Introduction to Computer Systems and Security (COM4010)

TCA Assessment

STU255293

Deadline:
Tuesday, 15 July, 12:00 PM (UK time)
Part 1

Task 1.1:

NI’s core network infrastructure is anchored by an edge router, which serves as the primary gateway
between the campus and the broader Internet. This router plays a critical role, not only by
facilitating external connectivity but also by enforcing essential traffic management policies (see
Cloudflare, 2023). Each academic unit—namely, Faculty Alpha (Administration) and Faculty Beta
(Technical)—operates its own dedicated switch. These switches are responsible for linking devices
within their respective departments, efficiently managing internal data transmission across the local
area network (LAN). Unlike routers, switches are concerned solely with forwarding frames to their
intended local destinations, ensuring seamless communication within each faculty.

The campus network also incorporates a central file and application server. This server consolidates
vital resources, such as student records and laboratory simulation files, while also delivering shared
services required by both departments. Centralization of these resources is essential, as it enables
reliable and consistent access from both faculties (Microsoft, 2025).

Additionally, a networked printer is integrated into the infrastructure, allowing users across the
campus to submit print jobs remotely without the need for direct cabled connections. This setup not
only enhances convenience but also optimizes resource utilization across departments. The absence
of such devices would significantly hinder interdepartmental communication and resource sharing.
For example, without switches, departmental computers would be isolated from each other, and
without the router, the campus would lose Internet connectivity entirely. Table 1.0 provides a
summary of each component and its respective function within the network.

Department/Location Hardware/Device Why Necessary for NI (Role/Function)

The primary network gateway functions as the

campus’s main interface to the Internet. It routes
data between networks, granting users external
Campus (Both access while safeguarding the internal NI LAN from
Edge Router
Faculties) outside intrusion. This separation is essential for
both connectivity and security.

Faculty Alpha (Admin) Department Switch Administrative systems are interconnected via
dedicated switches, which manage traffic within
the internal network. These switches direct data
packets only to their intended destinations,
ensuring efficient communication (such as email
and file sharing) while minimizing network
 Department/Location Hardware/Device Why Necessary for NI (Role/Function)

collisions.

Laboratory systems operate on a separate network

segment, supporting high-speed data transfers for
research computing. This configuration isolates lab
Faculty Beta (Labs) Department Switch
traffic from administrative operations, thereby
enhancing performance and simplifying network
management.

A centralized server delivers shared resources,

including storage and applications such as student
records databases and specialized lab software.
Campus (Both
File & App Server This server enables data consolidation, facilitates
Faculties)
reliable backups, and supports vital services like
authentication and student portals for both
departments.

A shared network printer is accessible to

authorized users across Alpha and Beta
departments. This arrangement reduces costs by
Campus (Both
Network Printer eliminating redundant hardware and streamlines
Faculties)
device management, as users can print from any
connected device without requiring a direct,
physical connection.

Each device mentioned above plays a crucial role within the network infrastructure. For instance,
without switches, communication between PCs would be impossible, and in the absence of a router,
Internet connectivity would not exist. The server serves as a centralized location for critical data and
applications, ensuring both security and accessibility. The table presented earlier provides a concise
overview of each hardware component’s function.

Turning to software:

System software is fundamental in managing hardware and delivering essential services. For
example, NI operates a server using an operating system such as Windows Server or Linux. This
system software is responsible for resource management—overseeing the CPU, memory, storage,
and network—and establishes the environment required for applications to function. Additional
utilities, such as SQL Server or automated backup software, also fall under the system software
category, as they manage data storage and recovery processes integral to system stability. These
forms of software interact directly with hardware and facilitate core services, including data
management and backup scheduling.
On the other hand, application software is designed for end-user tasks. Within NI, administrative
staff commonly utilize office productivity suites like Microsoft Office to prepare documents,
spreadsheets, and presentations. In contrast, engineering and simulation applications such as
MATLAB or AutoCAD are essential for students and faculty engaged in research within Faculty Beta.
These applications are selected according to departmental needs: administrative offices require
word processing and email capabilities, while laboratory environments depend on specialized
scientific and design tools. Each application operates on the underlying system software, which
manages hardware resources and ensures operational consistency.

Table 2.0 organizes representative software by category, indicating the relevant department and
providing justification for each selection.

