Network IT Operations Report and Configuration - Coursework Example

Network IT Operations Report and Configuration (College) Part IT Infrastructure Design Document Introduction Security is pivotal when it comes to network advancements. It is always difficult to come up with a fully functional and secured network connection which cannot be easily compromised. First of all, designing an effective business network demands for expert designing with the proposed infrastructure first being put to thorough test before the actual implementation. In order to achieve the optimal performance of a network, different layouts and architectures need to be closely studied before coming successfully designing a conceptual design of an appropriate network. The design has to be multiply reviewed before the actual implementation is carried out. Other factors to consider in network performance besides security are the networking equipment, cost of implementation and maintenance as well as the durability and functionality of the entire infrastructure. The networking equipment should meet modern requirements as they highly influence other weighty concerns as security. Both implementation and maintenance costs should preferably lie within the capabilities of the company to sustain them. Taking a close look at the current situation of the Dead Duck Publishing Company, we purpose to come up with a network that maximizes network performance meeting all the requirements to keep the business at a better level. Issues with the Current Design Let us first begin by identifying issues and challenges currently being experienced by the Dead Duck Publishing Company. The network do not auger well as there have been response time issues involved. This has further led to the crashing of web applications. Another concern is the crushing of core routers which have resulted to all branch offices of the company experiencing periods of complete downtime. The inappropriate functionality of the on-site print runs has brought problems when it comes to sending large print runs. On security matters, the website of the company has been occasionally compromised with customer credit card records stolen from the back end customer database. Furthermore, the intellectual property belonging to clients in terms of books have been copied while being transported to regional offices. All these problems at hand suggest a poorly planned or implemented network infrastructure. The current design therefore deserves a thorough problem analysis and redesigning taking all the critical challenges into consideration. Other matters to be accounted for during the redesigning include the company’s plans to expand its operations from the UK to cover a number of major European cities in the near future. The company’s worry of its current model of resilient network not being cost effective in the future is yet another matter of great concern. Included In the company’s plans is top set up performance as well fault monitoring facilities so as to determine when problems occur and how to counter them. Another matter of concern is that the organization will not be granted any more v4 IP addresses. Proposed IT Infrastructure Design In order to solve the issues with the current design, it is necessary to design an effective IT infrastructure design. The propose IT infrastructure addresses the current and future issues as well as the purposed pans for the Dead Duck Publishing Company. It provides converged networking components that effectively accommodate the entire business requirements allowing optimization of a cost-effective infrastructure. The following network infrastructure components have direct impact upon success of the companys deployment: Routers and Switches, Firewalls, DNS, Storage area network, and Load balancers (Oracle, 2010). The routers connect the infrastructural system of the network enabling the companys system to communicate. The switches also connect system within the network. Between routers and application servers there is a firewall which provides access control. The load balancers are used to distribute the overall load on application servers or the entire web. For the purpose of making storage independent of the servers that work in conjunction with it, storage area networks (SANs) should be deployed. There should also be Domain Name Systems equipped with local catching DNS server to reduce network traffic. The company also needs to set up advanced server based applications for effective communication with clients. This new design is based on peer analysis of the current situation of the company as well as its future plans. The new design will address advanced cryptography to combat security problems. There will be modern networking technologies as Virtual Private Network (VPN), Secured Fast Packet Switching (SFPS), Bandwidth management, connection brokering, grouping servers together, Intrusion Detection Systems (IDS), implementation of SharePoint Virtualization, and Point-to-Point VPN Tunneling. Communication between offices should be entirely based on the VPN Tunneling technology to reduce chances of security being compromised. The proposed design can further be justified as follows while considering the security issues which have been raised: 1. Virtual Private Network (VPN) Tunneling VPN should be applicable in private IP addressing. On the subject of VPN, “To avoid inherent vulnerabilities with remote access, always treat the access point as if it were directly exposed to the internet, and do not terminate remote access directly into critical networks.” (Knapp & Langill, 2011). This is applicable in the case of point-to-point file transfer from a router in one office holding to another. There has to be a different company to offer VPN services to the Dead Duck Publishing Company with regular monthly subscriptions. There are chances that the data belonging to the company was so open that any potential hacker could easily access