COMPUTER NETWORKS AND

OPERATING SYSTEMS
Lecture no. 10
by Luminiţa SCRIPCARIU
From the previous lecture

• L1 Network equipment
• L2 Network equipment
• IP addressing exercises

Luminita Scripcariu 2
 PROJECT PRESENTATION
• Projects will be presented online in the 13th week, on
Thursday, May 27th, 2021, from 8 a.m.

• 15-20 minutes are allocated for each project.

• The project is presented by the entire team, using a

presentation file (PowerPoint or Prezi).

• Each team creates an archive of the project

including all files (.docx, .vsdx, .pkt) named by the
names of the team members.
Luminiţa Scripcariu 3
 COLLOQUIUM
• The final evaluation is scheduled in the 14th
week, on June, 3rd, 2021, from 8.a.m.
• It consists in a theory quiz with 20 multiple-
choice questions (on Moodle), an exercise-
solving test (from 9.a.m.) and the oral evaluation
(the meaning of 5 acronyms and details of
them), during the exercise test.
• The exercise files will be uploaded in Files, on
Teams, until the announced deadline.

Luminiţa Scripcariu 4
 QUESTION 1
Which of the following devices work
on OSI layer 2?
 hub
 media converter
 modem
 switch

5 Luminita Scripcariu
 QUESTION 2
Which of the following devices are
multiport type?
 hub
 media converter
 modem
 switch

6 Luminita Scripcariu
 QUESTION 3
Which of the cables below can be used
for outdoor links?
 coaxial
 STP
 twinaxial
 UTP
 optical cables

7 Luminita Scripcariu
 QUESTION 4
What are the advantages of an open
rack for network equipment versus a
locked rack?
 It is less heavy and easy to install
 Equipment is secured
 It is more ventilated
 It has grounding option

8 Luminita Scripcariu
 QUESTION 5
In order to avoid the failure of physical
mother port from the devices
mounted in a rack, it is
recommended to use:
 Ethernet socket
 EM shield
 Patch panel
 Rear panel
9 Luminita Scripcariu
 QUESTION 6
Power supply can be done over:
 Ethernet cable
 Coaxial cable
 Optical Cable
 Radiolink

10 Luminita Scripcariu
 QUESTION 7
Which of the cables below has the
maximum segment length?
 coaxial
 MMF
 twinaxial
 UTP
 SMF

11 Luminita Scripcariu
 QUESTION 9
Which of the following switching
techniques is the fastest one?
 circuit-based switching
 message switching
 packet switching

12 Luminita Scripcariu
 QUESTION 10
Which of the following statements about
a network switch are true?
 A switch extends the network.
 It switches packets.
 A switch splits a larger broadcast domain
into smaller ones.
 A switch splits a larger collision domain into
smaller ones.

13 Luminita Scripcariu
 QUESTION 11
A network switch can read:
 bits
 frames
 packets
 MAC addresses

14 Luminita Scripcariu
 QUESTION 12
A network switch learns:
 IP addresses
 MAC addresses
 the physical port number associated
to a MAC address
 logical ports

15 Luminita Scripcariu
 QUESTION 13
Users’ management is done in a cable
network by:
 CM
 CMTS
 EMS
 NOC

16 Luminita Scripcariu
 QUESTION 14
VLANs can be defined using a:
 cable
 hub
 modem
 switch

17 Luminita Scripcariu
 QUESTION 15
What is the subnet mask of
192.168.200.128/26 subnet?
 255.255.255.0
 255.255.255.128
 255.255.255.192
 255.255.255.224

18 Luminita Scripcariu
 QUESTION 16
What is the broadcast address of
192.168.200.128/26 subnet?
 192.168.200.143
 192.168.200.159
 192.168.200.191
 192.168.200.255

19 Luminita Scripcariu
 QUESTION 17
What is the address of host no. 12 in
192.168.200.128/26 subnet?
 192.168.200.12
 192.168.200.38
 192.168.200.140
 192.168.200.178

20 Luminita Scripcariu
What do the following acronyms
mean?
• CM CMTS
• DOCSIS NOC
• STP DB
• LS0H US
• SFP DL

Luminita Scripcariu 21
L3 NETWORK EQUIPMENT

• ACCESS POINT

• ROUTER (FIREWALL, GATEWAY)

Luminita Scripcariu 22
 Access Point
used by WiFi networks

Luminita Scripcariu 23
Web management can be done using a GUI.

Luminita Scripcariu 24
Luminita Scripcariu 25
 Router
• L3 equipment
• It routes the packets based on the routing
table.

Luminita Scripcariu 26
 Remarks
• A router has at least two interfaces with
individual network addresses.
• A router can transfer data between networks
using different standards (Ethernet, FDDI, ATM)
and/or different protocol suites (multiprotocol
router).

