Networks and System Administration - Term Paper Example

? Table of Contents Introduction 2. Part Network 2 Business requirements 2.2 Design requirements 2 2.3 Analysis of network design 2 2.4 Firewall and servers at the network and security implementation 3 2.5 Network security 4 2.6 Design of the desktops at the locations –Mesh topology 5 2.7 Linking to the Public Network – Internet 8 2.8 Hardware requirements 10 2.9 Software requirements 11 2.10 Technical requirements 12 2.11 Design technology 13 2.12 Conclusion 13 3. PART 2 - SYSTEMS ADMINISTRATION 14 3.1 Server management policy 14 3.2 Disaster recovery and business continuity 15 Reference 17 1. Introduction Computer networks are becoming an important tool that organizations are relying on in order to facilitate the execution of organizational processes. Company networks serve to facilitate communication processes in the company and facilitate management processes through the use frameworks such as the company intranet. In addition, connectivity to the internet comes with added advantages through which the company can communicate with the outside world. This implies that the implementation and the configuration of a computer network depend on the needs of that particular organization (Bagad 2009). For example, desktop layout is primarily determined by the office arrangement and the need to host a web site warrants the use of a web server in the overall network infrastructure of the company. This paper provided a description of the computer network implemented and management for Target Company (will call it X Company). 2. Part 1 – Network Evaluation of the business needs is the initial step of the design methodology; focusing on business needs, goals and objectives provides an avenue for the designing of a network that will make the business meet its requirements. The steps of the design methodology are outlined below. 2.1 Business requirements For a network design methodology to be effective, it must put into consideration the business needs. Business needs are the key drivers towards the implementation of any project. Understanding the organizational and corporate culture and the business processes of the X Company will play a significant role in determining the effectiveness of the design methodology. The design should be tailored so as to facilitate the realization of the business needs of the company (Barnick 2006). Some of the business needs of the X Company are outlined below. Enhancing employee productivity; the present IT infrastructure at the X Company does maximize on the potential of its employees. Reduction in overhead costs; currently, the company incurs a lot of expenses due to lack of proper communication and network infrastructure. To establish effective management strategies. To enhance customer satisfaction through increased employee productivity and increased efficiency in the execution of business processes. To enhance profitability through increased market share. 2.2 Design requirements The network design requirements are based on the business needs. The network design should facilitate the realization of the business requirements. Specific design standards are implemented basing on the design in accordance with the network and information needs of the X Company. The business needs and technical needs of the network play a significant role in determining the network infrastructure to be implemented (McCabe 2007). The X network rational is designed to achieve the following design requirements: management & security, scalability, performance and availability. 2.3 Analysis of network design The network design of any company cannot be effectively accomplished without proper security design if it is public as well as Intranet. Certifications on audit and certifications were written by the company and they are reviewed on regular basis to make sure that at all times only genuine employees with authority are the only ones being allowed to have access to their respective applications at any particular time (Caslow 1998). The first element of the network at X is a firewall implementation at each of the five locations which serves to ensure that entire traffic via the company’s network is encrypted by a syslog server. At all times log in must be provided before any access to the network management is allowed. Equally, it is important that any production server is an important part of the general company’s management network. Only a few employees will have the authority to access the network and that the network is used to manage all servers on it (Lisa 2002). The importance of this is that it enables accessibility to the computer and equally be in a position to provide coarse-grain protection for any server access. This implies that the five locations of Benchmark Electronic Inc network are connected by two different networks (Tanenbaum 2003). In order to increase the integrity and confidentiality of the provisioning system, the network a tiered architecture has been implemented in the network including the data tier, application tier and the presentation tier. Each of these tiers is an entity on its own and therefore control measures are applied to make sure that only genuine authorized and authenticated transactions are move from one tier to another (Larry and Bruce 2007). Security is enhanced by the fact that any server that connects to the outside world must be located at the network’s presentation or demilitarized zone (DMZ). In the entire network the application layer is given the duty to hosts any business logic applications that