the information at the slightest attempt. Now the issue of open information can fully be controlled by the VPN Tunneling technology. Figure 1.0 Implementation of VPN Tunneling 2. Cryptography Cryptography is a way of storing data in a particular form so that only those intended to read it can access it. In this case the company should use cryptography to transform information into unreadable format known as cypher-text and transport it in form of packets to the intended recipient who owns the key to decrypt the sent information (Ngo et al, 2010). Since the security of the company has been compromised before, the business requires advanced key management to prevent snoopers from obtaining the key through proper risk and compliance assessment. This will enable it determine an application with the highest level of protection for the cryptographic key. 3. Intrusion Detection System (IDS) An IDS detects both inbound and outbound network activities and also detects any attack patterns surrounding the protected area or system by spotting someone attempting to break into the system. This is something that the company should be at the forefront of implementing so as to ensure its website does not get attacked or customer information damaged in the future. The intrusion detection is achieved through collection of information from various systems as well a network sources after which the information is analyzed for possible security problems (SANS Institute 2001). The best places to put the IDS during implementation include: on the internet and database environment, between the company’s network and extranet, in the remote access environment, between the firewall and the network of the company and possibly between servers and user community so that internal attacks are also identified. Figure 2.0 Sensors are represented by round blue dots 4. Secured Fast Packet Switching (SFPS) In order to solve the problem of issues relating to response time between clients and servers Secured Fast Packet Switching (SFPS) should be integrated into the system. The inconvenience brought about during client server communication as well as crashing of web applications is caused by network jams due to slow packet switching. This is one secure method for message transmission on network which relies on new contemporary concept of data transmission (Newman, 1988). This method will see to it that there is no sluggish flow of information which causes jams that result to the crushing of the web applications. Addressing Plan IPv6 is an appropriate addressing plan capable of accommodating the current and future requirements in both LAN and WAN. While preparing the addressing plan, “We can check whether the address plan we have created meets our requirements by meeting the number of bits remaining after creation of the primary and secondary subnets.” (IPv6 Forum, 2013). With IPv6 the company can create more than one primary subnet. The choice of IPv6 is based the fact that IPv4 can no-longer be assigned to the company and also that IPv4 is fast getting congested. Routing Infrastructure The Open Shortest Path First (OSPF) routing protocol can best fit in the companys routing infrastructure given that the Dead Duck Publishing Company intends to undergo further expansions in the future. This protocol is sported by the Windows 2000 Routing and Remote access. With reference to Microsofts TechNet (2015) “An OSPF network is best suited for a large infrastructure with more than 50 networks.” This will enable the company diversify its connections without any fears of its routers crushing since the OSPF is capable of handling huge data traffic. That is to mean that the site, inter-site and internet connectivity has already been taken care of. Infrastructure management technologies The appropriate management technology for this kind of extensive network is VPN Tunneling technology. Since the company does more publishing than communication, it would be appropriate to restrict information access to registered customers through VPN tunneling. This will see to it that incidents of web based attacks such as distributed denial of service attacks (DDoS) have been seriously reduced. The main challenge being faced by the company involves security and so VPN Tunneling will just be appropriate. Part 2: Implementation and Testing Report The proposed design addresses all security, management and performance issues being experienced by the Dead Duck Publishing Company. The design was developed after the analysis and drawing of conclusions on the poor state of the company that led to it experiencing problems. The proposal is necessary for it is aimed at transforming the company from worse to better. During implementation and testing we are going to compare the proposed design and the previous designs then attribute it to the future performance of the company. a) Response time between client and server: In the current design of the company there have been poor communications between the client and server. This is most probably as a result of slow packet switching and the inability of the servers to handle huge data traffics. The newly proposed design brings in a topology that enables fast packet switching so that fast communication is achieved in order to reduce data traffic. The new design also seeks to replace the servers with more advanced ones capable of handling huge data traffics without crumbling. This will definitely eliminate the crashing of web applications. Tin order to test for the new design, the system is first set up then large amounts of data packets forwarded to the servers in form of requests. This could involve sending of multiple ping requests to test how whether the newly established system is able to reply at an instant. We could term this operation as doing something similar to denial of service attack. If the test fails to meet the company’s requirements limit further adjustments can be done. This is the best way setting