NP
Uploaded byNathan Pennington
DOCX, PDF453 views

Capstone Final Part

This document summarizes the network design for ABC Company which has nine offices across multiple countries. The network will use a mesh topology with redundant fiber connections between offices. Servers located in Tokyo, Paris, and Detroit will provide 24/7 connectivity. Each office will use star configurations with fiber connections to switches on each floor. Cisco routers, firewalls, and blade servers will provide routing and security. VOIP phone systems and Cisco WebEx will enable conferencing. The network aims to support file transfers within 20 seconds between workstations using 1Gbps connections where possible.

Embed presentation

Download to read offline
NSA CAPSTONE: FINAL PROJECT ITT TECH NSA Capstone Final Project Samuel Ott, Franklin Pieterse, Dustin Leecy, Jeannetta Walker, Jordan Marsh, Elvira Turner, Daniel Stephenson, Andrew Wilson, Filander Valladares,Christopher Miller 2/28/2016
NSA CAPSTONE: FINAL PROJECT Part 1 ABC Company has a total of nine offices. Four of the offices are sales and five are creation offices which will be developing of multimedia. All the offices are going to be able to connect to each other. The company servers in Tokyo, Paris and Detroit will maintain a 24/7 connectivity for the company WAN. For the topology of the company WAN will be in a mesh configuration. The separate offices will be designed into star configurations with switch communication. On all offices we will have fiber telco rooms in the basement and networking closets on each floor. These will have fiber to each floor switch and CAT6E cabling to each hardwired node on every floor. We will also have network routers and firewalls in the telco room for security. There will be individual switches per floor to help manage traffic and avoid latency. This will help keep traffic flowing smoothly and reduce bottlenecking of data flow. We will be using redundant fiber between all offices on leased lines. As described by Derek Rogers in his article “Leased lines are symmetric telecommunications lines that connect two different locations together. In the United Kingdom, lease lines are often referred to as Data Lines or Private Circuits. The United Kingdom does not use a telephone number for the data lines, however each of the sides of the line will be permanently connected to the other.”(Rogers, n.d). We will be carrying the maximum speeds available for each location, with no less than 100Mbps and hopefully a continuous 1Gbps where available. Due to the size of files that we need to transfer we will be able to maintain a response time that will not exceed 20 seconds between workstations. We will be using another form of redundancy by adding satellite connections where available and feasible. Using Satellite for all of our multicast needs will help
NSA CAPSTONE: FINAL PROJECT keep other traffic flowing smoothly and efficiently without compromising our overhead. We will be using ViaSat to host our satellite transmissions. As stated at ViaSat.com “ViaSat is the 1st to introduce “true 100 Gbps Ethernet encryption! Available today, our SEC-1170 single-port high- speed appliance also delivers the industry’s lowest latency, 3x less than competing Layer 2 or 3 encryption”. (ViaSat, n.d.). The star topology will be a very efficient means of keeping our offices up to date and expandable. When using a star topology it has a max of one thousand twenty four nodes. (Naik, 2015). We will be connecting them through our switches on every floor, to keep as few failure points as possible with the max expandability as we can. The switches will help keep data flowing only to required nodes to help keep collisions and bottlenecking to a minimum. We can also support either fiber or coaxial cable as needed with the proper switches. As stated before, we will have our telecommunication room separated from the rest of the building to keep security tighter in this area. Also, we will be expanding per floor needed with a network room. We will be running fiber to the building and to each floor. Then from each network room on the floor we will be expanding fiber or coaxial cable as needed. We will also want two printers per floor and a separate printer for human resources per office. These will also be connected per the switch. Each building will have available and secure wireless connections. We will be using the IEE802.11AD standard. “IEEE 802.11ad, on the other hand, this uses the much higher 60 GHz spectrum. This spectrum has even more room to pack different communication channels side by side. Consequently, it can deliver up 7 Gbps —but only for short distances. It’s easily obstructed by air, water and walls, and other limitations”. (Intel, pg. 5, para 1). With these we will need to take into consideration and plan accordingly as needed to ensure total coverage of our wireless network for each office. This will help keep us current and transmit speeds at a max even though
