TRAINING PROJECT REPORT OF
Final Semester BSC-IT Live Project
AT
Hacking Teacher Security Solutions
ON
Implementing A Secure Network
SUBMITTED IN PARTIAL FULFILLMENT OF DEGREE
(B.SC IT)
SUBMITTED BY:
NAME: Vishal Sharma NAME: Vishal Kapoor
ROLL NO: 10205910110 ROLL NO: 10205910093
DEPARTMENT OF IT Security
Vaishno Maa Computer Centre (PTU) Patiala.
1
� PROJECT
Project “Implementation of Network Security” is based upon BSNL’s secure
network. A Network is a connection of Two or more Devices (Nodes) Networks can
interconnect with other networks and contain sub networks. I will provide a general
overview of the basic network security.
Security is an essential element in maintaining any network. The main focus of the IT
managers and computer network administrators is to secure the computer networks.
project. Secure Network, is Securely Settled up Network against Hackers & Attackers.
Firewalls , Access Lists Are Commonly Used to Secure a network Mostly Security Sets
on Network Devices Like Routers , Switches & Firewalls
The project is based upon BSNL’s network.I am dividing the whole Network into three
Phases:
Phase 1: Network Levels , Wireless Devices, DHCP server
Phase 2: Email Server , HTTP Server, DNS Server & Security
Phase 3: Routing, Wireless Devices, DHCP & DNS server
2
� First Phase
The first phase of the project is divided into three layers (cisco has defined a hierarchical
internetworking model) This model simplifies the task of building a reliable, scalable, and less
expensive hierarchical internetwork because rather than focusing on packet construction, it
focuses on the three functional areas, or layers, of your network:
1.Core layer (multilayer switches i.e layer 3 switches)
2.Distribution layer (layer 2 switches, dhcp server, wifi routers)
3.Access layer (switches and end devices i.e pc’s)
Core Layer
The core layer is responsible for fast and reliable transportation of data across a network. The
core layer is often known as the backbone or foundation network because all other layers rely
upon it. Its purpose is to reduce the latency time in the delivery of packets. The factors to be
considered while designing devices to be used in the core layer are:
3
� High data transfer rate: Speed is important at the core layer. One way that core networks
enable high data transfer rates is through load sharing, where traffic can travel through
multiple network connections.
Low latency period: The core layer typically uses high-speed low latency circuits which
only forward packets and do not enforcing policy.
High reliability: Multiple data paths ensure high network fault tolerance; if one path
experiences a problem, then the device can quickly discover a new route.
At the core layer, efficiency is the key term. Fewer and faster systems create a more efficient
backbone. There are various equipments available for the core layer. Examples of core layer
Cisco equipment include:
Multilayer Switch
The generic widely used term multilayer means a switch that can do layer 2 and/or layer 3
switching o the same platform. This definition is used interchangeably with layer 3.however,
multilayer switch is also used to describe switches which can make decision or information in
layer 4-7 as well.
Switches that forward frames based on layer 3 and 4 information contained in packets.this is
known as multilyayer switching (MLS)
A multilayer switch can have port configured as layer 2 or layer 3. And is capable of routing
packets between networks (VLANs). A layer 3 switch is basically a router (ability to have very
fast and with a bunch of ports).
Layer 3 means its capable of routing between vlans and able to join eigrp , rip and things. You
can make any of the ports on the switch a routed port.it means you can use a layer 3 switch
exclusively as a router if u wanted to.
Distribution Layer
The distribution layer is responsible for routing. It also provides policy-based network
connectivity, including:
Packet filtering (firewalling): Processes packets and regulates the transmission of packets
based on its source and destination information to create network borders.
QoS: The router or layer 3 switches can read packets and prioritize delivery, based on
policies you set.
Access Layer Aggregation Point: The layer serves the aggregation point for the desktop
layer switches.
4
� Control Broadcast and Multicast: The layer serves as the boundary for broadcast and
multicast domains.
Application Gateways: The layer allows you to create protocol gateways to and from
different network architectures.
The distribution layer also performs queuing and provides packet manipulation of the
network traffic.
It is at this layer where you begin to exert control over network transmissions, including what
comes in and what goes out of the network. You will also limit and create broadcast domains,
create virtual LANs, if necessary, and conduct various management tasks, including obtaining
route summaries. In a route summary, you consolidate traffic from many subnets into a core
network connection. In Cisco routers, the command to obtain a routing summary.
