Network Security Concerned With Access Control Computer Science Essay

Published:

Introduction

The computer networks which are both private and public are used to conduct day to day communications and transactions among government agencies, businesses and individuals. The networks include "nodes", which are "client" terminals (individual user PCs), and one or more "servers". These are joined to communication systems, which can be private or public. Users can access the network through desktop computers, laptops, cell phones, PDAs (Personal Digital Assistance) …etc.

Network security includes all activities that enterprises, institutions and organizations take on to defend the ongoing usability of assets, continuity of operations and the integrity of processes.

The need of an effective network security policy is to identify threats which can harm the network, and in addition, to find the most suitable tool to resist them.

The following topics describe different aspects of network security.

Network security concerned with Access Control

Lady using a tablet
Lady using a tablet

Professional

Essay Writers

Lady Using Tablet

Get your grade
or your money back

using our Essay Writing Service!

Essay Writing Service

This is also known as network admission control. This method is used to strengthen the security of private networks by limiting the availability of network resources to endpoint devices.

A conventional network access server (NAS) performs authentication and authorization functions by verifying the logon information for prospective users.

Additionally, NAC limits the data that each particular user can access by using antivirus software, firewalls and spyware-detection programs. Network Access Control also controls and restricts the tasks that the users can do.

When providing access control, different approaches can be used, ranging from password protection to token-based mechanisms to biometric encryption technologies.

There are several common ways that Network Access Control can be achieved. The most common method is to authenticate each valid user for the network, which can be accomplished by employing a simplistic user name and a password combination. If a guest user who has lower privileges gets access to administrator privileges, then that user could make use of it to harm the network intentionally or unintentionally. In addition we can include clearances that are necessary, such as a test question or proper identification of an image that is associated with the login credentials.

Also firewalls do a great work in stopping suspicious attacks in a network. The above mentioned are very useful methods to avoid all unauthorized access by hackers.

The following describes different kinds of security and access control mechanisms to show how the system deals with the security issues.

/etc/fetuses

This mechanism restricts certain users from logging into the machine via ftp. The /etc/ftpusers file is read by the ftp daemon program (ftpd), when an incoming ftp connection is received. The file is list of users who are not authorized to log in.

/etc/securetty

This file specifies which tty devices root is allowed for log in. The log in program (usually /bin/log in) reads this file. Its format is a list of the tty device names allowed and disallowed.

The tcpd hosts access control mechanism.

The tcpd program which is scheduled in the samone/etc/inetd.conf provides logging and access control mechanisms to services. Also, this program is configured to protect.

Network security concerned with User Authentication

User authentication is verifying the identity of users logging onto a network. The identity of the user to a network can be done by the use of passwords, digital certificates, smart cards and biometrics. These security measures avoid hackers.

A strong password with both uppercase and lower case letters, numbers and characters will be more sensitive. Computer security authentication involves e-mail authentication, verifying message integrity, and checking the integrity of a transmitted message.

There are digital signature, human authentication, password, challenge-response authentication, IP spoofing and biometrics.

User authentication confirms whether a user trying to gain access to the network authorized before being allowed to access the network.

Network security with firewalls

Firewalls are a part of computer systems or networks which are designed to block unauthorized access and allow only authorized communications.

It is a device which constructs to allow or deny network transmissions based upon a set of rules and other criteria.

What is the purpose of a firewall?

Lady using a tablet
Lady using a tablet

Comprehensive

Writing Services

Lady Using Tablet

Plagiarism-free
Always on Time

Marked to Standard

Order Now

Firewalls are enormously important for keeping network security in force. Firewalls prohibit and control the traffic between the network and the different sites you try to log in. A firewall is a component of a company's network protection which acts to keep in force the network security policy. Firewalls reduce networks vulnerability and also it can log inter-network activity with efficiency. If an organization does not use any firewall, which means its network has direct access to any kind of intruders. In addition, every host in your network can be attacked by every host online.

Firewalls control information in and out of your local network. Usually when the firewall host is connected to the internet or to the local LAN, the firewall allows gaining access to the internet.

In this way a firewall can control the information in and out from the internet and the LAN.

There are three generations of firewalls as shown below:

First generation - packet filter firewalls

Second generation - stateful filter firewalls

Third generation - application layer firewalls

The following shows several types of firewall techniques:

Packet filter: This examines each packet passing through the network, and this filtering accepts or rejects it according to user defined rules. This is mostly transparent and fairly effective to its users, though t is difficult to configure. It is vulnerable to IP spoofing.

