The nslookup command displays the IP address associated with a given host name.

Question

The nslookup command displays the IP address associated with a given host name. To do this, it checks the local domain name server. Use nslookup find the IP address of osl10.njit.edu and hydra.cs.pitt.edu. To do this, type "nslookup hostname" (where hostname is the name of the computer that you are looking up). You should see both the IP of the name server and the IP of the host – make sure to use the right one. You can do this from the Windows Command Prompt or the command prompt on a Linux machine. I think you have to use the Network Utility on an Apple machine. (4 pts)

6.For each statement below, say whether it applies to a Virtual LAN (VLAN) or a Virtual Private Network (VPN). (2 pts)

______            Provides privacy while using the public internet

__ ___            Creates broadcast domains logically, rather than geographically

__ ___            Created with switches

______            Uses IP-in-IP encapsulation

7.For each situation below using public key cryptography, explain which key will be used. Specify both whose key is used and whether it is the public or private key. (6 pts)

Alice sends Bob an encrypted message                      _________________

Bob reads the encrypted message from Alice             _________________

Bob sends Alice an encrypted message                      _________________

Alice reads the encrypted message from Bob             _________________

Alice digitally signs a message to Bob                       _________________

Bob verifies Alice’s digital signature                         _________________

Explanation / Answer

Answer for Question 7)

Public Key Encryption or asymetric encryption is an algorithm in which sender encrypts a message with receivers public key. Receivers on receiving the message decrypts it using his private key. The keys are generated using a complex algorithm.

a) Alice sends Bob are encrypted message. that is encrypted with Bobs public key. Bob decrypts it with his private Key.

b) Bob Sends Alice are encrypted message, that is encrypted using Alice Public key. Alice reads encrypted message from Bob by decrypting with Alice Private key.

c) Digital signature is a method in which message signed with senders private key and can be verified by any one who has access to senders public key proves that sender has access to private key. that is he is the person related to the corresponding public key.

d) Alice Digitally signs a message to Bob encrypting it with his private key. Bob verifies that digital signature by decrypting it with Alice public key. Changing whole message are replacing or missing even single letter in the message leads to failure of verification.

Answer to Question 6

Encryption In VPN that Provides Security over Public N/w
A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across the VPN may therefore benefit from the functionality, security, and management of the private network.
VPNs may allow employees to securely access a corporate intranet while located outside the office. They are used to securely connect geographically separated offices of an organization, creating one cohesive network. Individual Internet users may secure their wireless transactions with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers for the purpose of protecting personal identity and location. However, some Internet sites block access to known VPN technology to prevent the circumvention of their geo-restrictions.
A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely.
Traditional VPNs are characterized by a point-to-point topology, and they do not tend to support or connect broadcast domains, so services such as Microsoft Windows NetBIOS may not be fully supported or work as they would on a local area network (LAN). Designers have developed VPN variants, such as Virtual Private LAN Service (VPLS), and layer-2 tunneling protocols, to overcome this limitation.
Security mechanisms
VPNs cannot make online connections completely anonymous, but they can usually increase privacy and security. To prevent disclosure of private information, VPNs typically allow only authenticated remote access using tunneling protocols and encryption techniques.

The VPN security model provides:  
•   Confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and Deep packet inspection), an attacker would only see encrypted data
•   Sender authentication to prevent unauthorized users from accessing the VPN And message integrity to detect any instances of tampering with transmitted messages
Secure VPN protocols include the following:
•   Microsoft Point-to-Point Encryption (MPPE) works with the Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms.
•   Microsoft Secure Socket Tunneling Protocol (SSTP) tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL 3.0 channel. (SSTP was introduced in Windows Server 2008 and in Windows Vista Service Pack 1
•   Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered trademark "MPVPN".
•   Secure Shell (SSH) VPN – OpenSSH offers VPN tunneling (distinct from port forwarding) to secure remote connections to a network or to inter-network links. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication.
•   Internet Protocol Security (IPsec) was initially developed by the Internet Engineering Task Force (IETF) for IPv6, which was required in all standards-compliant implementations of IPv6 before RFC 6434 made it only a recommendation. This standards-based security protocol is also widely used with IPv4 and the Layer 2 Tunneling Protocol. Its design meets most security goals: authentication, integrity, and confidentiality. IP sec uses encryption, encapsulating an IP packet inside an IP sec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination.
•   Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic (as it does in the Open VPN project and Soft Ether VPN project) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network Address Translation and firewall rules.
•   Datagram Transport Layer Security (DTLS) – used in Cisco Any Connect VPN and in Open Connect VPN to solve the issues SSL/TLS has with tunneling over UDP.
Authentication  
Tunnel endpoints must be authenticated before secure VPN tunnels can be established. User-created remote-access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods. Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.
VPN Tunneling Protocols that can Explain IP-in-IP Encapsulation
Tunneling enables the encapsulation of a packet from one type of protocol within the datagram of a different protocol. For example, VPN uses PPTP to encapsulate IP packets over a public network, such as the Internet.

