Network Security and Routing Protocols Marks:16

Importance of Routing table

• Routing tables are essential in the routing because they maintain a map of connected
networks, which ensures that the process of forwarding packets is as efficient as
possible.
• Without the presence of routing tables, routers would have no idea how to get packets
to their intended destinations
Intra Domain Routing : Routing Within an autonomous system is intra domain routing
Inter Domain Routing : Routing between an autonomous system is inter domain routing

…. Interdomain
___ Intradomain

Distance Vector Routing Algorithm

The distance vector routing algorithm works by each router in a network maintaining a table of
the distances to all other routers in the network. This table is called the distance vector. The
distance vector contains the distance to all the other routers in the network as well as the next hop
router that the data packet should be sent to in order to reach its destination.
Working
• Each router prepares its routing table. By their local knowledge. each router knows
about
▪ All the routers present in the network
▪ Distance to its neighboring routers
• Each router exchanges its distance vector with its neighboring routers.
• Each router prepares a new routing table using the distance vectors it has obtained
from its neighbors.
• This step is repeated for (n-2) times if there are n routers in the network.
• After this, routing tables converge / become stable.
Network Security and Routing Protocols Marks:16

Step 1 − Each router in this DVR(Distance Vector Routing) network shares its routing
table with every neighbor. For example, X will share its routing table with neighbors Y
and Z, and neighbors Y and Z will share their routing table with .

Step 2 − If the path via a neighbor is less expensive, the router adjusts its local table to send
packets to the neighbor. In this table, the router updates the lower cost for X and Z by
updating the new weight from 5 to 3 in router X and Z.
Step 3 − The final revised routing table with the reduced cost distance vector routing
protocol for all routers A, C, and D is shown below-

Advantages of Distance Vector Routing

• It is scalable and flexible

• It is widely supported by router vendors and are compatible with a variety of
network devices
• The distance vector routing protocol is easy to implement for small networks
• compared to other routing techniques, requires less hardware and computing
power
• Simple to use and administer
Network Security and Routing Protocols Marks:16

Disadvantages of Distance Vector Routing

• Time to convergence is relatively slow (updates sent at specified intervals)
• vulnerability to routing loops (count-to-infinity)
• For WAN or complex LAN situations, bandwidth requirements may be excessive.

Link State Routing

Link-state routing uses link-state routers to exchange messages that allow each router to
learn the entire network topology. Based on this learned topology, each router is then able
to compute its routing table by using the shortest path computation .

Link State Routing Algorithm Steps

1. Discovery: Each router discovers its direct neighbors. Router A neighbors B and C.
2. Link-State Advertisement (LSA) Generation: After identifying its neighbors, a router
generates LSAs with link-state information. The LSA lists the router, directly linked links,
and link costs.
3. Link-State Database (LSDB) Exchange: Routers flood their LSAs over the network,
giving all routers complete link-state information. This builds a network-wide LSDB.
4. Shortest Path Calculation: With a synchronized LSDB, each router calculates the
shortest path to all other routers using the Dijkstra method. The Dijkstra method efficiently
calculates the shortest path.
5. Routing Table Update: After the shortest path calculation, each router updates its routing
table to select the most efficient data transmission paths.

Suppose Router A wants to send data to Router C. The shortest path calculation proceeds
as follows:
1. Router 1 floods its LSA containing information about its directly connected links and
their associated costs.
2. Router 2 and Router3 receive the LSA and update their LSDBs.
3. Router 2 calculates its shortest path to Router 3 as the direct link between them, with a
cost of 2 units.
4. Router 1 calculates its shortest path to Router 2 as 1-3-2 with a total cost of 5 units (1
to 3: 3 units + 3 to 2: 2 units).
5. Router 1 updates its routing table, choosing path 1-3-2 as the most efficient route to
reach Router 2.
Network Security and Routing Protocols Marks:16

Path Vector Routing

Working
Network Security and Routing Protocols Marks:16

Routing Information Protocol (RIP)

Routing Information Protocol (RIP) is a dynamic routing protocol that uses hop count as a
routing metric to find the best path between the source and the destination network. It is a
distance-vector routing protocol It works on the Network layer of the OSI model. RIP uses
port number 520.

