PROJECT ONE: NETWORK MODIFICATION BRIEF
Project One Submission
Network Modification Brief
CYB 210: Computer Networking: Jamilah Telon
Southern New Hampshire University
Abu S. Alam
PROJECT ONE: NETWORK MODIFICATION BRIEF
Network segmentation is an important practice where a large network is divided into
multiple smaller subnetworks, that are isolated from each other. From a security standpoint,
maintaining segmented subnetworks, isolated from each other is an imperative security measure
that aligns with fundamental design principles. Network segmentation is also important to be
compliant with PCI DSS (payment card industry data security standard) requirements. (Dosal
November 26, 2019)
In this scenario at the DMV, where sensitive client information is handled and
maintained, it is all the more important to segment the larger network, into subnetworks, where
one subnetwork will be used for physical security equipment, or in this case, CCTV cameras, one
of which will overlook the lobby of the DMV, and another camera will overlook the main door
of the DMV. Another segmented network will be used for guest Wi-Fi, where clients coming in
to the DMV will be able to connect to the internet via a wireless router. Another segmented
network within the DMV network will handle all the data. A reserved subnetwork will be used
for VoIP in the future.
Within the greater network, these segmented subnetworks are configured in the switch
via VLANs that are assigned to specific ports. These configured ports are used for the segmented
subnetworks. The following screenshot shows the configured VLANs on the switch.
PROJECT ONE: NETWORK MODIFICATION BRIEF
The VLAN table from the switch also displays the ports that are configured with the
different VLAN numbers. VLAN 70, for the Guest wireless network is configured to the port
Fa0/22, while the subnetwork for the CCTV cameras, VLAN 80, is configured on ports Fa0/23,
and Fa0/24. The configuration of VLANs 70, and 80 were done by accessing the switch
configuration interface. Once in the Config interface of the switch, VLANs 70, and 80 were
added respectively, with their respective names to the VLAN database. Once the new VLANs
were added, they were assigned to the ports mentioned above. Via this configuration, the
network traffic was segmented, where devices can interact with each other only within the
segmented network.
To set up the Guest wireless network, an old wireless router was used from the network
closet, that was connected to the Fa0/22 interface of the switch. This interface on the switch was
configured for the Guest wireless network. Once the router was connected, the router had to be
PROJECT ONE: NETWORK MODIFICATION BRIEF
configured to DHCP settings, where it will automatically assign IP addresses to guest wireless
devices. The router IP address was set to 192.168.70.2. The DHCP server settings was also
configured to allow a maximum of 70 guest users on this subnetwork. The starting IP range for
the guest devices was also set at 192.168.70.10. Although the Client Lease time should have
been set to 4 hours, it could not have been set through the GUI of the router as the option to
change the lease time was not provided on the router. Even when the router was accessed via a
web browser, the client lease time could not be changed from 0, as the option to change the lease
time was not provided. Below is a screenshot picture of the router GUI setting interface. With
future scalability in mind, if required the maximum number of users can be either increased or
decreased depending on the number of users on the Guest subnetwork. Configuring the wireless
router for DHCP, is very useful for the Guest network, as the guest end devices can be easily
connected to the network. With these configurations, the wireless network can be easily scalable
contingent on the needs.
PROJECT ONE: NETWORK MODIFICATION BRIEF
Once the wireless router is configured, two end devices, a tablet and a smartphone has
been connected to the subnetwork. Once the end devices have been configured for DHCP, and
the devices connected to the router via the SSID DMV_GUEST, the devices are connected to the
subnetwork.
The devices within this VLAN 70, GUEST subnetwork, can now communicate with all
the devices within this subnetwork.
The ping from the TabletPC to the Smartphone is successful.
PROJECT ONE: NETWORK MODIFICATION BRIEF
The ping from the Smartphone to the wireless router is also successful.
The devices within the Guest wireless subnetwork, cannot however, communicate with
any of the other devices in the greater network. The end devices in one subnetwork cannot
communicate with end devices on the other subnetworks, as each subnetwork is segmented via
their own VLAN.
On the VLAN_80 VIDEO network, two cameras are connected to the switch ports
Fa0/23 and Fa0/24 which are configured for VLAN number 80 for the video subnetwork. The
cameras are assigned static IP addresses 192.168.80.1 and 192.168.80.2.
PROJECT ONE: NETWORK MODIFICATION BRIEF
A ping test is done from the interface of one of the cameras (192.168.80.1) to the other camera
(192.168.80.2).
With the implementation of network segmentation, the DMV network ensures the
maintenance of CIA of critical data on the VLAN 50 Data subnetwork. The network
segmentation additionally ensures compliance with Fundamental Security Design Principles. The
network segmentation makes sure that critical resources are isolated from the public, and each
subnetwork (domain) is separated from the other ones, maintaining usability of the greater
network at the same time.
PROJECT ONE: NETWORK MODIFICATION BRIEF
References
Dosal November 26, E. (2019). What Are the Benefits of Network Segmentation? From
https://www.compuquip.com/blog/4-security-benefits-of-network-segmentation