Application gateway: This method applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective but can result in performance degradation.

Circuit-level gateway: This applies security mechanisms when a UDP or TCP connection is established. Packets can flow between the hosts without further checking once the connection has been made.

Proxy server: This captures all messages which is entering and leaving the network. The proxy server successfully hides the true network address.

Network security concerned with Virus Protection

A computer virus can be described as "A self-replicating program containing code that openly copies itself which has the ability to infect other programs by adapting them or their environment such that a call to an infected program entails a call to a possibly evolved copy of the virus."

A computer virus has the capability to interrupt work, damage data, and even bring your network down. People make viruses for various reasons such as: for hacking, revenge, to stop illegally copying software, etc…

In order to protect your organization's network from virus attacks follow the given steps.

Do not open any type of files attached to an email from any suspicious, unknown or untrustworthy resource.

Some viruses can copy themselves and spread through email, so never open any file attach to an email, though it appears to be in a friendly way.

Do not check any files attached to an email if the subject line seems to be questionable or unexpected.

Delete junk emails or chain emails, these are known as spam, which are unsolicited, intrusive mail that clogs up the network. Never reply or forward any of to them. Do not download any files from strangers.

Be careful when downloading any files from the internet, and make sure the resource is legitimate and reputable one. Confirm that there is an anti-virus guard to check the files on the download site. If you are unsure, download the necessary files to a floppy and test it with your own anti-virus software.

Take back ups on a regular basis, because if a virus destroys your files, the backups will help you.

Update your anti-virus software regularly.

Network security when accessing the internet

The internet is a network of large number of networks that is based on open networks. It's really important to consider about the network security when accessing the internet because accessing the internet has one of the major risks of virus attacks. Therefore the users have to be more careful when using the internet, so they can take precautions such as phishing attempts to protect their data from viruses, limiting Internet exploration privileges from employees, preventing employees from visiting malicious sites, etc… Also the use of Virtual Private Networks will be a great use to protect personal data when dealing with the internet. Virtual Private Networks (VPNs) are temporary or permanent connections across a public network-such as the internet-that uses encryption technology to transmit and receive data. VPNs are meant to make packets secure as they are transmitted across a public network. Therefore the connection between sender and receiver is private even though it uses a link across a public network to carry information.

Lady using a tablet
Lady using a tablet

This Essay is

a Student's Work

Lady Using Tablet

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Examples of our work

Organizations can also interconnect multiple LANs across the internet-one pair of networks at a time. Using VPNs to connect to a company network has clears advantages:

Installing several modems on an RRAS server so that the user's can dial up any ISP.

Remote user's can usually access an RRAS server by making only a local phone call, this feature saves money on long distance telephone charges.

When broadband connectivity to the internet is available, the remote user's can connect to the network at a high speed.

TASK 2

Introduction

As the Network manager, I was supposed to solve a problem that was faced by one of our company staff member. She reported that she's unable to log onto e-mail. I couldn't find weather that problem was unique to her machine or for the whole network. Then I found that she was the only person using the network at that moment. In order to go deep to the problem, I asked a couple of questions, and then found out that she is unable to print too.

In order to find a solution for the problem, I used the structured troubleshooting approach. Structured trouble shooting method is a standard and an efficient way to solve a problem. This consumes less time and also less money. Troubleshooting is the process that leads to the diagnosis and, if possible, resolution of a problem. It is usually triggered when a person reports a problem. . This implies that you need to differentiate between a problem, as experienced by the user, and the actual cause of that problem. Structured trouble shooting method has six main steps, as shown below:

Defining the problem and the scope - user reports about the problem that he or she faced.

Gathering information - this includes interviewing all parties (involving user), plus any other means to gather information. Usually, the problem report does not contain enough information to formulate a good hypothesis without gathering more information. Information and symptoms can be gathered in two ways: directly, by observing processes, or indirectly, by executing tests.

Analyzing information - After the gathered information has been analyzed, the troubleshooter compares the symptoms against his knowledge of the system, processes, and baselines to separate normal behavior from abnormal behavior

Eliminating possible causes and devising a solution - By comparing the observed behavior against expected behavior, some of the possible problems causes are eliminated and possible solutions are proposed.

Formulating a hypothesis and implementing the solution - After gathering and analyzing information and eliminating the possible causes, one or more potential problem causes remain. The probability of each of these causes will have to be assessed and the most likely cause proposed as the hypothetical cause of the problem.