NSA CAPSTONE: FINAL PROJECT we might need to add extra access points to ensure that there are no low signal areas. We will also have this as a secured area of our business going through our firewalls to keep data theft and loss to a minimum. The sales offices in Washington, Indianapolis, Tampa and Liverpool we will be developing a telephone system with conferencing and speed dialing to any location in the company. Our first choice is to use VOIP phone system because it has the capability of handling multiple phones calls on multiple lines at one time but conferences setting up a Web Ex account would give the flexibility to also add a person using a mobile phone as well as in office instead of using Skype which has been shown to be unreliable a lot of the times. This is one reason using Web Ex would benefit multiple companies around the world “you can add specialized functionality for webinars, training, or remote technical support. You may need global online meetings with integrated audio that can be joined via tele-presence and multiple video systems. Or you might want personal video meeting rooms. Cisco WebEx products are all that.”(WebEx,2015) As far as the phone system VOIP phones are the up and coming technology used in most doctor offices and hospitals and for some small home business. Here is another reason VOIP would be our preferred choice. “All of the premise based VoIP Phone Systems we carry are easy to manage, feature-rich and offer uncompromised functionality, flexibility, cost savings as well as advanced features that substantially improve productivity. Choose from a wide variety of Premise based VoIP Phone Systems from the VoIP Industry's leading VoIP Phone System providers - and don't forget to ask about our configuration and financing offerings.” Using the latest technology will keep us up to date and it will also help our team members in other parts of the world use very simple and basic technology that is growing and expanding daily.
NSA CAPSTONE: FINAL PROJECT Part 2 As a business we will need to set up a network that is functional, reliable, and expandable. For this there was a lot of time and research to put into all aspects of the network. Especially, in the hardware that is needed to keep the business operational now and into the future. To achieve this, we have chosen what we determine to be the best options in what we can acquire to give all users the necessary tools that they will need to do the job required and keep the business secure and operational well into the future. For the server aspect of the business we will be deploying Cisco UCS 5100 Series Blade Server Chassis with Cisco UCS B260 M4 Blade Server blades. This allows us to expand workloads as needed and only have to worry about the cost of what we need without having to reorganize the system later. Should we need more servers it would be just a blade away. Cisco states that its UCS 5108 Blade Server Chassis is the first of its kind with a height of six rack units (6RU) it can mount in an industry-standard 19-inch rack, while using standard front-to- back cooling. The Cisco UCS 5108 Blade Server Chassis uses a revolutionary use of unified fabric and fabric-extender technology. Not only does that let the Cisco Unified Computing System to have fewer physical components, but it allows the systems network to be integrated with up to 20 chassis in a single management domain. This is great for scalability. It requires no independent management as the configuration and hardware management is integrated. Using a Java application known as a CLI it can manage up to 176 blades configuring the hardware and networks as needed, and be more energy efficient than traditional blade-server chassis. This
NSA CAPSTONE: FINAL PROJECT simplicity eliminates the need for dedicated chassis management and blade switches and reduces cabling. (Snyder, 2011) On the servers, our main operating system will be Windows Server 2012 R 2 while using Active Directory management roles. This will enable us to separate operations and keep the business compartmentalized between departments and help shape what is needed inside the company. With this we will also be using VMware to set up virtual servers to help suit individual departmental needs as they shall arise. This will include other operating systems and developmental software needed for project research and development. To connect our offices we will be using Cisco 2921 Router. The 2900 series has very fast internet and intelligent integration for market security. It has hardware for encryption, and a digital signal processor, with an optional firewall. It has many usefully features for