DISCUSSION ON THE PROPOSED DESIGN
In this design, quad wan SSL VPN firewall will be used and placed at the main office as a perimeter firewall, the firewall will be connected to two layer 3 switches, which will act as a distribution point of the network, another three layer 2 manageable switches will replace the existing switches as the access layer.
All the servers will be positioned at a single access switch forming the sever-farm, there will be redundant connections linking both the distribution switches and the servers; this option is selected in order to unify the servers’ connectivity, as well as to eliminate the number of hops connecting workstations and servers, while offering redundant route to the servers.
The communication between different VLANs will be controlled by the Layer 3 switches. In order to increase redundancy and bandwidth to the servers’ dual up link cables will be used between the switches.
A new demilitarized zone (DMZ) will be introduced, this will separate the sever access for services that can be accessible from external users, while still limiting access to internal services to external users. The selected design diagram is represented in figure 5.1.
Internet telephony (VOIP) network will be incorporated into the new design instead of the way it exists now.
5.2.1 SCALABILITY
The design provides an easier manner of adding new workstations, switches, IP phones, applications and services to the network without affecting the network design, to add a workstations to the network, in the proposed design it only requires to add the workstation to the correct access switch in the right VLAN port for that workstation to be operational in that section. The switches recommended in collapsed core will ...
... middle of paper ...
... VLANs for visitors and network management was introduced, the VLAN for visitors will only give access to the Internet for all visitors and limit access to the server and internal network, therefore increasing security in the network. The management VLAN will be used to control all the switches and network devices hence allow these devices to be managed remotely.
Therefore the final outlook of the virtual network is as described in table 5.1
The native VLAN will be left as VLAN 1, though the management VLAN will changed to VLAN 90, the reason for this change is because leaving VLAN 1 for remote access and management functions can lead to security risks. In order to avoid unwanted devices connecting to the network all unused ports in the switches will be placed into a VLAN 199, which is a black hole, where no access no IP addressing will be assigned to this VLAN.
Business ventures can benefit from virtual firewalls to protect access and data at lower costs than traditional methods. It is also beneficial to have an experienced security professional who is aware of your security needs. Virtual security involves the use of advanced controls such as a virtual switch to protect against malicious attacks coming from unverified sources. Applications are isolated to make them untouchable by malware, viruses and even applications that may stop execution (Marshall, 2011).
The networks are split into two groups. There is a Production network and a Development network. Each of these networks resides on their own separate sub network. The reason for splitting the networks into two is to prevent network overload and slowdowns that would otherwise affect other departments within MKS such as Customer Service or Accounting. The production network involves non-development tasks such as the customer service database, email, the order entry and accounting systems. The development network involves all areas relating to product development. This network covers the server that stores base code, the development system, development tools, software libraries and software builds.
The Unistep IRP Elexol EtherIO 24 Module is a network board that is integrated with features that allow multiple devices over the same network to communicate. This microcontroller was designed to be implemented as an addition to a larger network system; the multiple features and capabilities allow for various industrial and home applications. Ethernet is very common and used in most networks, which makes the IRP a great candidate for networking problems both at home and in the work field.
The networking architecture used to support communication is comprised of hardware, software, connectivity and communication protocols. In an effort to enhance networking communications, St. Luke’s Health Care System improved the reliability of the LAN (Local Area Network) by upgrading hardware and implementing advanced software. St. Luke’s would greatly benefit from the use of VLAN (Virtual Local Area Network) configurations to optimize networking communications. A VLAN is a function of a layer 2 networking switch that allows a single LAN to be separated into logical or segregated LANs. A typical VLAN configuration efficiencies by allowing specified physical network ports on a switch to directly communicate with network ports on the same switch. A VLAN has the ability to configure network traffic rules that restrict communication between network devices that support similar functions or departments. The configuration and isolation of network traffic optimizes bandwidth performance, as well as provide a layer of security that is critical in a healthcare setting. Further enhancements of the networking infrastructure can be done by expanding VLAN’s across floors or buildings using layer 3 switches to reduce congestion. Another approach to network optimization that may benefit St. Luke’s is to logically separate the network architecture into many VLANs according to their network
The system chosen to replace the legacy PBX switching system will be the NEC’s NEAX 2000 IPS. The headquarters of ACME Electronics is spread between four buildings. The NEC NEAX 2000 IPS supports distributed processor architecture. This means that the processing requirements of the system are shared between more than processor. This allows for faster response times and redundant operation. If one processor fails, the other can take over. Two of the four buildings are equipped with 1 Pentium 200 MHz Processor dedicated to the inter-communications system.
