ICAA5150C EVALUATE VENDOR PRODUCTS AND EQUIPMENTS One good solution is to separate the router of the students and administration staff. With this, it is easier to know which IP addresses to restrict. Once we assigned each computer their own IP addresses, it is now easier to add a restriction. We’re going to need 3 routers, one is connected to the ISP, the other one is for the student’s network, and the other one is for the staff/administration’s computer. HARDWARES NEEDED: 1. (3 pieces) 4-Port Cable/DSL Router TL-R402M ($23 each) Features: Shares data and Internet access for Stations, connecting Internet through PPPoE on demand and disconnecting when idle Supports TCP/IP, PPPoE, DHCP, ICMP, NAT Built-in NAT and DHCP server supporting static IP address distributing Built-in Firewall supporting Domain Name filtering, and MAC address filtering Supports Virtual Server, Special Application, and DMZ host Supports Static Routing, VPN pass-through Supports firmware upgrade, Remote and Web management Specifications: HARDWARE FEATURES Standards and Protocols IEEE 802.3, 802.3u, 802.3x, TCP/IP, DHCP, ICMP, NAT, PPPoE Interface 1 10/100Mbps WAN port, 4 10/100Mbps LAN ports (Auto Negotiation/Auto MDI/MDIX) Network Media 10BASE-T: UTP category 3, 4, 5 cable (maximum 100m) EIA/TIA-568 100Ω STP (maximum 100m) 100BASE-TX: UTP category 5, 5e cable (maximum 100m) EIA/TIA-568 100Ω STP (maximum 100m) Button Reset Button HARDWARE FEATURES External Power Supply 9VDC 0.6A Dimensions (W X D X H) 5.9*3.9*1.1 in. (150*100*28 mm) Power Supply Max. 1.7W (With Power Adapter) SOFTWARE FEATURES Basic Function DHCP Server, DHCP Client, MAC Address Modify/Clone, VPN Pass-through Port Setting LAN and WAN Port Setting Port Forwarding Virtual Server, Special Application Static Routing, DMZ Host, UPnP Firewall Security Firewall Rules Setting, MAC Address Filtering, Domain Name Filtering, IP/MAC Address Binding, Ignore Ping Packet From WAN Port System Function Remote Management, Flow Statistics System Log, TFTP Upgrade OTHERS Certification FCC, CE, RoHS Package Contents TL-R402M Resource CD Power Adapter RJ-45 Ethernet Cable Quick installation Guide System Requirements Microsoft® Windows® 98SE, NT, 2000, XP, Vista™ or Windows 7, MAC® OS, NetWare®, UNIX® or Linux. Environment Operating Temperature: 0℃~40℃ (32℉~104℉) Storage Temperature: -40℃~70℃ (-40℉~158℉) Operating Humidity: 10%~90% non-condensing Storage Humidity: 5%~90% non-condensing 2. (2 pieces) JetStream™ 8-Port Gigabit L2 Managed Switch with 2 SFP Slots TL-SG3210 ($213 each) 3. Features: Layer 2 Features Link Aggregation Control Protocol (LACP) Up to 4K VLANs simultaneously(out of 4K VLAN IDs) GVRP (GARP VLAN Registration Protocol) Port Isolation STP/RSTP/MSTP IGMP Snooping Quality of Service 4 priority queues Support IEEE 802.1P DSCP QoS Rate limit feature Security Strategies IP-MAC-Port-VID Binding Access Control List (L2~L4 ACL) 802.1x and RADIUS Authentication Support DoS defend Port Security SSL and SSH encryptions Management Web-based GUI Command Line Interface SNMP v1/v2c/v3 RMON (1,2,3,9 group) Specifications HARDWARE FEATURES Interface 8 10/100/1000Mbps RJ45 Ports (Auto Negotiation/Auto MDI/MDIX) 2 1000Mbps SFP Slots 1 Console Port Network Media 10BASE-T: UTP category 3, 4, 5 cable (maximum 100m) 100BASE-TX/1000Base-T: UTP category 5, 5e, 6 or above cable HARDWARE FEATURES (maximum 100m) 1000BASE-X: MMF, SMF Fan Quantity Fanless Dimensions ( W x D x H ) 11.7*7.1*1.7in. (294*180*44 mm) Power Supply 100~240VAC, 50/60Hz PERFORMANCE Bandwidth/Backplane 20Gbps MAC Address Table 8k Packet Buffer Memory 512KB Packet Forwarding Rate 14.9Mpps Jumbo Frame 10240 Bytes SOFTWARE FEATURES Quality of Service Support 802.1p CoS/DSCP priority Support 4 priority queues Queue scheduling: SP, WRR, SP+WRR Port/Flow- based Rate Limiting Voice VLAN L2 Features IGMP Snooping V1/V2/V3 802.3ad LACP (Up to 8 aggregation groups, containing 8 ports per group) Spanning Tree STP/RSTP/MSTP Port isolation BPDU filtering/guard TC/Root protect Loop back detection 802.3x Flow Control