The System Design and Implementation Process of the Network - Assignment Example

?Infrastructure and security Number Introduction The paper describes the network design and the security requirements for Hi-Tech Data Collection Corporation. Hi-Tech Data Collection Corporation is a medium size business organization that has the potential of expanding from floor to three floors in the extremely near future. The network system that will meet the company’s requirement should adhere to the EISA standards. To ensure that the standards are met, I will follow the system design and implementation process. The process entails network planning, design, implementation, testing and documentation, and security. The proposed network should make the company’s operation effective and efficient. In addition, it should ensure maximum security to the company’s information system assets. Network design There are four network elements that should be given consideration so that the network system meets the company’s network system requirements. These are network topology, the protocol, the internet connection and the network security. The most appropriate network topology for the proposed network system is the bus topology. This is because the company plans to expand its size to three floors. There will be an ethernet backbone cable that joints all the departments. The proposed network system applies OSI network technology. This is a network technology that provides standardized communication between various network devices. The OSI 7 layer is the most appropriate version for such a network system. The organization will acquire a VPN linkage from the VPN services provide within the town. The twisted pair cable wires are used to connect the network components to the main Ethernet cable. The most appropriate is CAT 6 twisted pair cables. The backbone Ethernet cable uses fiber optic. To facilitate voice over internet protocol, gatekeepers are added to the network. Other network components required are the network hardware such as routers, switches and bridges. A network operating system is also very crucial. The switches are located in every department. A 32 port CISCO switch is the most suitable because it gives room for scalability. All the computers and other network peripherals in the departments connect to the Ethernet cable via the switch. A wireless access point is also installed in the departments which requires wireless network. To ensure that the network signal is very strong, repeaters are configured after a fixed interval. There will be a server room where all the servers required in the company will be located. The servers required are files server, database server, application server and web server. The database server should a random access memory of over 100 GB, the storage space of over 50 terabytes. The other server’s specifications can be less those for the database server. The network operating system will be hosted by the file server. It will also control the exchange of data and files in the entire network. In addition, the request that goes out of the organizations network will pass through the file server to enable firewall, configured therein, to filter. The diagram below shows the layout of the server room (Malik, 2007). The network system will use VLANs and 802.1x authenticity. The bandwidth should be over 100 megabytes per second for the executive offices and at least 10 Mbps for other offices. This is facilitated via network optimization configuration. The use of 100 Mbps provides space to accommodate more devices when the network is expanded. The network scalability is enhanced by use of 48 port CISCO catalyst, which has a speed of over 2900 GB. These devices facilitate the expansion of the network coverage without affecting the entire network. For purpose of reliability, there should be an alternative network configuration which uses smaller switches. The alternative network configuration ensures that the departments that handle critical business operations are functioning when the network system is down. To optimize the ability of the routers and switches, a per-VLAN tree protocol is configured to facilitate redundancy and span. This configuration increases the efficiency and reliability of the network system. To facilitate assistance to complete and flexible and accessibility, a fiber optic is used as the backbone Ethernet cable. The high speed provided by the fiber optic enables the control of various virtual LANs that are configured in the organization. Wireless access points are also established in the entire organization. This is to allow the users with wireless enabled devices such as laptops, tablet computers and Smartphone to access the network. However, the access of fireless network will be restricted to prevent unauthorized users from accessing the company’s information system assets. All the authorized users need to log into the network using a password. This password is changed after one week to avoid password crackers, who uses brute force attack method. After the network system has been configured, the company’s network engineer will monitor and carry out maintenance activities. The monitoring of the network system enables the network engineer to identify the exact point when the network system is broken. In addition, he is able to know the condition of all the network devices such that those devices, which require replacement, can be removed early before the system crushes. The diagram below shows the network setup in the organization’s premises Network system security The fundamental model of implementing effective network security is by ensuring both logical and physical security of the laid down network system. Physical security involves the security of the network hardware components such as network cables, servers and routers. Presence of electric fence and surveillance cameras can provide effective physical security against thieves or any other human destruction. In addition, the entire building should have fire fighting equipments to stop the fire in case it starts. There four fundamental security features that the organization should put into consideration. These are network system’s integrity, availability, confidentiality and authenticity. The information that is exchanged in the network should remain a secret of the company. The network system should ensure that the organization’s information is free of errors or are not infected with malicious programs. Any unauthorized person should not access this information whatsoever. The network security system should ensure that all the users are authentic. This implies that at no instance should the network be accessed by unauthorized person. Moreover, the network availability to the organization is very critical. The security features should ensure that the network is available to the users all the time. To guarantee this, all the network users should be monitored so that any suspicious action is reported. There have been many circumstances where the employees are the source of network insecurity. Some employees give passwords to unauthorized person. This is very risky because such people can use that privilege to bring down the network system. On the other hand, logical security entails several tasks such as system security configurations, installation of devices and programs that provides security and the user management. To maximize the network redundancy, To ensure that the security of the network is maximized, the network implemented should have high redundancy. For purpose of reliability, there should be an alternative network configuration which uses smaller switches. The alternative network configuration ensures that the departments that handle critical business operations are functioning when the network system is down. To optimize the ability of the routers and switches, a per-VLAN tree protocol is configured to facilitate redundancy and span. This configuration increases the efficiency and reliability of the network system (Sengar, 2009). Firewalls are also installed in different parts of the network. Cisco ASA 5510 firewalls are configured in all the servers to filter the requests that are received. A DMZ firewall is also configured in file server. This is to control the outside network that gains access to the organization’s network. In addition, it filters the request that the organization’s employees send to the World Wide Web. For example, all the request directed to site that contains pornographic materials are blocked. The firewall also limits the number of requests that goes to the internet when the network is weak. This is to ensure that departments that critically need the internet are connected all the time. Another important security factor is the user account management. The network security officer should ensure that the user accounts that are functional at all the time are known. The presence of non functional user accounts makes the network system vulnerable to the attackers. The password used to access the network by users should be changed weekly. This makes it cumbersome for attackers to monitor and hence prevent eavesdropping that can lead to password cracking. In addition, company’s network security policies should be formulated and followed strictly (Cobb & Haenens, 2007). Research has shown that most organization’s network security is compromised due to failure to observe the security policy. The organization should also set put in place a list of punishments that are given to employees who does not observe the professional ethics and regulations in terms of network usage. This is only possible after carrying out a detailed training for employees who uses the network Network Security configuration points: References Abrams, M. D. (2004). Computer networks: a tutorial. University of Michigan: IEEE Computer Society Press. Cobb, A. L., & Haenens, L. (2007). Cyberidentities: Canadian & european presence in cyberspace. University of Ottawa Press,. Kenneth, K. J. (2008). Tutorial, local computer networks. University of California: IEEE Computer Society. Malik, S. (2007). Network security principles and practice. Cisco Press. Sengar, A. (2009). IT Infrastructure Management. Texas: S. K. Kataria & Sons. Read More