will require getting data access. At the same time, the data tier will be allowed to use the source data in the network 2.4 Firewall and servers at the network and security implementation Routers (OSPF), firewall and parameter are employed in the security configuration of X network. All the routers in the entire network offer the much-required security of the network by sieving traffic to different parts of the protected network of the company. The routers use access lists configurations to carry out this duty. The de-militarized zone (DMZ) uses private addresses configured on the firewall requirements (Larry and Bruce 2007). The DMZ also houses the DNS, emails, HTTP and any other types of Internet company server. The following are the servers that have been implemented with the company’s network: Email server: which is primarily used to facilitate e-mail communication within the company and the outside world; DNS server, which is used to support the domain name system of the company web site; Web server, which is used for hosting the company’s web site and relevant web site content; Microsoft Internet Security and Acceleration server, which is primarily used for implementing security over the internet and facilitating a speedy internet access The connection between the locations has been implemented by five routers, which are connected by a fiber optic cable, which serves as the backbone connection as shown in the figure 1 below. It is important to note that the servers are separated from the network although they are linked to the entire network using a router (Tanenbaum 2003). In addition, a router and a firewall (ISA server) have been used to separate the network from the internet. 2.5 Network security No matter physical or logical, network security is an essential element of any computer network. Benchmark of network reliability and stability are both formed by network security. Network management refers to the ease of the process of network administration (McCabe 2007). Firewalls have network address translation (NAT) functionality, and the users protected behind a firewall commonly have addresses in the "private address range" to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals. Hiding the addresses of protected devices is an important defense against network reconnaissance. Virus checkers will be incorporated to prevent, detect, and remove malware, including but not limited to computer virus, computer worm, Trojan horses, spyware and adware. Antivirus software generally will be run at the highly trusted kernel level of the operating system, creating a potential avenue of attack. A variety of strategies are typically employed e.g. Signature-based detection involves searching for known patterns of data within executable code. An intrusion detection system (IDS) monitors network traffic for suspicious activity and alerts the system or network administrator. In some instances the IDS may also respond to anomalous or malicious traffic by blocking the user or source IP address from accessing the network. There are IDS that detect based on comparing traffic patterns against a baseline and looking for anomalies while others simply monitor and alert and there are IDS that perform an action in response to a detected threat. Authentication is the gateway to the database, and for the vast majority of Oracle Systems, the gatekeeper require a valid username and password pair to allow anyone to pass. Options are available to lock accounts after a set number of failed logins, to expire passwords after a set period of time, and to enforce flexible complexity. Requirements on every new password added to the system. However, measures should be taken to arrest cases of password cracking e.g. Brute-force password guessing. The network for the X Company should be such that it is easy to manage and maintain by the network administrators. Security in the workstations within the computer network is implemented using the Access-list, which is a list of instructions that group packets and are used in the configuration of the network to control, provide and deny access of the network traffic to some parts of the network or the entire network. In this network, some computers are denied from accessing to the Internet and some resources depending on its use within the organization. Extended access list is also employed by the X in its network (Larry and Bruce 2007). Extended access list evaluates both the IP addresses of the source and the destination packets, the port number of the Transport layer as well as the header protocol found in the Network layer. By virtue that that the company has different departments at a single location, access lists are primarily used to configure the network flow. For this reason, extended access list has been employed to avoid the interaction of host computers within a given department is a specific location. At the same time using extended access lists, hosts are prevented from accessing the management department within a department or location. Contrary to this, the management department’s computers have access to the entire all the computers within the organization and the entire resources. A good implementation of the network requires that the email server, web server as well as management department be segmented from the entire network. For linking clients and suppliers to the company’s network, the use of Extranet Virtual Private Network (EVPN) has been configured. This facilitates the connection of the networks that are remote to the network of X in a much-restricted form for the business-to-business (B2B) transactions (Larry and Bruce 2007). 