Internetworking & Security Exam for CIT's Software Dev & Comp Networking Students, Exams of Computer Networks

Download Internetworking & Security Exam for CIT's Software Dev & Comp Networking Students and more Exams Computer Networks in PDF only on Docsity! Cork Institute of Technology Bachelor of Science (Honours) in Software Development and Computer Networking - Stage 3 (NFQ – Level 8) Spring 2006 Internetworking and Security (Time: 3 Hours) Answer any FOUR questions. All questions carry equal marks. Examiners: Dr. J. Buckley Dr. A. Kinsella Mr. A. McDonald Q1. a. Outline three methods of consumer residential access to the Internet. Discuss the advantages and disadvantages of each (9 marks) b. Describe how DSL network access works under the following headings: i. Local loop access; ii. DSLAM; iii. AAL5 encapsulation between DSL modem and UAC router. (12 marks) c. Outline the basic structure of HDLC frame. What is “bit-stuffing” and why is it used in HDLC framing. (4 marks) Q2. a. What is the function of Link Control Protocol in PPP? Also, what is IPCP used for in PPP? (4 marks) b. Describe CHAP Authentication used in PPP. Why is it more secure than PAP? (7 marks) c. Discuss why Frame Relay is a better choice of WAN technology than leased line. (4 marks) d. Explain how Frame Relay allows multiple virtual circuits on a single access circuit. (4 marks) d. Outline the operation of the DHCP protocol. (6 marks) 2 Q3. a. There are two access methods available to an ISDN networks, what are they? Outline the differences. (4 marks) b. ISDN offers logical channels using TDM on a physical channel, explain? (7 marks) c. ISDN uses Q.931 signalling. Outline a basic Q.931 message exchange for a successful call- setup. (10 marks) d. At the data-link layer, ISDN uses two values to address the end-application on a remote terminal, what are they? (4 marks) Q4. a. A Frame Relay PVC has an agreed data rate, the committed information rate. Explain the relationship between CIR and committed burst size, excess burst size, and explain how frames are transmitted on a PVC taking into account these two PVC parameters. (8 marks) b. Outline the purpose and operation of LMI in Frame Relay (4 marks) c. Describe the ATM cell header used on an ATM network-to-network interface. In detail, discuss the payload type field, and its usage in ATM Intelligent Packet Discard. (9 marks) d. An ATM switch behaves as a VP switch and a VC switch, discuss? (4 marks) Q5. a. Using a diagram, describe the structure of an SNMPv2 Message, explaining the basic purpose of each of the fields. This message was modified by the SNMPv3 protocol to provide security features, outline how this is achieved. (7 marks) b. SNMPv3 offers three types of security implementation, what are they? (3 marks) c. In the organisational model, outline the three-tier architecture for network management systems. (6 marks) d. What is the Structure of Management Information and outline its relevance to network management. (4 marks) e. The OSI model categorizes five areas of function management. Briefly describe the five? (5 marks) Q6. a. What is a security policy and what should it contain. (6 b. Network security is a continuous process built around a security policy – The Security Wheel. Describe this security life cycle. (6 marks) c. Discuss how the TCP 3-way handshake is used to implement a stateful Firewall system. (7 marks) Sample Answers – Not to be given to students 5 Verification (2 marks) c. Cheaper, more scalable, allows multiple PVC terminate on one access circuit, allows flexible PVCs (committed vs excess bandwidth) (4 marks) d. Frames from different PVCs all multiplexed onto same access circuit. To distinguish one frame of one PVC from another PVC, Frame Relay uses a tag in the frame header, called the DLCI. FRAD can then differentiate frames coming of serial interface by their DLCI, and hence process them accordingly as they come from different VCs (4 marks) e. (6 marks) 01 02 random HQid id hash SantaCruz user pass HQ boardwalk Establish Link MD5 hash SantaCruz HQ 01 02 random HQid id hash SantaCruz user pass SantaCruz boardwalk user pass HQ boardwalk =? Establish Link MD5 hash MD5 hash SantaCruz HQ Sample Answers – Not to be given to students 6 Q3. a. BRI: 2B (64Kbs) channels and 1 D (16Kbs) signalling channel and PRI: 30B (64Kbs) channels and 1 D (64Kbs) signalling channel. Bearer channels carry information – data, voice, video. (4 marks) b. explain either I.430 TDM multiplexing for BRI or I.431 TDM multiplexing for PRI (7 marks) c. diagram (3 marks); SETUP, SETUP ACK, CALL PROCEEDING, CONNECT, CONNECT ACK, explanation (5 marks); mention info elements in q.931 messages (2 marks) d. TEI and SAPI, explanation. (2 marks each) Q4. a. Each PVC has an agreed data rate, the Committed Information Rate, the PVC is set up on an access link which normally will have a higher capacity than the PVC. The PVC can deliver to the network frames at any rate up to the link capacity, if a PVC delivers frames on the access link in excess of the CIR the excess frames will be marked as eligible for deletion. (3 marks) The CIR is expressed, for calculation purposes, as the number of bits in a set measurement interval, and is then called the committed burst size, Bc. The difference between Bc and the actual link capacity in the interval is called the excess burst size, Be. The link cannot accept more than Bc + Be bits in the time interval. Frames in the time interval that bring the total number of bits over Bc have their discard eligibility flag set. (5 marks) b. LMI is a signaling standard between the DTE and the Frame Relay switch. (1 mark) LMI includes: A keepalive mechanism, which verifies that data is flowing (1 mark) A multicast mechanism, which provides the network server (router) with its local DLCI. (1 mark) A status mechanism, which provides an ongoing status on the DLCIs known to the switch(1 mark) c. (2 marks) The virtual channel identifier has local significance within a transmission trunk Virtual channel is a logical connection between two adjacent ATM entities. Each switching node maps the incoming VPI/VCI to an outgoing VPI/VCI based on the connection setup. 65,536 virtual channels per virtual path. Sample Answers – Not to be given to students 7 The VPI represents possibly many VCIs, grouped together, so they can be routed as a unit, 4096 possible virtual paths in the NNI (2 marks) 3-bit field (b0b1b2): Indicates the type of payload User information (b0 = 0), Connection associated layer management information (b0 = 1) Indicates congestion information, (b1 = 0, no congestion) Indicates network resource management, Used by AAL5 SAR to indicate the location of the cell within the AAL5 CS-PDU; b2 = 0, i.e. first and middle cells, b2 = 1, i.e. last cell (3 marks) Cell Loss Priority: The CLP bit is used by an ATM switch network interface to determine if a cell is eligible for discard when congestion is encountered, 0 - do not discard, 1 - cell may be discarded (1 mark) Header Error Check: 8 bit field, Used as error detection and error correction code on 1st 4 bytes of ATM header in UNI and NNI (1 mark) Q5 a. Diagram(2 marks), Version, community, type, request id, error, variable bindings (3 marks); community replaces with security fields (2 marks). b. Username/password. Authentication. Privacy. c. Diagram (2 marks), manager/agent, mib, protocol, proxy agent and rmon (4 marks) d. SMI standard for information representation (1 mark), hierarchical tree (1 mark), MIB a subset of SMI (1 mark), each object referenced by unique object identifier (1 mark) e. Fault, Configuration, Accounting, Performance, Security (1 mark each) Q6 a. “A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.” (2 marks) Statement of Authority and Scope Acceptable Use Policy Identification and Authentication Policy Internet Use Policy Campus Access Policy Remote Access Policy Incident Handling Procedure (5 marks) b. Step 1: Secure; Step 2: Monitor; Step 3: Test; Step 4: Improve (2 marks each)