VLAN Supports up to 4K VLANs simultaneously (out of 4K VLAN IDs) Port/ MAC/Protocol-based VLAN GARP/GVRP Management VLAN configuration Access Control List L2~L4 package filtering based on source and destination MAC address, IP address, TCP/UDP ports, 802.1p, DSCP, protocol and VLAN ID; Time Range Based Security IP-MAC-Port-VID Binding IEEE 802.1X Port/MAC Based authentication, Radius,Guest VLAN DoS Defence Dynamic ARP inspection (DAI) SSH v1/v2 SSL v2/v3/TLSv1 Port Security SOFTWARE FEATURES Broadcast/Multicast/Unknown-unicast Storm Control Management Web-based GUI and CLI management SNMP v1/v2c/v3,compatible with public MIBs and TP-LINK private MIBs RMON (1, 2, 3, 9 groups) DHCP/BOOTP Client,DHCP Snooping,DHCP Option82 CPU Monitoring Port Mirroring Time Setting: SNTP Integrated NDP/NTDP feature Firmware Upgrade: TFTP & Web System Diagnose: VCT SYSLOG & Public MIBS OTHERS Safety & Emission CE, FCC Package Contents Switch; Power Cord; Quick Installation Guide;Resource CD; Rackmount Kit; Rubber Feet System Requirements Microsoft® Windows® 98SE, NT, 2000, XP, Vista™ or Windows 7, MAC® OS, NetWare®, UNIX® or Linux. Environment Operating Temperature: 0℃~40℃ (32℉~104℉); Storage Temperature: -40℃~70℃ (-40℉~158℉) Operating Humidity: 10%~90% non-condensing Storage Humidity: 5%~90% non-condensing 3. (2 pieces) 150Mbps Wireless N Access Point TL-WA701ND ($46 each) Features: Wireless speed up to 150Mbps makes it ideal for bandwidth consuming applications Supports multiple operating modes (Access Point, Multi-SSID, Client, Universal/ WDS Repeater, Bridge with AP) Easily setup a WPA encrypted secure connection at a push of the WPS button Supports Wi-Fi Multimedia (WMM) assures the quality of VoIP and multimedia streaming Up to 30 meters (100 feet) of flexible deployment with included Power over Ethernet Injector Up to 4 SSIDs and VLAN support, it allows networks administrator to segregate different services or applications to different designated users WPA/WPA2 encryptions provide your network with active defense against security threats Backward compatible with 802.11b/g products 5dBi External detachable antennas allow for better alignment and stronger antenna upgrades Wall mounted available, also can be placed horizontally on a table or desk Specifications: HARDWARE FEATURES Interface 1 10/100Mbps Auto-Sensing RJ45 Port(Auto MDI/MDIX, Passive PoE) Button WPS Button Reset Button External Power Supply 9VDC / 0.6A Wireless Standards Dimensions ( W x D x H ) Antenna Type IEEE 802.11b, IEEE 802.11g, IEEE 802.11n 7.1 ×4.9× 1.4 in. (181 ×125 ×36mm) 5 dBi Detachable Omni Directional Antenna (RP-SMA) WIRELESS FEATURES Frequency 2.4-2.4835GHz Signal Rate 11n: Up to 150Mbps(dynamic) 11g: Up to 54Mbps(dynamic) 11b: Up to 11Mbps(dynamic) EIRP <20dBm (EIRP) WIRELESS FEATURES Reception Sensitivity Wireless Modes Wireless Functions Wireless Security Advanced Functions 130M: -68dBm@10% PER 54M: -68dBm@10% PER 11M: -85dBm@8% PER 6M: -88dBm@10% PER 1M: -90dBm@8% PER AP Mode, Multi-SSID Mode, Client Mode, Repeater Mode (WDS / Universal ), Bridge Mode WDS Bridge, WMM SSID Enable/Disable MAC Address Filter 64/128/152-bit WEP Encryption WPA/WPA2/WPA-PSK/WPA2-PSK (AES/TKIP) Encryption Up to 30 meters Passive PoE is supported OTHERS Certification Package Contents System Requirements Environment CE, FCC, RoHS TL-WA701ND 1 detachable Omni directional antenna Passive PoE Injector Power Supply Unit Resource CD Quick Installation Guide Microsoft Windows 98SE, NT, 2000, XP, Vista™ or Windows 7, MAC OS, NetWare, UNIX or Linux. Operating Temperature: 0℃~40℃ (32℉~104℉) Storage Temperature: -40℃~70℃ (-40℉~158℉) Operating Humidity: 10%~90% non-condensing Storage Humidity: 5%~90% non-condensing Recommendation: I chose the same brand, TP-Link, on everything to make sure there will be no compatibility issues. And TP-Link is already known for networking. It is also known to be a good product. Another plus in choosing this product is that you will get it for a reasonable price. I can recommend this product because it is reliable and