security like intrusion prevention, and video capable digital signal processor. It even has voice mail and connections for T1/E1, XDSL, copper and fiber GE. This system has the ability to expand as it offers increased capacity and performance as the network and company grows. Our phones, security cameras and wireless will be using the Cisco Catalyst 3750-48-port 10/100Base-T. It is stackable so you can add more ports and units making it optimal for expansion. When stacked the units use a proprietary multi-pin connector. If creating a ring you will need to of these connectors. This device will automatically balance the load of two or more units and can support 32G bit/sec of throughput. It has full control, full duplex layer 3 switching, IP routing, DHCP support. (Bass, 2003) For our desktops and video conferencing we will be using the Cisco Catalyst 3560x-48t-l managed switch – 48 Ethernet ports on every floor. This switch is for an enterprise class, and is
NSA CAPSTONE: FINAL PROJECT good with security and energy. It is easy to operate and has innovative features; it can provide IP telephony, wireless and video for a great network experience. It boasts gigabit Ethernet speeds, and it has different speed ports for 10/100/1000. This particular one has VLAN capability. The performance has 160gbps. For the individual phone system we will use the Cisco Business Edition 6000 with our handhelds being CISCO - (CP-7962G-RF) UNIFIED IP PHONE 7962G VOIP phone for each desk in the office. The business desktops and laptops are going to need to be a mixture to suit what each department needs. All regular employees will get an Aspire ATC-705-UR58 from ACER. These will come with Windows 7 enterprise edition. We went with this machine because it will give the users the ability to look at and review multimedia that the company creates with its Intel HD 4600 graphics card. And be able to save it with the 1TB HDD. It also comes with 8GB of RAM which allows for multitasking. And it comes standard with USB 3.0 ports. (Tech, 2015) This will be an asset as to being a decent desktop capable of lasting all the while, giving our admins better controls over the individual user through use of software, security, and group settings. For our production and development departments we will be using Apple IMac in group rooms and workspace for the enhanced graphical design properties that are needed for our media content. These systems will be on an intranet with limited content sharing to keep strict regulations on our research and development. All our production and development members will also have an Apple MacBook Air. This will help transition ideas from IMac to their laptop for presentations without sacrificing visual or unsupported data. One other aspect to look at will be our firewalls, proxy servers, and VPN. We are going to use the enterprise hardware based firewall, the reasoning behind this is because the hardware is more robust and allows for better protection, this will accommodate us for larger
NSA CAPSTONE: FINAL PROJECT amounts of memory usage, installation is more difficult but protection and monitoring is better. Static random access memory refers to a secondary type of memory used in a computer or appliance, for our needs we will be using SRAM instead of DRAM because it does not need to be refreshed, and cycles through memory a lot faster. So with all these factors in mind and understanding how important a firewall is to a company, we have decided to go with the Cisco ASA 5555-X. Software is already installed on appliance and can accessed using a management device like a laptop. We will refer to this source for set-up and usage of this device found at (http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.html). Our company is going to utilize Wingate for our proxy server, which is a software version. The current version of Wingate is version 8.4. These proxy servers will share space on our servers in a virtual environment. This will allow us to utilize what proxy servers allow without having to install physical hardware thus saving cost on equipment and allow us to spend that on the software and management. This will also help when employees need to connect to the office from home for some unexpected work. Lastly, for our VPN we will be using Juno Pulse also known as Pulse Secure. It is mid-priced in relation to other similar products. This is great as the company is moving to bring your own Device (BYOD) and works with iOS and Android systems so you can check your email, access company resources, or do a voice conference on the go. “Pulse Connect Secure delivers seamless and blazing-fast end-user access to corporate networks and resources. Out-of-the-box host-checking and device compliance features ensure connectivity for both trusted and untrusted devices. Pulse Connect Secure supports leading web technologies and technology standards such as HTML5 and IPv6. Plus, its broad Virtual Desktop Infrastructure (VDI) allows for interoperability with leading players such as VMWare, Citrix,
