Add to collection(s) Add to saved
  1. No category
Uploaded by balesh.aiforu

case assignment

advertisement 
Case Study
Raj Kumar Thopicharla
002-81-5477
1. You should submit a network drawing listing the network’s topology
including any necessary hardware.
Network components
Amount
Router
8
Firewall
16
Multilayer-switch
4
Switch
8
Access-point
2
Workstation
1400
Server
20
2. You should list any recommended cable.
These are necessary cables to implement the network design:
-Copper straight-through Cat 6 Ethernet
-Copper cross over Cat 6 Ethernet
- OC-3c Fiber optic multimode 155 mbps 62.5/125 µm
3. You can recommend wiring closets wherever you need them.
Each floor at both buildings, it is going to be install a big rack where we can
place all switches, routers and network equipment to make it comfortable
working with the network devices. A good practice is to label every cable
and interface in a way that it will be possible to understand all the network
connections.
4. You should recommend ways to assure that you are not getting
attacked.
There are a lot of security measures that are design for the network, these
measures are:
-Port scanner:
The network administrator of the company needs to be constantly
monitoring the access layer doing port scanners over all the access
switches of the network. This is necessary because just with only one
access port without security could affect the whole network and it leaves the
network expose against hackers without good intentions.
-Firewalls:
The firewalls are great network devices that bring high protection levels to
the network. The firewalls are known by leaving the unknown and
dangerous things outside the network, while keeping the important
information inside the network for a better security level. The following
security measures are implemented on the firewalls of the network
- Packet filtering:
The packet filtering gateways, is a secure implementation for the network,
because what it does is to check the source and destination IP address for
each packet, and examining the type of transport protocol that the streaming
is using. The packets that are not listed on the policies configured by the
network administrator of the enterprise are discarded for security measures.
-Stateful inspection firewalls:
The stateful inspection firewall instead of blocking any access, just like the
packet filtering gateway does, it tracks the streaming of data to check any
anomaly or threat in the network. If the proxy server accumulates enough
evidence (set by the network administrator as a security policy) the host will
be blocked.
-Proxy server:
The proxy server works as an intermediate between the communications of
applications inside the network. The proxy server has a kind of pseudo
applications that track the packets content traveling between the
applications inside the network edge.
-Encryption:
The data encryption inside the network is one of the better options to keep
the data and information completely secure. Without encryption, it would be
easy for hackers to get the sensitive and important information that the
network has. Or maybe also a man in the middle attack that tries to spy on
the network. The principle task of encryption is to keep the information
secure from the eyes of hackers and attackers. One of the most deployed
algorithms nowadays is called RSA, which is an asymmetric algorithm that
works along with two keys created inside the network, one is the public key
and the other is the private key. Just like the names, the private key is
created by the one that starts the communication and is kept, the private
keys isn’t share with anyone while the public key is sent to the other side of
the communication for example, if the key is create in Atlanta, then Atlanta
sends the public key to Cincinnati while keeping the private key inside. Both
keys are mathematically related, but they are not the same.
-GRE (Generic Routing Encapsulation) over IPsec:
One of the best methods to secure the communication between both
locations is implementing a VPN (Virtual Private Network) over the ISPs
(Internet Service Provider). IPsec brings a lot of security over the VPN, the
only problem that IPsec has, is that it only allows the unicast packets
transmission which will not allow dynamic routing protocols like OSPF or
EIGRP, that’s why GRE comes along, because GRE does allow other kinds
of communications like multicast and broadcast, so in order to have full
connectivity between
Atlanta
and
Cincinnati,
GRE
over IPsec is
implemented.
-IPsec security measures:
IPsec is able to provide a lot of security measures like
-Confidentiality: which is the encryption of packets over the internet and they
are seen for outside users as cipher text, which has no meaning at all once
the packet is open, they will see a lot of characters which is the encryption
that IPsec is able to provide.