Hop count is the number of routers occurring in between the source and destination network.
The path with the lowest hop count is considered as the best route to reach a network and
therefore placed in the routing table. RIP prevents routing loops by limiting the number of
hops allowed in a path from source and destination. The maximum hop count allowed for
RIP is 15 and a hop count of 16 is considered as network unreachable.
In the above diagram .To transmit a packet from Router 1 to Router3 Route 1 requires 3
hops Route 2 requires 2 hops and Route 3 requires 4 hops .The RIP selects Route 2 with
lowest hop count to send the data packet from R1 to R3
Features of Routing information Protocol
1. Updates of the network are exchanged periodically.
2. Updates (routing information) are always broadcast.
3. Full routing tables are sent in updates.
4. Routers always trust routing information received from neighbor routers. This is also
known as Routing on rumors.
Network Security and Routing Protocols Marks:16

Routing Information Protocol Message format

Command: It is an 8-bit field that is used for request or reply. The value of the request is 1,
and the value of the reply is 2.
Version: Here, version means that which version of the protocol we are using. Suppose we
are using the protocol of version1, then we put the 1 in this field.
Reserved: This is a reserved field, so it is filled with zeroes.
Family: It is a 16-bit field. As we are using the TCP/IP family, so we put 2 value in this field.
Network Address: It is defined as 14 bytes field. If we use the IPv4 version, then we use 4
bytes, and the other 10 bytes are all zeroes.
Distance: The distance field specifies the hop count, i.e., the number of hops used to reach
the destination
RIP versions:
RIP v1 is known as Classful Routing Protocol because it doesn’t send information of subnet
mask in its routing update.
RIP v2 is known as Classless Routing Protocol because it sends information of subnet mask
in its routing update.
RIPng : used for IPv6

Advantages of RIP :
• Simplicity: RIP is a relatively simple protocol to configure and manage.
• Easy implementation: RIP is easy to implement
• Convergence: RIP can quickly adapt to changes in network topology and route
packets efficiently.
• Automatic updates: RIP automatically updates routing tables at regular intervals
• Compatibility: Guaranteed to support almost all routers.
Network Security and Routing Protocols Marks:16

Disadvantages of RIP :
• Not always loop-free.
• Only supports equal-cost load balancing.
• Pinhole congestion can occur.
• Bandwidth-intensive and inefficient.
• Large networks lead to slow convergence
• vulnerable to
• attacks such as spoofing and tampering.

Open shortest Path First:

Open Shortest Path First (OSPF) is a routing protocol for IP networks. It is used within a
network or area. OSPF uses a link-state routing algorithm. Each router has information about
every link and router in the network. It finds the shortest path to each destination. Routers
within the same area have an identical link-state database. A router that is located on the
border of OSPF areas and connects these areas to the backbone network is called area border
router. An area border router has multiple interfaces to multiple areas and maintains separate
link-state databases for each area.OSPF learns about all routers and subnets in the network
to build a link-state database (LSDB). Routers exchange link-state advertisements (LSAs)
to share information about routers, subnets, and more.

OSPF operates in three steps

1. Neighbor Discovery − Routers find and communicate with neighbors on the

same link.
2. Database Exchange − Routers exchange LSAs to learn about network
topology.
3. Route Calculation − After an exchange of LSDB(link State Databse)
information, the router finds the best route for adding to the routing table.It use
SPF algorithm to find the best paths.
Network Security and Routing Protocols Marks:16

Features of OSPF
• It is an open standard routing protocol.
• It is an interior gateway protocol (IGP).
• It runs within a single routing domain, such as an autonomous system (AS).
• It uses a concept called areas to optimize network traffic and simplify administration.
• It uses the Dijkstra algorithm to compute the shortest route to each destination.
• It runs over IP protocol but does not use a transport protocol (such as TCP or UDP) to
encapsulate its data.
• It encapsulates its data directly in IP packets with protocol number 89.
• It uses its own error detection and correction mechanism.
• It is highly flexible, versatile, and scalable.
• It offers unlimited hop counts.
• It supports VLSM (variable length subnet masking) / CIDR (classless interdomain
routing).
• It supports multi-vendor deployment
• It minimizes routing update traffic.

Open Shortest Path First

• Version: It is an 8-bit field that specifies the OSPF protocol version.

• Type: It is an 8-bit field. It specifies the type of the OSPF packet.
• Message: It is a 16-bit field that defines the total length of the message, including the
header.
• Source IP address: It defines the address from which the packets are sent. It is a
sending routing IP address.
• Area identification: It defines the area within which the routing takes place.
• Checksum: It is used for error correction and error detection.
• Authentication type: There are two types of authentication, i.e., 0 and 1. Here, 0
means for none that specifies no authentication is available and 1 means for pwd that
specifies the password-based authentication.
• Authentication: It contains the actual authentication data. In the message
Network Security and Routing Protocols Marks:16

Advantages of OSPF
• OSPF can be configured on both IPv4 and IPv6 versions of IPs.
• It can carry out load balancing.
• It uses the SPF algorithm to present a loop-free technology.
• It is not Cisco proprietary. It can run on many routers.
• It is a classless protocol.
• It has unlimited hop counts.
• It works very fast.