Testing the solution - The solution must be tested to confirm or deny that it is the actual cause of the problem. The simplest way to do this is by proposing a solution based on this hypothesis, implementing that solution, and verifying whether this solved the problem. If this method is impossible or disruptive, the solution can be strengthened or invalidated by gathering and analyzing more information.

Document the solution

Devise preventive measures

Defining the problem and the scope.

One user complains that she cannot log into the email and also cannot print within the company network. The hypothesis is, it is affecting the whole network or it is a unique problem to her machine.

Gathering information

In order to identify the exact problem, I asked her couple of questions. Those are show as below:

Question 1 - Are only specific network services (e.g. printing) affected?

Answer - No, I can't log into the e-mail also.

Question 2 - Did both problems occur at similar times?

Answer - Yes

Question 3 - Were you trying to log into the company's intranet mail server?

Answer - Yes

Question 4 - Are you using a network printer?

Answer - Yes

Question 5 - When did you experience this problem? When did the symptoms appear? Have the symptoms appear occasionally for a long time?

Answer - Yesterday, while I was working.

Question 6 - Was a workstation, server or connectivity device replaced?

Answer - No

Question 7 - Did the operating system or configuration on a server, workstation, or connectivity device change?

Answer - No

Question 8 - Were you able to log into the mail and take print outs earlier?

Answer - Yes

Question 9 - Is the NIC properly inserted?

Answer - Yes

Question 10 - Is a device's network cable properly connected to both its NIC and the wall jack?

Answer - Yes

Question 11 - Is the router, hub or switch properly connected to the backbone?

Answer - Yes

Question 12 - Are all the cables and the connectors are in a good condition?

Answer - Yes

Analyzing information

The problem occurred may be due to several reasons, such as:

It may be a problem within the network, due to, damaged cables, virus infection, failure in the router or the hub, loose connections in the cables, etc…

It may be a malfunction of the computer software of the user's machine, due to, virus infection, incorrect network configurations, etc...

It may be problem with the user's hardware connections such as, damaged cables, Network Interface Card failure, hardware device failure, etc…

Eliminating possible causes and devising a solution.

After analyzing the gathered information I found several reasons for the problem occurred, and the following describes the solutions that I proposed.

Devise solutions for network problems - verify all the cables, routers, cable connections are working properly in the network and make sure that the computers in the network are free of virus.

Devise solutions for malfunctions and software failures in the user's computer - Verify whether the user has proper and functioning software in his computer and also make sure his computer is free of viruses. In addition check whether the network configurations are correct.

Devise solutions for hardware failures in the user's computer - Verify all the cable connections and verify whether the NIC is working properly, and also make sure that all the hardware devices are associated with the necessary drivers.

Formulating a hypothesis and implementing the solution

Implement solutions for network problems

As there are so many users in a network, all of them need to be informed and the network should be free of users before implementing the solutions. But in this case, there was only one user who was using the network, so I informed her what I was going to do, and asked her to save her work.

The following shows some guidelines when implementing a solution for network problems:

Check whether all the cables are not damaged, and confirm that the connections are configured properly.

Verify that the router, hub and switch is properly connected to the backbone.

Use recommended antivirus software to clean the network if it's infected with viruses. Always use an up-to-date virus guard when scanning.

In order to check whether the routers are replying and/ or by pinging, use the ping (e.g.: ping 192.168.4.241) command in command prompt to make sure that all parts of the network are reachable.

If not, use TRACERT command to identify the router with problems and do the following:

Check whether the router which is using in the network is configured properly.

If the router is damaged, repair it if possible, or else try using a new one.

Finally, if the problem still remains, then contact the network administrator and find out whether the problem is from the service providers.

Implement solutions for malfunctions of the software in the user's computer.

Check whether the software is installed properly, if not uninstalls it and try installing a new appropriate one.

Use recommended antivirus software to clean the network if it's infected with viruses. Always use an up-to-date virus guard when scanning and if it is not possible, try formatting the computer.

Make sure her computer's network configurations are correct.

Implementing solutions for hardware failures in the user's computer

Check whether the necessary drivers are installed to the user's computer correctly.

Find out if there are any damaged cables or inaccurate cable connections. If so try out with new cables and adjust the flaws.

Make sure that all the drivers are configured properly to the user's computer.

In order to make sure that the NIC is replying properly, use ping command in command prompt. If not check whether the NIC is damaged or properly plugged in.

Testing.

