8/7/2019 2008-s2

1/5

Matric No: _________________

NAPIER UNIVERSITY

SCHOOL OF COMPUTING

NETWORK ACCESSIBILITY

CSN11104

Academic session: 2008/9 Diet: June

Exam duration: 2 Hours Reading time: None

(excluding reading time) Total exam time: 2 Hours

Please read full instructions before commencing writing

Exam paper information Total number of pages: 4 Number of questions: 5 Answer any three questions from the five questions shown. Put your answer into the script provided. Start each question on a new page.

Special instructions Closed Book Exam.

Special items None

Examiner(s): Dr Gordon Russell , Mr Robert Ludwiniak

1

8/7/2019 2008-s2

2/5

1. MPLSa. Discuss the strengths and weaknesses of MPLS in comparison to

more traditional backbone implementations

The idea behind MPLS was to replace routing done in software with switching done in

hardware and offer higher speeds. MPLS is an improved method for forwardingpackets it is not intended at replacing conventional IP routing but to work alongside.MPLS is considered to be a layer 2.5 technology. MPLS is becoming widely adoptedas the preferred backbone technology for service providers (SP) as it is highlyscalable. Both ATM and MPLS support tunneling of connections inside connections.MPLS uses label stacking to accomplish this while ATM uses virtual paths .MPLSallows great flexibility in network design as ATM is complex to set up.

Marks [5]b.

i. Using an example network, explain how MPLS sets up its controlplane. Include the relationships between FIB, LFIB, and CEF, andthe use of LDP.

Marks [10]ii. Discuss the advantages of using BGP within the service

provided cloud when managing MPLS.

MPLS is used for forwarding packets over the backbone, and BGP is used for distributingroutes over the backbone. The primary goal that this method is used for is to support theoutgoing of IP backbone services BGP/MPLS VPNs offer an alternative for secure site-to-sitecommunication. BGP/MPLS VPNs have built within them several mechanisms to providesecurity. Address space separation may be a concern, especially considering the possibility of overlapping address space. However, the use of VPN-IPv4 addresses allows for independentVPNs to remain separate despite any addressing overlap

Marks [5]c. Evaluate the use of MPLS VPN as a replacement for normal VPN

over an MPLS network.

MPLS VPN combines enhanced BGP signaling, MPLS-based VPNs enforce trafficseparation between customers by assigning a unique VRF to each customers VPN.Compared to other types of VPN such as IPSec VPN MPLS is more cost efficient andcan provide more services to customers.

Marks [5]Total Marks [25]

2. Device Security

a. Discuss the progressive stages traditionally considered to be involved inhacking a network.

2

8/7/2019 2008-s2

3/5

Marks [7]b.

i. Discuss using examples how the recommendations of RFC 2827could be used to police traffic from Martian packets entering anetwork, and comment on their usefulness.

Marks [4]

ii. Describe the four stages considered good practice when dealingwith a worm attack.

Marks [4]

iii. Discuss good practice networking rules for outgoing networkconnections, commenting on why they are considered important.

Marks [4]

c. Describe a common Distributed Denial of Service attack and evaluate apossible Cisco-related approach to mitigating its effect. Include syntaxexamples where appropriate.

Marks [6]Total Marks [25]

3

8/7/2019 2008-s2

4/5

3. Firewall Technologya. Discuss the advantages of using a Layered Defense Strategy when

designing a firewall architecture.Marks [6]

b.i. Explain the function, advantages, and disadvantages of Stateful

Firewall Systems.Marks [6]

ii. Produce an annotated Cisco IOS configuration to secure thenetwork 20.5.5.0/24 using stateful rules, so that all outgoingpackets are permitted, as well as allowing related incomingpackets plus packets destined to the http server at 20.5.5.6.

Marks [7]c. Consider the difference between inband and out-of-band control

channels for managing routers and switches, and discuss the strengthsand weaknesses of both approaches.

Marks [6]Total Marks [25]

4. IPSECa. Describe the three main protocols specified by IPSec.

Marks [6]b. Evaluate the main encryption algorithms used in securing VPN

connections. As part of the answer, please provide suitable examples of encryption techniques and compare their advantages anddisadvantages.

Marks [12]c. Analyse possible failover solutions used in IPSec VPN deployment. As

part of your answer, please discuss methods used to achieveredundancy.

Marks [7]Total Marks [25]

4

8/7/2019 2008-s2

5/5

5. IDS and IPSa. Discuss six potential router service categories that are considered

security threats.Marks [6]

b.i. Discuss and evaluate the strengths and weaknesses of IDS and

IPS systems. Your answer should include network-based andhost-based IDS and IPS.

Marks [7]ii. Describe the four categories of IDS and IPS signatures?

Marks [6]c. IDS and IPS systems can be categorised based on their approach to

identify malicious traffic. Discuss all three categoriesMarks [6]

Total Marks [25]

.

END OF PAPER

5