Design of labs for Cisco academy courses

Tato diplomová práce se zabývá návrhem laboratorních úloh pro předměty Cisco akademie. Je orientována zejména na technologie Cisco. Teoretická část popisuje jednotlivá zařízení použitá v laboratoři a problematiku funkcionalit těchto zařízení, jako je přepínání, směrování a řešení vzniklých problémů s konfigurací těchto prvků. V praktické části jsou již přímo vytvořeny návrhy laboratorních úloh, zaměřených na konkrétní příklady dané problematiky z oblasti konfigurace a správy sítí s prvky Cisco. Nedílnou součást práce tvoří podpůrné prezentace k jednotlivým laboratorním úlohám včetně konfiguračních souborů s nastavením daných zařízení. Vytvoření laboratorních úloh a ověření funkčnosti jejich konfigurací bylo realizováno v laboratoři Cisco akademie VUT Brno.This master's work deals with the design of laboratory exercises for Cisco Academy courses. Especially is oriented on Cisco technology. The theoretical part describes various devices used in the laboratory and the issue of functionality of these devices, such as switching, routing and solve any problems with the configurations of these elements. The practical part is directly generated designs laboratory exercises, focusing on specific examples of the problems from the configuration and network management with Cisco. An integral part of work consists of supporting the presentation of individual laboratory tasks, including configuration files, settings of the device. Create labs and verify the functionality of their configuration has been realized in the laboratory Cisco Academy Brno.

Recursive internetwork architecture, investigating RINA as an alternative to TCP/IP (IRATI)

Driven by the requirements of the emerging applications and networks, the Internet has become an architectural patchwork of growing complexity which strains to cope with the changes. Moore’s law prevented us from recognising that the problem does not hide in the high demands of today’s applications but lies in the flaws of the Internet’s original design. The Internet needs to move beyond TCP/IP to prosper in the long term, TCP/IP has outlived its usefulness. The Recursive InterNetwork Architecture (RINA) is a new Internetwork architecture whose fundamental principle is that networking is only interprocess communication (IPC). RINA reconstructs the overall structure of the Internet, forming a model that comprises a single repeating layer, the DIF (Distributed IPC Facility), which is the minimal set of components required to allow distributed IPC between application processes. RINA supports inherently and without the need of extra mechanisms mobility, multi-homing and Quality of Service, provides a secure and configurable environment, motivates for a more competitive marketplace and allows for a seamless adoption. RINA is the best choice for the next generation networks due to its sound theory, simplicity and the features it enables. IRATI’s goal is to achieve further exploration of this new architecture. IRATI will advance the state of the art of RINA towards an architecture reference model and specifcations that are closer to enable implementations deployable in production scenarios. The design and implemention of a RINA prototype on top of Ethernet will permit the experimentation and evaluation of RINA in comparison to TCP/IP. IRATI will use the OFELIA testbed to carry on its experimental activities. Both projects will benefit from the collaboration. IRATI will gain access to a large-scale testbed with a controlled network while OFELIA will get a unique use-case to validate the facility: experimentation of a non-IP based Internet

Routed end-to-end Ethernet : Proof of Concept

Tämän diplomityön tavoitteena on tutkia ja analysoida Ethernet- ja IEEE 802.1 -standardeja, sekä IPv4- ja IPv6-protokollia. Näiden parhaita puolia yhdistämällä kehitettiin uusi päästä-päähän reitittävä Ethernet -konsepti, jonka mukaan rakennettiin Proof of Concept -verkko. Tämä idea pyrkii ratkaisemaan Internetin suurimman ongelman, jossa osoiteavaruudesta loppuvat osoitteet, käyttämällä laitteiden identifioimiseen ja Ethernet-pakettien reitittämiseen sekä MAC- että NSAP-osoitteita. Hierarkkisuuden puute osoitteissa estää tehokkaan reitityksen ja sen takia Ethernet-verkot eivät skaalaudu maailmanlaajuiseksi verkoksi. IEEE 802.1 -standardeissa on parannettu Ethernet-verkkojen skaalautuvuutta, mutta osoitteistusta ei ole muutettu ja reititykseen käytetään edelleen Spanning Tree -protokollaa. Internet-protokollan versio 4:stä tuli Internetin hallitseva verkkoprotokolla, koska siinä osoitteisto on hierarkkinen, mikä mahdollistaa tehokkaan reitityksen. Ongelmaksi on kuitenkin muodostunut pieni osoiteavaruus, josta osoitteet alkavat loppua. IPv6:ssa on suurempi osoiteavaruus, mutta siltikään se ei ole syrjäyttänyt IPv4-osoitteita. RE2EE:n ideana on lisätä Ethernet-verkkoon hierarkkiset osoitteet, jotka yhdessä mahdollistaisivat riittävän ison osoiteavaruuden ja tehokkaan reitityksen. Proof of Conceptissa luotiin RE2EE-verkko pienessä mittakaavassa ja todistettiin sen avulla RE2EE:n perusominaisuuksin toteuttaminen käyttämällä ainoastaan Ethernet-paketteja.The main goal of this thesis is to investigate and analyse the Ethernet and IEEE 802.1 standards, and IPv4 and IPv6 protocols. From those combine a new idea of Routed End-to-End Ethernet in theory and to build a Proof of Concept network that shows it in a small scale. This concept would solve the address exhaustion problem by using MAC and NSAP addresses for host identification and for routing Ethernet packets in the network. From Ethernet and IEEE 802.1 standards we found that the main problem of the Ethernet is that it does not have hierarchical addresses. Hierarchical addresses would allow efficient routing enabling the network to scale globally. IEEE 802.1 has many standards with features for scaling Ethernet networks better, but they are still not enough. The only routing protocols used in the Ethernet networks are still the Spanning Tree Protocols. Internet Protocol version 4 that is the dominant network protocol in the Internet, has a hierarchical address space enabling efficient routing. A big problem with IPv4 is that the address space is small and is running out of addresses. IPv6 has larger address space, but for some reason the deployment is really slow. RE2EE would use Ethernet added with hierarchical addresses for the Internet. This would make the address space large enough and also efficient routing would be possible. In the Proof of Concept a small scale network was built, which showed that it is possible to create the basic functionalities of RE2EE using only Ethernet packets