easy to configure. Control the access from student computers to internet. -By using a proxy server for the student’s network, we can minimize the internet use of the students. With the proxy server, you can filter all websites that we don’t want for them to access while still in class hours. Setting up a proxy server using a Linux operating system; we can use Squid Proxy Server to do this plan. We just have to give each student’s computer an IP address so that we can list it on making the restrictions. With Squid proxy server, we can allow only selected IP address/computers to have access to the internet. We can also block sites, and restrict the access during a particular time. Increase the bandwidth of wireless network Netlimiter Pro ($29.95) -For increasing the bandwidth, I recommend to use the software Netlimiter Pro. With this software, we can control internet traffic and it is also a monitoring tool. You can use NetLimiter to set download/upload transfer rate limits for applications or even single connection and monitor their internet traffic. I chose this software because it is easy to use and doesn’t require too much networking knowledge so it’s easy to set up the first time. Prioritize the traffic flow from staff member computers -I’m also going to use the software Netlimiter Pro for this problem. I can add all the staff computer’s IP address and set a Features: Limits You can use NetLimiter 3 to set download or upload transfer rate limits for applications, connectionsand filters. With limits you can easily manage your internet connection's bandwidth (bandwidth shaper) and share it among all applications running on your computer. Network monitor NetLimiter 3 shows list of all applications communicating over network it's connections and transfer rates. Connection blocker You can allow or deny certain applications to connect to or from any network or zone. Filters With filters you can define groups of connections or applications and then apply rules to them. You can for example set DL/UL limit only for a specific IP address range or for a group of two or more applications. Rule editor and scheduler Rule editor helps you to create advanced rules. For example, you can create limit or firewall rule for a group of applications which is valid only in a given time interval (=you can schedule limits, grants and fw rules). Zone Editor Zone is remote address space which your machine is communicating with. You can monitor or control traffic for a given zone separately. There are two predefined zones - Local and Internet. With this tool you can create your own zones and edit them. Statistics NetLimiter 3 stats module is intended for long-term measurement of internet traffic. This feature lets you to track your internet traffic history since you've installed NetLimiter. Traffic chart This feature is known from previous version of NetLimiter. Traffic chart shows application's or connection's real time activity. Remote administration You can control and monitor other computers remotely from one place. Permissions editor With this tool, you can decide, which user is allowed to monitor or control network traffic. Questions for the Interview Name at least 4 different brands and their products for the following areas: Servers 1. IBM 2. HP (Hewlett-Packard) 3. Dell 4. Sun Routers 1. Linksys 2. Netgear 3. D-link 4. TP-Link ADSL Modems 1. Dynalink 2. Warcom 3. Belkin 4. Thomson NAS 1. Synology 2. LaCie 3. Buffalo 4. Seagate 1. 2. 3. 4. Name some network server operating systems ZeroShell Clear OS Untangle Endian What is the common between BSD and Linux? 1. Licenses - The Linux operating system is licensed under the GPL. This license is used to help prevent the inclusion of closed source software and to ensure the availability of the source code. BSD License is much less restrictive and even allows for the distribution of binary-only source. 