Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Senior Seminar(Networking Update)


Published on

In the senior Seminar class at Monroe College we are required to simulate an actual business and perform a project that encompasses all of the work we covered in the degree. We needed to create a network, a website, a MIS (information system), a database and manage the entire project using our project management skills. This was my segment.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Senior Seminar(Networking Update)

  1. 1. The Networking Section Issa Baisden Senior Seminar For Professor Kmir
  2. 2. Networking Hardware Router Cisco Systems Cisco 1811 Integrated Services Router Price: $763.99 Required Number: 1 Total Cost: $799.00 The 1800 series of Cisco routers integrated services routers intelligently embed data, security, and wireless technology into a single, resilient system for fast, secure, scalable delivery of mission-critical business applications. The Cisco 1811 routers are focused on Ethernet access and are designed to be offered as customer premises equipment (CPE) in Metro Ethernet deployments. Because of their high-speed performance and dual Fast Ethernet WAN ports, they can support the high-bandwidth demands of Metro Ethernet and provide failover protection and load balancing if desired. This is the best selection for the purposes of the plan. It provides a built in firewall, Cisco IOS Advanced IP services, Hardware encryption, load balancing, Stateful Packet Inspection and VLAN support. It would also be wise to go along with this router from Cisco Systems because most of the other hardware that we will be using for switching and other networking services makes use of Cisco technology as well. Integration will therefore be maximized, minimizing the compatibility issues that may be faced by other manufacturers.
  3. 3. Switches Cisco Catalyst 3560-24PS Ethernet Switch Price: $772 Required number: 4 Total Cost: $3,088 The four switches that will be used will help to analyze network traffic and maximize on the The Cisco Catalyst 3560 Series is a line of fixed-configuration, enterprise-class switches that include IEEE 802.3af and Cisco pre-standard Power over Ethernet (PoE) functionality in Fast Ethernet and Gigabit Ethernet configurations. These are ideal access layer switches for small enterprise LAN access or branch-office environments. Combining both 10/100/1000 and PoE configurations for maximum productivity and investment protection, they help you deploy new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks. You can maintain the simplicity of traditional LAN switching and still deploy network wide intelligent services such as: Advanced quality of service (QoS) • Rate limiting • Access control lists (ACLs) • Multicast management • High-performance IP routing •
  4. 4. Simplify Network Management Available for the Catalyst 3560 Series, the Cisco Network Assistant is a centralized management application for switches, routers, and wireless access points. Free of charge, the application provides configuration wizards that greatly simplify the implementation of converged networks and intelligent network services. Configurations: Cisco Catalyst 3560-8PC • 8 Ethernet 10/100 ports with PoE and 1 dual purpose 10/100/1000 and small form-factor pluggable (SFP) port; compact form-factor with no fan Cisco Catalyst 3560-24TS • 24 Ethernet 10/100 ports and 2 SFP ports Cisco Catalyst 3560-48TS • 48 Ethernet 10/100 ports and 4 SFP ports Cisco Catalyst 3560-24PS • 24 Ethernet 10/100 ports with PoE and 2 SFP ports Cisco Catalyst 3560-48PS • 48 Ethernet 10/100 ports with PoE and 4 SFP ports Cisco Catalyst 3560G-24TS • 24 Ethernet 10/100/1000 ports and 4 SFP ports Cisco Catalyst 3560G-48TS • 48 Ethernet 10/100/1000 ports and 4 SFP ports Cisco Catalyst 3560G-24PS • 24 Ethernet 10/100/1000 ports with PoE and 4 SFP ports Cisco Catalyst 3560G-48PS • 48 Ethernet 10/100/1000 ports with PoE and 4 SFP ports The Cisco Catalyst 3560 is available with either the IP Base or IP Services software images and can be upgraded to the Advanced IP Services software image. The IP Base software (formerly called the Standard Multilayer Image or SMI) includes advanced QoS, rate-limiting, ACLs, and basic routing and IPv6 functionality. The IP Services software (formerly called the Enhanced Multilayer Image or EMI) provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR). The Advanced IP Services software includes IPv6 routing and IPv6 ACL support.
