Order 1548415: Network Design
tutorthammy
StuDocu is not sponsored or endorsed by any college or university
Network Design Proposal Part 3
Fundamentals of Networking (University of Maryland University College)
StuDocu is not sponsored or endorsed by any college or university
Network Design Proposal Part 3
Fundamentals of Networking (University of Maryland University College)
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
Network Design Proposal:
Network Customization &
Optimization (Part 3)
Prepared for:
University of Maryland University College
Prepared by:
Kellie Keiser
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
Network Design Proposal Part 3
A.) Identify Network Services
The University needs to function like a well oiled machine, and the implementation of
certain network services will help make that possible. In order to fully create a client-server
network model, servers must be used so the client, or the user, can access the services they need
on the network. The main services UMUC requires are: email, online/internet access and file
and print sharing services. [1]
An email server is used to send and receive emails. The Microsoft Exchange server
works with Microsoft Outlook, the software that comes with Microsoft Office. A mail server
also preforms functions such as collaboration features which allows faculty to create tasks and
meetings from the calendar portion of the software. It also provides video and audio
conferencing and instant messaging (IM) services. A web server is a server computer running
software enabling a computer to host a web page. One of the more popular web servers today is
an Apache web server, which will be used for the University. One of the most important
functions of a server operating system is sharing resources between users. A file server is a
computer used specifically for centralized file storage with the ability to share the files between
computers and other devices on the network. A print server is a computer utilized specifically
for sharing printers on the network. The sole purpose of a print server is to collect the files and
documents sent to a printer by a user on the network, send the document to a printer on the
network at which point the printer would print it out. [2]
B.) Additional Servers or Network Devices
In addition to email, internet access, file and print servers, UMUC will also require a
directory service, a Domain Controller and DHCP server. A directory service stores user and
computer profiles and access privileges on the domain controller (DC). It can be used to
authenticate and authorize users to allow secure access to internet services and applications. [3]
The Microsoft Active Directory Domain Services (ADDS) is included in the Windows Server
2016 software and will be utilized for the UMUC network. ADDS is installed on a domain
controller, which authenticates users and controls access in a network, enforces security policies
and installs and updates software for all computers on the network. [4] A separate server will be
needed for the Domain Controller (DC). Once the IP address is configured on the DC, DNS will
need to be configured. Upon completion of the DC and DNS, the DHCP should be set-up and
the scopes configured. [5]
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
The DHCP (Dynamic Host Configuration Protocol) server automatically provides TCP/IP
settings, such as IP address, subnet mask, default gateway, and DNS server to each computer or
device on the network. It also keeps track of all the IP addresses already in use on the network to
avoid two clients getting the same IP address. [2] The DHCP server is included in the Microsoft
Windows Server 2016 software and will be utilized for the UMUC network.
C.) Security Measures
Security measures start with the user. User accounts are granted access to certain
network resources by the system administrator and they are secured using a password.
Therefore, making sure those user accounts have excellent passwords by implementing a
password policy is top priority when maintaining network security. [2]. A one-factor
authentication method requiring a username and password as well as a log-in pass phrase would
be sufficient for students logging into the network. Faculty will require a two-factor
authentication type: type 1 and a type 2 identification process. Type 1 requires the user to provide
a password or a pass phrase or cognitive information such as mother’s maiden name and the city
in which you were born. Faculty members will be required to enter a password to log onto the
network just like the students. Additionally, they will be required to use a type 2 form of
authentication such as an access card to enter the building during “off” hours which are 8pm
through 8am and to enter their office. [1]. The password will need to be strong, which will
require enforcement of strict password guidelines. Each user should create a password containing
8-12 upper and lowercase letters, at least one number and one symbol. Passwords will need to be
changed every 90 days and a user cannot use the same password twice within a year.
In addition to strong authentication a vulnerability scanner needs to be purchased and
implemented on the network, which will be ran by the network administrator on a weekly basis.