2. Control - The BSD code is not “controlled” by any one user, which many people see as a big bonus. Whereas the Linux kernel is mostly controlled by Linus Torvalds (the creator of Linux), BSD does not have a single person dictating what can and can’t go into the code. Instead, BSD uses a “core team” to manage the project. Name some network security products, their features and availability 1. Norton 360 Features: Our ultimate protection for your PC – includes everything from Norton™ AntiVirus and Norton™ Internet Security with 2 GB of secured online storage. Norton™ Protection System – Our 5 patented layers of protection detect and eliminate threats more quickly and accurately than other technologies. Network Defense Layer Protection – Stops online threats before they can reach your computer. SONAR Behavioral Protection & Live 24x7 Threat Monitoring – Stays ahead of, detects and eliminates threats that haven’t been invented yet by watching your PC for suspicious activity. Threat-removal Layer – Targets and eliminates hard-to-remove threats less sophisticated products often miss. Norton™ Management – Cloud-based controls let you fix, update, renew and install Norton 360™ over the Internet with a few simple clicks. It brings together your available Norton™ protection for other devices, like your Mac® computer, smartphone or tablet, in one place. Norton™ Safe Web for Facebook – Scans your Facebook News Feed for dangerous links, infected downloads and unsafe websites. Automatic Backup – Backs up your photos, music and other important files only when you’re not using your computer, so it won’t get in your way and you don’t have to remember to do it. PC Tuneup – Fixes common computer problems, frees up memory, removes unnecessary files and cleans up your hard drive. Always up-to-date Product Version – Norton™ automatically sends you important product and feature updates throughout the year. The latest version installs without you needing to do anything. FREE 24x7 Support – Offers you expert help and answers by phone, live chat or online, whenever you need them. 1 Parental Controls Management – Lets you access Norton™ Family through Norton 360™. Antiphishing Technology – Blocks fraudulent “phishing” websites set up by online scammers to steal your money, passwords, and identity. Norton™ Identity Safe – Remembers, secures and automatically enters your user names and passwords for you. Insight – Improves performance by identifying safe files and only scanning unknown files. Norton™ Safe Web and Safe Search – Proactively protects users while surfing the Web by warning of and blocking unsafe and fake websites right in search results. The Safe Search Toolbar installs automatically so you can search safely right from your browser.2 Browser Protection – Proactively protects you by checking for and blocking online threats as your browser loads, to stop online threats before they can do damage. Web-Based Backup Access – - Lets you download and share photos, videos and other files you’ve backed up online, anytime, anywhere via the cloud. Download Insight 2.0 – Protects you from dangerous applications before you install them by telling you if they are harmful or unstable. Vulnerability Protection – Stops cybercriminals from using security holes (vulnerabilities) in applications to sneak threats onto your PC. Bandwidth Management 2.0 – Automatically adjusts Norton™ data usage updates when you connect to 3G networks to avoid using up your monthly data allotment or causing overage fees. Norton™ Pulse Updates – Updates your protection every 5 to 15 minutes, without disrupting you. 2. Avast Internet Security Features: Go beyond antivirus to protect yourself avast! Internet Security provides complete antivirus, anti-spyware, antispam, and firewall protection, complemented by remote assistance options, a software updater, and avast! SafeZone™, built specifically for online shopping and banking threats you’ll encounter in 2013. Make sure your identity stays yours alone Our built-in silent firewall blocks hackers and other unauthorized entry attempts to steal sensitive personal data from your PC. Plus, email spam and phishing attacks are prevented with