SCHOOL OF COMPUTING AND INFORMATICS

CONTINUOUS ASSESSMENT TEST 1&2

UNIT NAME: NETWORK MANAGEMENT
UNIT CODE: BIT3204
FREDRICK MAINA BBIT/2020/90659

a. List and explain FOUR classes of IP addresses giving a sample IP address for each class
I. Class A Network
This IP address class is used when there are a large number of hosts. Here the first 8 bits
(also called the first octet) identify the network, and the remaining have 24 bits for the
host into that network. E.g.102.168.212.226. Here, “102” helps you identify the network
and 168.212.226 identifies the host.
II. Class B Network
In this, the binary addresses start with 10. The class decimal number can be between 128
to 191. The number 127 is reserved for loopback, which is used for internal testing on the
local machine. The first 16 bits (known as two octets) help you identify the network. The
other remaining 16 bits indicate the host within the network.E.g.168.212.226.204, where
*168 212* identifies the network and *226.204* helps you identify the Hut network host.
III. Class C Network
Used for the small network. Three octets are used to indent the network. This IP ranges
between 192 to 223. The first two bits are set to be 1, and the third bit is set to 0, which
makes the first 24 bits of the address them and the remaining bit as the host address.
Mostly local area network used Class C IP address to connect with the network.
E.g.192.168.178.1
IV. Class D Network
Its addresses are only used for multicasting applications. Class D is never used for regular
networking operations. This class addresses the first three bits set to “1” and their fourth
bit set to use for “0”. Class D addresses are 32-bit network addresses. All the values
within the range are used to identify multicast groups uniquely. It does not have any
subnet mask. E.g. 227.21.6.173

Ref: L. Williams, (Types of IP address), Jan 2023, guru99.com

b. Describe some of the key tools and technologies used in network management, such as
network monitoring software, firewalls, intrusion detection systems, and virtual private
 networks. How do these tools help organizations manage their networks effectively, and what
are some best practices for using them?
I. Network monitoring software - designed to monitor and manage the network traffic flow
over a network. Mainly used by network administrators and security staff to monitor the
operations of a network.
II. A Firewall - a network security device that monitors and filters incoming and outgoing
network traffic based on an organization's previously established security policies.
III. Intrusion Detection System (IDS) observes network traffic for malicious transactions and
sends immediate alerts when it is observed. IDS monitors a network or system for
malicious activity and protects a computer network from unauthorized access.
IV. Virtual Private Network (VPN) - technology that creates a safe and encrypted connection
over a less secure network, such as the internet. It is a way to extend a private network
using a public network such as the internet.

Ref: C. BasuMallick, (Top 10 Network Management Tools in 2022), Jan 2022,

spiceworks.com

c. Discuss the current trends and emerging technologies in LAN design and implementation,
and explain how they are likely to shape the future of networking
I. Software-defined networking (SDN): This is a trend towards using software to manage
and control network devices and traffic, rather than relying on proprietary hardware and
protocols. Allows for greater flexibility and agility in managing the LAN.
II. Virtualization: allows multiple virtual devices to run on a single physical device, which
can help reduce hardware costs and improve resource utilization.
III. Cloud-based services: Many organizations are moving towards using cloud-based
services for various tasks, including networking. This can involve using cloud-based
infrastructure as a service (IaaS) or software as a service (SaaS) for networking tasks.
IV. Internet of Things (IoT): The increasing proliferation of connected devices is leading to
the development of IoT-specific networking solutions, such as low-power, wide-area
networks (LPWAN) and mesh networking.

Ref: Prayag B, (Emerging Trends in LAN design and deployment), Dec 19, quora.com

d.
i. List and explain various recent WAN technologies in use today
I. Switched WAN - multiple component LANs are connected via a shared networking
infrastructure. A WAN switching exchange at the center governs how network resources
are distributed across locations, in conjunction with the network appliances at each
location. Switched WAN is best suited to distributed environments where network
configuration requirements are largely homogenous.
II. Point-to-point WAN - two LANs or end nodes are connected through a dedicated and
secure leased line. Old school broadband networks using dial-up technology are a good
 example of point-to-point WAN. Modern enterprises also use this type of WAN to enable
secure and customized network performance between two locations.
III. Dedicated internet access (DIA) WAN - The carrier offers the same upload and download
speed and guaranteed bandwidth.
IV. Broadband internet WAN - This is a consumer-grade WAN environment that provides
you with asymmetrical connections – i.e., download speed is typically higher than upload
speed. This type of WAN is significantly more affordable than DIA WAN but does not
guarantee reliable performance.
V. Voice over LTE (VoLTE) WAN: This type of WAN environment uses 4G or 5G
technology to achieve connectivity even in remote locations. However, VoLTE WAN is
typically metered, and you may be charged for consumption beyond a threshold.
VI. Software-defined (SD) WAN: This is a newly emerging type of WAN where a software
platform is used to manage the entire network infrastructure, replacing most of your
physical appliances. You can leverage a mix of different WAN connections and optimize
bandwidth flow to balance cost with performance.

Ref: Different types of WAN Technologies, bsimplify.com

ii) State and explain Key Architectural Components of WAN

I. End devices - are computing systems that are being connected through wide area network
technology. These can range from user-facing interfaces like mobile devices, PCs, and
industry-specific workstations to servers, data centers and mainframes.
II. Customer premises equipment (CPE) - is owned by an enterprise and sits in the local
environment. Different types of CPE are used to improve network performance and align
the infrastructure with business needs. Examples telephones, router, physical firewall
appliances, and set-top boxes.
III. Access points and routers - a router manages data flow to and from your end devices.
Access points enable extension of the wireless coverage of local area network to enable
grouping of hundreds or thousands of end devices spread across a massive office campus
into a single LAN.
IV. Network switches - sits between your access points and routers and the end devices to
which they are connected. They forward data packets coming through the external
network and regulate how they are distributed across various end devices.
V. Local area network (LAN) - a key architectural component of a wide area network.. LAN
can comprise just two devices in a consumer-grade use case – a mobile or laptop and the
router + modem combination.
VI. Connecting media - The connecting media carries data packets in a WAN mesh
architecture to and from different LAN components. There is a wide variety of media to
choose from when setting up your WAN, including traditional MPLS lines, fiber optic
cables, the cellular (3G, 4G, or 5G) spectrum, and satellite connectivity.

Ref: C. BasuMallick, (What is WAN), Feb 2023, spiceworks.com

e. There are different classes of networks that determine the size and total possible unique IP
addresses of any given LAN. The below is a sample IP address

192.168.1.10
i. Identify the class of the above IP address.
Class c
ii. Identify the network address
192.168.1
iii. Identify the broadcast address.
192.168.1.10 to 192.168.1.254
iv. Identify the Subnet masks
255.255.255.0(/24)
v. Determine the Number of Host
10

f. Describe the various benefits of using Directory enabled Network

I. Centralized Control & Monitoring - offers a central place for administrators to control
almost all things related to user access and network permissions.
II. Seamless User Experience - Users get to enjoy smooth access once the AD infrastructure
is set and all permission policies have been enforced. Even with cloud services, AD
makes sure that users don’t fact lag in accessing resources.
III. A Different Type For Every Different Need - There are many alternative versions of AD
available for different scenarios, like AD Federation Services, Azure AD Directory
Application Proxy, etc.
IV. Far-reaching Policies With Group Policy Objects - GPOs are policy objects that help
enforce global policies like password limits and system behavior. Microsoft offers a
dedicated Group Policy Editor to help easily set up the policies and what level they will
be enforced on.

g. i. Discuss the role of network protocols in facilitating communication between devices on a

network.

Network protocol allows connected devices to communicate with each other, regardless of
any differences in their internal processes, structure or design.
ii. Describe the most commonly used network protocols and their functions, and explain
how they enable the transmission and routing of data across different types of networks.
I. TCP/IP is the fundamental protocol used for communication on the internet and is
responsible for transmitting data packets across the network.
 II. HTTP is used for web browsing, while DNS is responsible for translating domain
names into IP addresses.
III. FTP is used for file transfer, and SMTP is used for email communication.
IV. DHCP is responsible for assigning IP addresses to devices on the network.

h. i. State the advantages and limitations of wireless networks compared to wired networks.

Advantages of a Wireless Network Over Wired

I. Users can move around freely within the area of the network with their laptops,
handheld devices, etc. and get an internet connection.
II. Users are also able to share files and other resources with other devices that are
connected to the network without having to be cabled to a port.
III. Not having to lay lots of cables and put them through walls etc. can be a considerable
advantage in terms of time and expense.
IV. It also makes it easier to add extra devices to the network, as no new cabling is
needed.
V. Wireless networks can sometimes handle a larger amount of users because they are
not limited by a specific number of connection ports.

Disadvantages of a Wireless Network

I. It can require extra costs and equipment to set up.
II. Setting up a wireless network can sometimes be difficult for people who are not
experienced with computers.
III. File-sharing transfer speeds are normally slower with wireless networks than they are
with cabled.
IV. Its speed varies considerably according to your location in relation to the network.
The connection also gets worse the farther you are from the router, which can be a
problem in a large building or space.
V. Wireless connections can be obstructed by everyday workplace or household items
and structures such as walls, ceilings, and furniture.
VI. Wireless networks are generally less secure.

ii.Describe the different types of wireless technologies and their applications,

I. The simplex wireless communication system is one-way communication. In this type,
the communication can be done in one direction only. Example is the radio broadcast
system.
II. The Half Duplex communication system is two-way communication, however, it is
not simultaneous. Example is a walkie–talkie.
III. The full Duplex communication system is also two-way communication & it is
simultaneous. The best example of this communication system is the mobile phone.
 Ref: Pros and Cons of wireless technology, nibusinessinfo.co.ke

iii. Explain the security risks associated with wireless networks and the measures that can
be taken to mitigate them.
I. Evil Twin Attack – In this attack, an attacker sets up an illegitimate WiFi access point by
setting up the WiFi network with the same SSID name as set up by the
company/organization. Thus, a user when trying to connect to the network may not
understand whether it’s trying to connect to the organization network or to the rogue access
point. If the user connects to a rogue access point, their data can be intercepted, unencrypted
and read by the attacker.
II. Freeloading - sometimes unauthorized users will piggyback on your wireless network to
gain free access. Usually this is not done maliciously, but there are still security
ramifications.
III. Hacking of Lost or Stolen Wireless Devices - if an employee loses a smartphone, laptop,
etc., that is authorized to be connected to your network, it's very easy for the finder or thief
to gain full access. All that’s necessary is to get past the password, which is quite simple to
do.
IV. Rogue (or Unauthorized/Ad-Hoc) - Access Points One method often used by attackers
involves setting up a rogue access point within the range of an existing wireless LAN. The
idea is to ‘fool’ some of the authorized devices in the area to associate with the false access
point, rather than the legitimate one.
V. Passive Capturing or eavesdropping - performed simply by getting within range of a target
wireless LAN, then ‘listening to’ and capturing data which can be used for breaking existing
security settings and analyzing non-secured traffic. Such information that can be “heard”
include SSIDs, packet exchanges, and files (including confidential ones).
VI. Denial of Service - It is one of the simplest network attacks to perpetrate because it only
requires limiting access to services. This can be done by placing viruses or worm programs
on your network, or by simply sending a large amount of traffic at a specific target with the
intent of causing a slowdown or shutdown of wireless services. This allows attackers to
hijack resources, view unauthorized information disclosures, and introduce backdoors into
the system.

S. Wilkins,(Be Aware of These 7 Common Wireless Network Threats),Nov 2011,

pluralsight.com

Mitigation of risks
I. Change default home network name – Default network name reveals router brand being used
and helps cybercriminals to search for vulnerabilities in specific brands and try to exploit
 vulnerabilities present in them. SSID should be unique and should not reveal brand
manufacturer name.
II. Wi-Fi Password – Many times the password set for accessing wireless connection is too
simple to predict and guess. Mobile number, children’s name, date of birth can prove disaster
since anyone can get into your network. The password should be long enough and must be a
combination of alphabet, numbers and special characters so it becomes difficult for an
attacker to guess the password.
III. Wireless Encryption – Routers provide various encryption like WEP, WPA, WPA2 and
WPA3. WEP and WPA should not be used anyhow, WPA2 should be used. Not all routers
provide WPA3 and if available WPA3 should be used instead of WPA2 along with AES
Encryption.
IV. Turn off DHCP – If possible DHCP should be turned off and only static IP addresses should
be assigned to the devices in the network.
V. Disable Remote Access to Router – Many a times the router console can be accessed
remotely. This enables an attacker to access the router over the internet, making the router
more vulnerable and prone to various forms of attacks which can be conducted
sophisticatedly over the internet.
VI. Firmware Update – The router firmware should be kept updated to the latest version. This
prevents flaws and vulnerabilities present in older versions which can be exploited by an
attacker.
VII. Firewall – A firewall should be actively used to allow legitimate traffic to flow within the
network. Proper firewall setting should be done on the router page to allow only certain types
of traffic rest should be denied.

Ref: Security Wireless Network, Feb 2021, cisa.govt