I





PROPOSED Systems
Map
Servers
Design

 The proposed system is capable of meeting all requirements of Kabul University and eliminates the drawbacks, which makes LAN efficient and highly secure and demanding.
 It will also result in reduced operating cost and significant improvement in the ability of organization to provide more improved and quick services to users and consequently, to general public.




Security:
Now days in world of I.T the main concern of organizations from all over the word is security. There are two different aspect of security. One focuses mainly on external threats and other on internal threats with in the organization. The internal network must be protected from both these threats. The LAN must be kept highly secure and in order to ensure that all the important data and valuable asset of organization are hidden from the snooping eye.
The proposed system is highly secure and it will impose all security measures for external and internal threats. It will consist of strong firewall protection on the gateway to internet and external access. Network will be controlled from centralized location using active directory domain.

 Proposed system is constructed on the principle of centralized controlled i.e. the whole network operation is controlled from a central location. This will give granolas control to the system administrator over all the network resources and no one will be able to miss use any important assets of the organization without proper permission over it.

 The proposed system will be constructed using the latest and fasted technology available in the market due to which end users will experience greater processing speed both in the LAN as well as WAN side access. Response time will increase where as decreasing the delay time.

 Important information will always available to users in no time. A separate servers is responsible of hosting different information and will be capable of handling all users request smoothly thus minimizing response time.

 The proposed system will be constructed in such a manner that ensures 99.99% data availability & uptime. Latest equipments and technology will be used in order to achieve this goal.

 The proposed system is very flexible system and is capable of accommodating any change that occurs in future both in the physical and logical layout of the
Building

 Some times information system projects are initiated to improve the accuracy of the processing data or ensure that a procedure prescribing how to do a specific task is always followed. I f properly designed and implemented, there is no change of error on part of computer, A computer can maintain accurate and consistent database, hence resulting in an improved performance.

 A high degree of reliability is designed in the system by incorporating good internal controls.







A collection of computers & servers that are part of the same centralized database .
Centralized User/Group Authentication -the ability to log on one .
time and access resources throughout the domain.
Centralized Security -the ability to control the user/computer environment, from one computer, across the whole network .
Searchable Database of resources including users , computers ,shared folders printers and more.
Very Scaleable - small companies and large companies

 IF a problem occur with server that has install domain controller and primary DNS administrator also capable to manage and control network without a problem.

 In using of domain it is necessary to use
DNS-server.
 This server change ip to name and name to ip.
 For flexibility user used from name instead of IP.

 It use for monitoring of network.
 This server store all information that occur in the entire network.
For example: if someone want hack our network it will be store in log server so we can find hacker.

 It is use for uploading and downloading
 files in network.
In this server, permission create that who can upload and download data in specific size of information.

 It use for storing data.
 This server contain all information and books for every faculty.
 It contain folders for every subject.
 Administrator determine who (students and teachers) should use which folder.

 If use license OS .
 It is necessary for get updating
 You will read how to update and configure
Automatic Updates on client workstations and servers that will be updated by WSUS

 It provides an environment used to generate databases that can be accessed from workstations, the web, or other media such as a personal digital assistant (PDA).
 It is used for Kabul-University database that contain all information about students and teachers.

 Also called mail server.
 It make local mail if source and destination are in same domain.
 It make mail secure and fast forward.
 Administrator can reset password if user forgot password.







A SMTP relay is a machine that will accept incoming and outgoing emails and that will then forward them on to their configured destinations.
Increases security by preventing Internet SMTP servers from directly contacting the Exchange Server.
Can filter inbound email for viruses or SPAM BEFORE they reach the Exchange Server.
Can filter outbound email for viruses before they are sent over the Internet.
Decreases the workload on the Exchange Server by taking care of CPU-intensive tasks before forwarding the email on to the
Exchange Server.
Can be configured to provide a secure, SMTP server so that your remote users can send email over the Internet when they are out of the office.