2.6 Design of the desktops at the locations –Mesh topology The topology of the computer network is based on the mesh topology. The mesh topology involves the concept of routes. Messages sent on a mesh network can take any of several possible paths from source to destination as opposed to e.g. ring where although two cable paths exist; messages only travel in one direction. Figure 1: connection of the various segments of the network Mesh topology has advantages over other topologies in that it is reliable, no traffic problems, and no network breakdowns. It is designed in a way such that each node is physically connected to every other node. If one node fails, the network finds an alternate route to reach its destination. The hierarchal format of the design contains; the distribution layer and the core layer. Each layer of the hierarchical model has a specific role. The core layer provides optimal transport between sites. The distribution layer connects network services to the access layer, and implements policies regarding security, traffic loading, and routing. In a WAN design, the access layer consists of the routers at the edge of the campus networks. In a campus network, the access layer provides switches or hubs for end-user access. Figure 2: Three-Layer Hierarchical Model While designing mesh topologies, it is important to Control the network diameter so as to provide low and predictable latency. Also helps to predict routing paths, traffic flows, and capacity requirements and makes troubleshooting and network documentation easier. The inclusion of the third layer therefore means that in a case a single office location has to be upgraded, as for example, when one or two additional department needs to be added, then this can be achieved without interfering any network operation of the remaining four locations or departments within them (Caslow 1998). A typical location of the office layout networking is shown below: Figure 3: Department office network topology 2.7 Linking to the Public Network – Internet A key aim of the X network is to access the Internet. In order to manage the much-needed limited public IP addresses, the network uses use a private network. In order to achieve this objective the NAT (network address translation) Overload, also known as PAT (Port Address Translation) is configured to provide a connection to all private IPs in the company’s intranet network to a one public IP address .the main purpose of NAT is to hide the IP address (usually private) of a client in order to reserve the public address space. For example a complete network with 100 hosts can have 100 private IP addresses and still be visible to the outside world (internet) as a single IP address .Overloading' means that the single public IP assigned to your router can be used by multiple internal hosts concurrently. This is achieved by translating source UDP/TCP ports in the packets and keeping track of them within the translation table kept in the router. Figure 4: Typical NAT configuration From the diagram above network consists of a number of internal clients and a router connected to an ISP via its serial interface. The company has been assigned the following Class C subnet: 200.2.2.0/30 (255.255.255.252).This translates to one usable real IP address - 200.2.2.1 - configured on the router's serial interface. IP address 200.2.2.2 will be used on the other end i.e., the ISP's router. Our goal in this example is to configure NAT Overload (PAT) and provide all internal workstations with Internet access using one public IP address (200.2.2.1).NAT is equally of help when it comes to the scalability and security of the network. NAT also plays an important role in server load sharing, network mergers and migrations and in the creation what is known as “virtue servers”. NAT has been implemented at the router on the boarder of the network that provides a direct link to the internet. Figure 5: Architecture outline 2.8 Hardware requirements It is important that the hardware requirements should not exceed the allocated funds limit for the network project. Therefore, a thorough analysis and evaluation of the network components is vital, without jeopardizing the functionality of the network. The table below outlines the required hardware needed for the implementation of the network Device Quantity Total price(?) Personal computers, 2.0 Core2 Duo, 3GB RAM and 160 GB hard drive 200 81250 Cisco Valet Plus M20 Wireless Router 10 531.25 CAT6 Blue - 1000ft Bulk UTP Plenum Rated Solid Cable 3 562.5 Canon Image CLASS D1120 Laser Multifunction Printer 2 650 Router IP6600 1 489 HP Procurve 2510-48 48 port Ethernet Switch 2xSFP 1 631.99 Total 84114.74 Table 1: list of hardware requirements 2.9 Software requirements Applications are also required in this context. The business significantly relies on the billing applications. This means that it requires a billing applications installed on the workstations in order to facilitate the carrying out of business activities. It is also important that the various applications be compatible for use in a Windows platform. Various billing applications can be web based or licensed off the shelf. Licensed billing applications are more preferred compared to the web based billing applications due to security issues. The following table outlines the software requirements for the network implementation project. Software application Number of licenses Price (?) Microsoft Windows XP system software SP3 2 187.5 High deal Billing and Invoicing software 2 125 Operating systems software 2 150 Personnel installation 1 100 Web browsing software Mozilla Firefox 1 170 Total 732.5 Table 2: software requirements In summary the costs incurred in order for the ISP to install necessary and configure a fully functional internet access for the network brings the total budget for the project to about ?84847.24. The only recurring charges that the business will have to incur are the payment of monthly subscription for internet access which varies according to different service providers. 