Enterprise Network Design and Simulation - Cisco Virtual Lab

Tématem této diplomové práce (dále jen DP) je návrh rozsáhlých podnikových sítí podle doporučení stanovených společností Cisco. Dále je realizována simulace navržené topologie prostřednictvím programů s otevřeným zdrojovým kódem a dohled nad sítí prostřednictvím programu Nagios. Úvodní část obsahuje stručné seznámení se základním rozdělením sítě do jednotlivých funkčních bloků. Druhá část se zabývá popisem jednotlivých funkčních bloků a jejich rolí v rámci celé síťové topologie. Bloky jsou dále rozděleny na jednotlivá zařízení a jsou popsány služby, které tato zařízení musí poskytovat. Třetí část DP se snaží zmapovat základní požadavky na služby, které jsou kladeny na dnešní síťové infrastruktury. Hlavní důraz je kladen na dostupnost všech nabízených služeb sítě. Jsou vyjmenovány jednotlivé protokoly druhé až třetí vrstvy OSI modelu, které zabezpečují stálou dostupnost sítě v případě selhání aktivních prvků. Čtvrtá část DP se věnuje popisu návrhu síťové topologie WAN. Pátá část obsahuje popis bezpečnostních rizik, která ohrožují dostupnost sítě, tak i popis útoků, které mají za cíl krádež identity uživatele. V šesté části DP jsou popsány programové nástroje pro zprávu sítí (Nagios, Cisco Security Device Manager) a programy, které simulují Cisco přepínače, směrovače (Dynamips & Dynagen, GNS3) a Cisco PIX firewall (PEMU). Sedmá kapitola se zabývá konkrétním návrhem rozsáhlé sítě s použitím principů, které byly zmíněny v předcházejících kapitolách. Navržená infrastruktura je dále realizována pomocí simulačních programů a tato virtuální síť dovoluje demonstrovat nastavení a chování všech popsaných protokolů a zařízení. V závěrečném shrnutí je nejdůležitější poznatek, že návrh a konfigurace rozsáhlé sítě a její realizace ve virtuálním prostředí je funkční a použitelná pro pokusné účely i pro studijní účely.This Master's Thesis (further only MT) deals with subject of enterprise network design according to recommendations of Cisco company. As part of the thesis is developed simulation of enterprise network, according to created concept. The virtual lab is realized by open-source programs and monitored by Nagios software. The first part contains brief introduction to network designs and description of hierarchical network design. The second part describes building blocks of the network design and their role in hierarchical network. Each block is further divided into specific network devices and then there are described services that have to be provided by them. The third part of MT deals with basic service demands which are expected from today’s network infrastructures. The main focus is on availability of network services. There are specified information about second and third layer protocols of OSI model which are securing availability of all services provided by the network infrastructure in case of failure. The following fourth part contains information about WAN design. The fifth part describes security risks which can jeopardize network availability. It also contains description of attacks on network users. The sixth part of MT contains brief description of software tools for network management and monitoring (Nagios, Cisco Security Device Manager) and programs for simulating Cisco routes and switches (Dynamips & Dynagen, GNS3) and Cisco PIX firewall simulation program (PEMU). The seventh chapter deals with developed network design concept. The concept is deployed as virtual lab running under simulation programs. The virtual infrastructure allows demonstration of settings and behavior of all protocols and equipments described before. In conclusion is the most important recognition that the network concept and its simulation as virtual lab is functional and it can be used for tests or educational purposes.