Once the solution is implemented, it can be tested to find out whether the problem is solved or not. For this purpose we can use beta testing to find out whether the problem is solved. Beta testing means after implementing the solution, it is given to a group of users for further testing to confirm that the implemented solution has few faults or bugs. Occasionally, beta versions are made available to the public to increase the feedback field, in order to maximize number of future users.

Document the solution.

Documenting is one of the most important steps to consider. Documentation in this case is done to keep the set of records to show how you found the problem and how you implemented a solution for that. Documentation can be technical or user based. So in future this document will be a useful tool solve if the same problem occurs again.

Devise preventive methods.

Devise preventive methods for network problems

Frequently check whether the cables are properly connected and working in the needed way.

Use a proper firewall and antivirus software to avoid malicious attacks.

Make sure the hub or the router is properly connected to the backbone.

Make sure the NIC is properly pinned.

Devise preventive measures for the malfunctioning in the computer software.

Do not make any changes to the software installed.

Use a proper and an up-to-date antivirus guard in the network, and make sure you do regular scans.

Do not change any changes to the network configurations, unless you are told to do so but the administrator.

Devise preventive measures for computer hardware failures.

Regularly check whether the cable connections are damaged and properly connected.

Make sure the NIC is properly plugged in.

Frequently update drivers for hardware devices as necessary.

TASK 3

Introduction

A firewall is a very useful tool of preventing any unauthorized outsiders from accessing the network and its own private data resources. The following describes a comparison of leading firewalls in the market which can be used in an organization for security purposes.

Comodo Firewall (32-bit version)

Comodo firewall is a tremendously effective protection tool to your PC, in order to keep it safe from Internet dangers. This blocks viruses, hackers and other intruders trying to take control of your PC.

Version- 4.1.19277.920

Operating Systems - Windows Vista, Windows XP, Windows 7

Requirements- 128 MB RAM 210 MB hard disk space

Manufacturer- Comodo

Model No- Pro3.9.76924.507

Features

The Comodo internet security was intended according to the concept layered security, integrating components designed to prevent intrusions upon a computer system, with components designed to settle any intrusions which the other components miss.

Firewall

Comodo's Firewall usually wins high scores on Firewall testing sites, and this firewall has been frequently included in the top three firewalls.

HIPS (Defense+)

Comodo's Host Intrusion Prevention System (HIPS), also known as Defense+ which is designed to offer security against unknown malware. This HIP system limits the access to essential files, folders, settings, Windows Registry and also restricts the action of unknown applications.

When a file appears on Comodo's white list, or when particularly allowed by the user, the Defense+ utilizes Default Deny Protection, by default rejecting any unknown file permission to install.

Antivirus

On October 23, 2008, the Comodo's Antivirus software was publicly released along with the Comodo Internet Security Suite.

Online Scanner

The Comodo Automated Analysis System is an online scanner which scans suspicious files, intrusions and reports back its conclusions.

Memory Firewall (Buffer Overflow Protection)

Comodo Memory Firewall is designed to protect against infamous Return-to-libc attacks and buffer overflows. This memory firewall secures all applications. This Memory Firewall also finds out buffer over flows occurring in the STACK and HEAP memory, in addition, ret2libc attacks and corrupted SHE chains. This memory firewall is a part of a Comodo's prevention layer. Comodo's internet security raises a pop-up alert, on the effort of a buffer overflow stack. This provides security against computer crashes, data theft and system damage, which are possible consequences of a buffer overflow stack.

ThreatCast

This is a community-based advice system that gathers facts about decisions in which other users have taken concerning certain actions on a user's computer. These information are then displayed in alert windows which gives the client an idea whether the action is secure or hazardous.

Norton Personal firewall

Symantec exploited the Norton Personal Firewall formerly. This is a terminated personal firewall with program control, advertisement blocking and secrecy protection capabilities.

This program control module has the ability to permit or reject individual applications access to the internet. Programs are given permission automatically to allow or reject internet access by Norton Personal Firewall. In order to decide if a program should be allowed or disallowed this firewall uses a blacklist and a white list.

The advertisement blocking feature of this firewall rewrites the HTML. It searches for code associated to advertisements against a black list and prevents the web page from being displayed. When this occurs, the firewall does not provide any notification. Norton Personal Firewall does not provide any notification when this occurs.

The Privacy Control prevents cookies, browser active content and also avoids the transmission of responsive data through standard POP3 e-mail clients, Microsoft Office e-mail attachments, Windows messenger and Instant messaging services.

