Global Finance Inc Network Management - Case Study Example

Network Management Final Paper Global Finance Global Finance Inc. has its fair share of problems with its corporate information system. In order to protect the confidentiality, integrity, and availability of the information system, it was important to redesign this flawed network to bring back the operational efficiency the company needed. GFI has suffered some several cyber-attacks from outsiders for the past few years. The Oracle database server was attacked as well. Several other attacks were carried out that infected the whole entire network. Other issues were a high level of network traffic coming from the network, and the company has no idea what is causing this traffic to arise. Slow performance and latency issues were a problem as well. The Wi-Fi network is issues as well because it is widely accessible to people that live near the range of the wireless network. Such issues must be addressed through the process of redesigning the network infrastructure and the technologies that can be implemented to help alleviate these issues. In order to decrease network traffic, it is important to install firewalls to the system to monitor and restrict certain traffic that could be harming the network. A firewall is a piece of hardware or software program that helps in screening out viruses, worms and hackers that try to reach your computer via the Internet. A Virtual Private Network Gateway must have a firewall installed in it to prevent strangers from connecting to the network virtually. This virtual private network (VPN) extends a private network across an extended a public network, like the Internet. These systems enable computers to receive and send data across public or shared networks as if it is it had a direct link to the private network; hence, it benefits from the security, management functionality policies of the private network. A VPN is formed by establishing a virtual point-to-point connection via the use of virtual tunneling protocols, traffic encryptions, and dedicated connections. It is also important to give all employees an RSA token so that the authentication process is even more secure. An RSA token is a small device that has a particular number of digits within it that change every 10-15 seconds. This number must be inputted into the VPN portal so that the user can be confirmed and authenticated into the network. Such a technology can help alleviate the traffic issues that the network was having and help in speeding up the performance of the network system as well. Firewalls are essential as well because they help monitor all packets that are being transferred into and out of the network. It would be necessary to implement a firewall right after the border core routers to monitor all traffic that is entering the system. This is essential to help keep the integrity of the network’s confidential information. It would also be important to add a firewall right before the Remote Access Server in order to monitor the traffic coming in from the Public Switch Telephone Network. The remote access server is a server dedicated to handling users who are not on an LAN but are in need of accessing the internet remotely. This remote access server gives users can access print services and files found on the LAN from a remote location. For instance, any user who dials into a network from home using an ISDN connection or an analog modem dials into a remote access server. Once the users are authenticated, they can access printers shared drives as if they were physically connected to the office LAN. The Public Switched Telephone Network is a system over which land line telephone calls are made. This network could be bringing in a lot of traffic into the network as well, so it is important to manage all of this traffic. In addition to the traffic issue, it is important to address the WI-FI network accessibility issue. Wi-Fi, also spelled WiFi or wifi, is a technology that allows electronic devices to connect or exchange data with the internet wirelessly using 2.4 GHz UHF and 5 GHz SHF radio waves. In order to protect the network from unidentified users, it is important to set up a Wi-Fi Protected Access security measure to encrypt the network. This would help keep unauthorized users from gaining access to the open Wi-Fi network. The Wi-Fi encryption method to be used would Wi-Fi protected access and would be implemented in Enterprise Mode. This system of networking gives the security needed for wireless networks within a business environment. It offers individualized and centralized control over the access to the Wi-Fi network. Users are designed to have login details, and they must avail them when connecting to the network. These details can be revoked and modified by the administrators at any time. In addition, it would be a good idea to not broadcast the network ssid. Only employees who actually know the network name will be able to enter the name of the network system and then the password. This could help beef up security that is much needed and yet again decrease network traffic while increasing performance speeds for all employees. When planning out the middle part of the network we wanted to include important design techniques so that the system could be easily scalable since the company is rapidly growing. We also wanted to make the system as redundant as possible that way there’s almost never any downtime. Our design goal was to separate floors, different departments and server farms into smaller layer three groups to prevent network faults from affecting a large population of users. Looking at this design over time it also makes a lot of sense since adding those different workstations and departments should be fairly easy since all of them are spread out. Even though, we tried to focus on the network being redundant as you’ll find out we still wanted it to be as simple as possible for the simple reason of scalability and fault recovery. With our implementation, we carefully followed the hierarchical campus design logic with three layers of core, distribution, and access. These layers provide vital services by combining groups of users and services. Creating a network this way will enhance this businesses efficiency and lower its operational costs. Additional benefits include high availability, which refers to the systems ability to recover from different types of failures. This high availability is due to the redundancy used, which is a key part of the design. Our core distribution switches are completely redundant so that for example if all of the traffic goes to a single distribution switch it’s not going to be a single point of failure. What we changed the old design was that decided to add three extra distribution switches to the previous model. What this accomplishes is that if any of the switches or even two go out we are still going to have a fully functional network. Not only would we not have any downtime but having extra switches in those critical areas will result in less congestion and