NSA CAPSTONE: FINAL PROJECT and Microsoft. All data is cauterized and can even share data. Easy to use your mobile device and very secure. (Stephenson, 2015) We as a group consider these as viable options for our network that will give us ease of access along with flexibility, reliability, and upgradability for years to come. These will also help us as a business grow our business and provide access even while on trips for business. These tools will bring the business to a new and very optimal high point in the digital age. This base of equipment is truly scalable on an as needed basis. It will let us add any hardware and software as needed for development. The use of these devices together open boundless doorways that we can progress and come together better even at long distance. Part 3 There are a lot of protocols out there for a company to choose from. There are some that are standard operating procedure and a necessity for everyday like TCP/IP. This paper will just encompass a few of the less well known and must have protocols for our VPN, file transfers, media, switches, WAN, VOIP, and some of the firewall protocols that will be a necessity for our business to succeed. The general user, has relatively no idea how much work and time is spent setting up and verifying the process’s that goes in to this step, which it can be a very daunting process. For our VPN we are going to go with L2TP/IPsec. L2tp over IPsec allows a business to transport data over the internet, while maintaining a high level of security to protect the data. To use this type of protocol we have to remember that we must place the VPN server at the internet access point or DMZ for this to function. The VPN server is responsible for enforcing user access and policy decisions. To actually have a connection to occur you will need
NSA CAPSTONE: FINAL PROJECT to install computer certificates of the VPN client and server devices. When, a client attempts to access the VPN the server grants access through a series of actions to check user restrictions and properties to determine that the user has access and creating a link to the company. Thus ensuring the company’s intranet remains uncompromised while, at the same time, granting access to the user from outside the company network. (Hoffman, 2015) For our switches and routers we will be using EIGAP which stands for enhanced interior gateway routing protocol. This is a distance vectoring protocol that has optimizations to reduce routing instability and guarantees loop-free operation and provides us with a fast router convergence. The switches will use IS-IS. This will allow the individual switches to build its own network topology and will allows packet transmission based on the switches determined best topological path.. One of the main protocols that we will be using is XTP or eXpress Transport Protocol. This protocol will be used in the transfer of our media files from our different sites. XTP offers high speed data transfer which is able to run parallel to all other transfer protocols. Using XTP will also be able to control rate flow, burst control and also set a bandwidth limit. This can also be used with satellite data transfer for a second option if grounded services are disrupted. (Andrews, 1997) All of our sites will have MTP or Media Transfer Protocol to be able to transfer data to or from their mobile devices. This is important for developers and media teams to be able to get the files they need at a meeting but didn’t bring the data with them. Most all windows and iOS devices have MTP already implemented into the device which means no additional cost for the company. Most of the developers will also be using the AFP or Apple Filing Protocol, which
NSA CAPSTONE: FINAL PROJECT is the standard for the iOS operating systems. Other protocols within the Apple framework that will allow steaming of media from the desktop to the “iPad” will be, MPMediaPlayback, this protocol helps control playback. MPPlayableContentDataSource lets media to be played from external media devices. And MPPlayableContentDelegate protocol will allow command to be sent from external media devices to the Apple application. (Apple Inc., 2014) The VOIP protocols that we will use are MGCP or Media Gateway Control Protocol, SIP or Session initiation protocol, SDP or Session Description Protocol, RTP or real time protocol, and RTCP or real time control protocol. These will work in unison to make sure that we can stream video conferencing, have voice calls, and all other aspects of telecommunication that we are going to need to use to make