Disadvantages of OSPF
• It needs extra storage. Therefore, it means that it needs an extra CPU process
to run the SPF algorithm.
• It needs more RAM to save adjacent topology.
• It is very complex. Therefore, it’s very difficult to troubleshoot.

Protocol Independent Multicasting

It is called "Protocol-Independent" because it does not rely on a specific unicast (one-to-
one communication) routing protocol and can work with any existing unicast routing
protocol (such as OSPF, RIP, or BGP). PIM is not directly involved in transmitting data. It
is mainly responsible for establishing and maintaining a structure called a multicast routing
tree. This tree defines how data travels across the network from the sender (source) to the
receiver (subscriber).
The working principle of PIM can be simply divided into three steps:
• Join a multicast group: When a device wants to receive data from a certain
multicast group, it will send a message to tell nearby routers, "I am interested in this
multicast group."
• Establishing a multicast tree: Routers negotiate through PIM to determine how to
most efficiently deliver multicast data from the sender to the receiver. This process is
to establish a multicast tree.
• Data delivery: Once the multicast tree is established, data can be delivered along
the tree from the source (sender) to the destination (receiver). This avoids
broadcasting to the entire network and improves efficiency
Network Security and Routing Protocols Marks:16

PIM comes in two main modes of operation:

Dense Mode (PIM-DM): In Dense Mode, multicast traffic is forwarded to all the networks
by default. When a multicast packet is sent, it is flooded to all the directly connected
networks until it reaches all the destinations. This is done regardless of whether there are
any active multicast receivers or not, which can cause congestion on the network. Dense
Mode is usually used in small networks with a high density of multicast traffic, where it is
assumed that most hosts will be interested in receiving the traffic. PIM-DM uses RPF and
pruning and grafting strategies to handle multicasting.However, it is independent of the
underlying unicast protocol.
Sparse Mode (PIM-SM): In Sparse Mode, multicast traffic is only forwarded to the
networks that have active multicast receivers interested in the traffic. When a multicast
packet is sent, it is only forwarded to the networks that have members subscribed to the
multicast group. This minimizes the amount of traffic on the network but requires the use of
a multicast routing protocol to build a multicast distribution tree. Sparse Mode is typically
used in larger networks with lower with lower density of multicast traffic.
SNMP (Simple Network Management Protocol)
SNMP is an application layer protocol that uses UDP port number 161/162.SNMP is used
to monitor the network, detect network faults, and sometimes even to configure remote
devices.
Components of SNMP:There are mainly three components of SNMP:
SNMP Manager :
It is a centralized system used to monitor the network. It is also known as a Network
Management Station (NMS). A router that runs the SNMP server program is called an agent,
while a host that runs the SNMP client program is called a manager.
SNMP agent :
It is a software management software module installed on a managed device. The manager
accesses the values stored in the database, whereas the agent maintains the information in
the database. To ascertain if the router is congested or not, for instance, a manager can
examine the relevant variables that a router stores, such as the quantity of packets received
and transmitted.
Network Security and Routing Protocols Marks:16

Management Components
In order to perform the Management tasks, the SNMP protocol makes the use of two other
protocols they are SMI and MIB. MIB consists of information on resources that are to be
managed. This information is organized hierarchically. It consists of objects instances which
are essentially variables. A MIB, or collection of all the objects , is unique to each agent.
System, interface, address translation, IP, udp, and egp , icmp, tcp are the eight categories
that make up MIB. The mib object is home to these groups.

The SMI (Structure of management information) is a component used in network

management. Its main function is to define the type of data that can be stored in an object
and to show how to encode the data for the transmission over a network.