SIP based IP-telephony network security analysis

Masteroppgave i informasjons- og kommunikasjonsteknologi 2004 - Høgskolen i Agder, GrimstadThis thesis evaluates the SIP Protocol implementation used in the Voice over IP (VoIP) solution at the fibre/DSL network of Èlla Kommunikasjon AS. The evaluation focuses on security in the telephony service, and is performed from the perspective of an attacker trying to find weaknesses in the network. For each type of attempt by the malicious attacker, we examined the security level and possible solutions to flaws in the system. The conclusion of this analysis is that the VoIP service is exploitable, and that serious improvements are needed to achieve a satisfying level of security for the system

Estudi de la implantació de IPv6 a la xarxa guifi.net

En aquest treball s'explicarà com funciona la xarxa guifi.net IPv4 i es far a una proposta de com podria ser la xarxa amb IPv6. Finalment, es realitzarà una prova per verificar la proposta

Secure Network Access via LDAP

Networks need the ability to be access by secure accounts and users. The goal of this project is to configure and expand on LDAP configurations with considerations for AAA via TACACS+ and Radius for network equipment. This will provide adequate security for any given network in terms of access and prevent lose of access to devices which happens all to often with locally configured accounts on devices

GNS3 for Security Practitioners

This guide is only a small part of the security content that can be learned during the "Master's Degree in Computer Engineering" - Cybersecurity Degree. The guide is used by the students as reinforcement during practical classes, but there is much more content that is not found in the guide. Indeed, the student has access to the virtual machine resulting from the steps in the guide (including all the scripts and networks configured for GNS3), so these steps are only used if the student wants to set up their own environment at home. Moreover, vulnerability analyses are very dependent on the living system. The student learns how to use Metasploit and other pentesting tools during the course, although this is not included in deep in the guide. This guide is only a first step towards cybersecurity training.The objective of this guide is to provide useful information for the deployment of a virtual laboratory using GNS3 with the aim of testing security features. In this guide GNS3 is used together with other tools for training in network security. It is possible to install all these tools in a single virtual machine. In addition, the virtual machine must have nested virtualisation enabled in order to run inside other virtual machines (e.g. Kali Linux)

Active Directory Infrastructure Design and Network Topology Design for StarCom Software Developer Company

Active Directory is Microsoft trademarked directory service, an integral part of the Windows 2000 architecture and later server operating systems. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. A well-structured Active Directory hierarchy requires a well-defined underlying network infrastructure in which AD forest is built upon. The design shows Cisco best practices in terms of providing layered approach by segmenting the traffic and streamlining network traffic ultimately providing redundancy, scalability and traffic efficiency. To demonstrate both Microsoft AD and Cisco network layout a fictive company was created for which both technologies and show why are they so important

An investigation into the control of audio streaming across networks having diverse quality of service mechanisms

The transmission of realtime audio data across digital networks is subject to strict quality of service requirements. These networks need to be able to guarantee network resources (e.g., bandwidth), ensure timely and deterministic data delivery, and provide time synchronisation mechanisms to ensure successful transmission of this data. Two open standards-based networking technologies, namely IEEE 1394 and the recently standardised Ethernet AVB, provide distinct methods for achieving these goals. Audio devices that are compatible with IEEE 1394 networks exist, and audio devices that are compatible with Ethernet AVB networks are starting to come onto the market. There is a need for mechanisms to provide compatibility between the audio devices that reside on these disparate networks such that existing IEEE 1394 audio devices are able to communicate with Ethernet AVB audio devices, and vice versa. The audio devices that reside on these networks may be remotely controlled by a diverse set of incompatible command and control protocols. It is desirable to have a common network-neutral method of control over the various parameters of the devices that reside on these networks. As part of this study, two Ethernet AVB systems were developed. One system acts as an Ethernet AVB audio endpoint device and another system acts as an audio gateway between IEEE 1394 and Ethernet AVB networks. These systems, along with existing IEEE 1394 audio devices, were used to demonstrate the ability to transfer audio data between the networking technologies. Each of the devices is remotely controllable via a network neutral command and control protocol, XFN. The IEEE 1394 and Ethernet AVB devices are used to demonstrate the use of the XFN protocol to allow for network neutral connection management to take place between IEEE 1394 and Ethernet AVB networks. User control over these diverse devices is achieved via the use of a graphical patchbay application, which aims to provide a consistent user interface to a diverse range of devices