1. Shawn G. Rainbolt
December 14, 2014
Intro to LAN Technologies
(IT/240)
Raymond Schafer
University of Phoenix
2. Summary of Presentation
Company Needs
TCP/IP Plan
Physical LAN Topology
Logical LAN Topology
User & Work Group
Security & Data Protection
Failover Disaster Plan
3. Company Needs
Taylor & Sons Financial
Consulting is a medium-sized
company in 1 building (3 floors)
100 users
(10 read-only, 80 global, 10 universial)
10 applications
used by 80 employees
Local Area Network (LAN)
Firewall Protection
User and Group Access
Strong Security
4. TCP/IP LAN Plan
94 Client computers equipped with
Wireless Network Interface Card (NIC)
Physically located on 1st, 2nd, and 3rd floors
3 Server computers equipped with 3 Client
workstations
Wired Ethernet Network Interface Card (NIC)
Physically located in computer closet on 3rd floor
(preferably behind key-access doors)
7. User & Work Group
The 100 users would fall into one or more of these
groups in the active directory
Group A (Floor 1)
Group B (Floor 2)
Group C (Floor 3)
User Profiles would include:
Administrator, Account Operators, Backup Operators,
Guests, Print Operators, and Users
11. Failover Disaster Plan
Server Room behind key access area
Protect devices with surge protectors
Power conditioners, and UPS for servers
Utilize separate servers for email, payroll and client
files
Use RAID 5 data distribution scheme
Windows Server backup and recovery
Periodically, reevaluate wireless security methods
12. Mah, P. (December 4, 2013). 8 Tips to Protect Your Business’ Wireless Network.
Retrieved from: http://www.pcworld.com/article/2068442/8-tips-to-protect-your-
business-wireless-network.html
Mitchell, B. (2014). How Many Computers Can Share One Wi-Fi Network?
About.com. Retrieved from:
http://compnetworking.about.com/od/wirelessfaqs/f/howmanydevices.htm
Tomsho, G. (2011). Guide to Networking Essentials (6th edition) . Clifton Park, NY:
Course Technology, Cengage Learning.
Woligorski, D. (2011). LAN 102: Network Hardware and Assembly. Retrieved from:
http://www.tomshardware.com/reviews/local-area-network-gigabit-
ethernet,3035-7.html
Editor's Notes
Taylor & Sons Financial Consulting: Network Plan
Shawn G Rainbolt
December 14, 2014
Intro to LAN Technologies
IT/240
Raymond Schafer
University of Phoenix
Summary of Presentation: Company Needs, TCP/IP Plan, Physical LAN Topology, Logical Topology, User & Work Group, Security & Data Protection, and Disaster Plan.
(image credit: albanyaleproject.com)
Rainbolt Reloaded, LLC has been hired to set up a local area network with a firewall for a Microsoft Windows network at a medium-sized company. Taylor & Sons Financial Consulting. The network will have 100 users and 10 applications used extensively by 80 of the employees. Of these employees, 10 are clerks and should have read-only access to the databases generated by the applications. The owner is worried about security and wants a firewall installed. The company is physically located on the first three floors of one building. Rainbolt Reloaded is tasked with developing a local area network plan for Taylor & Sons Financial Consulting, including the layout of the network, user and group access, and security.
(image credit: www.youtube.com/watch?v=DCXOC9qCxCM)
Taylor & Sons network requires at least 100 users to access 10 applications; however, used extensively by 80 employees. A total of 100 users are required (at this time) to have access to the network. Of this number, Rainbolt Reloaded has derived 94 client computers, and 3 servers with 3 server-client workstations next to them (clustering servers is an option, as well). The client computers will run on the newest version of Windows operating system (OS) with wireless NIC installed in the PCI slot of each of the 94 computers. These 94 client computers can be accessed by any user with permissions to the Taylor & Sons network. Presumably, only 80 computers will be needed at any given time to handle the “extensive use” of company files; however, this will allow growth within the network. Three server computers with adjoining computer workstations will help manage network traffic from specific departments, such as: marketing, web site, and consumer files.
Servers and their client workstations should have a direct connection to the wireless routers. This provides a consistent connection even if part of the network goes down.