A VPN solution based on 3 types of Protocols
Point-to-Point Tunneling Protocol (PPTP),
Layer Two Tunneling Protocol (L2TP), or
Secure Socket Tunneling Protocol (SSTP) can be configured.
PPTP, L2TP, and SSTP depend heavily on the features originally specified for Point-to-Point Protocol (PPP). PPP was designed to send data across dial-up or dedicated point-to-point connections. For IP, PPP encapsulates IP packets within PPP frames and then transmits the encapsulated PPP-packets across a point-to-point link. PPP was originally defined as the protocol to use between a dial-up client and a network access server.
PPTP
PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an IP network or a public IP network, such as the Internet. PPTP can be used for remote access and site-to-site VPN connections. When using the Internet as the public network for VPN, the PPTP server is a PPTP-enabled VPN server with one interface on the Internet and a second interface on the intranet.
Encapsulation
PPTP encapsulates PPP frames in IP datagrams for transmission over the network. PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted, compressed, or both. The following figure shows the structure of a PPTP packet containing an IP datagram.
Structure of a PPTP Packet Containing an IP Datagram

L2TP
L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP or asynchronous transfer mode (ATM). L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F.
Unlike PPTP, the Microsoft implementation of L2TP does not use MPPE to encrypt PPP datagrams. L2TP relies on Internet Protocol security (IPsec) in Transport Mode for encryption services. The combination of L2TP and IPsec is known as L2TP/IPsec.
Both L2TP and IPsec must be supported by both the VPN client and the VPN server. Client support for L2TP is built in to the Windows Vista® and Windows XP remote access clients, and VPN server support for L2TP is built in to members of the Windows Server® 2008 and Windows Server 2003 family.
L2TP is installed with the TCP/IP protocol.
Encapsulation
Encapsulation for L2TP/IPsec packets consists of two layers:
First layer: L2TP encapsulation
A PPP frame (an IP datagram) is wrapped with an L2TP header and a UDP header.
The following figure shows the structure of an L2TP packet containing an IP datagram.
Structure of an L2TP Packet Containing an IP Datagram

Second layer: IPsec encapsulation
The resulting L2TP message is then wrapped with an IPsec Encapsulating Security Payload (ESP) header and trailer, an IPsec Authentication trailer that provides message integrity and authentication, and a final IP header. In the IP header is the source and destination IP address that corresponds to the VPN client and VPN server.
The following illustration shows L2TP and IPsec encapsulation for a PPP datagram.
Encryption of L2TP Traffic with IPsec ESP

Encryption
The L2TP message is encrypted with either Data Encryption Standard (DES) or Triple DES (3DES) by using encryption keys generated from the Internet Key Exchange (IKE) negotiation process.
SSTP
Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAP-TLS. SSL provides transport-level security with enhanced key negotiation, encryption, and integrity checking.
When a client tries to establish a SSTP-based VPN connection, SSTP first establishes a bidirectional HTTPS layer with the SSTP server. Over this HTTPS layer, the protocol packets flow as the data payload.
Encapsulation
SSTP encapsulates PPP frames in IP datagrams for transmission over the network. SSTP uses a TCP connection (over port 443) for tunnel management as well as PPP data frames.

VLAN Supports Broadcast Domain
A broadcast domain is a logical part or division of a computer network. In a broadcast domain, all the nodes can be reached via broadcast at the datalink layer. Broadcast domains are located within a network or multi-network segment. Multi-network segments require a bridge, such as the networking device. A broadcast domain member can also be any device or computer that is directly connected to the same switch or repeater. Networking devices, such as routers, are used to separate the boundaries of broadcast domains.
A broadcast domain is a logical part or division of a computer network. In a broadcast domain, all the nodes can be reached via broadcast at the datalink layer. Broadcast domains are located within a network or multi-network segment. Multi-network segments require a bridge, such as the networking device. A broadcast domain member can also be any device or computer that is directly connected to the same switch or repeater. Networking devices, such as routers, are used to separate the boundaries of broadcast domains example is the virtual local area network (VLAN) in which multiple computers establish a broadcast domain via a virtual connection, they are not physically connected. A broadcast domain provides fast and reliable communication for offices in different locations. One broadcast domain disadvantage is its tendency to drop Web data signals after reaching network router interface borders. Additionally, issues occur when a router links two or more broadcast domain networks, as described in the following example: Let networks A and B be connected via a router. Network A, which has a Dynamic Host Configuration Protocol (DHCP) server, broadcasts Internet Protocol (IP) addresses to all attached computers. The DHCP service also tries to broadcast IP addresses to all computers attached to network B. However, the router drops incoming messages and network B’s computers do not get configured properly. Such issues occur in broadcast domains. Current routers are manufactured with enhanced features, such as the no DHCP request blocking.
VLAN Created using Switches
It is only when the VLAN port group is to extend to another device that tagging is used. Since communications between ports on two different switches travel via the uplink ports of each switch involved, every VLAN containing such ports must also contain the uplink port of each switch involved, and these ports must be tagged.
Switches typically have no built-in method to indicate VLAN port members to someone working in a wiring closet. It is necessary for a technician to either have administrative access to the device to view its configuration, or for VLAN port assignment charts or diagrams to be kept next to the switches in each wiring closet. These charts must be manually updated by the technical staff whenever port membership changes are made to the VLANs.
Management of the switch requires that the administrative functions be associated with one or more of the configured VLANs. If the default VLAN were deleted or renumbered without first moving the management connection to a different VLAN, it is possible for the administrator to be locked out of the switch configuration, normally requiring physical access to the switch to regain management by either a forced clearing of the device configuration (possibly to the factory default), or by connecting through a console port or similar means of direct management.

Answer to Question 5

For osl10.njit.edu

Server unknown

Address:192.168.42.129

Non-authoritative answer:

Name:osl10.njit.edu

Address:128.235.44.60

For hydra.cs.pit.edu

Server:Unknown

Address:192.168.42.129

Unknown can't find hydra.cs.pit.edu :non-existant domain

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.