  5. 5. Firewall Cisco ASA 5505 Firewall Edition Bundle Price: $377.09 Quantity: 1 Total: $390.00 The Cisco ASA 5505 Firewall will provide us with an additional layer of security. It will guard against hacker attacks as well as aid in ensuring that the system stays up and running. It provides a proactive threat defense mechanism that stops attacks before they spread throughout the network. This intrusion alert system will aid significantly in increasing the capacity of the security team. The Cisco ASA 5505 Firewall can also control network activity and application traffic. These tools make this firewall the best choice for Kelar systems in protecting its data from outside attacks. Alert System Cisco Security IntelliShield Alert Manager Service Price: $0.88 Quantity: 1 year subscription Total: $0.88 The Cisco Security IntelliSheild Alert Management Service is a customizable, Web-based threat and vulnerability alert service that allows security staff to easily access timely, accurate, and credible information about vulnerabilities that may affect their environments - without time- consuming research.
  6. 6. Personal computers The dell Optiplex 775 Price: $443 Required Number: 10 Total: $4,430 The dell Optiplex 775 will be used business wide to be able to cater for all of the needs of the organization. Usually for any more than ten computers dell offers a business package deal. It has been the choice for small businesses for a couple of months and is expected to be one of the better choices for some time to come. This package also includes an already installed version of Windows XP Service Pack 4 which significantly reduces the cost of the personal system. Pc will be ideal because it can be used for all of the departments. It is cheap for the performance that it offers. Printer Brother HL-5250DNT Laser Printer Price: $276.28 Quantity: 3 Total: $870.75 The network printer of choice for this environment will be the Brother HL5205 DNT laser Printer. It will provide adequate printing capacities for the volume of work that it will manage and is easy to install.
  7. 7. Networking cable Cat 5 e 1,000 ft box Price:$129.99 Quantity: 1 Total Price: $135.00 Cat 5 e is the best standard to use because of the environment that we will be using for the installation of the system. 1000 feet will be able to cover the length of the entire system. Jacks Cat. 5E RJ-45 Modular Plug Price: $33.24 Quantity: 2 packs of 100. Total Price: $66.48 The jacks that will be used are the Cat. 5E RJ-45 Modular Plug. To cover the entire expanse of the network 200 should be purchased to cater for mistakes.
  8. 8. Server IBM Blade Center S Price: $4,499 Required Number: 1 Total: $4,499  Can replace up to 6 servers  Can use virtual servers  Security and built in redundancy  Has dust filter  Standard office power  Simple Maintenance  Up to over 7 terabytes compatible storage The IBM Blade Center S will take care of all of the server needs for the company. It will also be able to perform the roles of all of the server, storage and services required by the business. This would save a lot of time, energy, space and would increase efficiency of the system. The Blade Center is a perfect platform for further development and will continue to serve Kelar Systems for years to come. This system has also proven to be one of the most fault-tolerant on the market as blades can easily be replaced and the hot swappable drives inserted easily. A tape back-up system will also be used to ensure that data will always be secured.
  9. 9. Software Divisions 1. Accounting 2. Development 3. Marketing Needs 1. Accounting The accounting department registers every financial transaction that takes place within the organization. Thus, they require a type of software that will be able to take inventory as well as give quotes for specialist services. We have chosen Everest Advanced Edition Version 4.0 for the accounting department because three of the employees are trained to use the software already and our Accounting specialist has highly recommended it. Additionally, reviews of the software found online were especially favorably. 2. Development The development division will be using a whole host of different programs to aid in its daily routine. Since they will be the division dealing with the aspects of I.T. management and assessment for other companies, they will need programs that deal with technicians, database development, web site development, project management and networking. The Networking team will use Packet tracer to give a basic design of the networking for customers and give a visual aid of how the network infrastructure will look. Since Packet tracer is a free -software it is easy to acquire and it gives a wide range of services that are used to give an accurate description of how a network will perform.
  10. 10. The web design team will use Dreamweaver and Adobe flash as well as an online programming tool called. These are the two most commonly used types of software for website development and should be good enough for the initialization of the project. If new software is required it will need to be purchased at a later date. The Project Management team will be using a combination of Microsoft Project and Can Plan (a web- based project management tool) to plan the projects that they will be doing. To plan some of the projects Kelar Systems can use Can Plan as it provides a means to communicate with employees no matter where they are. This allows the company to utilize employees on a contract basis that work for other companies and seek their expert help in matters that permanent employees that are not specialized in. The database team will be using a combination of Oracle and Microsoft access to do their database programming. Depending upon the needs of the organization that they will be servicing, different software will be required. However, if software is required it will need to be acquired by another means.