Systems Software
Department(s) Reason/Use
(Category)

The server’s hardware resources—CPU, disk, and

memory—are centrally managed to ensure stable
Operating System (Server operation and reliable network service delivery. This
Alpha & Beta
OS) foundational layer is crucial for maintaining proper
hardware function and supporting all server-based
activities (TechTarget, 2024).

System-level platforms, such as hypervisors or

database management systems, enable the
deployment of multiple virtual machines and the
Virtualization/Database
Alpha & Beta management of extensive datasets. These
Software
technologies provide robust, segmented hosting
environments and promote efficient utilization of
hardware resources.

Office productivity software—including applications

for document creation, email, and presentations—
Faculty significantly enhances administrative workflow.
Office/Productivity Suite (e.g. MS
Alpha These tools are selected for their direct support of
Office)
(Admin) clerical responsibilities and their accessible, user-
friendly interfaces, which are particularly suitable for
office staff (Quickbase, 2025).

Specialized software for technical design, simulation,

and data analysis equips students with the necessary
Faculty tools to perform laboratory experiments, model
Engineering/Simulation Software
Beta complex systems, and carry out project
(e.g. CAD, MATLAB)
(Labs) development. Such applications are tailored to
address the specific technical demands encountered
in engineering coursework.
Software is generally classified based on its primary function. System software—like operating
systems and database or virtual machine tools—handles core hardware management and essential
background services. In contrast, application software includes programs such as office suites and
engineering tools, which directly support user tasks.

The rationale behind selecting each type of software comes down to what a specific department
needs. For example, administrative staff require a reliable office suite to handle documentation and
communication. Meanwhile, technical laboratories depend on specialized simulation software to
conduct experiments and analyses. In short, each software choice is directly linked to the
operational demands of its intended users.

Part 2 – Task 2.1: Network Protocols

This section presents a comparative overview of four fundamental network protocols utilized within
NI’s infrastructure. For each protocol, its primary function, the relevant department or device, and
the possible consequences of misconfiguration are identified. Additionally, the associated OSI model
layer is specified, with a brief justification for its classification. Where appropriate, realistic use cases
from NI’s campus environment are provided to illustrate each protocol’s practical application.

Department/Device Impact if OSI Layer &

Protocol Real Use Case at NI
Affected Misconfigured Reason

DHCP NI most likely relies All departmental PCs If the DHCP server is Application
(Dynamic Host on a DHCP server and devices that malfunctioning or Layer (OSI
Configuration within the network to need dynamic IPs unavailable, newly Layer 7). DHCP is
Protocol) assign IP addresses connected or a network
dynamically to both rebooted devices management
administrative and lab will not receive IP protocol that
computers, rather addresses. As a automatically
than configuring static result, these devices assigns IP
addresses manually. are unable to addresses and
Typically, the DHCP communicate on the other network
functionality— local network or parameters to
whether implemented access the Internet, clients.
on a dedicated server effectively resulting
or integrated into a in network
router—automatically connectivity failure.
allocates IP leases to
student workstations
in Faculty Beta as well
as administrative PCs
in Alpha. This
approach streamlines
 Department/Device Impact if OSI Layer &
Protocol Real Use Case at NI
Affected Misconfigured Reason

network management
by reducing the need
for manual IP
configuration and
minimizing the
potential for address
conflicts.

| DNS (Domain Name System) | NI would use DNS to resolve names (e.g. “server.nedra.edu” or
Internet domain names) to IP addresses. For example, lab computers and admin computers use an
internal DNS (or external DNS servers) to translate domain names for web access or network shares.
| All devices that access internal or external servers by name (faculty PCs, servers) | If DNS is
misconfigured, computers cannot resolve hostnames to IPs. This breaks access to network resources
by name – e.g., staff would not reach websites or the file server via hostnames, and services
depending on names would fail. | Application Layer (OSI Layer 7). DNS is a distributed naming
service mapping domain names to IP addresses (ICO, 2023). It operates at the application layer
above TCP/UDP. |

| SMB/CIFS (Server Message Block/Common Internet File System) | NI’s Windows file share and
print services rely on SMB. For example, Faculty Alpha might have a file share on the server
(accessible as \NedraServer\Share) for administrative documents, and network printers are also
shared via SMB. Lab PCs use SMB to access project files on the file/app server. | File/application
server and all PCs in both faculties (shared folders, printers) | If SMB is broken (e.g. misconfigured
shares or security settings), users cannot access shared drives or printers. Data sharing halts: no one
can read/write network files, labs lose access to simulation data, and printers cannot be used. This
severely affects both departments. | Application Layer (OSI Layer 7). SMB is a network file-sharing
protocol operating at the application (or presentation) layer on top of TCP/IP.