Operating Systems: Windows XP, Windows Vista, Windows 7

Requirements: 300MHz or faster processor, 256MB RAM, 300MB HD

Model number: 20043970

Manufacturer: Symantec

Key features and benefits:

Comprehensive Personal Firewall: This avoids hackers and controls all connections between a PC and the internet. The Norton Personal Firewall decides whether the connection should be blocked or permitted, whenever there is a new connection.

Blocks Active Content: This stops ActiveX® controls before they are downloaded on a per site basis. This firewall can be personalized to let frequently visited and trusted sites to download.

Intrusion Prevention: This detects online security breaches and examines the content of Internet traffic, which can hide in approved Internet connections. When this detects an intrusion, the appropriate action is triggered to prevent the intrusion, depending on the threat.

Symantec security check: This links to Symantec's external Web site which allows running a "Scan for Security Risks" test on your computer. The Symantec Security Check site provides instructions to help you reconfigure your firewall if your system is determined to be at a risk.

Full Stealth: This avoids the computer from acknowledging the probes of a hacker's port scanner and also this totally hides your computer from intruders.

Confidential Information Blocking: This allows you to organize the firewall o create an "allowed list" while sending personal information to trusted sites.

Pop-up Blocking: This allows stopping pop-up windows, banner ads and other Web clutters so there will not be any distractions when reading information on the Web page.

Network Detector: This eventually searches for an accessible network when you change the destination. This feature is useful when using a Notebook computer. A network control alert is displayed, when Network Detector finds a network. This new network allows running the automatic Home Networking Wizard to easily and quickly reconfigure the security settings for the network. Network Detector intelligently remembers each network it finds, and the security settings are automatically switched when you reconnect.

ZoneAlarm Pro Firewall

Check Point Software Technologies Ltd. Developed the ZoneAlarm Pro Firewall. This is a standalone Windows (XP, Vista or 7) software firewall which avoids traffic threats that arrives or departs from a computer. The firewall assists with antivirus software and antispyware from competing with sellers.

Manufacturer: Check Point Software Technologies Ltd

Model No: F5D-5230-4

Firewall Features:

Firewalls provide protection by avoiding intruders. If infections creep through the firewall, they get caught by other guardians' antispyware and antivirus software. In advance, this firewall included a scanned incoming e-mail and a privacy control. In present, that browsers email applications scan incoming attachments and web privacy controls. Check point has modernized ZoneAlarm Pro firewall to prevent unnecessary functionality.

True Vector Internet Monitor

"True Vector Internet Monitor", which is also known as "TrueVector Security Engine", is the basis of ZoneAlarm. This is a Windows service that runs as "vsmon.exe" in the processes list. This generates alerts for disallowed access and monitors internet traffic.

Operating System Firewall

Operating System Firewall, which is also known as OS Firewall, this is a feature in ZoneAlarm paid versions only. This Operating System observes programs and produces alerts when they perform suspicious behaviors.

Smart Defense Advisor

Smart Defense Advisor is a service which is only available in premium versions of this firewall which helps the user with certain alert types. Smart Defense Advisor utilizes a large database of trusted program signatures, in order to provide the user with further advice upon requests from the program In order to provide the user with further advice upon requests from the program allowing or denying access to the internet.

Additional Security Features:

Other noteworthy features include the capability to authenticate when and where a web site was registered and whether it is hazardous or safe, and to analyze possible danger of a downloaded program. ZoneAlarm Pro scans out going email for malignancies, although it does not scan incoming email. This product includes an option to test any download in a safe and a virtual environment if it manifests dangerous characteristics.

I would like to recommend ZonalAlarm Pro Firewall out of all four mentioned above for the given requirement due to its key security features such as privacy control, scanning incoming mail, True vector internet Monitor, Smart Defense Advisor, etc…

TASK 4

Introduction

User policies are produced to minimize risks in a network. These policies help the users to adhere on agreed upon rules so the network will be more protected. A well-thought-out policy can help your organization to enjoy the benefits of the internet while reducing the pitfalls. This will encourage the employees to use the internet effectively, and sets up procedures to minimize security and legal risks. The following three areas cover the main actions of the network usage.

Accessing the WWW (World Wide Web)

Instant Messaging and Chat Rooms

E-mail usage

Accessing the WWW (World Wide Web)

The following shows the rules that must be used when accessing the WWW:

Precautions

Use strong user names and passwords with more characters and do not share it with strangers.

