Local Area Network Design - Assignment Example

?Introduction WAN technology is implemented in many different ways depending on the requirements of the organizations. Topology is the network structure which can be connected to multiple networks structured on different topologies. Corporate organizations need massive volume of data to be transferred from their head office and remote offices. For example, the backup servers located in the head office, needs to be updated on a regular basis. The data from the remote offices is essential to be updated on the backup server at every 24 hours. The bandwidth requirement depends on the data type and volume of the information which needs to be synchronized or transferred from the remote offices. For universities, bandwidth requirements are aligned with application and data that needs to be transferred from each campus to another, depending on the network structure. Moreover, security issues must be addressed, as academic papers, results and exams are stored in a database that can be exploited by hackers. However, connecting remote offices securely and effectively can be accomplished by implementing Virtual Private Networks operating on WAN. Blue Coats system executive Chris Webber says, “Credit must be given to the WAN technologies for facilitating the corporate organizations economically” (Webber, 2010) Before discussing the scenario of Scilly University, we will first briefly discuss Wide Area Networks and its types, as it will be easier to grasp the discussion that is discussed further. For saving costs, organizations do not maintain and manage Wide area networks, as it will be a very expensive solution to connect two offices located at different states. For this reason, third party vendors sell WAN services and also recommend WAN solutions. These solutions provide a dedicated connection to each remote office and head offices, as the connection will not be shared with other organizations in terms of bandwidth, high network availability and security is ensured. Moreover, the dedicated WAN connection will ensure Quality of Service (QoS), better network and resource administration and management. However, dedicated WAN connections are configured on point to point protocol PPP, Point to point tunneling protocol PPTP, High level data link control HDLC, Domestic level data link control DPLC and serial in line protocol SLIP. However, dedicated leased lines are comparatively expensive, as they connect remote offices that are located far away. Likewise, the circuit switch network is provisioned by the Internet service provider ISP, as the ISP provides two types of connection i.e. Analog connection and Digital Connection. The ‘analog connection’ comprises of Integrated Services Digital Networks ISDN that is comparatively a slow connection and does not support high bandwidth, as they only support 19 – 128 Kilobits per second. However, a research was conducted by using supercomputers, where an evaluation demonstrated dissimilarities in a TCP/IP computer network that was not able to handle overloading of bandwidth. On the other hand, a circuit switched network handled the bandwidth overload efficiently and justifies itself to be a reliable service (Knapp, n.d). The packet switching network is directly connected to the Internet Service Provider similar to a network device i.e. hub. As more than one customer is subscribed to the service running on a PSTN, bandwidth issues are common; however, they can be managed by configuring a router that can be connected to a dedicated physical connection. Likewise, the physical connection can be segmented by virtual connections that can be allocated to remote offices of the organization. Some of the technologies that contributed in a packet switched network are frame relay networks and X.25 protocol. After discussing these two type of networks, cell switching is the third type of network. The packet switching network transmits data or data packet in a variable length frame, while, the cell switching network transmits data packet in cells of fixed size and length. Likewise, the fixed length of a data packet provides the capability to handle high bandwidth data transmission. Some of the technologies that are based on cell switching are ATM networks, SDSL and ADSL networks. For the current scenario, cell switching network will be recommended. Identified Weaknesses Administration department of Scilly University is located in each building. Primary responsibilities of the administration department are to store and update student information. As mentioned earlier, the Scilly University network is structured on token ring topology. The ring topology is considerably slow as compared to star topology. Each data packet must inquire each node on the administration department network and match the destination address resulting in slow accessibility. Likewise, if any node on the network shuts down, the impact will be on the overall network. Furthermore, ring topology based networks and NIC cards are expensive as compared to star topology. As the student database is located on the central server that is accessed by the Telnet command, the ring topology is delaying user network access by broadcasting the request to each node on the administration department network one by one. Similarly, the academic staff is identical to the administration network and based on the same ring topology network. However, both of the networks are separate and are not connected to each other. The academic staff sends their request to the administration staff for accessing student information, as they do not have direct access to the database. However, the academic staff sends and received documents from the administration. The primary concern is associated with access of the academic department, as currently they are dealing with limited access and no access at all for student details. Moreover, an interface is required for publishing course documentation on the website for regular students and distant learning students. Effective access management methods must be incorporated for restricting and granting access to authentic users. The student’s network is comprises of two separate computer laboratories located at each of the buildings. Each of these computer laboratories possess 20 