firm standards of operation for the company. b) Crashing of core routers: Most likely the routers of the company started crushing as the business started undergoing expansion. That is an implication that there were no plans for future adjustments based on expansion of communication. The proposed design seeks to combat this problem the implementation of Open Shortest Path First (OSPF) routing protocol. This will be able to handle both the current and the future routing infrastructure the company. It is the most appropriate since is can comfortable accommodate the next plans revealed by the company of increasing the number of its operational offices. OSPF is very flexible such that at no time will the company experience traffic problems it its entire expansion history. This is because the OSPF takes different forms. In testing for the OSPF functionality two network connections on the minimum are needed from the test tool to the DUT. One connection is for request packet and another for response packets (Ixia, 2004). Before running conformance test, two parameters are required such that one is to be used for testing DUT configuration and another for test tool configuration. Protocol and interface configuration of the tester is described by test tool configuration. OSPF features of the DUT on the other hand are described by the DUT configuration with the use of expect scripts. The table below displays a vivid description of the same: Parameters Description Configuration of DUT OSPF features via the Expect scripts which involve routing table update timeout and database exchange timeout. Configuration of Test Tool DUP IP address, Tester test IP address, and OSPF protocol parameters to include router priority and authentication This test is done in the following manner: 1. Parameters to describe the conformance tester and DUT configuration are keyed in 2. All or a set of test cases to run are the selected. 3. The conformance test is then run from the user interface. It can also be run in the batch mode through command scripts hence reconfiguring the DUT as needed between test case in order to match test set-up. See Figure 6.0 in the appendix section. Figure3.0 OSPF Implementation c) Addressing Plan: The old infrastructure of Dead Duck Publishing Company has issues with addressing: the company can no longer be allowed more IPv4 addresses probably because it has exhausted its maximum options. This can be considered as poor planning of addressing since expansion strategies were not taken into account. The proposed infrastructural design has much better plans of relieving the company of this challenge. The plan has embrace IPv4 addressing technology to accommodate as many systems as possible. IPv6 is 128 bits which is much larger than IPv4. This addressing plan is appropriate for the company as it intends expand in the near future and there will be more systems than the currently available. The IPv6 can be tested using the test suits over the internet to determine the functionality of a newly established system. There are several test suits that can help the company in determining the functionality in its systems that that support IPv6. A test suit that is applicable in this case is a technical document by IPv6 Forum (2009). d) Security: Security is one major concern in the proposed design. The company’s website has been compromised in the recent past with its database also revealing unauthorized access. The report involving increased subsequent attacks is a clear implication of poor security plans and that is why a new plan had to be proposed and put into place. Other matters that arouse security concerns include information being tapped before it even reaches the destination. All this are extensively covered in the new project plan and that is why the plan deserves implementation. The case if of hackers getting into system’s database or hacking into the website of the company has been combated through introduction of Intrusion Detection System into (IDS) the company’s network infrastructure. One other thing that makes the proposed infrastructure better than the old design is that snoopers can hardly access sent information before it reaches recipient. Let us first begin by testing for VPN security. Below are some tools to check for VPN configuration (Freedom Hacker, 2015): 1. IP address test-it can be started though simple IP check. During this step it should be ensured that the location is not home location but the company’s VPN provider’s server. 2. Extended IP address test-now at this point the test really counts. It checks for the DNS, Java and flash of the company. The flash, java IP’s/DNS should not belong to the company and should be VPN providers. The IP’s are checked then put in the search engines as DuckDuckGo. On several occasions, DNS providers point their search to Google which is located in Mountain View, California. Now should the DNS leak something like 127.0.0.1.verizionfios.direct then it implies that the company is using Verizion fios. 3. DNS Leak check-This is often termed as optimal checker as it is also important besides the VPN begin connected. Possible leaks should be checked to ensure effectiveness of the new system design. After clicking check it should be left to load the IP’S/DN’S. Should any of them point to the company’s DNS or even look like this: 127.0.0.1.verizionfios, then the companies queries are begin leaked to its ISP. Again if unnoticed the ISP is checked on IP on DuckDuckGo. Should they be revealed right next to the new locution at most times then queries are begin leaked. The company’s next security plan to be tested is based on website attacks. This can be tested by creating simple or complex attacks to see how the new design responds. Just to prove that the proposal is worth implementing, the company will come up with a Denial of Service attack (DoS). Or to make the attack more serous Distributed Denial of Service attack (DDoS). The company’s