DHCP Server
The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for
hosts on Internet Protocol (IP) networks. Computers that are connected to IP networks must be
configured before they can communicate with other hosts.
Configuration of DHCP server
The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for
hosts on Internet Protocol (IP) networks. Computers that are connected to IP networks must be
configured before they can communicate with other hosts. The most essential information
needed is an IP address, and a default route and routing prefix. DHCP eliminates the manual task
by a network administrator. It also provides a central database of devices that are connected to
the network and eliminates duplicate resource assignments.
In addition to IP addresses, DHCP also provides other configuration information, particularly the
IP addresses of local Domain Name Server (DNS), network boot servers, or other service hosts.
DHCP is used for IPv4 as well as IPv6. While both versions serve much the same purpose, the
details of the protocol for IPv4 and IPv6 are sufficiently different that they may be considered
separate protocols.
Hosts that do not use DHCP for address configuration may still use it to obtain other
configuration information. Alternatively, IPv6 hosts may use stateless address autoconfiguration.
IPv4 hosts may use link-local addressing to achieve limited local connectivity.
5
� Providing IP to the DHCP server in graphical mode
Set DNS to the STATIC mode along with gateway address
6
�CONFIGURATION OF FASTEHTERNET OF DHCP SERVER
Configuration of DHCP
7
�In this the pool of IP address(range of ip address) ..which the server will assign to each host in
the network that request for the DHCP.
Wireless
Wireless is a popular technology that allows an electronic device to exchange data wirelessly
(using radio waves) over a computer network including high-speed Internet connections.A
device that can use Wi-Fi (such as a personal computer, video game console, smartphone, tablet,
or digital audio player) can connect to a network resource such as the Internet via a wireless
network access point. Such an access point (or hotspot) has a range of about 20 meters (65 feet)
indoors and a greater range outdoors. Hotspot coverage can comprise an area as small as a single
room with walls that block radio waves or as large as many square miles — this is achieved by
using multiple overlapping access points.
Wireless configuration in graphic mode
8
�9
� Wireless In Configuration Mode
CONFIGURATION OF WIRELESS SETTINGS OF WIRELESS
CONFIGURATION OF INTERET SETTINGS OF WIRELESS
10
�CONFIGURATION OF GLOBAL SETTINGS OF PC
Assign IP address to the PC
11
�CONFIGURATION OF WIRELESS SETTINGS OF PC
12
� Second Phase
Levels of Phase Two:
• Routing = Routing between Two Networks Via A Router.
• Wireless Devices = Wireless Devices Implementation For Wireless Laptops.
• Switch Security = Vlans Are Implemented For Layer 2 Security.
13
� CONFIGURATION OF FASTEHTERNET OF DHCP SERVER
TFTP is a file transfer protocol notable for its simplicity. It is generally used for automated transfer
ofconfiguration or boot files between machines in a local environment. Compared to FTP , TFTP is
extremely limited, providing no authentication, and is rarely used interactively by a user.
CONFIGURATION OF TFTP OF DHCP SERVER
14
�CONFIGURATION OF GLOBAL SETTINGS OF DHCP SERVER
15
�CONFIGURATION OF DHCP OF DHCP SERVER
16
� Third Phase
Levels of Phase THREE:
Email Server = For Sending EMAILS in Network
HTTP Server = Web Server To access Websites
DNS Server = To resolve Domains in IP Addresses
TFTP Server = To Download Small Files From Router
Router Security = Filtering of Unauthorized Traffic
17
� DNS Server
The Domain Name System (DNS) is a standard technology for managing the names of Web
sites and other Internet domains. DNS technology allows you to type names into your Web
browser like compnetworking.about.com and your computer to automatically find that address on
the Internet. An often-used analogy to explain the Domain Name System is that it serves as the
phone book for the Internet by translating human-friendly computer hostnames into IP addresses.
For example, the domain name www.example.com translates to the addresses 192.0.43.10 (IPv4)
and 2620:0:2d0:200::10 (IPv6)
The Domain Name System makes it possible to assign domain names to groups of Internet
resources and users in a meaningful way, independent of each entity's physical location. Because
of this, World Wide Web (WWW) hyperlinks and Internet contact information can remain
consistent and constant even if the current Internet routing arrangements change or the
participant uses a mobile device. Internet domain names are easier to remember than IP
addresses such as 208.77.188.166 (IPv4) or 2001:db8:1f70::999:de8:7648:6e8 (IPv6). Users take
advantage of this when they recite meaningful Uniform Resource Locators (URLs) and e-mail
addresses without having to know how the computer actually locates them.