Berean¡¦s existing network infrastructure is wire line, and uses a T1. Remote users access the network through a dial-up modem pool. Berean¡¦s wire line network model severely limits the accessibility and effectiveness of the Berean network. For example, employees in Berean facilities are unable to access the network easily from meetings, the cafeteria, or anywhere other than their offices. In addition, the effectiveness of remote users is limited by the slow speed of present-day dial-up modem connections.
Virtual Private Network presents some advantages over the traditional network technologies. VPN offers direct cost savings over leased lines or long-distance calls for remote access, savings resulting from reduced training requirements and equipment, increased flexibility, scalability, and security. The main advantage of VPN is the cost savings of Internet VPN when compared to networks built using conventional leased lines. Leased lines include tariffs that have an installation fee, a fixed monthly cost, and a mileage charge. The cost to an organization of traditional leased lines may be reasonable at first but can increase exponentially as the organization grows. As an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. VPN that utilizes the Internet avoids this problem by simply tapping into the geographically distributed access already available. Another way VPN reduces costs is by reducing the need for long-distance telephone charges for remote access. Instead of having the offsite team of a company dial into the corporate modem bank via long distance lines, the company’s VPN allows them to simply place local calls to the ISP’s POP in order to connect to the corporate network.
This proposal is for a small office that will have users who are connected by Wi-Fi or cable. The network will include devices and resources that is shared among all the users. The network will need to have security measures in place to protect the entire network and keep the wireless access secure and available only to employees of the company.
We recommend the use of VPN for remote access to DEM intranet for all authorized users. No remote access to DEM intranet should be provided to anyone not using a VPN.
This service will soon be further enhanced by picture messaging libraries, video clips and video telephony (seeing the person you're calling) and improving download speeds. Another service is the Vodafone Mobile Connect Card, which enables customers to access their normal business applications on a laptop when out of the office. Such services add value to the product, and high profile effective promotion will help sell these services to existing and new customers.
The AMS Telecommunications department is as thin as they can possibly get away with. There are less than one hundred employees within the four walls of the company. Externally there are less than ten that need access to the internal system. Until recently, there was no IT department. The new IT division consists of one individual. Mainly, the equipment that needs to be attached to this system is an assortment of “antiques and hot rods” as they say. Some of the PC’s actually attached to the system are even using Windows 95 and the Microsoft Office equivalents.
When designing the layout of a LAN, the party can choose from a selection of different technologies on which to base the main part of their LAN. The technology choices that the party adopts will be a critical part in the way their LAN performs. Two important LAN setups are a network based on Ethernet or Token Ring technology. Besides operating in a small space, LANs have some other distinctive features. LANs are typically owned, controlled, and managed by a single person or organization.
Local Area Networks also called LANs have been a major player in industrialization of computers. In the past 20 or so years the worlds industry has be invaded with new computer technology. It has made such an impact on the way we do business that it has become essential with an ever-growing need for improvement. LANs give an employer the ability to share information between computers with a simple relatively inexpensive system of network cards and software. It also lets the user or users share hardware such as Printers and scanners. The speed of access between the computers is lighting fast because the data has a short distance to cover. In most cases a LAN only occupies one or a group of buildings located next to each other. For larger area need there are several other types of networks such as the Internet.
ABSTRACT : This paper describes the basic threats to the network security and the basic issues of interest in designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers. INTRODUCTION
Making a telephone call no longer should conjure up visions of operators connecting cables by hand or even of electrical signals causing relays to click into place and effect connections during dialing. The telephone system now is just a multilevel computer network with software switches in the network nodes to route calls get through much more quickly and reliably than they did in the past. A disadvantage is the potential for dramatic and widespread failures; for as has happened.