Luminita Scripcariu 27
Example: Wireless Router front
panel

Luminita Scripcariu 28
WL500 Rear Panel

Luminita Scripcariu 29
 Routable vs. Non routable
• The protocols known by a router are
considered to be routable protocols.
• The router can route only routable
protocol packets.
• The data units sent by non routable
protocols will be forwarded by
bridging only if this procedure is
enabled on the router (BR – bridge
router).
Luminita Scripcariu 30
Network Graph and Tree

Destination Next Hop

Network
A -

B B

C B

D G

E B

F B

G G

H G

Luminita Scripcariu 31
 Static vs. Dynamic Routing

• Static Routing: Routing Tables can be

created manually by the network
administrator, for small networks.
• Dynamic Routing: Large Networks use
routing algorithms to calculate the routes
and routing protocols to exchange routing
information between routers.

Luminita Scripcariu 32
 Remarks
• A router produces a higher end-to-end
delay (30 % - 40 % of the total
transmission time) than a network
switch or bridge.
• A multiprotocol router can recognize and
convert different data units and network
address formats.

Luminita Scripcariu 33
 Dynamic Routing Protocols
Internal Routing Protocols:
Based on distance vectors:
• RIP - Routing Information Protocol
• IGRP - Internal Gateway Routing Protocol
• DVMRP- Distance Vector Multicast Routing
Protocol
Based on the link status:
• OSPF - Open Shortest Path First
External Routing Protocols:
• BGP - Border Gateway Protocol
Luminita Scripcariu 34
 Routing Principles
• A router runs different routing algorithms
for calculating the optimal path from source
to destination
• STA (Spanning Tree Algorithm) is applied
according to STP (Spanning Tree Protocol)
on the network graph.
• Routing protocols are used by a router to
send other routers the routing information
contained in its routing table, including the
network status and topology.

Luminita Scripcariu 35
 Metrics used by the Routing
Algorithms
• Number of hops between the source
and the destination
• Link Throughput
• The end-to-end delay
• Congestion risk
• Security risk
• Transmission costs

Luminita Scripcariu 36
 Network Tree and the Routing Table

• The next hop is the network address of the next router

interface used to reach the destination. The next hops
are written in the routing table that contains the
destination network addresses and a default route.
4/29/2021 Luminiţa Scripcariu 37
 Exercise
Write the routing table for router A
according to the tree diagram below.

4/29/2021 Luminiţa Scripcariu 38

Key to the exercise

Destination Next Hope

Network
A -
B 193.100.1.130
C 193.100.1.130
D 193.100.1.66
E 193.100.1.130
F 193.100.1.130
G 193.100.1.66
H 193.100.1.66

Luminita Scripcariu 39
 Router Advantages
• A router usually offers security services
(access control, authentication, filtering).
• Every router decreases the TTL or the no.
of hops in each forwarded packet, so it
discards those packets with unreachable
destination.
• Routers can prevent and solve network
congestions.
Luminita Scripcariu 40
 Router configuration
• Change the administrator account (delete the default
account).
• Include the router in a network domain.
• Configure the router interfaces (name, network
address, network mask) (set if)
• Enable/Disable protocols on the router.
• Eventually, configure statically the routes (set route)
• Apply the security policy (create ACL, enable the
firewall, apply access restrictions on hour/day/key
words/application, enable traffic filtering etc.)
Luminita Scripcariu 41
 Example(router_file.cfg)
hostname Cisco3620 !
! interface Ethernet 1/2
ip routing no description
! no ip address
interface Ethernet 0/0 shutdown
no shutdown !
description connected to Internet interface Ethernet 1/3
ip address 80.46.94.10 255.0.0.0 no description
! no ip address
interface Ethernet 1/0 shutdown
no shutdown !
description connected to Cisco1548 router rip
ip address 192.168.1.1 255.255.255.224 version 2
! network 192.168.1.0
interface Ethernet 1/1 passive-interface Ethernet 0/0
no shutdown ! IP Static Routes
description connected to Cisco1548_2 ip route 0.0.0.0 0.0.0.0 Ethernet 0/0
ip address 192.168.1.33 255.255.255.224 no ip http server