  11. 11. The Technicians will require basic technicians’ tools and software. This includes Windows Vista Home Premium, Windows XP and other pieces of software (freeware) which are used to do tasks like data recovery and other mandatory tasks for a business of this size. To save money AVG antivirus version 7.5 which is completely free will be used as a virus protection scheme initially. 3. Marketing The Marketing Division of Kelar Systems will be responsible for the running of the advertisements and the coordination of the actual website. It was recommended that website development personnel be hired to maintain the website so that updates can be posted easily. In order to make commercials, the marketing division will require a team to create them using Macromedia. These software components will be purchased by the staff at Kelar systems. Server Software Microsoft Windows Small Business Server (SBS) 2003 R2 Price: $ 599.00 Required number: 1 Total Cost: $599.00
  12. 12. This software would be able to cater for all of the needs of the business including the future expansion of its business. Fault tolerance An IDS or an Intrusion Detection System is a system designed to detect an attack from either outside or inside an organization. It recognizes harmful processes or processes that are not authenticated. There are many different types of IDS’s that exist. The passive System The passive system recognizes when there is an attack on a system or a threat or breach. It then logs it and sends an alert to a console or the owner. The reactive system The reactive IDS referred to as an IPS or an Intrusion Prevention System responds to an actual attack or perceived attack by severing the connection or reprogramming the firewall to block traffic from a suspected source. The following are other types of detection systems that exist: A network intrusion detection system is an independent unit which identifies intrusions • by examining network traffic and monitoring multiple hosts. Network Intrusion Detection Systems (NIDS) gain access to network traffic by connecting to a hub, network switch (configured for port mirroring), or network tap. A protocol-based intrusion detection system is made up of some sort of mechanism that • would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). An application protocol-based intrusion detection system is made up of a system or • agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. A host-based intrusion detection system consists of an agent on a host which identifies • intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. A hybrid intrusion detection system combines two or more approaches. Host agent data • is combined with network information to form a complete network able to handle all of the challenges presented in a working environment. I would definitely choose a hybrid detection system made up of a reactive system and an application protocol-based intrusion detection system. This is because it would allow for all the security of a protocol- based detection system and the high maneuverability and added level of
  13. 13. security an IDS would provide. It would also cost less to buy software that can run on a server than to buy one on every PC. It also wouldn’t slow down the network traffic like a network intrusion detection system or a protocol- based detection system. System Price Security Time A network intrusion The hubs and switches Very secure because No impediments detection system and other network of added levels of devices add another security layer of cost and hence may become very substantial. A hybrid intrusion Uses the strengths of Uses the strengths of Uses the strengths of detection system one system to one system to one system to compliment the others compliment the others compliment the others weaknesses and make weaknesses and make weaknesses and make an even stronger an even stronger an even stronger system system system A host-based intrusion More expensive Protects server from Costs valuable time detection system because software has being attacked from and slows down to be installed on inside and outside. network traffic every computer An application Less expensive than Protects server from No impediments protocol-based putting software on all being attacked from intrusion detection PC’s but more inside and outside. system expensive than other systems A protocol-based Either a user PC or a Protects server from Costs valuable time intrusion detection server can be used for being attacked inside and slows down system this system hence for a and outside. network traffic smaller organization a user PC is cheaper. The passive System Cheaper than most Lowest level of No impediments systems security detects and alerts The reactive system More expensive but Highest level of Slower because it has worth the price for the security. Detects, to react to threats but functionality isolates and solves makes up for it threats or perceived threats A virtual server will be set up in order to act as a protocol- based intrusion detection system. It will also have a software based intrusion detection system that will aid in equipping the system with a high level of quality assurance.
  14. 14. The Physical Cisco Firewall and the software firewall on the Router are the composite parts of the Hybrid system that will manage and cater for intrusion. Networking concept The Physical firewall will look like the above system whereby the network is physically separate from the outside network. This firewall will be housed on the server. The Cisco firewall will act as the physical firewall, while the Cisco firewall on the router will act as a secondary buffer. The standalone firewall will block intrusions that the router can also perform. However, the physical router is not susceptible to many different attacks that can target the Cisco router. The dual system would enable the network management team to put together a comprehensive security
  15. 15. plan that can cater for a broad base of attacks. The entire visio presentation was made and the results are below: The network will be able to access the internet via the router which is protected by the firewall. The main switch will oversee the VLANs and the three servers. Although this may present a problem if the switch fails, the data on the switch has been backed up on the server so that if there is any problem it can be easily fixed. The three VLANs (Marketing, Development, and Management) are set up to provide different layers of access to the server and to the internet. They each comprise of a switch and a group of Pc’s and a network printer.