higher bandwidth. In addition to adding additional distribution switches we also went ahead and added layer two switches to the already existing one between each department and distribution switch. This again is designed with a focus on redundancy and not having that single point of failure that could halt something like the loan office and have a tremendous impact on the business as a whole. We decided to filter the switches for added security and to clean up ill-behaved applications. For security filtering, we implemented packet restriction according to their contents. We will allow only packets with particular source MAC address to communication with sensitive devices. This filtering isn’t going to be administered companywide but only on individual switches that are connected to sensitive end devices. Furthermore, we took some steps in our design that would save money for the company. Looking at the previous design and the rate of transfer speed with each switch we decided to lower the speed from 10Gbps to just 1 which would be more than enough for at the most 63 workstations that are in the accounting department. The data were dealing here with doesn’t come in huge quantities so the speeds can be kept at 1Gbps without the business seeing any change in performance. We also came upon a problem with having such a redundant switched network, loops. Just ask discussed before since having downtime is absolutely deadly in today’s network the need for alternative paths is significant. These loops form when a redundant connection between switches forms a circular path. When this occurs, the packets can travel endlessly around the same path in a circle. This can be fatal to a network especially when IP services like multicast and broadcast are enabled. To overcome this issue of looping, we implemented Spanning Tree Protocol (STP) which is a layer two protocol designed to run on switches. The main purpose of this protocol, if you havent guessed yet, is to prevent loops from forming on a switched network. What STP does is to define a tree that spans all switches in an LAN by forcing individual redundant paths in the network into a blocked state. If a link that previously forwarded traffic becomes unavailable, STP reconfigures the system to redirect traffic flow by triggering another path. For the Trusted Computing Base Internal Network, we first began addressing the issues by removing the bus topology and implementing a start topology instead. A bus network is an arrangement or a pact in a local area network (LAN) in which every node (workstation or another device) is connected to a particular central or primary cable or link called known as the ‘bus. A bus network is reliable and simple in making. All the rest of the node can still operate and communicate with each other in case one fails. For a significant disruption to happen, the bus itself must be broken somewhere within itself. Bus networks are easily expanded, meaning additional nodes can be added someplace along the bus. However, several limitations are there within the bus network topology. In most cases, the length of the bus is restricted to cable loss. A bus network system may not work well if the nodes are located at scattered points that do not lie near a joint line. In situations like this, a ring network, mesh network or star network may prove more flexible and more cost effective. To address the issue of the bus as the single point of failure if it fails, we decided to implement a start topology to the network instead. In a star network, all nodes (workstations or other devices) are directly connected to a shared central computer. Every workstation is not directly connected to each other to the central computer. In our case, all of the servers in the Trusted Computing Base Internal Network are connected to a level 3 switch to communicate directly with each other. In Global Finance Inc.’s previous network architecture, the Trusted Computing Base Internal Network was formerly connected to a single switch connecting it to the rest of the network system. This again brought up to the issue of a single point of failure. To address this matter let us decided to change the architecture so that there would now be two switches in the star topology with the servers. With the addition of the second switch, there is no longer full reliance on a single switch to connect the network. If one switch were to go out the other would still be live to handle traveling packets until the other switch could be brought back up online. The addition of the second switch also addresses the issue of the network being slowed due to high volumes of traffic. Packets can be transferred from either switch, which both have a connection to all of the servers in the subnet. Additionally we included firewalls before the switches to monitor traffic as this was an issue of theirs. Firewalls are designed to prevent unauthorized access to or from a private network and can be implemented in both the software and hardware, or for a combination of both. Firewalls are mostly used in preventing unauthorized Internet users from accessing private networks that connected to the Internet, particularly the intranets. All communication leaving or entering the intranet goes through the firewall, which examines each and every message then blocks those that do not meet specified security criteria. The network was operating slower than it could have possibly due to high volume, and there were attacks on the servers that could have been from unauthorized users accessing the servers. We decided to implement the firewalls as software to prevent these issues as they can help to prevent hackers, viruses, and worms. Global Finance Inc.’s previous network architecture had many flaws in it that were affecting the company’s performance. There were many cyber-attacks that disturbed the operation of the company’s servers in addition to the reduced balance of network traffic that caused the slow performance of the entire system. Through our redesign of the company’s network, we are confident that our solutions will allow Global Finance Inc. to operate fully to its potential and successfully execute business processes. References Cisco (2014). Wi-Fi Protected Access 2 (WPA2) Configuration. Retrieved from http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/67134-wpa2-config.html#intro Cisco (2014). Lan Switching. Spanning Tree Protocol. Retrieved from http://www.cisco.com/c/en/us/tech/lan-switching/spanning-tree-protocol/index.html Cisco (2014). Security. VPN and Endpoint Security Clients. Retrieved from http://www.cisco.com/c/en/us/products/security/vpn-endpoint-security-clients/index.html Florida Center for Instructional Technology (2013). Topology. Retrieved from http://fcit.usf.edu/network/chap5/chap5.htm McDowell, M., Householder, A. (2009). Understanding Firewalls. Retrieved from http://www.us-cert.gov/ncas/tips/ST04-004 Rouse, M., Lin, C., (2005). PSTN (Public Switched Telephone Network). Retrieved from http://searchnetworking.techtarget.com/definition/PSTN Read More