workstations running on an old fashioned asynchronous network that needs to be replaced on immediate basis. Every time applications are loaded on specific machines in specific laboratories resulting in numerous configuration issues along with massive support and maintenance cost in terms of skilled resources. Proposed Network Solution Figure 1.1 Fig. 1.1 illustrates the network diagram of Scilly University main campus with other remote sites B and C respectively. The network is based on the latest star topology, as it demonstrates many benefits comparatively with the ring network topology. Likewise, gigabit Ethernet supported CAT 5 cable is suggested for optimal data transfer by supporting full duplex mode. Similarly, for connecting administrative staff, academic staff and student networks, fast Ethernet switches capable of supporting data transfer speeds in gigabits are suggested. For delivering optimal value, both gigabits supported cabling and switches are installed for robust communication between university students, staff and distant learning users. Likewise, 24 port switches are used to support 24 maximum users for each department. However, if there are more than 24 users, a secondary switch can accomplish the task. The main campus acquiring all the servers is also equipped with a firewall for minimizing security threats that may compromise student records for modifying results and vice versa. Moreover, servers include Microsoft active directory server, Microsoft Internet Acceleration and Security Server, Application server, Domain controller, Email server and centralized server containing student records. However, for establishing connectivity with other sites, DSL modem is also suggested with a high bandwidth connection from an Internet Service Provider (ISP). Email server provides Post office protocol (POP) and Internet message access protocol (IMAP). POP provides a storage space on the email server and stores all the emails of the user when he is away from the computer. For accessing email, users will equip Microsoft Outlook for reading and replying emails to each other, regardless of location. Email server operates on a Domain name service, as we have already suggested a domain controller, we can assume a domain name of ‘Scilly University ‘as ‘Scillyuniedu.com’. Similarly, network administrator will define email address of every employee as ‘name@Scillyuniedu.com’ will be his or her email address. Regardless of location, when an administration staff sends an email to the student in building B, the message will first pass via the email server. The email server verifies the address and transmits the message to the relevant email address via Internet based VPN, as illustrated in Fig. 1.1. Moreover, the domain is synchronized with Microsoft active directory and domain controller i.e. for restricting emails only to the administrative staff, a group policy will be established for this purpose. However, if teachers or the academic staff wants to communicate with the students, they can easily send and receive emails via Microsoft outlook to any email address provided by the students. For sending emails within the university, students may have an email address of ‘name@Scillyuni.com’ and for outbound networks ‘name@hotmail.com’. Academic staff will be able to send and receive emails from both of these addresses because, email server is connected to VPN + Internet based DSL connection. For addressing a long distance from each of these locations, Internet based VPN connection will solve this issue. However, there are many other options, for instance, radio link can provide connectivity to long remote locations but it will be considered as expensive. As per the scenario, the cost effective solution is to subscribe an internet service with a high bandwidth and establish a Virtual Private network connection that will also provide security by operating on point to point and tunneling protocols supporting encryption and encapsulation. However, a dialer is required for connectivity. The support staff available in the technical department of the Scilly University needs to dial from a dialer to establish a secure connection by providing login credentials. Moreover, the DSL Internet + VPN connection will utilize the public switched telephone networks for establishing connectivity and require a telephone line at each end of the remote campus locations. The best solution for providing Internet and Email services for internal and external communication is already illustrated in the Fig 1.1. Each location technician room is drawn separately to gain better understanding of the scenario. Likewise, along with the main campus, the other two sites also have routers installed. The main functionality of the router is to route internet requests to the WWW and internal request via VPN. However, if a user wants to access the Internet, the first step will be to verify permissions. As it is already a proposed domain environment, where active directory is performing administrative tasks, user credentials will initially be verified by the Internet Security and Acceleration Server. If the ISA server confirms that the specific user has been granted Internet access, than the request will be forwarded to the router for relaying it to the Internet via DSL modem. Similarly, for sites other than the main campus, each site has already been subscribed to the DSL connection, once confirmed from the ISA server, the internet connectivity will be established by the router located at the remote site. Distance is not an issue at this point, as VPN is already established between the three sites by using PSTN as illustrated in the diagram, high bandwidth connectivity will provide robust response from servers located at the main campus of Scilly University. For centralized user authentication and authorization, domain environment is already created that is backed by Microsoft Active Directory and ISA server. Active directory will provide centralized administration for all the staff including administrative staff, academic staff, as well as students operating in computer laboratories. Each user will be provided user credentials for logging in to the computer. Besides, the technical staff can create and configure policies on active directory that can be applied