sure that we can compete and do all required in the digital age. These will ensure our connections through the use of Codecs to handle the conversion of analog signals to digital form and back again. (SAVVIUS, INC, 2016) The SIP protocol will require some changes with our firewall as well to make sure that we can make the calls work. The SIP protocol involves embedding IP addresses which can be challenged by NAT. The firewall has to take the private IP addresses used and convert them to the public IP addresses. It will require that the private IP addresses have a UDP port filtering protocol in effect so that calls can go both ways with data. To do this we will need to make sure that we have NAPT or Network address and Port translation protocol enabled. It will be the responsibility of the firewall to ensure that NAPT is applied correctly to all VOIP packets. (Allied Telesis, Inc., 2007) These are just an overview of the many different protocols that we will be implementing for our business. As stated before there are many more that are going to be needed
NSA CAPSTONE: FINAL PROJECT to actually set everything in place and make everything work. Some will need to be initiated by us while others will rely on protocols already in place like TCP/IP and UDP that all businesses use. Protocols and the ability to implement and integrate them into a fully functioning network is one of the hardest and longest parts of network setup. Part 4 ABC Company is a worldwide company with offices all across the globe. The company is engaged in the development of audio and video special effects for the entertainment and advertising industry. With the company being so spread out and diverse the logical calling choice is going to be Voice over IP or VoIP for short. Also, we are going to be needing teleconferencing to all major offices across the globe. Due, to the demand our company will need to ensure that we can connect and have meetings across the globe whether with customers or project teams and management. The fact that the company is worldwide it makes a lot of sense for us to make sure we have a way to ensure that we can do all these meetings across the globe when needed for projects and reviews. This is where we have chosen WebEx for all of our teleconferencing needs. As far as the phone system, VOIP phones are the up and coming technology used in most doctor offices and hospitals and for some small home business. The phone system of choice is, of course, our Cisco based switches and phones. Our phones will be using the Cisco Catalyst 3750-48-port 10/100Base-T. This is a stackable unit so you can add more ports and units making it optimal for expansion. When stacked the units, use a proprietary multi-pin connector. If creating a ring you will need two of these connectors. This device will automatically balance the load of two or more units and can support 32G bit/sec of throughput. It has full control, full duplex layer 3 switching, IP routing, DHCP support. (Bass, 2003).
NSA CAPSTONE: FINAL PROJECT For the individual phone system we will use the Cisco Business Edition 6000 with our handhelds being CISCO - (CP-7962G-RF) UNIFIED IP PHONE 7962G VOIP phone for each desk in the office. These are going to be a very universal staple that can easily serve our bigger and smaller offices due to the design of the switch. With it being stackable we will have the needed requirements for it to be added to as our company grows. (Brooks, 2016) The ease of using the same type of system and individual handhelds as a standard means that even when the employees of the company need to travel or relocate they can easily transition to the new environment. By using the same VoIP phone system we also have the means of having easy access to troubleshooting and faster uptimes of down switches if one should crash. We would maintain redundant switches and spares as needed to keep up with repairs and growth. A universal system can truly be a great investment and as for when the products reach end of life it means that you can find a new standard to upgrade and easier time for all involved. The fact that we are going redundant with our network means that even if a switch should go down the backup will kick in with little to no loss of connection. The Cisco phone system that we are implementing also comes with a feature to let us know when a fault arises within the system and helps with the troubleshooting. The company’s regular need for teleconferencing can be made all-inclusive by using WebEx. By using WebEx we make sure that the conferencing is as clear and latency free as possible due to the WebEx Collaboration Cloud which determines which point of presence has the lowest latency and offers the best performance. The WebEx client recognizes the location and routes traffic through the nearest data center for optimal performance. It will even transfer meeting communication through alternate lines of communication if the line or connection becomes degraded or unusable. This feature will help ensure that the company will never miss a