SNMP messages

GetRequest : It is simply used to retrieve data from SNMP agents. In response to this, the
SNMP agent responds with the requested value through a response message.
GetNextRequest : To get the value of a variable, the manager sends the agent the
GetNextRequest message. The values of the entries in a table are retrieved using this kind
of communication. The manager won’t be able to access the values if it doesn’t know the
entries’ indices. The GetNextRequest message is used to define an object in certain
circumstances.
SetRequest : It is used by the SNMP manager to set the value of an object instance on the
SNMP agent
Response : When sent in response to the Set message, it will contain the newly set value as
confirmation that the value has been set.
Trap : These are the message sent by the agent without being requested by the manager. It
is sent when a fault has occurred.
Network Security and Routing Protocols Marks:16

Inform Request : It was added to SNMPv2c and is used to determine if the manager has
received the trap message or not. It is the same as a trap but adds an acknowledgement that
the trap doesn’t provide.
Advantages of SNMP
1. It is simple to implement.
2. Agents are widely implemented.
3. Agent level overhead is minimal.
4. It is robust and extensible.
5. Polling approach is good for LAN based managed object.
6. It offers the best direct manager agent interface.
7. SNMP meet a critical need.
Limitation of SNMP
1. It is too simple and does not scale well.
2. There is no object orietned data view.
3. It has no standard control definition.
4. It has many implementation specific (private MIB) extensions.
5. It has high communication overhead due to polling

Network Security
Network security can provide one of the five services as shown in Figure Four of these
services are related to the message exchanged using the network: message confidentiality,
integrity, authentication, and nonrepudiation. The fifth service provides entity authentication
or identification.
Network Security and Routing Protocols Marks:16

Message Confidentiality: Message confidentiality or privacy means that the sender and the
receiver expect confidentiality. The transmitted message must make sense to only the
intended receiver. To all others, the message must be garbage. When a customer
communicates with her bank, she expects that the communication is totally confidential.
Message Integrity :Message integrity means that the data must arrive at the receiver
exactly as they were sent. There must be no changes during the transmission, neither
accidentally nor maliciously. As more and more monetary exchanges occur over the Internet,
integrity is crucial. For example, it would be disastrous if a request for transferring $100
changed to a request for $10,000 or $100,000. The integrity of the message must be
preserved in a secure communication.
Message Authentication :Message authentication is a service beyond message integrity. In
message authentication the receiver needs to be sure of the sender's identity and that an
imposter has not sent the message. Message
Nonrepudiation :Message nonrepudiation means that a sender must not be able to deny
sending a message that he or she, in fact, did send. The burden of proof alls on the receiver.
For example, when a customer sends a message to transfer money from one account to
another, the bank must have proof that the customer actually requested this transaction.
Entity Authentication : In entity authentication (or user identification) the entity or user is
verified prior to access to the system resources (files, for example). For example, a student
who needs to access his/her university resources needs to be authenticated during the logging
process. This is to protect the interests of the university and the student.
SECURITY GOALS – there are three security goals. 1 Confidentiality 2 Integrity 3
Availability
Confidentiality - Confidentiality is probably the most common aspect of information
security. We need to protect our confidential information. An organization needs to guard
against those malicious actions that endanger the confidentiality of its information.
Integrity- Integrity means that changes need to be done only by authorized entities and
through authorized mechanisms.
Availability The information created and stored by an organization needs to be available to
authorized entities. Information needs to be constantly changed, which means it must be
accessible to authorized entities.
Network Security and Routing Protocols Marks:16

SECURITY ATTACKS: The three goals of security ⎯ confidentiality, integrity, and

availability ⎯ can be threatened by security attacks.

Attacks Threatening Confidentiality

• Snooping refers to unauthorized access to or interception of data.
• Traffic analysis refers to obtaining some other type of information by monitoring online
traffic

Attacks Threatening Integrity

• Modification means that the attacker intercepts the message and changes it for his/her
benefit.
• Masquerading or spoofing happens when the attacker pretends to be somebody else. For
eg an attacker might steal the bank card and PIN of a bank customer and pretend that he is
the customer
• Replaying means the attacker obtains a copy of a message sent by a user and later tries to
replay it.
• Repudiation means that sender of the message might later deny that she has sent the
message; the receiver of the message might later deny that he has received the
message.
Attacks Threatening Availability
• Denial of service (DoS) : It is an attack meant to shut down a machine or network,
making it inaccessible to its intended users i.e service unavailable
Other attacks
• Active attack : In an active attack the attacker tries to break into secured system.This
can be done through viruses,worms etc. In this attacker attempts to make change to
data the target or during transmission to the target.
• Passive attack : A passive attack is a network attack in which a system is monitored
and sometimes scanned for open ports and vulnerabilities but does not affect system
resources. The goal of passive attack is to gain information being transmitted in the
message.
Network Security and Routing Protocols Marks:16

