A Network Infrastructure - Essay Example

? Infrastructure and Security Infrastructure and Security A network infrastructure is an organization and configuration of interlinked computer systems, of a corporation, connected through various pieces of communication architecture. Network security, on the other hand, involves protecting the laid computer infrastructure from unauthorized access, continuity of services by assets, and continuity and integrity of operations. Therefore, network infrastructure laid out in an organization, works hand in hand with network security and cannot do with either of them being present (Stilwell et al, 2006). The CIO of an organization should always be up to-date with the current trends in infrastructure technology and security measures to possible threats to the network. Network infrastructure consists of single networked computers, cables, routers, wireless access points, network access methodologies, switches, network protocols, bridges and backbones among other devices. In the case of our organization, a closed architecture would be favourable. It is very important to have proper infrastructure in place so that future problems can be avoided. For instance, end user devices should in no way be used to perform any networking functions and conversely it is not a good practice for network devices to deal with functions at Layer 7. The right networking devices should be used in a network so that network instability can be avoided. Mixing of network and application functions can be quite expensive in the event of bug fixes and upgrading and might even bring the whole network to a halt (Stilwell et al, 2006). The arrangement of different network items is referred to as network topology. Network topologies are classified into physical and logical network topologies. Physical topology deals with the interconnection of devices while logical topologies are concerned with how data flows across the network. The company will need a physical star topology layout with a logical bus topology. Star topology is easier to upgrade since it requires upgrading the devices without necessarily changing the cabling. The star topology uses a switch which sends traffic where it is required to go (Stilwell et al, 2006). The figure below shows a logical and physical topographical layout of the current and planned network in an organization Different LAN segments in different floors can be interconnected using a collapsed backbone architecture which is a type of LAN architecture. The LAN backbone is collapsed using Ethernet switch of layer 2. A Fast Ethernet switch with a speed of 1 Gps will be the central device where each LAN segment links to the central Fast Ethernet switch, through two Fast Ethernet connections of fiber optic to each switch. Spanning Tree protocol configures the two switches which acts as backup while the other acts as a primary switch. In case of failure by one switch, the other switch takes over (Stilwell et al, 2006). Laying down the infrastructure layout is half job; network security measures have to be considered. There are specific threats that may target poorly managed network infrastructure security. Some of these risks include loss of data privacy, data integrity may also be lost, denial of service and system compromise. Therefore, better practices are implemented to ensure systems and sensitive information is housed (Stilwell et al, 2006). The main principles regarding network security are better design practices which may be expressed in five ways. The first one is to ensure a secured manner of configuring and accessing network devices. The second one is that network communications should use secure protocols. The third one is appropriate separation of external and internal facing networks, by use of control devices like router access control lists or securely configured firewalls and demilitarized zones (DMZs). Finally, there should be secure management of accessibility of internal networks remotely. Lastly, configuring of internal networks to detect or prevent running of untrusting traffic or attempted unauthorized connections. A better security model can be designed and implemented using four layers such as perimeter defence, server protection and operating Systems, host protection, and information protection. Denial of Service attack such as smurf, Ack, Syn and Rst, brings a standstill to communication with the internet. This can be solved at layer 1, perimeter defence security, by filtering these attacks at the point of connection in the network or ISP to the internet. A proper configuration of filters should be done between the DMZ and internal networks. However, some of the precautionary measures may include ensuring appropriate installation of filters, monitoring and controlling filter configurations privileges, updating filters, periodical testing of filters, anti-virus software configuration, intelligent logging to trace attack sources, trace intrusions and filter configuration detailed documentation should be maintained (Stilwell et al, 2006). At layer 2 we have web servers, email servers, application and OS security systems. Misuse of OS privileges can interfere with network security thus threatening the integrity and availability of the firewall. This leaves the network at a critical position where the network has both external and internal security threats. Severs should be placed in a secure room with restricted access. Using server consoles should be avoided and during buying/installation of the server, hardware compatibilities should be matched. Floppy or CD-ROM boot should also be disabled. Application servers and operating system should always be fixed with appropriate hot fixes and updated releases. Host protection at layer 3 involves securing the internal workstations which are connected to the organization network. This ensures that attacks originating within the network are curbed while the data on the workstation are protected from attacks through the firewall. Workstation security should be ensured through implementation of User Access policies. In addition, operating system and applications for the work stations should be regularly updated with patches or hot fixes (Stilwell et al, 2006). Other security measures on the workstations involve installation and updating of anti-virus software; limiting access to network resources from the workstations; frequent or daily backup of workstation data; firewall installation on all workstations; destroying old or faulty hard disk drive; and no modems should be allowed on workstations among other security measures. The last layer fourth layer involves data or information protection where encryption is vital where possible. At this layer, operating system best security practices are used; practices to ensure sensitive data storage of data on the server and desktop or laptop are implemented; and data is protected by means of encryption. Options like remember passwords should be installed on all desktops or laptops (Stilwell et al, 2006). Different accounts should have different passwords and same passwords should not be used for public networks and corporate network. This layered defense system will ensure adequate security even in an instance of failure of one layer. Network infrastructure which is concerned with acquiring and interlinking of different network pieces is closely linked to the security of the network. Use of inadequate infrastructure in a network can make it difficult to enhance the security of the network. Furthermore, there has to be network infrastructure layout for network security installation. Therefore, network security is dependent on network infrastructure (Stilwell et al, 2006). In conclusion, proper infrastructure should be put in place to enhance proper network security. This therefore shows that both infrastructure and security are almost inseparable. With good network infrastructure security practices, organizations can achieve successful operations. Reference Stilwell, D. J., Bollt, E. M., & Roberson, D. G. (2006). Sufficient conditions for fast switching synchronization in time-varying network topologies. SIAM Journal on Applied Dynamical Systems, 5(1), 140-156. Read More