Optimizing Network Performance

Why is high availability a requirement in today’s network designs, and what

mechanisms can help provide that high availability? What various technologies
optimize network performance? What QoS mechanisms can help optimize
network performance? Using what you have learned in this and previous
chapters, how do you design a SOHO network based on a set of requirements?

Networks were once relegated to the domain of data, can now carry voice and
video. These additional media types, in addition to mission-critical data
applications, need a network to be up and available for its users. Beyond basic
availability, today’s networks need optimization tools to make the most of their
available bandwidth. QoS, as one example, can give priority treatment to
latency-sensitive traffic, such as Voice over IP (VoIP).
High Availability
If a network router or switch stops operating correctly (meaning that a network
fault occurs), communication through the network could be disrupted, resulting
in a network becoming unavailable to its users. Therefore, network availability,
called uptime, is a major design consideration. The availability of a network is
measured by its uptime during a year. For example, if a network is said to have
five nines of availability, it is up % of the time, which translates to a maximum of 5
minute of downtime per year.
Hardware Redundancy Having redundant route processors in a switch or router chassis
improves the chassis’ reliability. An end system can have redundant NIC’s. The two modes of NIC
redundancy are; Active-active: both NIC are active at the same time. Active-standby: one NIC is
active and the other is waiting to take over, in the event of a failure. Have redundant routers and
switches improves the network’s reliability. Hot standby Router Protocol (HSRP)Common
Address Redundancy Protocol (CARP)

Design Considerations
When designing networks for high availability, answer the following questions: Where will
module and chassis redundancy be used? What software redundancy features are appropriate?
What protocols characteristics affect design requirements? What redundancy features should be
used to provide power to an infrastructure device. What redundancy features should be used to
maintain environmental conditions.

High-Availability Best Practices

The following steps are five best practices for designing high-availability networks: Examine
technical goals. Identify the budget to fund high-availability features. Categorize business
applications into profiles, each of which requires a certain level of availability. Establish
performance standards for high-availability solutions Define how mange and measure the high-
availability solution.
QoS Technologies Quality of Service (QoS) is a suite of technologies that allows you to
strategically optimize network performance for select traffic types. Through the use of QoS, you
can identify which traffic types need to be sent first, how much bandwidth to allocate to various
traffic types, which traffic types should be dropped first in the event of congestion, and how to
make the most efficient use of the relatively limited bandwidth of an IP WAN.
QoS Technologies Issue Description Delay
Delay is the time required for a packet to travel from its source to its destination. Jitter is the
uneven arrival of packets. Drops Packets drops occur when a link is congested and a router’s
interface queue overflows.

QoS Technologies Fortunately, QoS features available on many routers and switches can
recognize important traffic and treat it in a special way. As a packet travels from its source to its
destination, its effective bandwidth is the bandwidth of the slowest link along that path.

QoS Configuration Steps

1. Determine network performance requirement for various traffic types. Voice: Video Data

2. Categorize traffic into specific categories. Low Delay Low Priority

3. Document your QoS policy and make it available to your users.

QoS Components Issue Description Best-effort

Best-effort treatment of traffic does not truly provide QoS to that traffic, because there is no
reordering of packets. Best-effort uses FIFO queuing. Integrated Services (IntServ)IntServ is often
referred to as hard QoS, because it can make strict bandwidth reservations. IntServ uses
signaling among the network devices to provide bandwidth reservations. Differentiated
servicesDiffServ, differentiates between multiple traffic flows. Specifically, packets are marked,
and routers and switches can then make decisions based on those markings.
QoS Mechanisms

The DiffServ approach to QoS marks traffic. However, for markings to impact the behavior of
traffic, a QoS tool must reference those markings and alter the packets’ treatment based on
them. The following is a collection of commonly used QoS mechanisms:

Classification
Marking
Congestion management
Congestion avoidance
Policing and shaping Link efficiency
Case Study You are to create a network design to meet a collection of criteria. Network design is
part science and part art, multiple design models can meet the specified requirements. When
designing a network keep the following in mind; Meeting all requirements Media distance
limitations Network device selection Environmental factors Compatibility with existing and
future equipment
 Summary Network availability was discussed, including how availability is measured and
can be achieved through redundant designs.

Performance optimization strategies were discussed, including the use if content cashing,
link aggregation, and load balancing.

A variety of QoS technologies were reviewed, with an emphasis on traffic shaping, which
can limit the rate of data transmission on a WAN link to the CIR.

You were given a case study, where you were challenged to design a network to meet a
collection of criteria.

NETWORK SECURITY
Ethical Hacking Statement

• In this module, learners may be exposed to tools and techniques in a “sandboxed”, virtual machine
environment to demonstrate various types of cyber-attacks. Experimentation with these tools,
techniques, and resources is at the discretion of the instructor and local institution. If the learner is
considering using attack tools for educational purposes, they should contact their instructor prior to any
experimentation.
Current State of Cybersecurity Data Loss Data loss or data exfiltration is when data is intentionally or
unintentionally lost, stolen, or leaked to the outside world. The data loss can result in:

• Brand damage and loss of reputation

• Loss of competitive advantage

• Loss of customers

• Loss of revenue

• Litigation/legal action resulting in fines and civil penalties

• Significant cost and effort to notify affected parties and recover from the breach Network security
professionals must protect the organization’s data. Various Data Loss Prevention (DLP) controls must be
implemented which combine strategic, operational and tactical measures.
State-Sponsored Hackers
State-sponsored hackers create advanced, customized attack code, often using previously undiscovered
software vulnerabilities called zero-day vulnerabilities. An example of a state-sponsored attack involves
the Stuxnet malware that was created to damage Iran’s nuclear enrichment capabilities.