  16. 16. Protection Anti-virus: AVG antivirus Networking Edition Price: $159.99 Quantity: 5 licenses Total cost: $165.00 The AVG antivirus networking Edition would enable the business to manage its security and three servers in a comprehensive and efficient manner. The software boasts of many advantages such as: • Easy to use and manage • Protection for workstations and file servers • Centralized installation and configuration • Free support and service around the clock and across the globe • Protection against viruses, spyware, adware and hackers It may be best to use this software because the system is able to cater well for the small business needs and can cater for all of the security risks at the same time. It can protect all of the servers and workstations at the same time and therefore can guard the entire system.
  17. 17. Security Policy Only IT staff is allowed to access the server room which is physically locked. Only the IT staff should have access to cards which can be used to open the card reader lock which is used to lock the IT server room. The passwords to each server must also only be assigned to technicians that require them for maintaining and fixing the systems and the network. To be able to disable the Internet Access to the lunchroom on a certain subnet, the subnet can be removed from the access list. To ensure that the company’s physically, removable assets are protected, the policy of locking the computers with a lock and key system with IT having the master keys to the locks (3 or 4 copies). To ensure that the I.T. room is secured, the same card system that is used to lock the server room can be used to lock the I.T. room. To protect the Pc’s in the office, the use of the user accounts can be instituted. To do this the domain server will contain the passwords for all the computers except those in the lunchroom. The computers in the lunchroom are not on the domain. The other computers require a sign in on the domain. To track the websites can be used which would enable the tracking of websites for free. Free web site tracking is available but each page that is tracked must display a large (i.e. 400x60) banner advertisement. Free service Paid service Maximum pages tracked: No apparent limit No apparent limit Banner display: 400x60 advertisement No Limit on page views: No No Provides log file: Yes Yes This approach was seen to be redundant as the protocols and services provided by the Router and the switches enable the network traffic and websites visited to be tracked.
  18. 18. Labor Development teams (Mary Consulting) Although the members of the team all have their specialties, to complete the project we will need to draw upon the skills of all of the members. Project development Elizabeth, Mary, Josanne Web Site Giovani, Kelvyn, Issa Networking Kelvyn, Issa, Giovani Database Giovani, Kelvyn Maintainence (Kelar Systems) All of the normal day to day maintenance will be conducted by Kelar Systems. If there are any questions about the system or any training that is required, the members of the team that did this product (Mary Consulting) will be at hand to provide assistance. The owner is adamant that we will be paid for any of our services. Each employee of Mary Consulting is paid by time served. The employees will be paid an equal amount for the stages of production of the project. A standard fee of $20 an hour will be paid to the six employees of Mary Consulting. Architecture The Architecture was initially drafted in the manner that the Packet tracer file is set up in, however it was seen to be much too complicated and much simpler if it was done in visio. The arrangement will be distributed across the five rooms that the business owns. The initial site plan is as follows:
  19. 19. Lunch room Marketing Reception Management Help Desk Server Development Doors Computers Partition Fire Escape Waiting Area
  20. 20. The above chart is a network diagram of a proposed business. It gives a detailed site plan of what the network infrastructure should look like. Each room is clearly labeled and identified. The doors are also represented by diagonal lines as the legend indicates, as well as the other exits (fire escapes). The partitions and borders of each of the departments are also clearly depicted. The six rooms that are shown each have their own function. However, the waiting area, marked by the petition, is part of the reception area. There are twelve computers that will be used by various members of staff. These computers are spread out between the departments as shown above. The Reception area, Lunch Room, I.T. Department, Marketing Department, Help Desk, and Management all have their allotted number of computers. The Reception Area, Lunchroom and the Marketing Department all have one computer assigned to them, whereas the Management and Helpdesk areas are allotted two computers each. The I.T. Development Department houses a total of five user computers and a server. The team met and discussed how the plan could be better implemented and it was recommended that a second plan be drafted to better understand the structure. The networking manager and the security team recommended the following design:
  21. 21. Cost Item Cost Router 799.99 Switch 3,088 Firewall 390.00 Alert system 0.88 Cables 135.00 Jacks 66.48 Printers 870.75 Pc’s 4,430 Server 4,499 Microsoft Windows Small Business Server (SBS) 599.00 2003 R2 Labor To be inserted TOTAL $14,978.10