A vulnerability scan will look for weaknesses such as open ports, active IP addresses, running
applications or services, missing critical patches across all platforms, user accounts that have not
been disabled, default or blank passwords, misconfigurations and missing security controls.
Since all the computers run on the Microsoft Windows operating system, the Microsoft Baseline
Security Analyzer (MBSA) will be downloaded. [1]
SSH (Secure Shell) Protocol is software that enables secure system administration
and file transfers over insecure networks. Encryption of all user authentications, commands,
output and file transfers is used to secure the connection between a client and a server and to
prevent attacks on the network. Tectia SSH for Windows OP client and server is an enterprise
grade SSH and will be implemented on the network. It protects organizations against internal and
external attacks on user identities, password or login credential theft and data theft and allows
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
automated secure processes for remote command execution and file transfer. In addition to the
Tectia SSH, the Universal SSH key manager is required to manage the SSH keys and implement
a controlled provisioning process, termination process and assists in the discovery and
remediation of existing keys. The Universal SSH key manager is required to maintain
government mandated compliance with PCI-DSS, Sarbanes-Oxley, HIPAA and FISMA/NIST
800-53. [6]
D.) Justification for Additional Servers and security measures
ADDS on the Domain Controller is a necessity for a college campus like UMUC
primarily due to the security measures it provides. An administrator alone would not be able to
keep track of every employee and their access rights and every student as well as every guest
device. The domain controller works as an invisible administrator for all end users on the
network, providing or denying access resourced on the network. These resources include
everything from email, the Learning Management System
A DHCP server automatically configures the IP address for every device on the network
which ensures a valid, unique IP address for each and every device. DHCP also automatically
configures devices as they are added and dropped from the network which is a big help to a
network administrator. Configuring IP addresses statically would be a mistake for any network
larger than a few devices. Since the UMUC network contains over 100 devices, a DHCP server
is the best option to prevent connectivity issues and troubleshooting issues. [2]
A DNS server maps the logical name to its IP address. It is a necessity on a network with
internet access because it translates the IP address into the URL and vice versa. [1] Users on a
network are not going to remember an IP address but they will remember a website name like
www.UMUC.edu. Also, maintaining two DNS servers on a network provides a back-up in case
the primary fails. If one DNS server is configured through the Microsoft Windows Server 2016
software and the other is configured through the router, it could prevent possible connectivity
issues on the network.
A vulnerability scanner is required because it helps to maintain a network and its devices
without having to employ an entire IT department. Being able to run a scan periodically to check
for any vulnerabilities on the network is simple and cost-effective when compared to paying
additional salaries and benefits.
SSH software and key management is required to secure the Universities network using
encryption known as Public Key Cryptography (PKI), and uses an authentication mechanism
requiring users to authenticate before they are able to transmit data over the transmission
channels within the UMUC network. This prevents unauthorized users from accessing data on
the network. [1]
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
E.) Network Storage and Cloud Based Services
A network attached storage (NAS) device will be used for additional file storage on the
network. The NAS will be placed directly to the network through a switch using a wired
interface. The NAS provides better performance because its sole purpose is file storage. The
NAS is a viable option because it can be integrated into an existing network and the active
directory. This prevents IT from having to configure duplicate accounts for each user as they will
authenticate to the NAS. [1] The NAS will be primarily used by faculty and administration. The
switch connecting the NAS will maintain two separate VLANs, one for professors and one for
administrators. This will prevent professors from accessing protected information such as
financial data, social security numbers, etc.
