friends and foes around the world as if we were all in the same room.
Even offline activities are enhanced using network collaboration services. Global
communities of interest have grown rapidly. We share common experiences and hobbies well
beyond our local neighbourhood, city, or region. Sports fans share opinions and facts about
their favourite teams. Collectors display prized collections and get expert feedback about
them.
Modern networks continue to evolve to keep pace with the changing way organizations carry
out their daily business. Users now expect instant access to company resources from
anywhere and at any time. These resources not only include traditional data but also video
and voice. There is also an increasing need for collaboration technologies that allow real-time
sharing of resources between multiple remote individuals as though they were at the same
physical location.
8|Page
Different devices must seamlessly work together to provide a fast, secure, and reliable
connection between hosts. LAN switches provide the connection point for end users into the
enterprise network and are also primarily responsible for the control of information within the
LAN environment. Routers facilitate the movement of information between LANs and are
generally unaware of individual hosts. All advanced services depend on the availability of a
robust routing and switching infrastructure on which they can build. This infrastructure must
be carefully designed, deployed, and managed to provide a necessary stable platform.
Different devices must seamlessly work together to provide a fast, secure, and reliable
connection between hosts. LAN switches provide the connection point for end users into the
enterprise network and are also primarily responsible for the control of information within the
LAN environment. Routers facilitate the movement of information between LANs and are
generally unaware of individual hosts. All advanced services depend on the availability of a
robust routing and switching infrastructure on which they can build. This infrastructure must
be carefully designed, deployed, and managed to provide a necessary stable platform.
Switches are used to connect multiple devices together on the same network. In a properly
designed network, LAN switches are responsible for directing and controlling the data flow at
the access layer to networked resources. Switches operate at the access layer where client
network devices connect directly to the network and IT departments want uncomplicated
network access for the users. It is one of the most vulnerable areas of the network because it
is so exposed to the user. Switches need to be configured to be resilient to attacks of all types
while they are protecting user data and allowing for high speed connections. Port security is
one of the security features Cisco managed switches provide.
Networks allow people to communicate, collaborate, and interact in many ways. Networks
are used to access web pages, talk using IP telephones, participate in video conferences,
compete in interactive gaming, shop using the Internet, complete online coursework, and
more.
Ethernet switches function at the data link layer, Layer 2, and are used to forward Ethernet
frames between devices within the same network.
9|Page
However, when the source IP and destination IP addresses are on different networks, the
Ethernet frame must be sent to a router. A router connects one network to another network.
The router is responsible for the delivery of packets across different networks. The
destination of the IP packet might be a web server in another country or an email server on
the local area network.
The router uses its routing table to determine the best path to use to forward a packet. It is the
responsibility of the routers to deliver those packets in a timely manner. The effectiveness of
internetwork communications depends, to a large degree, on the ability of routers to forward
packets in the most efficient way possible.
When a host sends a packet to a device on a different IP network, the packet is forwarded to
the default gateway because a host device cannot communicate directly with devices outside
of the local network. The default gateway is the destination that routes traffic from the local
network to devices on remote networks. It is often used to connect a local network to the
Internet.
10 | P a g e
11 | P a g e
Imagine a world without the Internet. No more Google, YouTube, instant messaging,
Facebook, Wikipedia, online gaming, Netflix, iTunes, and easy access to current information.
No more price comparison websites, avoiding lines by shopping online, or quickly looking up
phone numbers and map directions to various locations at the click of a button. How different
would our lives be without all of this? That was the world we lived in just 15 to 20 years ago.
But over the years, data networks have slowly expanded and been repurposed to improve the
quality of life for people everywhere.
Also I choose my specialization networks and security. Its beneficial for me to do training
according to my specialization . In coming holidays I will give CCNA exam so internship in
networking is best for me.
12 | P a g e
3. Learning Outcomes:
Switches are used to connect multiple devices together on the same network. In a properly
designed network, LAN switches are responsible for directing and controlling the data flow at
the access layer to networked resources.
Cisco switches are self-configuring and no additional configurations are necessary for them
to function out of the box. However, Cisco switches run Cisco IOS, and can be manually
configured to better meet the needs of the network. This includes adjusting port speed,
bandwidth, and security requirements. Additionally, Cisco switches can be managed both
locally and remotely. To remotely manage a switch, it needs to have an IP address and default
gateway configured.