2.10 Technical requirements There is need to segment the network because its size. This means IP version 4 addressing is suitable to assign IP addresses to the various network devices. There is need to subnet the network; subnet design will be as represented in the topology above. Having the router as the default gateway, its IP address is set to a base address of 192.168.11.0/24, say given to an ISP. this pool is enlarged using the mask to create subnets which are enumerated The first subnet is192.168.11.32/27 and from this the host address will be 192.168.11.33/27 and the last will be 192.168.11.62/27.Subnets can now be numbered as from 192.168.11.64/27, 192.168.11.96/27, 192.168.11.128/27 with the exception of 192.168.11.63 which becomes the broadcast address for that subnet and cannot be assigned to any host. The IP addresses of other network devices have to be static in order to enhance security. One approach to enhancing network security is disabling wireless broadcasting by the router. It is also important to encrypt the SSID of the network in order to enhance security in cases whereby there will be wireless broadcasts and VOIP telephone commuinication, the telephone is fixed to the router (Hummel, 2009). The entire traffic passing through the company’s network is encrypted and is linked by a VPN connection. The components on the wide area network have been configured and enabled to use login through a syslog server. Certifications on audit and certifications were written by the company and they are reviewed on regular basis to make sure that at all times only genuine employees with authority are the only ones being allowed have access to their respective applications at any particular time and this will handle issues associated with redundancy within the design (Caslow 1998). At all times log in must be provided before any access to the network management is allowed. Equally, it is important that any production server is an important part of the general company’s management network. Only a few employees will have the authority to access the network and that the network is used to manage all servers on it. The importance of this is that it enables accessibility to the computer and equally be in a position to provide coarse-grain protection for any server access. This implies that the five locations of X network are connected by two different networks, the network are backed up power from the supply line and generator connecting to power distribution line to automate supply (Tanenbaum 2003). In order to increase the integrity and confidentiality of the provisioning system (back up issues), the network a tiered architecture has been implemented in the network including the data tier, application tier and the presentation tier. Each of these tiers is an entity on its own and therefore control measures are applied to make sure that only genuine authorized and authenticated transactions are move from one tier to another. 2.11 Design technology The network design of any company cannot be effectively accomplished without proper technology. Basing on the business requirements, the network design is virtualized to ensure high -performance putting in mind this is a small-to medium size network design. In this design the CPU is maintained at 50% utilization especially during peak loads despite high CPU utilization which is a clear indication of optimal hardware usage. This network is designed in such a way that it does not permit the application signals go beyond a reasonable SLA (service level Agreement). The system running on an operating system a single physical server as designed will raise the peak CPU utilization degree to about 50% but this will average as time goes by because the peaks and valleys of the virtualized operating systems with the network design will cancel each other more or less. In consideration of the hardware requirement, the server in this case will have exceedingly high hardware I/O requirements; it is advisable to run the serve on bare metals especially in this case when the hardware requirements can fit inside a virtual environment. Through virtualization of the server, the network of the X Company can be of two forms; it can lease the management of the network to a third party, mostly the ISP, or it can manage the entire network by itself. In both cases, the Virtual Private Network is used. VPN is used to connect any two, three or more private networks. This connection is mostly via the public network, the Internet. X can get a VPN under the management of its service provider. In such a situation, the service provider is responsible for taking care of the network linkage between two, three or more LANs of the company without at anytime allowing outsiders from accessing the private network 2.12 Conclusion The computer network implemented at the X took into consideration all the aspects of network security, scalability and management. It is arguably from the description that the network design has been segmented according to departments and the various segmentations linked by routers. This ensures that each network segment behaves as if it is an independent network although it is part of a larger network as required by the company in the scenario. 