The NETGEAR ReadyNAS RN628X Ultimate Performance 10GbE 4-bay Diskless
Network Attached Storage will be implemented onto the network. It provides 80TB of storage
with a maximum of 130TB with expansion bays. It features a 2.2 GHz Intel Xeon quad-core
processor and 8GB of DDR4 RAM. It offers 5 levels of data protection including built-in anti-
virus and incremental backup copies. It also includes Gigabit and 10 Gigabit Ethernet ports, as
well as USB 3.0. It is also VMWare vSphere ESXi 6.0 certified and is priced at approximately
$2000. [10]
A private cloud will be implemented for the students and faculty at UMUC. A private
cloud provides flexibility of access, ease of use and allows users to provision their own
resources. [1] The private cloud will house the Learning Management System to be used by both
faculty and students. Amazon Web Services (AWS) provides hybrid cloud computing to connect
infrastructure and applications between cloud based computing and existing on premises
infrastructure. UMUC will implement platform as a service (PaaS) cloud computing to provide
users with the Learning Management System while not having to worry about software
maintenance, capacity planning or patching. [7] The monthly average cost of a large web
application on Amazon Cloud services is $1000.
F.) Data Protection and Back-up Implementation
Data protection is the process of safeguarding information from corruption, compromise
or loss through operational backup of data. Data protection also includes business continuity/
disaster recovery which ensures the recovery of data quickly after a loss. There are two main
areas of data management: Data Lifecycle Management and Information Lifecycle Management.
Data lifecycle management automatically moves critical data from online to offline storage.
Information lifecycle management is a strategy for valuing, cataloging and protecting
information assets from application and user errors, malware and virus attacks, machine failure,
or facility outages and disruptions.
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
Continuous Data Protection (CDP) is a form of data replication that backs up data as
changes are made. With CDP, a system or network can be restored to any previous point in time
which is extremely useful after corruption or data loss. A true CDP systems records every
change and stores it in a log. If a physical system failure occurs, the CDP system will keep all
changes up to the last write before failure, then you can restore the system prior to any
corruption. CDP can be implemented via software running on a server or as a hardware
appliance. For UMUC, the software option that will be implemented is the Dell EMC Data
Protection Suite Enterprise Edition. The software will be placed on a server and the data will be
stored in separate locations: the cloud and on a physical storage device or server. The software
will be accessible to all faculty, students and administrators connected to the UMUC network. [8]
The Dell EMC Data Protection Suite Enterprise Edition will cost approximately $13,500.
G.) Network Monitoring Solution
Network monitoring is a service conducted by software in conjunction with the network
administrator and/or an IT department to constantly monitor a network for possible outages or
failures. A network monitoring system is implemented to ensure the availability and
performance of all devices and components on the network by implementing software to search
for inconsistencies and connectivity issues. Logic Monitor automated network monitor will be
implemented for network monitoring. It is rated one of the best network monitoring softwares of
2018. It automatically discovers all network devices and interfaces, monitors CPU, memory,
temperature, fan and other hardware, monitors PoE loads, wireless access points and interface
metrics. Monitoring a network is critical because it detects, monitors and analyzes the network
while examining applications and devices in real time which allows IT to respond quickly. [9]
A packet sniffer can also be used on the system to capture data being transmitted on a
device or over a network. Once all the data is captured, the packet sniffer holds the data until it
can be analyzed. A packet sniffer is useful to see what is on the device or network and exactly
what is being sent to the device. This is a useful tool because it can help prevent attacks to a
specific device on the network. Once it is determined the device should not be receiving a
certain type of traffic, steps can be taken to remove that device from the network. [1] Paessler’s
packet sniffer sensor tool PRTG will be implemented on the network to monitor total traffic, port
sniffer, web traffic (HTTP, HTTPS), mail traffic (IMAP, POP3, SMTP), file transfer traffic (FTP,
P2P), infrastructure traffic (DHCP, DNS, ICMP, SNMP), and Remote control (RDP, SSH, VNC).
It is an all-in-one packet sniffing tool that filters according to IP addresses, protocols and types of
data. The XL1 unlimited license will be purchased at a one time price of $16,900. Each year the
software maintenance fee will be renewed at 25% of the current list price of the original license.