NSA CAPSTONE: FINAL PROJECT second of the conference due to the degradation. If you couple this with the GlobalWatch feature, administrators can set performance thresholds and receive alerts at a designated threshold as well as analyze information for usage trends to better delegate bandwidth and maintain optimal network performance. Another great feature of the WebEx solution is that it will work across multiple platforms. This will make it easier, so we can connect with the employees that will be using different operating systems for their day to day job. Couple, this with the integration ability of WebEx to integrate with applications, can make everyone able to share what they need, when they need to. (Cisco Systems, Inc, 2008) For security and training purposes we will be using Cisco Telepresence Content Server. This server will be able to interconnect to our WebEx and be able to record all of the teleconferences as well as the video conferences. This will also help our company be able to implement training videos, share and store media as well as be able to pull videos to a portable media device if needed giving the company a huge step up on technology that competitive companies might not have. (Cisco Systems, Inc) WebEx can even offer us the option of conferencing on the go by letting us use company based phones or where appropriate personal phones to go to the meeting in case of delayed flights and or being sick. This will truly let us keep on top of those meetings with a certain ease. It also has the ability to have private meetings going on at the same time as the general meeting making a smooth, decisive decision without stepping on anyone’s toes. It is available to use from androids, IPhones, and even Windows phones. This truly opens the door to let our staff get a better deal and ability to use a wider variety of phones to get the best deal possible. With the WebEx Collaboration Cloud offering the connection except for the first and
NSA CAPSTONE: FINAL PROJECT last mile which is handled by the chosen ISP this means that we don’t have to rely on a certain carrier or provider to ensure a clear crisp connection or uptime. (Kobialka, 2014) Part 5 Security is a huge concern for our company. This will require us to look at both our physical and logical security as a whole and how to integrate them together to make a secure and profitable work environment. Neither physical nor logical security is any less important than the other. If someone has physical access to a server or computer, then they potentially have the ability to bypass the logical security to gain access to privileged software and programs. Also, with a great physical security and lack of a logical setup then a person can gain access without stepping foot inside a building. Physical security is an essential part of information technology security. As a whole, physical security encompasses all parts of the network, from the system hardware to all the wiring and support devices used to connect the network together. To keep our buildings and devices secure we are going to be employing a variety of techniques that, when implemented together will give us a very strong defense from an outside source or a disgruntled employee. The process we are going to use will require security guards, fencing, cameras, key cards, biometric readers, building patrols and scramble pads with levels of access maintained by our security team and network administrators. The security company that we use will be a third party and not an employee of the company with access to all non-secure spaces and the perimeter to help maintain a non-biased yet essential role for our company. By using a third party we can help reduce the abuse of power by an individual, manager or employee at our company. These security personnel will be directly under or security team and CTO (Chief Technical Officer).
