Application Architecture and Private Networks - Case Study Example

? Full Paper Contents Current Application Architecture 3 2 Network Address Translation (NAT) 3 3 Tunneling 4 4 Access ControlList 4 5 Sub Netting 5 6 Virtual Local Area Network (VLAN) 5 7 Suspicious File Types 6 8 Virtual Private Network 6 9 Conclusion 7 10 References 9 1 Current Application Architecture For making the payroll application accessible from head office to all remote offices, we will incorporate new technologies to ensure a secure delivery channel. We will propose secure technological application architecture of the company. Figure 1.1 shows the physical design of the proposed application infrastructure. Figure 1.1(Physical Design) 2 Network Address Translation (NAT) In network dictionary, Network Address Translation delineates as “An Internet protocol that allows individual sites to support more IP hosts than the number of IP addresses assigned to it. This is done using special Internet addresses that have been reserved for this purpose. These special addresses are invalid in the Internet itself. The hosts using these addresses may communicate among themselves, but they cannot access the Internet directly”. NAT In order to make it easy for the network administrator, the NAT translates all the personal and confidential IP addresses into inclusive IP addresses. This will require an incremental change devoid of host and routers modification. Furthermore, the NAT has its own drawbacks for instance; its performance is slow since each packet is processed before translating it. Therefore the ‘IP traceability’ also becomes complicated because data packets are hard to trace. 3 Tunneling Tunneling is also referred as port forwarding. Port forwarding is often used for establishing a secure data channel from head office to the remote office corporate network by utilizing the Internet. One of the methods for deploying a tunneling protocol is to configure the WAN connection with port number along with allocation of the required service. For example, for accessing remote desktop for a payroll application, port number 3389 will be used with the service named as ‘RDP service’ along with the specific IP address of the computer. As discussed earlier, PPTP developed by Microsoft. Likewise, PPTP is required for transmitting encrypted data over the VPN. Besides, no data encryption is available on port forwarding configuration as compare to tunneling because every tunneling route needs to be defined. This may create complex configurations that are difficult to manage. 4 Access Control List In a router, firewall, multi-layer switches etc.; the Access Control List is characterized. If a data packet attempts to pass through a router, it will take in security rules and policies. In the same way, the user’s rights on the files and directories are identified related to the ACL operating system. In order to check quality, the files and folders are read, write and executed. Thus, the ACL offers security for the network data administration, system files and folders. 5 Sub Netting Sub netting is described in “document RFC 950, originally referred to the subdivision of a class-based network into sub networks, but now refers more generally to the subdivision of a CIDR block into smaller CIDR blocks” (Subnetting, n.d). In IPv4, a single subnet only encloses 254 assignable IP addresses. The issues related to the broadcast are always triggered, generating network congestion and disruption in services. Therefore, these IP addresses should be managed properly in order to control congestion. However, o overcome the above mentioned issues, the IP addresses are divided into smaller class C networks for better performance related to network management and security. In addition, to operate a corporate network, sub netting is needed in order to allocate private IP addresses to inbound networks as the global IP addresses are limited. The global IP addresses can be configured on the bases of WAN (Wide Area Network) devices. 6 Virtual Local Area Network (VLAN) The Virtual Local Area Networks (VLAN) is suggested in order to supply security to the internal data communication. Inside any organization, the VLAN divides the domain of the departments. In addition, the VLAN utilizes encryption procedures regarding data broadcast over the network. For defining the routers, the APL (Access policy list) also configured in the VLAN. Furthermore, VLAN is believed as a broadcast domain. It conclude that the broadcast generates from one computer can only be received to the destination which is defined by some criteria in the broadcast domain. The advantage of VLAN implementation includes an efficient way of bandwidth utilization and eliminating the network from possible broadcast storms, which results in denial of service. Furthermore, by implementing VLANs, the capacity of switching technology is utilized to its full potential. VLAN also supports ‘VLAN trunking protocol’. The ‘VLAN trunking protocol’ will significantly reduce administration for the switched network. 7 Suspicious File Types ‘Exe files’ ‘Com Files’ ‘Bat Files’ ‘SCR files’ ‘MP3’ and other executable files For the Microsoft Windows environment, Exe file types are executable files. In order to initiate any program, these files are utilized. In addition, the hackers can create virus by using these executable files. For example, these virus executable files can be developed in the form of folder. This virus executable file works by installing virus on a user’s system if the user clicks on it. This will take full control on all the personal data and resources available on affect system. The Com files are used as a command prompt for Microsoft Windows environment and are the extension of Command. The old ‘DOS’ based game files can transmit viruses to the system. (Understand common virus attacks before they strike your apps, n.d). 8 Virtual Private Network VPN is considered to be a most cost effective and secure channel for exchanging information with long distant or remote offices (Ben-Ameur & Kerivin, 2003). VPN incorporates data encryption and uses point to point tunneling protocol to transmit data over Public Switched Telephone Networks (PSTN). Our newly proposed application architecture will utilize VPN for making the payroll system assessable to all remote offices. However, Internet access is mandatory, as a stable Internet connection is required to establish connectivity of payroll application hosted at the head office. A VPN dialer is used for dialing in and user credentials are mandatory for authentication and authorization of the user. As shown in Fig 1.2, overall application architecture is illustrated along with network components. Head office is hosting the payroll application with VLAN, NAT, PPTP and ACL enabled configuration. Similarly, remote offices are also configured to the same configuration, as demonstrated in fig 1.2. Figure 1.2 (Logical Design) 9 Conclusion For proposing the application infrastructure, we have discussed new technologies that will be integrated. For instance, NAT will be used for hiding the private IP addressed of the organization Tunneling will be used for accessing the payroll application from head office to the remote offices Access Control List will be used for allowing only the authorized employees for accessing the payroll system VPN and VLAN will be used for adding an extra layer of security for exchanging data over the WAN and for LAN; ACL will protect the local data transmission within the organization. 10 References Ben-Ameur, W., & Kerivin, H. (2003). New economical virtual private networks. Communications of the ACM, 46(6), 69-73. Network address translation. (2007). Network Dictionary, , 334-334. Subnetting Retrieved 3/4/2013, 2013, from http://www.cotse.com/CIE/Topics/24.htm Understand common virus attacks before they strike your apps Retrieved 3/4/2013, 2013, from http://msdn.microsoft.com/en-us/magazine/cc164146.aspx Read More