The beauty of Cisco switches is that we can remotely access and manages switches which
removes the overhead of manual configuration of network administrator. So, to gain remote
access of switch we need to do following steps:
13 | P a g e
MAC Address Flooding: - MAC address flooding attack (CAM table flooding
attack) is a type of network attack where an attacker connected to a switch port floods
the switch interface with very large number of Ethernet frames with different fake
source MAC address. MAC address tables are limited in size. MAC flooding attacks
make use of this limitation to overwhelm the switch with fake source MAC addresses
until the switch MAC address table is full.
Solution: - One way to mitigate MAC address table overflow attacks is to configure
port security.
Concepts of Port Security: - The goal of Port Security is to prevent a network attacker
from sending large number of Ethernet Frames with forged fake source MAC
addresses to a Switch interface. This goal is achieved by the following settings, which
are related with a switch interface.
1) Enable Port Security Feature. Port security is disabled by default. "switch port portsecurity" (at interface configuration mode) command can be used to enables Port
Security.
3) Define the MAC Addresses of known devices, which are going to access the
network via that interface. We can do this by either hardcoding the MAC addresses of
known devices (statically define the known MAC addresses) or configure "sticky"
MAC Address. Sticky MAC addresses ("switchport port-security mac-address
sticky") will allow us to enter dynamically learned MAC addresses to running config.
The default number of known secure MAC addresses is one.
14 | P a g e
DHCP SPOOFING: - Two types of DHCP attacks can be performed against a switched
network: DHCP starvation attacks and DHCP spoofing. In DHCP starvation attacks, an
attacker floods the DHCP server with DHCP requests to use up all the available IP addresses
that the DHCP server can issue. After these IP addresses are issued, the server cannot issue
any more addresses, and this situation produces a denial-of-service (DoS) attack as new
clients cannot obtain network access.
In DHCP spoofing attacks, an attacker configures a fake DHCP server on the network to
issue IP addresses to clients. The normal reason for this attack is to force the clients to use
false Domain Name System (DNS) or Windows Internet Naming Service (WINS) servers and
to make the clients use the attacker, or a machine under the control of the attacker, as their
default gateway.
15 | P a g e
DHCP snooping enables the switch to build a DHCP binding table that maps a client MAC
address, IP address, VLAN, and port ID.
16 | P a g e
VLAN Switching Technology: Within a switched internetwork, VLANs provide segmentation and organizational flexibility.
VLANs provide a way to group devices within a LAN. A group of devices within a VLAN
communicate as if they were attached to the same wire. VLANs are based on logical
connections, instead of physical connections.
VLANs allow an administrator to segment networks based on factors such as function,
project team, or application, without regard for the physical location of the user or device.
After creating a VLAN, the next step is to assign ports to the VLAN. An access port can
belong to only one VLAN at a time.
Now for verifying VLAN Information show vlan command is used in privileged mode.
17 | P a g e
A router connects one network to another network. The router is responsible for the delivery
of packets across different networks. The destination of the IP packet might be a web server
in another country or an email server on the local area network. The router uses its routing
table to determine the best path to use to forward a packet. It is the responsibility of the
routers to deliver those packets in a timely manner. The effectiveness of internetwork
communications depends, to a large degree, on the ability of routers to forward packets in the
most efficient way possible.
When a host sends a packet to a device on a different IP network, the packet is forwarded to
the default gateway because a host device cannot communicate directly with devices outside
of the local network. The default gateway is the destination that routes traffic from the local
network to devices on remote networks. It is often used to connect a local network to the
Internet.
Routing Decisions: - A primary function of a router is to determine the best path to use to
send packets. To determine the best path, the router searches its routing table for a network
address that matches the destination IP address of the packet.
The routing table search results in one of three path determinations:
18 | P a g e
No route determined - If the destination IP address of the packet does not belong to
either a connected or remote network, the router determines if there is a Gateway of
Last Resort available. A Gateway of Last Resort is set when a default route is
configured on a router. If there is a default route, the packet is forwarded to the
Gateway of Last Resort. If the router does not have a default route, then the packet is
discarded.
The logic flowchart in the figure illustrates the router packet forwarding decision process.
19 | P a g e
Routing Dynamically: - Routing protocols are used to facilitate the exchange of routing
information between routers. A routing protocol is a set of processes, algorithms, and
messages that are used to exchange routing information and populate the routing table with
the routing protocol's choice of best paths. The purpose of dynamic routing protocols
includes:
Ability to find a new best path if the current path is no longer available
Data structures - Routing protocols typically use tables or databases for its
operations. This information is kept in RAM.