| IEEE 802.1Q (VLAN Tagging) | NI may implement VLANs to segregate traffic (e.g. separate Faculty
Alpha and Beta networks on the same switches). 802.1Q tags would be used on the switches and
router to carry multiple VLANs over a single physical link. For instance, lab computers might be on
VLAN 10 and admin PCs on VLAN 20. | Switches and router trunks across the NI network. It affects
how broadcast domains are segmented between Alpha and Beta. | A 802.1Q misconfiguration (e.g.
wrong VLAN tags) could mix traffic between departments or cause devices to be in the wrong
network. This undermines security (data leakage between VLANs) and can cause connectivity issues
(devices can’t join intended VLAN). | Data Link Layer (OSI Layer 2). 802.1Q operates by tagging
Ethernet frames with VLAN IDs, enabling multiple virtual LANs on the same physical network
(JumpCloud, 2025). It is a link-layer protocol used by switches and routers for segmentation. |

Each of the selected protocols plays a vital role in NI’s network infrastructure. DHCP, for instance,
automates IP address allocation at OSI layer 7, streamlining network management. A
misconfiguration here would result in immediate loss of connectivity for clients, effectively isolating
them from network resources.

DNS is equally indispensable, serving as the backbone of name resolution—also operating at layer 7.
Without a properly functioning DNS, users would be unable to access servers by name, even if
underlying IP connectivity remains intact. This would severely disrupt day-to-day operations, as
reliance on numerical IP addresses is neither practical nor efficient.

The SMB protocol is central to providing file and print services within the server environment. Its
operation at layer 7 ensures that it leverages TCP/IP for communication. Incorrect configuration of
SMB could lead to loss of access to essential files, such as those related to research activities or
payroll, with significant organizational impact.

Lastly, 802.1Q VLAN tagging functions at layer 2 to maintain departmental traffic separation. By
tagging Ethernet frames, 802.1Q ensures that data streams remain isolated, enhancing both
performance and security. Improper VLAN configuration can introduce broadcast storms or allow
data to leak between departments, undermining the integrity and efficiency of the network.

Part 2 – Task 2.2: Network Topology Diagram

The network topology described features a straightforward hierarchical structure: an edge router
connects to a core switch, which then branches out to dedicated departmental switches for Faculty
Alpha and Beta. Both the file/application server and the network printer reside on the core switch,
ensuring shared access across departments.

This architecture brings notable benefits. Each departmental switch localizes its internal traffic,
thereby improving reliability and reducing unnecessary congestion. Segmenting the network further
—whether through VLANs or separate subnets—not only streamlines performance but also bolsters
security. For instance, isolating Faculty Alpha and Beta on distinct VLANs means that disruptions or
security incidents in one do not directly affect the other.

Ultimately, such separation of network traffic results in a better user experience, with fewer data
collisions and higher speeds for students. It also supports robust data protection strategies by
minimizing opportunities for unauthorized access across departmental boundaries. This considered
approach aligns with best practices for institutional network design, balancing efficiency, security,
and accessibility.
Figure 1 displays the basic network topology for Nedra Institute. The Edge Router connects the organization to the Internet
and links to a Core Switch. Separate Alpha and Beta Faculty switches each connect to the core as well. Both the
File/Application Server and the Network Printer are shared by both departments, connected directly to the core switch.
Each faculty switch then connects to the respective PCs for that department. This setup improves reliability by keeping
network traffic local and allows for security options such as VLAN segmentation.

Part 3

Task 3.1

Three major cyber threats that universities like NI commonly face are (1) ransomware, (2)
phishing/social engineering, and (3) distributed denial-of-service (DDoS) attacks.