NSA CAPSTONE: FINAL PROJECT We will patrol the common areas and the outside perimeter of the fence, with monitored checks along the root. We will verify that all exterior doors are secure and that the secure areas are locked and not left open for any reason. Whilst doing this they will make a report of any and all defects or destruction that they find along the way. The use of cameras will coincide with all doors that open to the exterior and to all restricted access areas. The cameras will use PoxE (power over Ethernet) so that they are easier to install and maintain. Also, the cameras will record to secured servers with special access to only those with clearance and save data for no less than ninety days. This will ensure that if we do have an incident it will be recorded and able to be viewed and kept for criminal charges and or insurance purposes. The cameras will help make sure that no one is bypassing security or trying to go through a door without using the biometric reader, scramble pad, or key card entry designated for that door. If seen, security personnel and guards shall investigate immediately. The scanners will be placed on all doors, each will be different dependent on the access level and nature of the room being accessed. For general areas a key card scanner will be required. The offices and medium security areas will have scramble pads with every person having an unique code for access, and for high security areas like our server room or content development room we will have biometric scanners to scan fingerprints for verification to get into the room that will coincide with the keycard. (Deutsch, 2014) All printers and fax machines and such will all be secured to prevent an individual from walking way with the equipment. Printers store information in there memory and if accessed they could reprint documents that could have sensitive material. (Shinder, 2007)
NSA CAPSTONE: FINAL PROJECT Logical security allows users to access information and systems based on their role and group inside the company. All resources should be restricted to the users that need access to the information contained. The logical security for the company, are robust in their scope however once implemented will be easy to monitor, add or change. We will be using active directory to maintain access rights for groups, firewall protection, along with port and packet filtering, with encryption to keep data sent secure. We will be using AES encryption for our company. AES is already the standard used by our government to secure sensitive unclassified information. With AES encryption the data is encrypted with blocks of data of 128 bits using cryptographic keys of 128-, 192- and 256- bits, respectively. Symmetric or secret-key ciphers use the same key for encrypting and decrypting, so both the sender and the receiver must know and use the same secret key. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys -- a round consists of several processing steps that include substitution, transposition and mixing of the input that many possible keys cracking that encryption will not be possible in the foreseeable future. This was one of the deciding factors in choosing our cisco security appliance for our network throughout the different locations. Ensuring that all data is properly secured during transmission is our greatest priority and with the cisco appliance it will be possible. (Dyke, 2001) Our cisco brand specific firewall offers the protection needed for today’s changing and dangerous network environment. Hackers are always trying to exploit a weakness in an environment, often these attacks are extremely malicious and almost pose as a smoke screen so they can steal data while a company is looking to block the attacks and restore the network. By using the cisco firewall at our home and branch offices we will be a step to prevent
NSA CAPSTONE: FINAL PROJECT this from happening. For our company we will be installing the firewalls after the routers in the home and branch offices. For this approach we will be using the router as a first line of defense, doing it this way will allow the company to set a simple rule set in the router that will block all unwanted traffic. For this rule to happen we will set the router to only allow inbound traffic that is HTTPS and VPN. Setting this rule on the router will only allow traffic to come through those ports and block everything else. Doing this allows the firewall to be responsible for granular filtering and determining which specific hosts may receive HTTPs and VPN traffic. This will also allow the firewall to perform advanced analysis for further inspection and blocking of unwanted traffic. (Chapple, 2009) Also, we will be using Active Directory to help control our logical access. By assigning groups we can limit individual access and give users only the access they need to do the job at which they are given. This helps keep users from going beyond the scope of their job and getting data that they can sell or destroy from another department. This ensures that the groups will have separate folders and also separate resources in the system. Active directory is a very robust system that will take time and meetings with the company to decide and determine the true scope of implementation. By using this we can separate as much as the company as a whole wants. There is enough resources that we can have administrator and security roles as needed along with the many different server roles that can be implemented across the company. (Rouse, 2012) These are the outlines of our security protocols. They are a start that is fit for our company and can be elaborated and expounded upon as needed. Also, by doing these steps we can upgrade and keep the company up to date as needed. With using redundant servers we can