Introduction to Attack Tools

To exploit a vulnerability, a threat actor must have a technique or tool. Over the years, attack tools have
become more sophisticated, and highly automated. These new tools require less technical knowledge to
implement.

Evolution of Security Tools

The table highlights categories of common penetration testing tools. Notice how some tools are used by
white hats and black hats. Keep in mind that the list is not exhaustive as new tools are always being
developed.
Common Network Attacks
Common Network Attacks

Overview of Common Network Attacks

• When malware is delivered and installed, the payload can be used to cause a variety of network
related attacks

• To mitigate attacks, it is useful to understand the types of attacks. By categorizing network attacks, it is
possible to address types of attacks rather than individual attacks.

• Networks are susceptible to the following types of attacks:

• Reconnaissance Attacks (prieskumnicke)

• Access Attacks (ziskavajuce vstup)

• DoS Attacks

Common Network Attacks

Reconnaissance Attacks

• Reconnaissance is information gathering.

• Threat actors use reconnaissance (or recon) attacks to do unauthorized discovery and mapping of
systems, services, or vulnerabilities. Recon attacks precede access attacks or DoS attacks.

Common Network Attacks Access Attacks

• Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services.
The purpose of these types of attacks is to gain entry to web accounts, confidential databases, and other
sensitive information.

• Threat actors use access attacks on network devices and computers to retrieve data, gain access, or to
escalate access privileges to administrator status.
• Password Attacks: In a password attack, the threat actor attempts to discover critical system passwords
using various methods. Password attacks are very common and can be launched using a variety of
password cracking tools.

• Spoofing Attacks: In spoofing attacks, the threat actor device attempts to pose as another device by
falsifying data. Common spoofing attacks include IP spoofing, MAC spoofing, and DHCP spoofing. These
spoofing attacks will be discussed in more detail later in this module

• Other Access attacks include:

• Trust exploitations

• Port redirections

• Man-in-the-middle attacks

• Buffer overflow attacks

Common Network Attacks Social Engineering Attacks

• Social engineering is an access attack that attempts to manipulate individuals into performing actions
or divulging confidential information. Some social engineering techniques are performed in-person while
others may use the telephone or internet.

• Social engineers often rely on people’s willingness to be helpful. They also prey on people’s
weaknesses.
Common Network Attacks DoS and DDoS Attacks

• A Denial of Service (DoS) attack creates some sort of interruption of network services to users, devices,
or applications. There are two major types of DoS attacks:

• Overwhelming Quantity of Traffic - The threat actor sends an enormous quantity of data at a rate that
the network, host, or application cannot handle. This causes transmission and response times to slow
down. It can also crash a device or service.

• Maliciously Formatted Packets - The threat actor sends a maliciously formatted packet to a host or
application and the receiver is unable to handle it. This causes the receiving device to run very slowly or
crash.

• DoS attacks are a major risk because they interrupt communication and cause significant loss of time
and money. These attacks are relatively simple to conduct, even by an unskilled threat actor.

• A Distributed DoS Attack (DDoS) is similar to a DoS attack, but it originates from multiple, coordinated
sources.
IP Vulnerabilities and Threats
IP Vulnerabilities and Threats ICMP Attacks

• Threat actors use ICMP for reconnaissance and scanning attacks. They can launch information-
gathering attacks to map out a network topology, discover which hosts are active (reachable), identify
the host operating system (OS fingerprinting), and determine the state of a firewall. Threat actors also
use ICMP for DoS attacks.

• Note: ICMP for IPv4 (ICMPv4) and ICMP for IPv6 (ICMPv6) are susceptible to similar types of attacks.

• Networks should have strict ICMP access control list (ACL) filtering on the network edge to avoid ICMP
probing from the internet. In the case of large networks, security devices such as firewalls and intrusion
detection systems (IDS) detect such attacks and generate alerts to the security analysts.
IP Vulnerabilities and Threats Address Spoofing Attacks

• IP address spoofing attacks occur when a threat actor creates packets with false source IP address
information to either hide the identity of the sender, or to pose as another legitimate user. Spoofing is
usually incorporated into another attack such as a Smurf attack.

• Spoofing attacks can be non-blind or blind:

• Non-blind spoofing - The threat actor can see the traffic that is being sent between the host and the
target. Non-blind spoofing determines the state of a firewall and sequence-number prediction. It can also
hijack an authorized session.

• Blind spoofing - The threat actor cannot see the traffic that is being sent between the host and the
target. Blind spoofing is used in DoS attacks.

• MAC address spoofing attacks are used when threat actors have access to the internal network. Threat
actors alter the MAC address of their host to match another known MAC address of a target host.
 Learning Task
1. What do you think some problems with hardware redundancy?
2. What happens when there is limited bandwidth due to lots of
people connecting to the internet at the same time?
3. What are some of the best practices that are used to optimize
networks? Why?
4. What key metrics you can use in measuring network performance?
Why?
5. Explain the different attacks launched with attack vector?
6. Briefly discuss about the attack vectors in cyber security.
7. Discuss general structure of a virus in reference to computer
security. Also discuss countermeasures of Virus Attack.
8. Explain why all attachment are possible trojan suspects.

Prepared by: Checked by:

MARY JOY B. CORPUZ, BSIT Emar Jhon F. Manipon,MIT

Instructor CICS,DEAN

Approved by:

EVELYN L. PASCUA, PhD, CESO III

Instructor VP Academics