Ransomware attacks involve malicious actors delivering malware that encrypts important data such
as student records, research files, or financial information, then demanding payment for decryption.
The education sector has become a significant target for these attacks: for example, one report
found over 6.1 million malware attacks in education within a single month. Law enforcement
agencies, including the FBI, have specifically warned that universities are targeted by organized
groups who both exfiltrate and encrypt data, seeking extortion. If ransomware were to impact NI,
critical academic and financial data could become inaccessible, leading to potential data breaches,
operational downtime, and reputational harm, especially if the incident becomes public. Typical
entry points include phishing emails containing malicious attachments, unpatched servers, or
compromised remote access. In many cases, the initial vector is a phishing email or vulnerable
service, after which the ransomware spreads within the local network.

Phishing and social engineering represent another significant risk. These attacks typically arrive as
deceptive emails intended to trick staff or students into revealing credentials or unintentionally
installing malware. The education sector is especially vulnerable: approximately 40% of breaches
involve some form of social engineering. At NI, for example, attackers could use a fraudulent email
to capture login credentials. If successful, this could lead to unauthorized access, data theft, malware
infections, and further compromise of institutional systems. The most common entry point is the
university’s email system, where a single click on a malicious link or submission of credentials to a
spoofed site can result in a breach.

Distributed denial-of-service (DDoS) attacks are also a notable threat. Attackers overload the
university’s network or online services with excessive traffic, making them inaccessible to legitimate
users. DDoS attacks might target the university’s website, learning management systems, or email
services, causing substantial downtime and disrupting both teaching and administrative operations.
Such incidents can undermine stakeholder trust and damage institutional reputation. The attack
typically originates from botnets or compromised external devices, directing large volumes of traffic
at the university’s network edge.

While other risks exist—such as insider threats or targeted software exploitation—ransomware,

phishing, and DDoS attacks are the most common for academic environments. Industry reports
consistently cite these as primary threats to higher education. To mitigate these risks, universities
should invest in robust email filtering, maintain secure and frequent backups, and implement DDoS
protection at the network level.

Task 3.2:

The Confidentiality–Integrity–Availability (CIA) triad represents the core objectives of information

security. In the context of NI’s data assets, these principles guide how data should be protected and
managed.

Student exam records contain sensitive personal and academic details. Confidentiality here is
essential; only authorized staff and the student should have access. Encryption and strict access
controls serve to prevent unauthorized disclosure. The integrity of these records is also vital, as any
alteration to grades or exam content undermines trust in the system. To address this, mechanisms
such as secure hashing or audit logs can be used to detect and prevent unauthorized changes.
Availability must not be overlooked, as students and staff may need timely access to records for
appeals or transcripts. Regular backups and redundant storage help ensure these records remain
accessible even if there is a hardware failure. Recommended controls include encrypting data at rest
and using digital signatures or checksums for integrity verification. For example, student records may
be encrypted within the database and backed up nightly, aligning with requirements such as GDPR
Article 32.

Lab simulation files typically contain research data, models, and code. Confidentiality requirements
depend on NI’s specific policies; while some research may be public, proprietary projects require
access restrictions to protect sensitive information. Integrity is particularly important, as researchers
must trust the accuracy of their data. Corrupted or altered files can compromise research validity.
Tools such as version control and integrity checks (e.g., hash comparisons) help maintain data
integrity. Availability is also critical researchers must be able to access files as needed for simulations
or publication. Data loss due to storage failure can disrupt research activities, so regular backups and
fault-tolerant storage solutions (such as RAID or off-site backups) are recommended. Additional
controls include file integrity monitoring and secure backup procedures to support timely data
restoration.

Administrative payroll files contain highly sensitive information, including salary and bank account
details. Here, confidentiality is paramount—encryption and strict, role-based access controls are
necessary to prevent the exposure of financial data. Maintaining integrity is also crucial, as errors or
unauthorized changes in payroll data could result in incorrect payments. This can be managed
through detailed access logs and validation checks during data entry. Payroll systems must also be
highly available to ensure timely processing, so redundancy and business continuity plans are
essential. Recommended security measures include encryption, multi-factor authentication, and
transaction logging, in line with best practices for securing sensitive information.

In summary, the CIA triad underpins the recommended security measures for each asset.
Regulations such as GDPR Article 32 reinforce these principles, requiring organizations to implement
controls that ensure ongoing confidentiality, integrity, and availability. NI should document and
apply appropriate safeguards—including encryption, backups, access controls, and monitoring—to
protect its information assets according to these established standards.