[11]
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
H.) Storage and Management of Logs
System logs are extremely important because they provide a snapshot of all the events
that occurred on the system. The log entries are generated by the operating system and any other
applications running on the system. A log entry could be caused by a variety of events including,
failed login attempts or a change to the system. Each log is created and stored on each device on
the network. Implementing centralized logging is the best way to review what’s happening on
the system because all the logging files from all devices on the network end up in a centralized
device, most often the logging server also known as the Syslog server. [1] Since Windows
servers do not contain a version of syslog process, Datagram SyslogServer Suite will be
downloaded onto the Windows 2016 server. Once all the logs are on the server, a log file
analyzer such as Datagram Syslog agent will be used to create a system wide analysis and store
the logs in a SQL database through the Amazon Rational Database Service (RDS) on the
Amazon cloud previously implemented. The IT administrator will then review the analysis and
make corrections and changes accordingly. Datagram Syslog Server Suite edition will cost
approximately $900 for 5000 IP addresses. [12]
I.) IT Troubleshooting Methodology
The troubleshooting methodology that will be used by IT personnel at UMUC is as
follows:
• Identify the problem by making a list of the symptoms and identifying who is
experiencing those symptoms. Check for changes that occurred prior to the start of the
symptoms then try to duplicate the problem.
• Establish a theory of probable cause by analyzing the symptoms and determining the
most likely cause. Keep in mind the flow of data through the OSI model. Check for the
most common issues with the list of symptoms reported first.
• Test the theory. If the theory is proven, take the appropriate steps to research fixes to
the problem. If the theory is not proven, start the process over again or escalate the
issue to a supervisor.
• If the theory proven and a resolution found, complete a plan of action.
• After the action plan is complete, implement the solution and a series of tests to
determine if the action plan worked.
• Finally, complete a standard operating procedure guide for this problem in the future
containing any preventative measures. [1]
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324
References
[1] TestOut Network Pro. Pleasant Grove, Utah: LabSim, 2018.
[2] D. Lowe, Networking for dummies. .
[3] "Chapter 2 Introduction to Directory Services and Directory Server", Docs.oracle.com.
[Online]. Available: https://docs.oracle.com/cd/E19396-01/817-7619/intro.html.
[4] "Active Directory Collection: Active Directory", Technet.microsoft.com, 2014. [Online].
Available: https://technet.microsoft.com/en-us/library/cc780036(WS.
10).aspx#w2k3tr_ad_over_qbjd.
[5] "Configure DHCP Server in Windows Server 2016 Step By Step", ProTechGurus, 2016.
[Online]. Available: https://protechgurus.com/configure-dhcp-server-in-windows-
server-2016/.
[6] "SSH (Secure Shell) Home Page | SSH.COM", Ssh.com, 2017. [Online]. Available: https://
www.ssh.com/ssh/.
[7] "Types of Cloud Computing", Amazon Web Services, Inc.. [Online]. Available: https://
aws.amazon.com/types-of-cloud-computing/.
[8] S. Peterson and K. Hefner, "What is data protection?", TechTarget.com. [Online]. Available:
http://searchdatabackup.techtarget.com/definition/data-protection.
[9] P. Ferrill, "The Best Network Monitoring Software of 2018", PCMAG, 2017. [Online].
Available: https://www.pcmag.com/article2/0,2817,2495263,00.asp.
[10] S. Aslam, "The 12 Best NAS (Network Attached Storage) to Buy in 2018",
Omnicoreagency.com, 2018. [Online]. Available: https://www.omnicoreagency.com/best-
nas-network-attached-storage/.
[11] "PRTG Price List - Overview, Licenses, Prices", Paessler.com. [Online]. Available: https://
www.paessler.com/prtg/price_list.
[12] "Datagram Syslogserver Suite Review", Network Admin Tools, 2016. [Online]. Available:
https://www.netadmintools.com/syslog-server/datagram/.
Downloaded by Davidjh15 ([email protected])
lOMoARcPSD|3241324