Never download any files from unknown people, unless it is work related.

Ignore pop-up ads, do not open them.

Be careful when downloading files from the internet. Make sure that the resource is a reputable and legitimate. Confirm that an anti virus program checks the downloaded files. If not, download them into a floppy disk and check with your own anti-virus software.

Do not give away your personal information over the Internet

Always have an active firewall in the network.

Ban the personal use of internet or limit it, as long as it does not affect employee's work.

Do not visit web sites that are inappropriate to the company

Make use of a proper antivirus software and do not forget to update it frequently.

Effects

Hackers will find it harder to crack personal details.

These files may contain viruses which can harm the network.

These will help to avoid malicious attacks that come in a friendly way.

This may prevent malicious attacks.

This helps to avoid threats to your personal life as well as to the company that you are employed.

Firewalls prevent the unauthorized access over the network.

This will be a cost saving methods as resources are not wasted.

The usage of internet should be done only by visiting the required sites which are necessary for the job you are dealing with. Visiting unnecessary sites may even can harm the reputation of your company.

Usage of a frequently updated antivirus guard will protect your computer from any virus attacks.

Instant Messaging and Chat Rooms

The following rules can be used when using instant messaging and chat rooms:

Precautions

Do not add unknown people.

Instant messaging service in a company should be used only for its purposes, not for personal uses.

Do not join unknown chat rooms and reveal your personal information.

Do not give your username and password to unknown people.

Block troublesome people.

Make sure that you log off once you are done with the work.

Do not accept messages from strangers or either respond to them.

Effects

This may prevent unknown messages and, in addition, the outsiders knowing your personal information

Instant messaging for personal uses may increase the vulnerability to security threats, and also this might waste the company resources.

This reduces virus attacks.

This reduces the vulnerability of your account been hacked by intruders.

Ignoring unknown messages from unwanted people will help to reduce virus attacks.

So the strangers will not get a chance to access your account information.

By ignoring unknown messages will help to reduce malicious attacks.

E-Mail Usage

The below rules can be followed when using e-mails:

Precautions

Never open any file attachments from an unknown, doubtful or untrustworthy resource.

Do not open files attached to an email if you are not sure about it, even they come in a friendly manner. Sometimes, these viruses can reproduce themselves and spread through email.

If the subject line of the email is questionable or unexpected, do not open them.

Scan the attachments before opening.

Delete junk email or chain email. Never reply or forward any of them.

Use strong usernames and passwords.

Block nuisance emails senders.

Make sure that you log off from your account after the work is done.

Effects

This can harm your computer thus the whole network by virus attacks so confirm whether the address is known.

Check the attachments before downloading.

Always save a copy in your hard drive.

Due to scanning, the viruses will be removed before opening.

These email are known as spam, which are intrusive and unsolicited mail that clogs up the network.

So hacking will be difficult for intruders.

This helps to keep your mail box clean and consumes less time when reading mails.

So no outsider can gain access to the mail account even by a mistake.

TASK 5

Introduction

Microsoft IPsec Diagnostic Tool is a wonderful technology for identifying computers and it secures the exchange of data between them. This tool assists network administrators troubleshoot network related failures, mainly focusing on Internet Protocol Security (IPSec). Also this tool ensures common network problems on the host machine and proposes repair commands if there are any problems.

In addition, this tool gathers IPSec policy facts on the system and passes the IPSec logs to determine why the failure might have happened. This tool provides trace collection for virtual private networks, the Network Access Protection (NAP) client, Windows Firewall, Group policy updates. The diagnostic report is produced by the tool. This report is obtained from the system logs collected by the tool during its analysis phase.

The tool offers two modes of functionalities when we are starting to install it. They are the Local mode and the remote mode.

The Local mode - the tool will run on the system under inspection and in case it can be even use for live troubleshooting. This mode is mainly used for diagnostic. If this mode is selected, it will collect system information needed to diagnose network issues and information related to IPSec is further analyzes to arrive at probable causes of the failure. Finally all logs and data collected are put into a CAB file.

The Remote mode - this provides failure diagnosis through IPSec logs. This mode is used for offline analysis for logs which are collected. Also remote mode provides more elasticity to run the tool on a machine other than the one under investigation.

I chose the Local mode, and then the following window appears.

Then I clicked the button "Start diagnosis" to start the process.

The following window shows when the diagnostics is progressing.

Once the diagnostics is completed as shown below

Then we generate a report using the command button "Generate report"

The report can be viewed as follows: