Tatenda D. Gondwe – 190066 Advanced Networking Assignment Question 1 Using relevant examples describe how the AAA model can ensure security at any organisation of your choice The AAA stands for Authentication, Authorisation, Accounting. The AAA model is a standardbased paradigm for controlling who is allowed to use network resources (by authentication), what they are allowed to do (by authorisation), and recording actions taken while on the network (by accounting). GeeksforGeeks (2021) defines Authentication as the process of verifying if a user attempting to access network resources is valid or not by requesting credentials such as a username and password. GeeksforGeeks (2021) states that after a user has gained access to network resources through authentication, authorisation provides the ability to enforce policies on those resources and once the authentication process is successful, authorisation can be used to decide what resources the user is permitted to access and what operations they are permitted to do. In terms of Accounting, it facilitates for the tracking and recording of events that occur while a user is accessing network resources and it even keeps track of how long the user has been connected to the network. Authentication is the first step in the AAA model. Alepo Technologies (2021) states that when using multimodal authentication methods, authentication acts as the first line of defence in protecting network resources from fraud and identity theft. When someone attempts to access the network, the Authentication function determines whether or not they are authorised to do so, as well as verifying that the user is who they claim to be. It achieves this by verifying that the user provides valid credentials, such as a username, password, biometrics or any other security measures that the operator has established . Access is granted if the user's credentials are valid. Those who use faked or incorrect credentials are denied entry. Verified users' network usage is tracked and logged for future reference. In Authentication, these credentials are stored in databases and network and system administrators are continuously updating and monitoring these databases. At Africa University, the use of usernames and passwords is used essentially everywhere. This type of authentication is used by students and staff members when they want to gain access into the Africa University Virtual Classroom, the school Gmail accounts, the Student and Staff Portals and connecting to the school WiFi. Mylonas (2018) defines Authorisation as the process of enforcing policies, such as identifying the quality of activities, resources, or services that a user is entitled to use. Authorisation is typically done alongside with authentication; once a person has been authenticated, the AAA security authorisation compiles a list of attributes that explain what he/she is permitted to do. Mylonas (2018) states that authorisation levels are issued to users, establishing their access to a network and its resources. A user may, for example, be able to type commands but only be able to execute particular ones. He also states that this could be due to geographical constraints, date or time-of-day limits, login frequency, or repeated logins by a single user. Route assignments, IP address filtering, and encryption are some of other types of Authorisation. Even if an administrator has privileged access, they may be prohibited from performing certain tasks. Passwords are saved with no decryption step in more secure application architectures and these passwords can be changed but never recovered using these secure applications. At Africa University, once a student or staff member has been authenticated on the network, they are authorised to access anything on that network be it the AU Online Library. Students or Staff Members are not authorised or permitted to access any websites or any other applications that are not school related as long as they are connected on the Africa University network. If they attempt to access the websites, the network firewall will block them from accessing them. This has been done to protect the Africa University network from viruses, trojans, cyberattacks, worms and other malicious software. In Accounting, SearchSecurity (2010) states that this is the last component in the AAA framework, and it measures the resources a user consumes during access. This can involve system time or the volume of data sent and/or received by a user during a session. SearchSecurity (2010) also states that accounting encompasses logging session statistics and usage data, which is needed for authorisation control, invoicing, trend analysis, resource utilisation, and capacity planning. Mylonas (2018) states that Accounting enables administrators to log in and see what actions were taken, by whom and when. At Africa University, the systems administrator monitors the students’ network usage and the network firewall alerts the systems administrator about any odd internet activity such as downloading torrents, accessing inappropriate websites etc by students. The systems administrator will alert those students via e-mail warning them about their usage and that e-mail will also include the amount of data used on the network by the students. The AAA model has a number of benefits. It creates a multi-layered security barrier that safeguards, measures, monitors how the network is accessed and by who. This prevents cybercriminals from stealing and misusing data. In the AAA model, a centralised security database allows particular access to each user based on their unique credentials, allowing inactive or banned users to be easily and quickly terminated. The AAA model also gives operators more control and flexibility when it comes to managing network access, as well as the ability to use a variety of standardised authentication methods such as the RADIUS and TACACS+. Lee (2021) defines RADIUS (Remote Authentication Dial-In User Service) as a network protocol for authenticating and authorising user access to a network whether distant or on-premise. GeeksforGeeks (2019) defines TACACS as (Terminal Access Controller Access Control Server) a security protocol that is used in the AAA framework to enable centralized authentication for network users. The AAA model also employs various backup systems to ensure redundancy in the event that one of the security servers fails or the network becomes overwhelmed. Question 2 Using specific and relevant examples, describe how the layer 3 protocols ensure safe and efficient connectivity In the Open Systems Interconnection (OSI) model, there is the network layer which is the third layer of this model. The third layer can also be called Layer 3. Techopedia (2014) states that Layer 3 is responsible for the network's routing and switching technologies, which construct logical channels known as virtual circuits (VC) for data transmission between network nodes. Routing and forwarding, internetworking, addressing, packet sequencing, congestion control, and error handling, are all Layer 3 functions. The protocols used in Layer 3 include Internet Protocol IPv4/v6, Internet Control Message Protocol (ICMP), Distance Vector Multicast Routing Protocol (DVMRP), Internet Group Management Protocol (IGMP), Address Resolution Protocol (ARP) and Internet Protocol Security (IPsec). These protocols have a role in ensuring safe and efficient connectivity. The Internet Protocol (IP) is defined as a collection of rules that govern how data is delivered over the internet. Cloudflare (n.d.) states that data traveling over the Internet is broken down into smaller units known as packets. Each packet has IP information attached to it, which helps routers send packets to the correct location. The internet uses protocols such as the IPv4 and the IPv6. These are numerical combinations that allow devices to communicate with one another. The IPv4 is the very first version of the IP protocol that was developed at the inception of the internet. Despite the increasing adoption of the IPv6 protocol, IPv4 still routes the majority of the world's traffic. The IPv6 is becoming more popular and in a short space of time, it will be widely utilised worldwide. This is due to the fact that it uses addresses in the 128bit standard. while the IPv4 uses addresses in the 32bit standard. The IPv6 also enables for the creation of 340 undecillion unique addresses, which is more than enough to support all global traffic for a long time. How the IP ensures safe and efficient connectivity Wisdomeplexus (n.d.) states that the IPv6 marks a significant security gain since the number of addresses it contains is so large that it makes it hard to utilize IP scanning techniques in networks to locate possible computers with security flaws. Sophos (n.d.) states that end-to-end encryption can be run on the IPv6 and that the widespread use of IPv6 will make man-in-themiddle attacks far more difficult. Lutkevich (2021) defines the Internet Control Message Protocol (ICMP) as an errorreporting protocol used by network devices such as routers to generate error messages to the originating IP address when network difficulties hinder IP packet delivery. Extrahop (n.d.) states that the ICMP packets relay information about network connectivity problems to the source of the corrupted communication and it sends control messages such source route failure, destination network unreachable, and source quench. It has an 8-byte header and a variablesize data portion in its data packet structure. Lutkevich (2021) states that ICMP messages are sent in a variety of situations and he gives an example whereby if one device transmits a message that is too large for the receiver to handle, the recipient will ignore it and return an ICMP message to the source. Another example he gives is when the network gateway discovers a more efficient path for the message to take. An ICMP message is delivered in this case, and the packet is diverted to the shorter path. How the ICMP ensures safe and efficient connectivity The ping and traceroute terminal utilities, in particular, utilise ICMP for network diagnostics. The traceroute utility is used to show the physical routing path between two internet devices that are communicating. Traceroute can be used to diagnose network faults and determine the source of a network delay. The ping utility is a simpler traceroute since it sends out pings and then measures how long it takes for the message to travel to its destination and return to the source. Pings are important for determining the latency of a specific device. Ping, unlike traceroute, does not display visual maps of the routing layout. However, Extrahop (n.d.) states that the ICMP can be used as a network attack vector. An attacker can use a ping scan or sweep to discover systems to attack in the future. A distributed denial of service (DDoS) assault, such as an ICMP flood, a ping of death, or a Smurf attack, can bring a network to a halt. Thakur (n.d.) defines the Distance Vector Multicast Routing Protocol (DVMRP) as a multicast routing protocol that decides on packet routing based on the packet's source address. The Routing Information Protocol (RIP) is the foundation of the DVMRP. The router creates a routing table with the multicast groups about which it is aware, as well as the distances between the router and the destination. When a router receives a multicast packet, the router's interfaces listed in the routing table forward it. Thakur (n.d.) states that the DVMRP should prevent loops from forming in the network, prevent duplicate packets from forming, ensure that a packet’s journey from its source to the router is the shortest possible and allow for dynamic membership. How the DVMRP ensures safe and efficient connectivity The DVMRP uses decision making strategies to accomplish the aforementioned tasks and these include, but not limited to, Reverse Path Forwarding (RPF) and Reverse Path Broadcasting (RPB). Teletopix (2014) states that the DVMRP has enhanced efficiency whereby the network traffic is controlled and server and CPU loads are reduced. Its performance is optimised and this eliminates traffic redundancy. Teletopix (2014) also states that the DVMRP also has distributed applications whereby multipoint applications are made possible. Cloudflare (n.d.) defines the Internet Group Management Protocol (IGMP) as a protocol that enables several devices to share a single IP address and receive the same data. The IGMP is a network layer protocol that enables multicasting on Internet Protocol version 4 networks (IPv4). The IGMP, in particular, enables devices to join a multicasting group. GeeksforGeeks (2020) states that the IGMP is applied in streaming videos, gaming and web conferencing tools. The IGMP has 3 versions namely IGMPv1, IGMPv2 and IGMPv3. In the IGMPv1, all supporting hosts can join multicast groups using membership requests. In the IGMPv2, an upgrade of IGMPv1, there is the ability to leave a multicast group by using group membership. In IGMPv3, which is an upgrade of IGMPv2, there is source-specific multicast and membership report aggregation. How the IGMP ensures safe and efficient connectivity The IGMP has benefits. One benefit given by GeeksforGeeks (2020) is that the IGMP efficiently distributes multicast data to receivers and this results in no waste packets being sent to the host resulting in improved performance. Another benefit is that because of all shared links connected, the bandwidth is used completely. The other benefit is that hosts have the option of leaving one multicast group and joining another one. However, the IGMP is inefficient in terms of filtering and security. Network congestion can arise due to a lack of TCP. The IGMP is also prone to attacks such as the Denial-of-Service (DOS). Zydyk (n.d.) states that in a local area network, the Address Resolution Protocol (ARP) is a technique for translating a dynamic IP address to a permanent physical machine address. A Media Access Control (MAC) address is another name for the physical machine address. The ARP's main function is to convert 32-bit addresses to 48-bit addresses and vice versa. Because IP addresses in IPv4 are 32 bits long, but MAC addresses are 48 bits long, this is essential. When ARP was first developed in 1982, security was not a primary focus, therefore the protocol's authors didn't include any authentication tools to validate ARP messages. Any device on the network can respond to an ARP request, regardless of whether it was meant for it or not. Grimmick (n.d.) gives an example saying if Computer A were to ask for Computer B’s MAC address, an attacker from Computer C can reply and Computer A would accept it as a genuine response. Grimmick (n.d.) also states that a number of attacks have been made available as a result of this error. These attacks are called ARP poisoning attacks and these include Denial of Service (DoS), Man-in-the-Middle (MiTM) and Session Hijacking. How the ARP ensures safe and efficient connectivity Mitigating these attacks can be done through, but not limited to, encryption and static ARP Tables. With SSL/TLS encryption on the web, it is difficult for MiTM attacks to occur. The attacker can intercept the traffic but can not do anything with it in its encrypted form. All of the MAC addresses in a network can be statically mapped to their correct IP addresses. This is a very effective way to avoid ARP Poisoning attacks so creating a distinct network segment with static ARP tables can aid in the protection of sensitive data. Thomas and Elbirt (2004) define the IP Security (IPsec) as a set of protocols designed to ensure the confidentiality, integrity and authentication of data communication over an IP network. Virtual Private Networks (VPN), routing security and application-level security are three security domains where IPsec can be used. Currently, IPsec is the most popular VPN protocol. IPsec is not a full solution for application-level security or routing security and it must be used in conjunction with additional security measures to be effective, restricting its applicability in these domains. Thomas and Elbirt (2004) state that the two modes of operation contained in IPsec include transport mode and tunnel mode. How IPsec ensures safe and efficient connectivity All cryptographic procedures must be performed directly by the source and destination hosts when operating in transport mode. The Layer 2 Tunnelling Protocol (L2TP) creates a single tunnel through which encrypted data is delivered. The source host generates data – which is ciphertext – that the destination host retrieves. End-to-end security is established in this style of operation. Thomas and Elbirt (2004) also state that special gateways, in addition to the source and destination hosts, execute cryptographic processing in tunnel mode. Gateway-togateway security is established when many tunnels are built in series between gateways. References • GeeksforGeeks (2021). Computer Network | AAA (Authentication, Authorization and Accounting). Retrieved from https://www.geeksforgeeks.org/computer-network-aaaauthentication-authorization-and-accounting/ • Alepo Technologies (2021). How the AAA server ensures security in telecom networks. Retrieved from https://alepotech.medium.com/how-the-aaa-server-ensuressecurity-in-telecom-networks-809a6cb4e427 • Mylonas L. (2018). What is AAA security? An introduction to authentication, authorisation and accounting. Retrieved from https://codebots.com/applicationsecurity/aaa-security-an-introduction-to-authentication-authorisation-accounting • SearchSecurity (2010). Authentication, authorisation and accounting (AAA). Retrieved from https://searchsecurity.techtarget.com/definition/authenticationauthorization-and-accounting • Lee B. (2021). What is RADIUS protocol? Retrieved from https://jumpcloud.com/blog/what-is-the-radiusprotocol#:~:text=RADIUS%20is%20a%20network%20protocol,Authentication%20D ial%2DIn%20User%20Service • GeeksforGeeks (2019). TACACS+ Protocol. Retrieved from https://www.geeksforgeeks.org/tacacs-protocol/ • Techopedia (2014). Layer 3: What Does Layer 3 Mean? Retrieved from https://www.techopedia.com/definition/14825/layer-3 • Cloudflare. (n.d.). What is the Internet Protocol? Retrieved from https://www.cloudflare.com/learning/network-layer/internet-protocol/ • Sophos (n.d.). Why IPv6 Matters for Your Security. Retrieved from https://www.sophos.com/en-us/security-news-trends/security-trends/why-switch-toipv6.aspx • Wisdomplexus (n.d.). IPv4 vs IPv6 Security: Know the Difference. Retrieved from https://wisdomplexus.com/blogs/ipv4-vs-ipv6-security/ • Lutkevich B. (2021). ICMP (Internet Control Message Protocol). Retrieved from https://www.techtarget.com/searchnetworking/definition/ICMP • Extrahop (n.d.). Internet Control Message Protocol (ICMP). Retrieved from https://www.extrahop.com/resources/protocols/icmp/ • Thakur D. (n.d.). DVMRP – What is DVMRP (Distance Vector Multicast Routing Protocol) Retrieved from https://ecomputernotes.com/computernetworkingnotes/routing/dvmrp • Teletopix. (2014). Multicast Advantages and Disadvantages. Retrieved from http://teletopix.org/wimax/multicast-advantages-and-disadvantages/ • Cloudflare (n.d.). What is IGMP? | Internet Group Management Protocol. Retrieved from https://www.cloudflare.com/learning/network-layer/what-is-igmp/ • GeeksforGeeks (2020). What is IGMP (Internet Group Management Protocol)? Retrieved from https://www.geeksforgeeks.org/what-is-igmpinternet-groupmanagement-protocol/ • Zydyk M. (n.d.). Address Resolution Protocol (ARP). Retrieved from https://www.techtarget.com/searchnetworking/definition/Address-ResolutionProtocol-ARP • Grimmick R. (n.d.). ARP Poisoning: What it is & How to Prevent ARP Spoofing Attacks. Retrieved from https://www.varonis.com/blog/arp-poisoning/ • Thomas J & Elbirt A.J. (2004). How IPsec works, why we need it, and its biggest drawbacks. Retrieved from https://www.csoonline.com/article/2117067/dataprotection-ipsec.html