Wireless routers should be used throughout the three floors of the building (where they are placed will be outlined in the topology). The routers will serve as access points to the network and will provide higher Mbps rate that can support extensive use. According to Guide to Networking Essentials (Tomsho, 2011), these wireless access points can tolerate 11 Mbps to several hundred Mbps. Each user should enjoy at least 1 Mbps of bandwidth if at least 1 router has the capability of balancing 100 Mbps network load. Each wireless router can hold up to 255 connected devices but highly discouraged because there needs to be a way for the network to load balance (Mitchell, 2014). This is accomplished by providing multiple access points through out the building.
Using Wireless routers, and wireless NIC will afford the company the opportunity to move and reorganize the work floor, cubicles, or other user computers in any physical location on the three floors of the building. Sales representatives have a high employment turnover rate, so some computers or entire floor may go unused from time-to-time. The company will have an open canvas when needing to make computer location or network changes. Too, if a workstation goes down there will not be any need for new wiring if a cable becomes compromised.
As indicated in the physical topology of the Wireless Local Area Network (W-LAN), the three floors of Taylor & Sons will have computers equipped with an IEEE 802.11 based wireless NIC arranged in an extended star topology. When a user signs into his computer, they will be given access to the server files located on one of the servers in the server room. The centrally located wireless router on the floor (or room) is wired directly to the wired router in the server room. Beforehand, the administrator has grouped specific users and assigned them specific permissions within the network. Since, each floor will be equipped with a wireless router, each printer or fax machine will need Bluetooth capabilities. This will afford the opportunity for any device on the floor to connect point-to-point to print or fax documents. Wireless or Bluetooth have security benefits. If Taylor & Sons finds Bluetooth cumbersome then instead of this technology the printers or fax machines can be wired by Ethernet to the router.
Server computers should be equipped with at least an IEEE 802.3an based 10GBaseT Ethernet NIC. Basic Ethernet would “support a broad range of transmission speeds, from 10 Mbps to 10 Gbps” (Tomsho, 2011); however, 10GBaseT will support transmission speed up to 10 Gbps. Though Ethernet uses half-duplex mode and it first listens before transmitting data, the many server requests will go uninterrupted from the 100 users (up to 80, as previously deemed extensive). The cabling from server to router and router to wireless router should be at least Category 6A.
As indicated in the physical topology of the Wireless Local Area Network (W-LAN), the three floors of Taylor & Sons will have computers equipped with an IEEE 802.11 based wireless NIC arranged in an extended star topology. When a user signs into his computer, they will be given access to the server files located on one of the servers in the server room. The centrally located wireless router on the floor (or room) is wired directly to the wired router in the server room. Beforehand, the administrator has grouped specific users and assigned them specific permissions within the network. Since, each floor will be equipped with a wireless router, each printer or fax machine will need Bluetooth capabilities. This will afford the opportunity for any device on the floor to connect point-to-point to print or fax documents. Wireless or Bluetooth have security benefits. If Taylor & Sons finds Bluetooth cumbersome then instead of this technology the printers or fax machines can be wired by Ethernet to the router.
Server computers should be equipped with at least an IEEE 802.3an based 10GBaseT Ethernet NIC. Basic Ethernet would “support a broad range of transmission speeds, from 10 Mbps to 10 Gbps” (Tomsho, 2011); however, 10GBaseT will support transmission speed up to 10 Gbps. Though Ethernet uses half-duplex mode and it first listens before transmitting data, the many server requests will go uninterrupted from the 100 users (up to 80, as previously deemed extensive). The cabling from server to router and router to wireless router should be at least Category 6A.
Rainbolt Reloaded will set up user identities per groups they are assigned. For easy management, a total of three groups will be established to coincede with their assigned floor. As originator of these work groups, Rainbolt Reloaded will be assigned as administrator, permitting “complete control over the computer and domain” (Tomsho, 2011). Taylor & Sons head of the network will be set to account operator with permission to administer user and group accounts for all three floors (Groups A, B, and C). Heads of department will be set to “backup operator” for their “local” group, permitting to assign permissions to other users to resources within the group. The 80 users that “extensively use the network” should be granted read-write permissions by setting their scope to “universal” and type to “security.” Since, Taylor & Sons wants 10 users to have read-only permissions, their group type would be set to “distribution” and listed as a “guest user.” These 10 read-only users may be set to a specific group (A, B, or C) if necessary. Whatever group the users are assigned to it should be within a group they share the same interests or resources (for example: (Group A) The Smyth Family investors, but not (Group B) The Charles Barkley Foundation).