Luminita Scripcariu 42
Security Protocols from the
TCP/IP suite

Luminiţa Scripcariu 43
 IPsec
• IP security
Security services:
• authentication (based on username and
passwords, biometric etc.)
• Certification (digital certificates)
• Confidentiality (by data encryption)
• integrity (by hashing, MD –message
digest)
• data filtering (based on MAC, IP, port
numbers, usernames, packet priority etc.)
• service access control (by defining a
service set for each user).
Luminiţa Scripcariu 44
 Data Encryption
• ENCRYPTION ALGORITHMS:
DES – Data Encryption Standard; 3DES
RSA – Rivest-Shamir-Adleman
AES – Advanced Encryption System
MD – Message Digest
Hash functions (SHA - Secure Hash Algorithm)
• ENCRYPTION PROTOCOLS:
SSL - Secure Socket Layer (L6 protocol)
TLS - Transport Layer Security (L6 protocol)
CCMP – Counter-Mode Cipher-Block-Chaining
(CBC) Message Authentication Code
(MAC) Protocol
Luminiţa Scripcariu 45
 OTHER SECURITY PROTOCOLS
• Authentication protocols (L4 protocols)
AH – Authentication Header
ESP- IP Encapsulating Security Payload
• Tunneling protocols: IPSec tunneling; GRE
Generic Routing Encapsulation (L3) – private
address routing; SSTP - Secure Socket Tunneling
Protocol; L2TP Layer 2 Tunneling Protocol; SSH
tunneling (L4) – set secret routes called
tunnels between two network nodes.
• IKE - Internet Key Exchange (RFC2409)
• ISAKMP - Internet Security Association and
Key Management Protocol.
Luminiţa Scripcariu 46
 Important about SSH
• SSH transport layer is a secure, low level transport
protocol for remote connection.
• It provides strong encryption, cryptographic host
authentication, and integrity protection.
• Authentication in this protocol level is host-based.
• SSH does not perform user authentication.
• A higher level protocol used for user authentication
can be designed on top of SSH.
• SSH can be combined with application protocols to
offer secure e-mail, ftp, telnet services.
Luminiţa Scripcariu 47
 How to secure a network?
• Configure user and groups accounts but remove the
default account.
• Configure the equipment by enable/disable
protocols, open/close ports, install/uninstall network
applications (trusted vs. untrusted), install time-
limited certificates.
• 24/7 network manually/automatically monitoring
• Enable network local or remote alarms (audio, visual,
flashing, by SMS or by e-mail)
• Control and filter the network traffic
• Install antivirus, antimalware programs on all the
devices connected to the network.
• Create periodically backups or images of the system.
Luminiţa Scripcariu 48
 KERBEROS Mechanism
• Authentication protocol (RFC 3129) based on a
tickets sent by the Kerberos server: KDC (Key
Distribution Center).
• It allows mutual authentication of two entities
using a third part negotiator without storing locally
the passwords.
• DH (Diffie-Helman) algorithm provides forward
secrecy in TLS ephemeral modes.
Luminiţa Scripcariu 49
 Remarks
• IPsec is a suite of protocols.
• IPsec works on OSI L3 and TCP/IP Internet
layer.
• IPsec is optional for IPv4 bit it is compulsory for
IPv6.
• In those local networks with a very large
number of users, RADIUS servers must be
used for authentication and dedicated network
monitoring software programs must be run.
• RADIUS – Remote Authentication Dial-In User
Server.
Luminiţa Scripcariu 50
 OTHER SECURITY METHODS
 ACL - Access Control List
 VLAN – Virtual Local Area Network – the data
traffic is unencrypted but the LAN is segmented
in order to separate the traffic of different
customers.
 VPN – Virtual Private Network – are set in WAN;
the traffic is encrypted (e.g. a company with
many subsidiaries located in different cities or
countries can use a VPN so that the employees
from different places can communicate securely
when they have Internet access).
Luminiţa Scripcariu 51
 FIREWALL
• A firewall (as a software program or a dedicated
device) controls the network traffic based on
physical or network addresses, source or
destination, port numbers, day and time, user
credentials etc.
• Security policy is applied based on ACL (Access
Control List) stored on routers or using RADIUS
servers.
• The firewall controls and monitors the access to
the network (Logging Facility).
• In order to avoid packet double filtering, on the
router working as a firewall NAT service must be
disabled.
Luminiţa Scripcariu 52
 SECURITY POLICIES
• A firewall becomes active only after a private
interface and a public one have been configured and
access rules have been defined for them.
• The transfer of packets between an unsecured
interface to a secured one is automatically blocked.
• Usually, only the transfer of packets coming as a
reply to an internal request is allowed to the private
interface.

Luminiţa Scripcariu 53
 Proposed Exercise
In 10.0.0.0 network, subnets are defined by borrowing 7 bits
from the HOST ID. Calculate:
1. The network mask.
2. The broadcast address of the major network.
3. The total number of bits used to identify a subnet.
4. The number of host addresses available in each subnet.
5. The subnet mask.
6. The subnet no. 100 (S#100) address.
7. The host address space in S#100.
8. The broadcast address of S#100.
9. The IP address of host no. 1030 in S#100.
10. The equivalent IPv6 address of this node calculated by the
mixed mapping method.
Luminiţa Scripcariu 54