built-in anti-spam. Shop and bank online without worry SafeZone™ is a private and isolated virtual window on your desktop, for securing your sensitive financial transactions online. Perfect for auction sites, buying tickets, booking hotels or airlines, online gaming, or any sort of monetary transfer. Surf and socialize without worry Sandbox lets you surf the web and run even risky programs virtually, outside your PC. And our Web, IM, and P2P shields ensure your safety on social networks (e.g. Facebook or Twitter) and online dating sites, IM chats (e.g. Skype or ICQ), or peerto-peer file-sharing sites. Benefit from real-time protection Hybrid cloud technology streams your virus database updates to your PC in real-time, so your avast! software has all virus definitions as soon as they are known to our Virus Lab. Know what’s coming before you click Our cloud-based FileRep feature keeps reputation data on millions of files, so we can warn you of a file’s reputation before you open it. Manage avast! on all your devices Your AVAST Account portal is your personal directory for all your avast! related data, for all your desktop and mobile devices. Each month, we also prepare for you a Security Report that shows an overview of the most significant details (e.g. number of infected sites blocked). Name some products where alternative solutions exist. Compare the features and price. Browse Control ($119) -If using a proxy server like Squid is not effective, we can use an alternative solution for controlling the internet access of students is by using software called, Browse Control. With Browse Control, we can put all the IP addressed of the student’s computer and control their browsing. With this software, the user doesn’t need to have networking knowledge to set up internet access of students. Although we’re going to have to pay for the software’s license, it is easier to set up this software for first time users. Features: Block Websites Manage your organization’s Internet Access Block or filter Internet access conveniently from a Central Console. Internet traffic can be blocked or filtered at both HTTP and HTTPS levels. BrowseControl restricts Internet access by computers or by users. Allowed List / Blocked List Allow or deny access to specific websites Enhance employee and student productivity by restricting surfing to work and school related sites only. Add the relevant sites to the Allowed List and the users’ browsing will be confined to these sites only. To allow access to all sites but the offensive ones (e.g. games sites and adult sites), enforce the Blocked List. URL Category Filtering Over 100 categories to restrict Internet access BrowseControl’s extensive Category Filtering, comprising of a diverse listing of more than 100 URL categories provides the added control of managing website accessibility beyond the simple list of URLs. The laborious task of blocking millions of objectionable web sites is instantly facilitated by simply selecting categories to be blocked from a range of 108 URL Category filters. Block Applications from Running Stop chats, games or offensive applications Eliminate the distractions from playing games or online chatting on common programs such as AOLInstant Messenger, Google Talk, Windows Live Messenger, Yahoo! Messenger etc.. BrowseControl blocks applications through the “Original Filename” which is an internal name that cannot be modified even if the exe name has been manipulated. Port Filtering and Download Filter Block traffic from ports or specific file types Port filtering can also be employed to restrict traffic on specific ports. Filtering options can be applied to block unwanted downloads of video, audio and exe formats. This provides the additional security of protecting your network from being infected by virus or suspicious files. Computation for hardware and software needed for this project: Router $23 each * 3 pieces= $69 Switch $213 each *2 pieces= $426 Wireless Access point $46 each * 2 pieces= $92 Netlimiter Pro $29.95 TOTAL AMOUNT: $616.95