website must have been compromised with the DDoS. In order to test for this multiple upstream are conducted all at the same time to see whether the core routers or servers will be overwhelmed. With the OSPF protocols installed in the system the test will turn out successful. The attacker can also be done by use of botnets which involves using of other computers in the internet to send multiple requests to the website. This is displayed graphically below: Figure 4.0 DDoS Attack Testing the Solution Test Reference Description & Operation Expected Result Actual Result Evidence NM-1 Example Test utilizing Demo Network 2 VM’s Ping Test Successful Ping Test Failed See Appendix Testing for connectivity to Google web servers with the assumption that Google is belongs to the Dead Duck Publishing Company. Supposing we knew the web servers of the company we would have used them for instance deadduck.com: 1. Ensure the system is connected to the internet. 2. Using Microsoft windows click on the start button and type run. A message box is displayed. 3. In the space on the message box type ‘cmd’ so as to open the command prompt. A black board appears 4. On the blackboard type ‘Ping google.com’. 5. If the Google IP address is obtained with 0% loss on statistics then it implies that a connection is established. This is to mean that all the data packets that were sent reached the server successfully. 6. If 100% loss is obtained then there is no connection and a different command should be used to find out why. Yes Figures 5.0 & 5.1 Let us now ping deadduck.com so as to see how failure to connect is normally displayed: 1. We are required to just go through the procedures in the first part above in order to obtain the results. 2. In this case there would be no connection because deadduck.com is non-existent. This was most likely the case with the old design as some point. 3. 100% loss is to mean that all the packets sent were lost. - Yes Figure 5.2 Conclusion This discussion has not only revealed and attended to the challenges faced by the Dead Duck Publishing Company but also most web based businesses. On several occasions business attacks are normally web based. The study has taken us through challenges to the designing of an appropriate IT infrastructure and finally confirming the functionality of the new design. The business situation suggests that its designer simply rushed over the design while ignoring several pivotal matters of concern to the business progress. The multiple attacks also suggest the business failure to strategize accordingly. The process of designing a network requires experienced experts with the ability to study and analyze the situation at hand and finally come up with the best design for the organization. After determination of network requirements identification it is important to characterize the existent network and then design a topology as well as preferred solutions. One very important thing in designing a network is to have clear idea and nature of your problem before rushing to buy the necessary tools. Recommendations Designing the entire IT infrastructure plan for the company is a resource and time consuming exercise that should not be taken lightly. It involves weighing is different preferences till the most appropriate one is obtained. All features to be put in the new design must meet all the necessary requirements to overcome the current shaky state of the company. To reach the point of implementing the entire design proposal requires that one examines a detailed report. That is the only way to determine the systems functionality in an effective manner. However, poor planning might also lead to false results that may end up leading the company into grave loses having spent several resources to integrate the design. The new design in this study can therefore be implemented by the company as it fully combats all the challenges involved and creates hope for the future of the company. Appendix Figure 5.0 before pinging Figure 5.1 after pinging Figure 5.2 connection failure: 100% loss Figure 6.0 OSPF Test case selections Reference List Knapp, E. D., & Lingill, J. (2011). Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems (Rev ed.). Amsterdam: Elsevier. Ngo, H. H, Wu, X., Le, P. D., Wilson, C., Srinivan, B. (2010) Dynamic Key Cryptography and Aplications. International Journal of Network Security. Vol. 10, No. 3, PP. 161-174. SANS Institute (2001), Understanding Intrusion Detection Systems. SANS Institute InfoSec Reading Room. Retrieved from: http://www.sans.org/reading-room/whitepapers/detection/understanding-intrusion-detection-systems-337 Newman, P. (1988). A Fast Packet Switch for the Integrated Services Backbone Network. IEEE Journal of Selected Areas in Communication. 6(9) pp. 1468-1479. Oracle (2010). Understanding Network Infrastructure Components. Sun Java Communications Suite 5 Deployment Planning Guide. Retrieved from: https://docs.oracle.com/cd/E19653-01/8194439/acrdc/index.html IPv6 Forum (2013). Preparing and IPv6 Address Plan. SurfNet. Retrieved from: http://www.ipv6forum.com/dl/presentations/IPv6-addressing-plan-howto.pdf Microsofts TechNet (2015). IP Routing Infrastructure. Retrieved on: March 5, 2015. Retrieved from: https://technet.microsoft.com/en-us/library/cc961346.aspx Ixia (2004). Open Shortest Path First (OSPF) Conformance and Performance Testing. OSPF Conformance and Performance Testing: Sample Test Plans. Retrieved from: http://www.ixiacom.com/sites/default/files/resources/test-plan/ospf_0.pdf IPv6 Forum (2009). IPv6 READY Phase 1/Phase 2 Test Specification Core Protocols. University of New Hampshire InterOperability Laboratory, Yokogawa Electric Corporation, and IPv6 Forum. Retrieved from: https://www.ipv6ready.org/docs/Core_Conformance_Latest.pdf Freedom Hacker (2015). How to Check and see if your VPN Connection is Secure. Retrieved from: http://freedomhacker.net/check-and-see-if-your-vpn-connection-is-secure/#prettyPhoto Read More