Unit 4 Case Project Qeustions
Project Your company has been hired by Hogan Enterprises to expand the capabilities of their network, and you have been given the project. They have decided to first implement a new TCP/IP addressing scheme using VLSM. They have also expressed interest in wireless technology, as well as an overall concern for security of their network. All their employees are allowed to access the Internet. Many employees have asked about access to company resources from home so they can telecommute, for example, when the weather is bad.After meeting with members of their technical staff, you found they are currently running RIPv1 on a network consisting of seven routers, four of which are Cisco routers. In the meeting, they became more anxious about security threats since they had recently noticed curious events occurring on the network. They also told you that another consultant told them they would have to abandon RIP to be able to use VLSM. They want a second opinion, so they have hired your company. The company does not expect significant growth of employees in the next five years, but they are interested in updating its capabilities and better secure it.1. What are your recommendations concerning their move to VLSM? Was the other consultant right?Hogan Enterprises’ move to Variable-Length Subnet Masks (VLSM) is a great idea. Hogan Enterprises has Routers that support VLSM with RIP v2.VLSM addressing scheme will allow growth, and it does not entail wastage of addresses especially on point-to-point links. VLSMs enable secure control on the addressing scheme. Class C, for example, with default subnet mask when used contains 256 addresses in one subnet. VLSM allows adjustment of the subnets and addresses number depending needs of a specific network. VLSM features enable a single autonomous system that integrates networks with several subnet masks. Routing protocols that allow VLSM usage of 30-bit subnet mask for network connections (255.255.255.252). 24-bit mask in user networks (255.255.255.0),or 22-bit mask (255.255.252.0), on networks with a maximum of 1000 users.Hogan Enterprises’ idea of abandoning RIPv1, for RIPv2, is good despite it being suitable routing protocol due to its universal compatibility (supported by most IP routers). The protocol has the following limitations:Does not allow authenticationIt cannot support Classless Interdomain Routing (CIDR) or VLSMIt cannot give subnet mask data (information) in its updatesThey send updates when broadcasting on 255.255.255.255. The consultant was wrong for the advice on leaving RIP, Hogan Enterprises should embrace RIPv2. RIP v2 incorporates prefix routing, that allows it sending subnet data (information) with a route update. It allows use of classless routing whereby different subnets within a given network are able to utilize different subnet masks (VLSM).2. What protocol would you recommend to meet their needs? How should it be implemented?Hogan Enterprises should embrace classless protocol, since its mask cannot be determined using the value of first octet. Hogan Enterprises should use RIP v2.RIP v2 allows:Multicasting of routing updates (i.e. 126.96.36.199 compared to 255.255. 255.255)Authentication optionNext hop address to be included in updates3. What suggestions do you have for implementing wireless capabilities in the company?Hogan Enterprises Implement wireless networks utilizing a VLSM IP address scheme. using RIPv2 (classless routing protocols) in disseminating both network addresses, and their subnet masks.A public IP address should be used on WAN links when public address is to be used, when an inside user is to access outside sites, or through an ISP. 4. What suggestions do you have for securing their network? What security threats would they thwart?The company should use RIPv2 since it has authentication during its updates. RIPv2 has Message-Digest 5 (MD5) or clear text encryption, as choices of authentication in RIPv2 packets.Security threats thwarted:Possible acceptance of invalid routing updatesPossibility of routing contents updates not being encrypted. 5. What recommendations do you have for implementing secure remote access?RIPv2 should be used since it has authentication during updates. Set of keys should be used on interface for authentication check. Message-Digest 5 (MD5) encryption should be used to authenticate routing update source, because it allows secret passwords with unknown reversal.ReferenceChen, T. (2008, April 1). Cisco Networking Academy. Routing Protocols and Concepts. College of DuPage.