Managing User & Group Accounts in such a way will:
Provide a method for users to authenticate themselves to the network
Provide detailed information about a user (Tomsho, 2011)
Groups are assigned permissions and restrictions based on their position or duties with Taylor & Sons, such as:
Local – permission to resources (files) within a department, floor, or specific group
Sales Representatives
Agents
Basic users or Guest users
Global – permission to resources from multiple departments, floors, or multiple groups
Department Heads
Account Managers
Universal – permission to any resource with little or no restrictions to departments, floors, or groups
Chief Officers
Division Manager
Administrators
Total of 100 users (10 guest-user, 80 global, 10 universal)
(image credit: www.asunsoft.com)
Security and data protection starts with how and where the data is stored. The W-LAN topology demonstrated, in a simplistic way, that separate servers will add protection to stored data while allowing more access to others.
The use of wireless routers provide encryption protection. Depending on what hardware is used, the router may have the “capability to limit connections to the access point by using a list of authorized MAC numbers. It’s designed to limit access to authorized devices only” (Woligoroski, 2011). Due to the sensitive nature of the documents and Taylor & Sons’ request for special protection, Rainbolt Reloaded will change the default password of all wireless routers to include special characters such as “&” and “%.” The following Rainbolt Reloaded will also implement:
Change device default password
Use only WPA2 encryption
Use a complex passphrase (at least 25 distinct characters)
Not broadcast the SSID (Service Set Identification)
Disable WPS
Set up a guest network (use for employee and customer personal devices)
Filter out unauthorized MAC Addresses
Disallow admin access from wireless networks (Mah, 2013)
Repeat steps 1 & 7 every 90 days
Each workstation will have an active Windows Firewall program, and set to trust the computers within their department, department server, wireless router (located on closest to their computer) and department printer/fax only. The administrator’s computer will “trust” all computers on each floor and use the firewall program in DHCP capacity.
A licensed anti-virus and malware programs will be installed on all 100 computers and set to update each evening after hours.
The RAID 5 data distribution configuration and limit individual server computers. In fact, using the RAID configuration affords the opportunity to cluster servers, that is: combining 3 servers into 1 unit. RAID 5 will stripe and parity any file saved to hard drive D (for example). The stripes will be for quick reference and recall from any of the 100 users (extensively by the 80 employees). By using four hard drives RAID 5 will save redundantly on three drives with parity on all three. In the case of a failure, an arithmetic equation can determine which drive failed and could be pulled from the server’s slot and replaced immediately (without lose of data). Too, users will not have to memorize where their file is saved and on which drive. They would simply call for the file.
RAID 5 is also part of the disaster plan.
(image credit: macsales.com/raidcentral)
Disaster Plan for Taylor & Sons Financial Consulting would include:
Arrange floor plan to put the server room behind key access room or area.
This will make it difficult for unauthorized person to physically enter a restricted area and gain access to protected data.
Protect all plugged in devices by using surge protectors, power conditioners (for servers), and uninterrupted power supply.
Surge protectors will extend the life of plugged in devices (computers, printers, etc).
Power conditioners will further extend the life by absorbing power surges or leveling brownouts that can damage devices (such as servers).
Utilize separate servers for email, payroll, and client files (keeping access to private documents restricted).
This will further limit unintentionally or intentionally accessing parts of the computer or network that also stores sensitive documents.
Use RAID data distribution scheme.
Further protects the company from data loss due to hardware damage, theft, cyber attack, and reduces cost of maintenance.
Windows Server backup and recovery
Set periodic times, such as each day at 3:00 backup critical system data (on set volume drives).
Reevaluate wireless security methods, and keep anti-virus and malicious software updated.
Will keep methods of security up-to-date and disaster ready.