-Integrity: Data integrity assures that the data hasn’t been modify for a third
party between the communication of Atlanta and Cincinnati.
-Authentication: Is the ability to stablish the connection only between both
locations, by the applications of passwords which will deny the access of
unauthorized users.
Note: The two major security measures provided by IPsec are,
confidentiality and Integrity.
-NAT/PAT:
NAT stands for Network Address Translation, and PAT (Port Address
Translation) what NAT/PAT does is to translate private IP addresses to
public IP addresses. The translations are made for the source IP address to
the destination IP address and the Source TCP/UDP port to the destination
TCP/UDP port.
NAT/PAT was developed because of the need to save the IPv4 IP
addresses. Although when the IPv4 protocol first started, it was believed
that the IPv4 scope never would end but with the fast technology growth in
these days, the amount of users connected to the internet, whether with
laptops, workstations, cellphones and the vast amount of devices have
limited the IPv4 addresses available over the world. So, the creation of
NAT/PAT is able to provide one IP address for a big number of users,
instead of one public IPv4 address per user, NAT/PAT is able to translate
the private IP addresses per one public IP address, the addresses are
translate per number of ports in order to differentiate the different streaming
between both locations.
-NAT/PAT security overview:
This protocol brings a lot of security to the network because instead of
expose private IP addresses of the network, which can be used to reveal the
IP addresses of important servers where the data is kept, there is only one
or a small group of addresses that are translated, going outside of the
network. So, it helps to protect the real IP addresses of the networks.
5- You should build traps to stop attackers.
-Honeynet: The honeynet works as a trap for hackers because the hackers
can see the honeynets only as a host but it is actually a server. Honeynets
are design to deny access to legitimate users inside the network, so if one
outside user access the honeynet, it is supposed to be a hacker, so
honeynets are good to improve the security inside both networks.
6- You should recommend any technology needed in the data center
for high availability.
The network is designed for each datacenter at Atlanta and Cincinnati to
have redundancy, these locations have redundancy with switches, in
case that any switch goes down there will be another switch to take over.
Also, even though if the main database located at Atlanta goes down,
there will be a back-up database located at Cincinnati.
For a higher redundancy and security measures, the data is saved at the
cloud, meaning that any of the main data storage enterprises, like
google, will save the information In case it is a cyber-attack at both
locations, there will be still a security back-up with a trustworthy service.
7- You should recommend any WAN or wireless technologies.
-WAN (Wide Area Network): The WAN (Wide Area Network) between both
locations Atlanta and Cincinnati is carry out with a layer two protocol (Frame
Relay). Where each site is connected via ISPs (Internet Service Providers).
The topology between both sites is a point-to-point network where the
Atlanta location is directly connected with Cincinnati. With frame-relay, pointto-point interfaces, there is only one physical interface directly connected to
the ISP at both locations.
Frame relay is a packet switching WAN protocol that is frequently changing
the path it takes to its destination because it works inside the networks of
the internet, also for this reason frame relay is a lot cheaper than leased
lines (dedicated lines between two sites), and this is one of the reason of the
implementation instead of the leased lines.
-Wireless technology:
The wireless technology that the Cisco AP (Access Point) works with is
IEEE 802.11 specially designed for Wi-Fi. This technology is implemented at
both sites to allow connectivity to devices like laptops, tablets, and phones.
The WIFI wireless connection runs the 802.11 standard established by the
IEEE (Institute of Electrical and Electronics Engineers).
These Access Points can work on both the global 2.4GHz and 5GHz radio
bands. The following technologies work with 2.4 GHz band: 802.11b,
802.11g and 802.11n. This band can be affected by Bluetooth devices,
microwave oven, and some wireless phones.
Related documents
is my property located within the city limits
is my property located within the city limits
Parent Tip: Help Your Child Resume Normal Behavior
Parent Tip: Help Your Child Resume Normal Behavior
Download
advertisement