20 | P a g e
Routing protocols can be classified into different groups according to their characteristics.
Specifically, routing protocols can be classified by their:
21 | P a g e
Access Control List:- An ACL is a series of IOS commands that control whether a
router forwards or drops packets based on information found in the packet header. ACLs are
among the most commonly used features of Cisco IOS software.
When configured, ACLs perform the following tasks:
Provide traffic flow control. ACLs can restrict the delivery of routing updates. If
updates are not required because of network conditions, bandwidth is preserved.
Provide a basic level of security for network access. ACLs can allow one host to
access a part of the network and prevent another host from accessing the same area.
For example, access to the Human Resources network can be restricted to authorized
users.
Filter traffic based on traffic type. For example, an ACL can permit email traffic, but
block all Telnet traffic.
Screen hosts to permit or deny access to network services. ACLs can permit or deny a
user to access file types, such as FTP or HTTP.
22 | P a g e
Types of ACL:- Since 1993, most administrators have used two basic ACLs: standard and
extended ACLs. Standard IP ACLs can filter on only the source IP address in an IP packet
header, whereas an extended IP ACL can filter on the following:
Source IP address
Destination IP address
TCP/IP protocol, such as IP (all TCP/IP protocols), ICMP, OSPF, TCP, UDP, and
others TCP/IP protocol information, such as TCP and UDP port numbers, TCP code
flags, and ICMP messages
Given the differences between these two types of ACLs, standard ACLs typically are used for
the following configuration tasks on a router:
Restricting access to a router through the VTY lines (Telnet and SSH)
Extended ACLs, on the other hand, commonly are used to filter traffic between interfaces on
the router, mainly because of their flexibility in matching on many different fields at Layers
2, 3, and 4.
23 | P a g e
24 | P a g e
Types of NAT:Static NAT (Network Address Translation) - Static NAT (Network Address Translation) is
one-to-one mapping of a private IP address to a public IP address. Static NAT (Network
Address Translation) is useful when a network device inside a private network needs to be
accessible from internet.
25 | P a g e
Dynamic NAT (Network Address Translation) - Dynamic NAT can be defined as mapping
of a private IP address to a public IP address from a group of public IP addresses called as
NAT pool. Dynamic NAT establishes a one-to-one mapping between a private IP address to a
public IP address. Here the public IP address is taken from the pool of IP addresses
configured on the end NAT router. The public to private mapping may vary based on the
available public IP address in NAT pool.
PAT (Port Address Translation) - Port Address Translation (PAT) is another type of
dynamic NAT which can map multiple private IP addresses to a single public IP address by
using a technology known as Port Address Translation.
26 | P a g e
Here when a client from inside network communicate to a host in the internet, the router
changes the source port (TCP or UDP) number with another port number. These port
mappings are kept in a table. When the router receive from internet, it will refer the table
which keep the port mappings and forward the data packet to the original sender.
27 | P a g e
GANTT CHART
Days
Introduction
To
Networks
1-5
6-8
8-12
13-17
18-25
26-29
30-37
28 | P a g e
Network
Protocols
and
Communicat
ion
Basic
VLAN and
Switch
Inter VLAN
concepts
routing
and
configurati
on
Routing
Concepts
Access
Control
List
DHCP and
NAT
concepts
Bibliography: -
http://www.omnisecu.com/ccna-security/what-is-mac-flooding-attack-how-toprevent-mac-flooding-attack.php
https://www.netacad.com/group/landing/v2/learn/
http://www.ciscozine.com/how-a-dhcp-server-works-and-how-to-configure-it-on-acisco-router/
http://www.ciscopress.com/articles/article.asp?p=24090&seqNum=3
29 | P a g e
Future Scope: -
The Internet is used for traditional forms of entertainment. We listen to recording artists,
preview or view motion pictures, read entire books, and download material for future offline
access. Live sporting events and concerts can be experienced as they are happening, or
recorded and viewed on demand.
Networks enable the creation of new forms of entertainment, such as online games. Players
participate in any kind of online competition that game designers can imagine. We compete
with friends and foes around the world as if we were all in the same room.
Even offline activities are enhanced using network collaboration services. Global
communities of interest have grown rapidly. We share common experiences and hobbies well
beyond our local neighbourhood, city, or region. Sports fans share opinions and facts about
their favourite teams. Collectors display prized collections and get expert feedback about
them. Whatever form of recreation we enjoy; networks are improving our experience.
30 | P a g e