Task 3.3:

1. GDPR – Data Minimization (Art.5(1))

The GDPR requires organizations to limit personal data collection strictly to what is
necessary for specified purposes. For NI, this entails only collecting student data essential for
education, such as grades or student identification numbers, and avoiding any unnecessary
personal information. If NI gathers more data than required or retains it beyond the
necessary period, this will constitute non-compliance. Evidence demonstrating adherence to
this principle would include well-documented data inventories and retention policies,
verifying that only relevant fields are collected and that outdated records are deleted.
Compliance is further supported by system logs or data audits, confirming that obsolete or
unused data is not stored.

2. ISO/IEC 27001 – Risk Assessment Process (Clause 6.1.2)

ISO/IEC 27001 stipulates that organizations must establish and implement a formal process
for information security risk assessment. For NI, this means systematically identifying and
evaluating security risks to its data and systems. The absence of a documented risk
management process would indicate a failure to meet this requirement. To be compliant, NI
should maintain a comprehensive risk register or assessment report, detailing identified
risks, their potential impact and likelihood, and the individuals responsible for managing
them. Supporting documentation, such as records of risk treatment decisions and
management review outcomes, would serve as evidence of an ongoing and effective risk
assessment process.

3. GDPR – Security of Processing (Art.32)

Article 32 of the GDPR requires that organizations implement appropriate technical and
organizational measures, such as encryption, backups, or access controls, to protect the
confidentiality, integrity, and availability of personal data. NI must demonstrate the use of
measures like data encryption and secure access controls when processing personal
information of students or staff. If such controls are lacking, this would be a violation of the
regulation. Compliance should be evidenced by technical documentation—such as system
 configurations showing encrypted storage, policies outlining regular security testing, and
audit reports confirming these controls are in place.

Summary:
NI must ensure that its practices are fully aligned with GDPR and ISO/IEC 27001 requirements. For
data minimization, this means collecting and retaining only essential information. For risk
management, documented and regularly reviewed assessments are necessary. For data security,
implementing and evidencing appropriate technical measures is required. Supporting
documentation—such as policy documents, system configurations, audit logs, and training records—
serves as proof of compliance with each clause.

References

 Cloudflare Learning Center (2023) What is a network switch?. Available at:

https://www.cloudflare.com/learning/network-layer/what-is-a-network-switch/ (accessed
14 July 2025).

 Christey, B.S., Smith, S.R. & Spector, S.J. (2020) The increasing threat of ransomware in
higher education. EDUCAUSE Review. Available at:
 https://er.educause.edu/articles/2020/6/the-increasing-threat-of-ransomware-in-higher-
education (accessed 14 July 2025.

 Hightable (2025) ISO 27001 Clause 6.1.2: Information Security Risk Assessment. Available at:
https://hightable.io/iso-27001-clause-6-1-2-information-security-risk-assessment-guide/
(accessed 14 July 2025).

 JumpCloud (2025) What Is 802.1Q? Updated 14 Feb 2025. Available at:

https://jumpcloud.com/it-index/what-is-802-1q (accessed 14 July 2025).

 Microsoft (2025) What is Microsoft SMB Protocol and CIFS Protocol? (Win32 apps). Available
at: https://learn.microsoft.com/en-us/windows/win32/fileio/microsoft-smb-protocol-and-
cifs-protocol-overview (accessed 14 July 2025).

 Quickbase (no date) What is application software?. Available at:

https://www.quickbase.com/articles/application-software-basics (accessed 14 July 2025).

 TechTarget (2024) What is an operating system (OS)? By M.E. Shacklett & S.J. Bigelow.
Published Oct 31, 2024. Available at:
https://www.techtarget.com/whatis/definition/operating-system-OS (accessed 14 July
2025).

 Veritas (2024) 2024 Data Breach Investigations Report. Verizon (May 2024). Available at:
https://www.verizon.com/business/resources/reports/dbir (accessed 14 July 2025).

 Information Commissioner’s Office (ICO) (2023) A guide to the data protection principles &
security. Updated May 2023. Available at: https://ico.org.uk/for-organisations/uk-gdpr-
guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-
principles/ (Accessed 14 July 2025).