For security, legal compliance and also monitoring reasons, in a business environment, some enterprises install a proxy server within the DMZ.
Obliges the internal users (usually employees) to use the proxy to get Internet access.
· Allows the company to reduce Internet access bandwidth requirements because some of the web content may be cached by the proxy server.
· Simplifies the recording and monitoring of user activities and block content violating acceptable use policies.

Reverse proxy servers
 A reverse proxy server provides the same service as a proxy server, but the other way around. Instead of providing a service to internal users, it provides indirect access to internal resources from an external network
(usually the Internet). A back office application access, such as an email system, can be provided to external users (to read emails while outside the company) but the remote user does not have direct access to his email server. Only the reverse proxy server can physically access the internal email server. This is an extra layer of security, which is particularly recommended when internal resources need to be accessed from the outside.
Usually such a reverse proxy mechanism is provided by using an application layer firewall as they focus on the specific shape of the traffic rather than controlling access to specific TCP and UDP ports as a packet filter firewall does.

 Because using of Ip-telephony it is need for control of calls and signalings.

 Web server may need to communicate with an internal database to provide some specialized services.
 It has information and news about Kabul-
University that other people can aware.

 It is used for client that from outside of network want access.
 The access is secure and fast.
 There is software base vpn but it make load to network.
 Also can configure this server in firewall if it support this.

 It runs anti virus software in all computer that are under control of domain.
 It also send update anti virus software to all computers in specific time.
 It use less bandwidth during update time for all clients.





The biggest advantage of OSPF is that it is efficient; OSPF requires very little network overhead even in very large networks. The biggest disadvantage of OSPF is its complexity; OSPF requires proper planning and is more difficult to configure and administer.
OSPF uses a Shortest Path First (SPF) algorithm to compute routes in the routing table. The SPF algorithm computes the shortest (least cost) path between the router and all the subnets of the network.
SPF-calculated routes are always loop-free.
Changes to network topology are efficiently flooded across the entire network to ensure that the link state database on each router is synchronized and accurate at all times. Upon receiving changes to the link state database, the routing table is recalculated.
As the size of the link state database increases, memory requirements and route computation times increase. To address this scaling problem, OSPF divides the network into areas (collections of contiguous networks) that are connected to each other through a backbone area. Each router only keeps a link state database for those areas that are connected to the router. Area border routers
(ABRs) connect the backbone area to other areas.

 For security of network and prevent of hacking we install hardware firewall.
 Juniper model 5600 is very public today.
 It can support proxy server and reverse proxy server.

 Servers:
LAN will include Domain controller, Backup domain controller, DNS, Log server, FTP Server,
File Server, WSUS server, SQL server,
Exchange server, SMTP server, Anti virus server, Web servers, VPN server and Anti virus server.
 All servers have install Unix Os.

 Add redundant router in NOC.
 Add redundant swiths in NOC.
 Use redundant UPS in server form.
 Add muliplixer, camera and other devices for video conferancig in server farm of every faculty and connect to swith.
 Add voip device in every faculty.
 Use OSPF protocol.






Add patch panel in every faculty and connect two core of fiber optic cable for power redundancy and load balancing.
Map one public in NOC router ip address for every video conferancig device in each faculty that can use video services.
In NOC router configure bandwidth that every faculty use specific bandwidth during using of internet.
Configure DHCP in every switch faculty.
Configure NAT mechanism in NOC router.

 Remove previous firewall , because network is secure and they make load.
 It is use duel firewall so need two same juniper firewall.
 Configure QOS and periority in swiths and routers.
 If do not use this kind of firewall may need proxy server and reverse proxy server.











Fatima ‘Afzali’
Farangis ‘Jamalzada’
Diana ‘Farahmand’
Zahra ‘Shefa’
Zarmina ‘Addel’
Jamila ‘Jalalzai’
Arezo ‘Muahmadi’
Sediqa ‘Ahmady’
Mushtary ‘Khawjazada’
Aria ‘Kazim’