Matric No: _________________

NAPIER UNIVERSITY

SCHOOL OF COMPUTING

NETWORK ACCESSIBILITY

CSN11104

Academic session: 2008/9 Diet: June

Exam duration: 2 Hours Reading time: None

(excluding reading time) Total exam time: 2 Hours

Please read full instructions before commencing writing

Exam paper information

• Total number of pages: 4
• Number of questions: 5
• Answer any three questions from the five questions shown.
• Put your answer into the script provided.
• Start each question on a new page.

Special instructions
• Closed Book Exam.

Special items
• None

Examiner(s): Dr Gordon Russell, Mr Robert Ludwiniak

1
 1. MPLS
a. Discuss the strengths and weaknesses of MPLS in comparison to
more traditional backbone implementations

The idea behind MPLS was to replace routing done in software with switching done in
hardware and offer higher speeds. MPLS is an improved method for forwarding
packets it is not intended at replacing conventional IP routing but to work alongside.
MPLS is considered to be a layer 2.5 technology. MPLS is becoming widely adopted
as the preferred backbone technology for service providers (SP) as it is highly
scalable. Both ATM and MPLS support tunneling of connections inside connections.
MPLS uses label stacking to accomplish this while ATM uses virtual paths .MPLS
allows great flexibility in network design as ATM is complex to set up.

Marks [5]
b.
i. Using an example network, explain how MPLS sets up its control
plane. Include the relationships between FIB, LFIB, and CEF, and
the use of LDP.

Marks [10]
ii. Discuss the advantages of using BGP within the service
provided cloud when managing MPLS.

MPLS is used for forwarding packets over the backbone, and BGP is used for distributing
routes over the backbone. The primary goal that this method is used for is to support the
outgoing of IP backbone services BGP/MPLS VPNs offer an alternative for secure site-to-site
communication. BGP/MPLS VPNs have built within them several mechanisms to provide
security. Address space separation may be a concern, especially considering the possibility of
overlapping address space. However, the use of VPN-IPv4 addresses allows for independent
VPNs to remain separate despite any addressing overlap

Marks [5]
c. Evaluate the use of MPLS VPN as a replacement for normal VPN
over an MPLS network.

MPLS VPN combines enhanced BGP signaling, MPLS-based VPNs enforce traffic
separation between customers by assigning a unique VRF to each customer’s VPN.
Compared to other types of VPN such as IPSec VPN MPLS is more cost efficient and
can provide more services to customers.

Marks [5]
Total Marks [25]

2. Device Security
a. Discuss the progressive stages traditionally considered to be involved in
hacking a network.

2
 Marks [7]
b.
i. Discuss using examples how the recommendations of RFC 2827
could be used to police traffic from Martian packets entering a
network, and comment on their usefulness.
Marks [4]

ii. Describe the four stages considered good practice when dealing
with a worm attack.
Marks [4]

iii. Discuss good practice networking rules for outgoing network

connections, commenting on why they are considered important.
Marks [4]

c. Describe a common Distributed Denial of Service attack and evaluate a

possible Cisco-related approach to mitigating its effect. Include syntax
examples where appropriate.
Marks [6]
Total Marks [25]

3
3. Firewall Technology
a. Discuss the advantages of using a Layered Defense Strategy when
designing a firewall architecture.
Marks [6]
b.
i. Explain the function, advantages, and disadvantages of Stateful
Firewall Systems.
Marks [6]
ii. Produce an annotated Cisco IOS configuration to secure the
network 20.5.5.0/24 using stateful rules, so that all outgoing
packets are permitted, as well as allowing related incoming
packets plus packets destined to the http server at 20.5.5.6.
Marks [7]
c. Consider the difference between inband and out-of-band control
channels for managing routers and switches, and discuss the strengths
and weaknesses of both approaches.
Marks [6]
Total Marks [25]

4. IPSEC
a. Describe the three main protocols specified by IPSec.
Marks [6]
b. Evaluate the main encryption algorithms used in securing VPN
connections. As part of the answer, please provide suitable examples of
encryption techniques and compare their advantages and
disadvantages.
Marks [12]
c. Analyse possible failover solutions used in IPSec VPN deployment. As
part of your answer, please discuss methods used to achieve
redundancy.
Marks [7]
Total Marks [25]

4
 5. IDS and IPS
a. Discuss six potential router service categories that are considered
security threats.
Marks [6]
b.
i. Discuss and evaluate the strengths and weaknesses of IDS and
IPS systems. Your answer should include network-based and
host-based IDS and IPS.
Marks [7]
ii. Describe the four categories of IDS and IPS signatures?
Marks [6]
c. IDS and IPS systems can be categorised based on their approach to
identify malicious traffic. Discuss all three categories
Marks [6]
Total Marks [25]

END OF PAPER