DNS Root Servers
DNS servers communicate with each other using private network protocols. All DNS servers are
organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the
complete database of Internet domain names and their corresponding IP addresses. The Internet
employs 13 root servers that have become somewhat famous for their special role. Maintained by
various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of
these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm,
Sweden.
DNS Server Hierarchy
The DNS is a distributed system, meaning that only the 13 root servers contain the complete
database of domain names and IP addresses. All other DNS servers are installed at lower levels
of the hierarchy and maintain only certain pieces of the overall database. Most lower level DNS
servers are owned by businesses or Internet Service Providers (ISPs). For example, Google
maintains various DNS servers around the world that manage the google.com, google.co.uk, and
other domains. Your ISP also maintains DNS servers as part of your Internet connection setup.
18
� TFTP is a file transfer protocol notable for its simplicity. It is generally used for automated transfer
ofconfiguration or boot files between machines in a local environment. Compared to FTP , TFTP is
extremely limited, providing no authentication, and is rarely used interactively by a user.
Web
The World Wide Web (abbreviated as WWW or W3,and commonly known as the Web) is a system of
interlinked hypertext documents accessed via the Internet. With a web browser, one can view web pages
that may contain text, images, videos, and other multimedia, and navigate between them via hyperlinks.
Email Server
An e-mai server is a computer within your network that works as your virtual post office. A mail server
usually consists of a storage area where where e-mail is stored for local users, a set of user definable
rules which determine how the mail server should react to the destination of a specific message, a
database of user accounts that the mail server recognizes and will deal with locally, and communications
modules which are the components that actually handle the transfer of messages to and from other
mail servers and email clients.
19
�A DNS server is any computer registered to join the Domain Name System. A DNS server runs special-
purpose networking software, features a public IP address, and contains a database of network names
and addresses for other Internet hosts.
CONFIGURATION OF DNS OF DNS SERVER
20
� Email
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital
messages from an author to one or more recipients. Modern email operates across the Internet or
other computer networks. Some early email systems required that the author and the recipient
both be online at the same time, in common with instant messaging
CONFIGURATION OF EMAIL OF DNS SERVER
CONFIGURATION OF FASTEHTERNET OF DNS SERVER
21
�HTTP
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed,
collaborative, hypermedia information systems. HTTP is the foundation of data communication
for the World Wide Web . Hypertext is a multi-linear set of objects, building a network by using
logical links (the so called hyperlinks) between the nodes (e.g. text or words). HTTP is the
protocol to exchange or transfer hypertext.
CONFIGURATION OF HTTP OF DHCP SERVER
22
�ROUTER SECURITY
It allows you to separate the network access control from the operating system, whatever it may
be. the router allows you to keep the network grid rather simple: each machine sees only the
router, which is responsible for the more complex processing, like IP forwarding, port
forwarding, share access etc. Last but not the least, the router can be a very effective firewall
device. For Windows users dreading hacker attackers day and night, the idea of an impregnable
forward defense layer may sound rather promising. Taking into account that most routers run a
minimalistic Linux kernel that has very few vectors of exposure, plus the fact you won't have to
bother with complex software firewalls that slow down the system, using a router becomes a
very lucrative investment.
Security setup
There are many, many guides telling you what you should do with your router ... and here's
another one! Seriously, I think I'm going to give you a slightly different perspective on router
security. My hope is to help you understand the fundamentals of the router (security)
functionality, so that you can use its functions wisely. Just remember that you need not follow
the rules blindly. Make sure they fit your needs and skills.
Administrator password
This is the very first thing you should do. All routers have a graphical control panel through
which its various functions and settings can be modified. The control panel can be accessed only
through a wired connection and by authentication with username and password.
Using the default, factory-set password may allow a potential villain to access and change your
router settings without your permission. Therefore, it's wise to alter the password the moment
you start working with your device. You should use a strong password, containing alpha-numeric
characters.
Firewall
One of the most important strong sides of router devices is that they can function as firewalls.
Unsolicited inbound connections will be refused. If the router is configured to drop the packets,
you will get a so-called 'stealth' result in online port scan results; if the router is configured to
23
�reject the packets, the ports will be closed. Either way, you'll have a robust entry-point control.
Therefore, you should keep the firewall enabled.
24
