Question 1 Explore the current commonplace security challenges present when running an interior routing protocol across a corporate network. You are advised to use OSPF from the CCNA3v7 course as a...

1 answer below »
Hi, could you please give me a quote for this assignment? Thank you


Question 1 Explore the current commonplace security challenges present when running an interior routing protocol across a corporate network. You are advised to use OSPF from the CCNA3v7 course as a starting point – however, you must do additional research for this question beyond the scope of the Cisco content and consider other interior routing protocols – you must cite any sources using Harvard citation. The maximum word count for this question is 750 words, excluding any diagrams. You will be penalised if you exceed the word count by 10%. Question 2 Exploring current examples from the previous three years (or thereabouts). Critically evaluate the current state of IoT security – focussing on the domain of Smart City IoT solutions. You are free to select the specific area of interest within this; however, you must briefly justify the direction of your response to this question. You must do additional research for this question beyond the scope of the Cisco content – you must cite any sources using Harvard citation. The maximum word count for this question is 750 words, excluding any diagrams. You will be penalised if you exceed the word count by 10%. Question 3 You have been given the ‘London Railways’ network.' The purpose of this question is to build upon each of the following tasks that are designed to test your practical knowledge of OSPF'? Take your time to plan your approach. You can make reasonable assumptions – however, please share these in your TMA submission. Your task comes in five stages, where you must build a complex OSPF network with additional features. You have been issued the following network 99.0.0.0/8 Task 1 Designing the Network You can divide the network in any way you desire, you must write a short 100-word max justification regarding the design of your addressing scheme to solve the challenge. [Note: 100 words, excludes any relevant tables or diagrams] Task 2 Building OSPF Based on the diagram and your proposed addressing scheme – configure OSPF, on all routers and interfaces (please read exception note below). All the PC’s and the single Server must also be configured to be members of each OSPF network. Provide evidence by showing the configuration of Paddington and St Pancras as well as the ‘show ip route’ outputs from Victoria and Euston. Please DO NOT include screen shots, this must be the text-based outputs Exception Note: GRE Marylebone and GRE Liverpool St MUST NOT be included in this OSPF Network. Task 3 GRE Create a GRE tunnel to run from Marylebone to Liverpool St. Ensure that it connects two ends of a private network use 192.168.0.0/24 for Marylebone and 192.168.1.0/24 for Liverpool St Configure a static route between both ends of the tunnel and change the ‘GRE’ hosts (PC’s) to test connectivity. Share text output from both Marylebone and Liverpool St. Please show a single screen shot of GRE Liverpool St successfully pinging GRE Marylebone Task 4 ACL’s Create an extended ACL on Victoria it must block only HTTP traffic from OSPF 100, 200, 300 and allow HTTP traffic from all other networks. All other traffic types must not be blocked. Show the text-based output from Victoria – also explicit command line proof on Victoria. As well as screenshots from the OSPF 100 and 101 PC’s, demonstrating that the ACL is blocking and allowing the correct traffic .
Answered 13 days AfterMay 11, 2021

Answer To: Question 1 Explore the current commonplace security challenges present when running an interior...

Ali Asgar answered on May 25 2021
151 Votes
Ouestion 1
OSPF or Open Shortest Path First is one of the most widely used interior gateway routing protocol in large corporations and other institutional environments like universities. It is one of the most common routing protocol in use on the internet. About 35000 Autonomous systems on the internet use OSPF.
The OSPF protocol a vulnerability present in the inherent working of the protocol such that an attack can compromise the data flow, falsify network path designs and create loop
s that can cripple the routers. OSPF being so popular and widely used, this vulnerability becomes extremely serious.
By misusing these weaknesses an aggressor can diligently misrepresent enormous segments of the topology of the routing domain thus giving the assailant power over how traffic is routed in the area. This thus can lead to Denial of Service, snooping, and man in the middle attacks.
OSPF is a dynamic routing protocol. It is used to populate the routers in an autonomous system (AS) with routing table information and dynamically making changes to topology. OSPF is a link-state routing protocol meaning that every router displays its links to neighbouring routers and networks with their link costs. This is known as Link State Advertisements or LSAs. Every LSA is flooded through the system thus every router in an AS who has received an LSA from its neighbor resends it to every other router in the AS. Each router creates its own database of the LSAs from all routers. Using this database, a router creates a complete topology and implements Dijksatra’s algorithm to find the least cost path to each desitination. This information is then populated in the routing table. Whenever a router receives an LSA from its neighbor, it checks for its legitimacy by checking its LSA sequence number, age and checksum. [1]
In this attack, the attacker uses this flooding of LSAs to perform an attack. The attacker can perform this attack by simply compromising one of the routers on the network. The attacker’s router appears as a neighbor to a victim router that is a designated router. A designated router stores the complete topology and sends it to update all the routers.
For this attack, an attacker uses a compromised router to send out a spoofed LSA to its neighbor router who is a victim of the attack. This router rejects this LSA and resends genuine LSA to all its neighbors. This is known as fight-back. While the victim router received a spoofed LSA, a similar spoofed LSA is sent to a second router such that it appears that this LSA is the last LSA sent by the victim. For this the victims LSA sequence number and age is used.
To the second router this LSA appears genuine and it accepts it. In the meantime, the victim’s fight-back LSA is also received by the second router that drops it because it already has received an LSA with same age and sequence earlier (although from attacker).
The second router then sends out LSA to all its neighbors with the information received in the spoofed LSA, which is then accepted by all other routers as legitimate and thus the falsified routes have successfully reached to all the routers as genuine routes. [2]
Since in OSPF the LSAs are sent out every half hour, the attack must be relaunched every half hour to make the attack persistent.
With this types of attack, an attacker can create a route that leads all genuine traffic towards it and perform a man-in-the-middle attack by reading all information flowing through it, or a denial of services attack by creating a black hole route.
The seriousness of these vulnerabilities can be understood form the fact that almost all AS on the internet uses OSPF as a routing protocol as it is open source and less resource intensive than other protocols. Also they are open source and can be used on almost any brand of routers.
Since these vulnerabilities are inherent to the routing protocols design, it is very difficult to mitigate these risks. Also this attack requires only one compromised router and can work with a small number of routers with falsified information. [3]
There are still some mechanisms to mitigate these attacks like creating a dummy LSA to randomize the checksum and LSA sequence. But this measure leads to larger LSA databases on routers and reduction in performance.
Question 2
IoT innovation is a summed up term that alludes to associated physical and computerized segments. IoT parts can communicate information without the help of humans. Each IoT segment has a Unique Identifier (UID) that makes it unique.
There are presently five types of IoT applications:
Consumer Internet of Things—such as lighting fixtures, home and kitchen appliances, and voice assistance for the elderly.
Commercial Internet of Things —usage of IoT in the healthcare and transport industries, such as smart pacemakers, monitoring systems, and vehicle to vehicle communication (V2V).
Industrial...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here