3. PART 2 - SYSTEMS ADMINISTRATION 3.1 Server management policy Network availability is very crucial in networking hence a proper management policy on its availability has to be put in place , in this case there will be network analysis to make sure that the network is available and functions optimally (Shaun2009). The network availability directly affects the running capacity on the serves, it should be noted that the capacity on the servers should be in line with the hardware requirements which in turn influence network design performance thus policies regarding management capacity should systemized and by so doing, it will ensure Monitoring of events like application and user characteristics that have to be recorded and analysed to make sure that the company network meets its SLA’s at all times. Every location office and departmental procedures will to be adhered to when change controls and fault management are in use. Server management policy for X Company has to be based on aspects of network management which include; Routine monitoring of server operation Timely maintenance of the operating system including access and security controls Disaster recovery planning and procedures (documented) including system and file backup Timely & effective communications witavailability managementCapacity planning and System Performance & Optimization In order for all these aspects to be achieved it is advisable to use SNMP which will ensure that this policies work hand in a hand. Always the server will have to be backed up; X company deals with sensitive data which should not be centralized. A good implementation of the network requires that the email server, web server as well as management department be segmented from the entire network and backed up in a different location and in case any changes take place the update on the configurations will have to be made to the operating system to ensure network availability and management capacity are well interlined. 3.2 Disaster recovery and business continuity Strategies on Network scalability are essential to certain disaster recovery and business continuity, these policies are incorporated in the design to cater for future growth of the company. The information needs of the company are subject to change due to an increase in its business operations. This may due expansion of the business or an increase in its customer base. A policy on business continuity involves putting into consideration future growths of the company in terms of expansion and new technological ideas (Shaun 2009). The network architecture must be able to cope up with new changes in terms of network usage and scope. Implementing a network that is dynamic both in its logical design and the actual design poses a great challenge to many network designers and administrators. Well planned network architecture allows the designer to build from initial phases, and should be dynamic as the technology is moving toward performance-enhancing policies. The network architecture must be able to cope up with new changes in terms of network usage and scope (kenyon 2002). Policies regarding Server security have to be standard, in this network, some computers are denied from accessing to the Internet and some resources depending on its use within the organization. Extended access list is also employed by the X in its network. Extended access list evaluates both the IP addresses of the source and the destination packets, the port number of the Transport layer as well as the header protocol found in the Network layer (Larry and Bruce 2007).. By virtue that that the company has different departments at a single location, access lists are primarily used to configure the network flow. For this reason, extended access list has been employed to avoid the interaction of host computers within a given department is a specific location. At the same time using extended access lists, hosts are prevented from accessing the management department within a department or location. Contrary to this, the Management department’s computers have access to the entire all the computers within the organization and the entire resources. For linking clients and suppliers to the company’s network, the use of Extranet Virtual Private Network (EVPN) has been configured. This facilitates the connection of the networks that are remote to the network of X in a much-restricted form for the business-to-business (B2B) transactions Reference Bagad, Dhotre (2009). Computer Networks. New York: Technical Publications Caslow, Andrew (1998). Cisco Certification: Bridges, Routers & Switches for CCIEs. Upper Saddle River, NJ: Prentice Hall Pinters Larry, Peterson and Dave Bruce (2007). Computer networks: a systems approach. New York: MorganKaufmann. Tanenbaum, Andrew(2003). Computer networks. Upper saddle River, NJ: Prentice Hall Professional Barnick, Mike. "Enterprise insights ." 27 October 2006. Six Steps to Efficient Network Design . 3 February 2011. Hummel, Shaun. "Ezine Articles." 14 May 2009. Network Design Process – Effective Network Planning and Design. 3 February 2011 . kenyon, Tony (2002). High-performance data network design: design techniques and tools. New York: Digital Press McCabe, James D.(2007) Network analysis, architecture, and design. San Francisco Calif: Morgan Kaufmann Zhang, Lisa (2002). Network design. London: Springer Read More