CIS499 Information Systems Capstone Final Assignment

profilemralfdog
CIS499Assignment5_Final_Revised.doc

Running head: NETWORK INFRASTRUCTURE AND SECURITY

1

NETWORK INFRASTRUCTURE AND SECURITY

2

Project Deliverable 5: Network Infrastructure and Security

CIS 499 – Information Systems Capstone

November 25, 2018

Project Scope

The project will comprise of a network design to meet Acme Corporation network infrastructure requirements. The network should accommodate occasional guest users of up to 10 users. The network design will incorporate an FTP server that will use for sharing files. The project should involve separate subnet for guest and LAN networks; the guest network should be restricted to access only FTP service on the FTP server while all other access to the LAN network will be blocked. The project will also involve IP Network Design as well as identification and configuration details of the hardware utilized (Switches and Routers). Included in the network design is the implementation of a Wireless LAN (WLAN) that minimizes the management effort to configure and manage while allowing effective data transmission between the Wireless Application Protocols (WAPs).

Network design

The network will use a star topology where it provides centralized handling of the network and its’ associated security. Each of the floors of the building will have a central server which host switches that link the different rooms via ethernet cables. Each of the rooms will have a switch that is linked to the central server's router. The servers will be linked via fiber optic cables. The ethernet cables will be utilized for connecting individual devices to their associated switches. The network design will involve the utilization of both wired and wireless media. The wireless media will allow for a network connection for portable devices like tablets, cell phones, and laptops.

The switch links allow the traffic getting into the Acme’s LAN from the MAN not to be congested. As more tablets are utilized in the company, the WLAN bandwidth increases significantly to each room. This requires that the WAPs supporting the 802.11n protocol as well as faster 802.11ac standard require additional power. As a result, switches with PoE+ give the required power. These Switches utilize the existing Category-6 cable (Ethernet cables) that allow for remote administration and configuration (Karris, 2009).

Virtual LANs (VLAN) will be used to enables the network administrator to group users into shared broadcast domains irrespective of their physical position in the internetwork. For instance, computer devices utilized by employees on two different floors may be placed on the same VLAN. The staff has their VLAN while the Guest VLAN is used by guests when using wireless access points.

The company's network perimeter that detaches it from the Internet comprises of two border core routers. The border routers should then link to the Virtual Private Network (VPN) Gateway. The Routers link to the servers, wireless access points and switches as well as the LAN (internal network). The switches will link with other VLAN switches that separate the different VLANs for the various departments within the corporation (like Accounting, Customer Support, and Finance). Also, the switches link other switchers in the data center to provide a highly secure subnet. This highly secure subnet forms a physically segregated subnet. Even though the network will have physically separated subnet for the various departments, they have a common highly secure subnet that is shared by the departments (Cisco Networking Academy Program, 2014).

Most of the data processing for Acme Corporation will be addressed by a database management system located in the data centers. The data centers should house a web server that is utilized by the company's internal support crew. It should contain an application update support server that is used for patch management. Each of the data centers should house an internal DNS server, an e-mail server, and user support workstations. The main data center will be situated at the Washington D.C. site while the data center at the St. Louis site will serve as the backup data center in the event of a security emergency.

Network Design

image1.png

A typical LAN for the Acme Corporation will comprise numerous computer hosts linked together to form a star topology. These devices will connect to a host device which links to a switch. Such network configuration is flexible and useful since it allows room for expansion where new tools may be added thereby making it scalable. The network design is ideal since it is easy to deploy and scalable which in turn maximize the performance of the network.

Network security

The DMZ forms a perimeter zone between the WAN or the Internet which is unsecured and the secure LAN. The primary purpose of deploying a DMZ for the company is to keep the company’s public information assets from the private ones. This is achieved by logically and physically separating the company network by use of two firewalls; one on the border of the company WAN (which manages company connections), and the other on the border of the company’s internal network.

Security policy

The security policy that covers Acme infrastructure includes the installation of reliable antivirus software which acts as the final line of defense from unwanted attacks. The antivirus program detects and removes virus and malware as well as filter possibly malicious downloads or emails. All employees must utilize complex passwords in each of the computers and Web-based applications that require key for access. Complex passwords make it hard for hackers to crack them. The network administrator must implement a network firewall that helps in safeguarding all inbound and outbound network traffic (Cahn, 2008).

The security policy for the company also covers installation of encryption software that protects data related to credit cards and bank accounts. Strong encryption algorithms transform readable data into unreadable codes that make altering of information difficult to accomplish. Even when data is lost it becomes obsolete without the keys used to encrypt the data. Also, the security policy provides guidelines through employee training on dos and don'ts of utilizing systems and Internet. For example, on how to handle suspicious emails. The security policy provides guidelines on putting limited access to critical data, taking of regular back-ups and the securing of Wi-Fi Networks that are highly vulnerable to attacks.

References

Cahn, R. S. (2008). Wide area network design: Concepts and tools for optimization. San Francisco, Calif: Morgan Kaufmann

Cisco Networking Academy Program. (2014). Connecting networks. Indianapolis, Indiana: Cisco Press.

Karris, S. T. (2009). Networks: Design and Management. Fremont, Calif: Orchard Publications.

Bottom of Form