Firewall :
• A firewall is a network security device, either hardware or software-based, which monitors
all incoming and outgoing traffic and based on a defined set of security rules it accepts,
rejects or drops that specific traffic.
• Accept : allow the traffic
• Reject : block the traffic but reply with an “unreachable error”
• Drop : block the traffic with no reply
• A firewall establishes a barrier between secured internal networks and outside untrusted
network, such as the Internet
• A firewall is a part of computer system or network that is designed to block unauthorized
access while permitting authorized communication
• Firewalls inspects each message and blocks those that do no meet the specified security
criteria
• They are placed at the entry/exit point of the network

Advantages :
1) It prevents unauthorized internet users from accessing private network connected to
internet
2) It enforces security policy by allowing a single point for implementing and controlling all
security decisions to be made
3) It provides ability to control access to websites

Disadvantages:
1) A firewall is designed for outside attack.Therefore if an inside user attacks the internal
network in some way firewall cannot prevent it
2) It needs specialized skills to configure firewalls
3) It cannot protect against the transfer of virus infected programs or files
Network Security and Routing Protocols Marks:16

Types of firewalls are:

1. Network-based Firewalls: These are placed on the boundary between a private

network and a public network (often the internet). They can be implemented as
hardware devices, software applications, or a combination of both. Their primary
purpose is to guard an entire network by monitoring and controlling incoming and
outgoing network traffic.
2. Host-based Firewalls: These are installed on individual devices or servers,
regardless of the network to which they're connected. A host-based firewall only
protects the individual device on which it's installed. Most modern operating systems
come with built-in host-based firewalls.
3. Packet-filtering firewall : A Packet-filtering firewall filters all incoming and
outgoing network packets. It tests them based on a set of rules that include IP address,
IP protocol, port number, and other aspects of the packet. If the packet passes the test,
the firewall allows it to proceed to its destination and rejects those that do not pass it.
4. Stateless firewall : Stateless firewalls monitor the network traffic and analyze each
data packet’s source, destination, and other details to determine whether a threat is
present. These firewalls can recognize packet state and TCP connection stages,
integrate encryption, and other essential updates.
5. Application-level gateway (Proxy firewall) : Application-level firewall, also
called Proxy firewall, is used to protect data at the application level. It protects from
potential internet hackers by not disclosing our computer’s identity (IP
address). Because this firewall checks the payload of received data packets, it is much
slower than a packet-filtering firewall.
6. Circuit-level gateway : Circuit-level gateway validates established Transmission
Control Protocol (TCP) connections. These firewalls typically operate at the OSI
model’s session level, verifying Transmission Control Protocol (TCP) and User
Datagram Protocol (UDP) connections and sessions.
7. Cloud firewall : A Cloud firewall, also known as FaaS (firewall-as-service), is a
firewall that is designed using a cloud solution for network protection. . Today, most
businesses use cloud firewalls to protect their private networks or overall cloud
infrastructure
Network Security and Routing Protocols Marks:16

8. Next-generation firewalls : Next-generation firewalls (NGFWs) NGFW services

offer deep security controls to protect sensitive data. Deep Packet Inspection
(DPI) analyzes the content of data packets, not just header information. This extra
knowledge allows the firewall to verify the authenticity of HTTP transfers. The result
is improved web security.
Network Security and Routing Protocols Marks:16

Configuring Firewall on Windows server

1. Log in to the Windows server and open Firewall using the command firewall.cpl in the run dialog
box (*Windows key+R will open Run dialog box).
2. Under firewall settings, there are two sections called Private networks and Guest or public
networks with green shields to the left of them, which says that the firewall is active. If they are
on red shields, then the firewall is disabled.
3. Click on either of these sections, it will prompt a drop-down menu with details about the current
public or private networks.
4. Now select the Advanced settings option from the left-hand side of the page.
• Inbound Rules : Which incoming connections are automatically allowed.
• Outbound Rules : Which outgoing connections are automatically allowed.
• Connection Security Rules : Baselines for which connections your computer will allow
and which ones it will block.
• Monitoring : This is an overview of your firewall's basic monitoring guidelines.
Steps to open/limit a port in Windows 2022
1. Navigate to the Firewall advanced settings page. Now select the Inbound Rules option from the
left list options.
2. Now right click on the Inbound Rules and select New Rule option.
3. Upon selection of the new rule, the box appears and select the Port.
4. Click Next and choose the appropriate rule whether it is TCP or UDP and enter your
required custom port.
5. Now, the action to be performed in the given firewall rule is defined. Choose whether Allow the
connection or Block the connection.
6. To configure the firewall rule i.e specify the profile in which the rule is to be applied, whether it is
public, or private, or a particular Domain.
7. Finally the rule is to be named and saved so as to identify with ease. Click Finish.