Research ideas

This section is dedicated for academic and final year students looking for networking projects and research ideas. The ideas are based on topics like Network Security, Network Design, Network analysis, Cyber Security and more

Title: Study on Rip v1 and Rip v2 protocol

The project does a study on Rip v1 and Rip v2 protocol. The configuration methods of the protocols on Cisco routers are analyzed. The insecurity of Rip v1 and how it is improved by Rip v2 is documented. The configuration required on Cisco routers to block RIP updates on specific interfaces is documented.

Title: Study on access control lists

The project does a study on different types of access control lists like standard and extended access control lists and understands the configuration required on Cisco routers. The differences and similarities in the configuration and design is understood. The project also performs a detailed analysis of the differences in inbound and outbound access control lists and how packets are handled when they are configured.

Title: Layer 2 loop prevention with Spanning Tree protocol

The project understands the anatomy of a layer 2 loops and why ethernet frame design is vulnerable to looping. The internal design of the spanning tree protocol is researched and how it is used for preventing layer 2 loops is understood.

Custom Report on a Title – Click here

Title: Access restriction between vlans

The project understands how access control lists can be used to restrict access between computers connected to different vlans. Intervlan communication is setup on a router using router on a stick configuration. The computers are configured with IP addresses belonging to different network addresses and mapped with the corresponding vlans.

Title: VLAN design for organization

The project understands how vlans can be used to create different departments. Every department is mapped with a unique vlan. The computers belonging to the vlans (departments) are configured with IP addresses belong to different network addresses. Intervlan routing configuration is identified for access between departments.

Title: Protecting Web servers from spoofed static source IP.

An organization has setup a Web server behind a Cisco router. It is been observed that the web server is being attacked from a private ip address of 192.168.2.3 from the internet. The appropriate configuration on the router with ACL which would block access from the specific IP address to the web server is identified.

Title: Access restriction to FTP server

In an organization, there are two networks, 192.168.1.0/24 and 192.168.2.0/24. Appropriate configuration on the router is setup for communication between the networks. A FTP server is setup on the 192.168.1.0/24 network. It is required that computers on the 192.168.2.0/24 network should be able to access only the FTP service on the FTP server and all other traffic should be blocked. The project aims to identify the necessary ACL configuration required to be setup on the router is identified.

Title: Internet access restriction for a network

A perimeter router of an organization has three interfaces. One of the interfaces is connected to the internet. The other two interfaces are connected to the networks 192.168.1.0/24 and 192.168.2.0/24. It is required that computers on the 192.168.1.0/24 network should not have access to the internet, but have access to the 192.168.2.0/24 network. The project understands the necessary ACL configuration which needs to be configured on the router for achieving the solution.

Custom Report on a Title – Click here

Title: Controlling broadcasts with VLAN

The project aims to understands how broadcasting causes traffic congestion in a switched network. The fundamental concepts of VLAN are understood and how VLANS can be used on a switch to create different broadcast domains to control broadcast traffic is understood.

Title: RFC 1918 compliance for perimeter routers

Custom Report on a Title – Click here

RFC 1918 states the IP addresses which are allowed for use on private networks. These IP addresses are not allowed to be used on the internet. Perimeter routers should not allow incoming packets from the internet with the IP addresses mentioned in the RFC. The project understands the appropriate ACL rules which need to be configured for achieving the solution. (http://www.rfc-editor.org/rfc/rfc1918.txt )

Title: STP Vulnerabilities, attacks and mitigation

The projects understand the internal architecture of STP packets and the fields inside it. The mechanism which attackers use to exploit the vulnerabilities in the STP packets is understood. The project understand the different features available on Cisco switches like BPDU-Root guard, Root guard , Loop guard along with appropriate configurations.

Title: Internet sharing for LAN computers

An organization is using a Cisco router as the internet router. The WAN interface of the router is connected to the internet and the LAN interface is connected to a switch to which the LAN computers are connected. There are 30 computers on the LAN which belong to the network address of 192.168.1.0/24. The project is to design the strategy and configuration which is required on the router to share the internet with the 30 users Features like default route, port address translation is explored for the purpose.

Custom Report on a Title – Click here

Title: DDOS TCP Syn flood defense for Web server

An organization hosts a web server behind a Cisco IOS firewall router. It is been observed that the Web server is being targeted for a DDOS based TCP Syn flood attack. The project aims to understand the anatomy of the attack along with feature TCP intercept on the Cisco IOS firewall and the necessary configuration which needs to be setup on the Cisco IOS firewall for defending the web server against the attack

Title: Resolving Active FTP issues with Cisco CBAC

The users in an organization access internet through a normal firewall. Since a firewall is setup, the users are unable to access Active FTP servers on the internet. The project aims to setup a Cisco IOS firewall to resolve the issue. The generic issues with firewalls and Active FTP servers and how the CBAC feature on the Cisco IOS firewall resolves the issue.

Title: Mac-address authentication vulnerability on 802.11 wirelesses LAN

Mac-address authentication is a feature available on Cisco access points for authenticating wireless clients based on their mac-addresses.The projects aims to understand the vulnerabilities in this feature by exploring mac-spoofing attacks and how it can be used to defeat mac-address authentication.

Title: Defeating route table poisoning with OSPF

RIP v1 is an insecure protocol. It does not have an authentication support inbuilt. An attacker can craft invalid RIP packets and send it out on a RIP network. The RIP router would accept the same and update its routing table. This poisons the route table as invalid route entries are injected in the table. The project aims to understand how OSPF which has authentication inbuilt can be used as protection against the attack.

Custom Report on a Title – Click here

Title: Defeating cam flooding attacks with port-security

Cam flooding attack works by generating a large number of frames on a switch port and making the cam table of the switch to overflow, eventually making the switch to broadcast out received frames on all ports. The projects understands how port- security feature can be used to limit the number of allowed mac-address on a switch port to prevent cam flooding attack along with the actual configuration.

Custom Report on a Title – Click here

Title: Remote management with SSH

An organization is currently using telnet to remotely manage a Cisco router on the internet. Due to the security vulnerability of telnet that it sends data in clear text, the organization has decided to setup SSH as a replacement protocol for remote management. The project aims to understand the different components required to setup the SSH infrastructure like SSH client and SSH server configuration on the Cisco router, which is tested and verified.

Title: OSPF Design on non-broadcast networks.

The project understands the generic design of OSPF and the details as to why it does not work normally on a non-broadcast network like frame relay. The necessary configuration required to make OSPF function on a Frame relay link is understood.

Custom Report on a Title – Click here