on each user credentials or on a group of users via group policies. For instance, control panel should not be accessible by any of the computer laboratories of Scilly University. For addressing this issue, technical staff can create a group policy object for denying control panel access to all the students by setting a criterion against their user credentials. In this way, any student of Scilly University will not be able to access the control panel in any of the systems. Similarly, there are many other restrictions that can be applied in this way. Moreover, for addressing network scalability options, particularly for computer laboratories, an extra 24 port Gigabit Fast Ethernet switch is already available in blue color, as shown in Fig. 1.1. This secondary switch can be utilized when all the available ports are filled up or when there is a requirement of a new computer laboratory. As the proposed solution is already centralized and structured on a star topology, Network monitoring system will identify network issues within each site. Staff available in the technician room will able to access NMS that will work on Internet Control Message Protocol (ICMP), and will demonstrate network node failure, network congestion, errors in network connection etc. If any issue arise in the computer laboratories for a particular site, technicians may able to troubleshooting them from the technician room and can advise or provide solution. Complex passwords should be made available for critical system and should be change on weekly or monthly basis. Moreover, the Network Monitoring System will provide an overview of the inbound and outbound traffic of the network. Moreover, in star topology, if a network node fails, there is no impact on the overall network as compare to ring topology. Furthermore, for addressing printing issues, students can gain access of healthcare application from the application server located on the main campus. There will be no issues of speed, as the established high speed VPN established on a DSL connection will provide fast results. However, for printing documents, students can always save the file or print directly from the system, as the printer is now connected directly to the switch. Assumed Technical Devices and Technologies Firewall is considered to be a core security appliance that will play a role to protect information assets on the network of the Scilly’s University. The definition of firewall from a Cisco website states that “Cisco embeds network firewall security throughout the network and integrates security services in all its products. As a result, network firewall security becomes a transparent, scalable, and manageable aspect of the business infrastructure” (, Managed Firewall Service - Cisco Systems).Likewise, security professionals will configure the firewall for granting and denying data packets as per requirements. Suspicious packets will be dropped and legitimate packets will be able to pass the firewall. Moreover, a whitelist can be maintained by defining legitimate ports, types of data packets etc. The Cisco Pix Firewall 500 series comprises of PIX units are high-performance, stand-alone devices that contain their own embedded operating systems and can support up to 64K simultaneous connections” (Cisco PIX firewall. 2011).Traditionally organizations install a software based firewall with probably a proxy server or with any other server. It is a cost effective solution but it imposes risks of firewall unavailability in certain cases, as the operating system of the firewall may crash and it will no longer be accessible. However, this risk can be mitigated by purchasing a hardware based firewall that may not be depended on a system or an operating system. A Cisco AS5500 firewall will efficiently manage security threats for Scilly’s University network. After considering the basic security requirement, security patch management is essential to keep information systems and security devices up to date for detecting newly developed threats on the Internet. Apart from the firewall, an antivirus solution is also required that will identity and actively monitor network nodes for viruses. A centralized antivirus system is recommended that will manage thin clients installed on workstations, however, hardware based antivirus systems are also available that can be considered. The Virtual private network VPN connects the network of Scilly University by other remote offices, as the physical leased connections cannot be router to a specific location. A very good definition of VPN is available in Network Dictionary; it says “Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet”. However, in order to make VPN functional, router is configured for gaining accessibility via Internet to remote offices. The current scenario uses site to site VPN configuration. There are two types of site to site VPN i.e. Intranet site to site VPN and Extranet site to site VPN. The connectivity and integration of a local area network of the head office to all the other local area networks residing at remote offices is called an Intranet site to site VPN. Whereas, the Extranet site to site VPN establishes a workspace that can be shared with trading partners, vendors or other organizations for a purpose. Lastly, encryption must also be incorporated within the network for transmitting highly confidential data. Encryption uses public and private keys algorithms for encrypting and decrypting data. Moreover, a third party is also involved for coding or decoding a message that may eliminate non repudiation issues within the University. Furthermore, encryption can be carried out symmetrically or asymmetrically depending on the requirements. Lastly, encryption keys are vital to protect, as leakage of encryption keys may result in a complete exposure of confidential information. References Cisco PIX firewall. 2011. Computer Desktop Encyclopedia, , pp. 1. KNAPP, K.J., Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions (Advances in Information Security and Privacy) Information Science Reference. , Managed Firewall Service - Cisco Systems . Available: http://www.cisco.com/en/US/netsol/ns1029/networking_solutions_solution_category.html [3/25/2012, 2012]. Virtual Private Network. 2007. Network Dictionary, , pp. 516-516. Read More