NSA CAPSTONE: FINAL PROJECT truly maintain a very high level of security across the company as a whole and prevent theft or intrusion from both inside and outside the company as a whole. Start Mon 5/2/1 Fini sh Fri Ma y 8, May 15, Ma y May 29, Jun 5, Jun 12, Jun 19, Jun 26, Jul 3, Jul 10, Jul 17, Jul 24, Equipment Ordering Fri 5/6/16 - Thu 5/26/16 Pre Project Design Netwo Wiri ng Equip ment Software instalation Equipment Instalation Thu 5/12/16 - Wed 6/8/16 Network Servers Telec omm Verifyin g Testing of Network and connectivity/ software
NSA CAPSTONE: FINAL PROJECT
NSA CAPSTONE: FINAL PROJECT References: Qbik New Zealand Limited. (2016). WinGate. Retrieved Jan 16, 2016, from QBIK: http://www.wingate.com/products/wingate-vpn/index.php Allied Telesis, Inc. (2007). Configure the Firewall VoIP Support Service. Retrieved Jan 30, 2016, from Allied Telesis, Inc.: http://www.alliedtelesis.com/media/fount/how_to_note_alliedware/howto_config_sip_alg .pdf Andrews, M. (1997, Mar 19). 3.3 Multimedia Protocols. Retrieved Jan 30, 2016, from gweep.net: gweep.net//~rocko/mqp/node9.html Apple Inc. (2014, Mar 10). Media Player Framework Referance. Retrieved Jan 30, 2016, from iOS Developer Liberary: https://developer.apple.com/library/ios/documentation/MediaPlayer/Reference/MediaPla yer_Framework/ Bass, J. (2003, Aug 11). Cisco Catalyst 3750 stackable switches. Retrieved Jan 16, 2016, from NetworkWorld: http://www.networkworld.com/article/2335721/lan-wan/cisco-catalyst- 3750-stackable-switches.html Brooks, C. (2016, Jan 04). Best Business Phone Systems 2016. Retrieved Feb 14, 2016, from Business News Daily: http://www.businessnewsdaily.com/6780-best-business-phone- systems.html Chapple, M. (2009, Feb 01). Should a firewall ever be placed before the router? Retrieved Feb 21, 2016, from TechTarget: http://searchmidmarketsecurity.techtarget.com/tip/Should-a- firewall-ever-be-placed-before-the-router Cisco. (n.d.). Cisco UCS 5100 Series Blade Server Chassis. Retrieved Jan 16, 2016, from Cisco: http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-5100-series-blade- server-chassis/index.html Cisco Systems, Inc. (2008). Cisco WebEx . Retrieved Feb 14, 2016, from Cisco: http://www.cisco.com/c/dam/en_us/solutions/industries/docs/gov/wp_whywebex_1009.p df Cisco Systems, Inc. (n.d.). Cisco TelePresence Content Server Data Sheet. Retrieved Feb 14, 2016, from Cisco: http://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-content- server/data_sheet_c78-626482.html
NSA CAPSTONE: FINAL PROJECT Deutsch, W. (2014, Nov 24). How to Secure Your Building and Property. Retrieved Feb 21, 2016, from About.com: http://bizsecurity.about.com/od/physicalsecurity/a/What_is_physical_security.htm Dyke, J. (2001, Dec 4). Commerce Secretary Announces New Standard for Global Information Security. Retrieved Feb 21, 2016, from NIST: http://www.nist.gov/public_affairs/releases/g01-111.cfm Hoffman, C. (2015, Mar 10). Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP. Retrieved Jan 30, 2015, from How-to-Geek: http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn- vs.-l2tpipsec-vs.-sstp/ Indiana University. (2015, Aug 25). Indiana University Knowledge Base. Retrieved Jan 24, 2016, from Best practices for computer security: kb.iu.edu/d/akin Kobialka, D. (2014, May 20). Cisco Unveils WebEx Collaboration Meeting Room Service. Retrieved Feb 14, 2016, from talkincloud.com: http://talkincloud.com/cloud- companies/052014/cisco-gets-personal-unveils-webex-collaboration-meeting-room- service Peterson, G. (2005, May 12). Principle of Fail-Safe Defaults in Service Oriented Security. Retrieved Jan 24, 2016, from 1 Raindrop: 1raindroptypepad.com/1_raindrop/2005/05/principle_of_fa.html Rouse, M. (2012, Jul 1). Active Directory domain (AD domain). Retrieved Feb 21, 2016, from TechTarget: http://searchwindowsserver.techtarget.com/definition/Active-Directory- domain-AD-domain SAVVIUS, INC. (2016). VoIP. Retrieved Jan 30, 2016, from SAVVIUS Formally WildPackets: http://www.wildpackets.com/resources/compendium/voip Shinder, D. (2007, Jul 16). 10 physical security measures every organization should take. Retrieved Feb 21, 2016, from TechRepublic: http://www.techrepublic.com/blog/10- things/10-physical-security-measures-every-organization-should-take/ Snyder, J. (2011, Dec 19). Cisco UCS review. Retrieved Jan 16, 2016, from TechWorld: http://www.techworld.com/review/hardware/cisco-ucs-review-3326087/ Stephenson, P. (2015, Sep 01). Pulse Secure PulseWorkspace. Retrieved Jan 16, 2016, from SC Magazine: http://www.scmagazine.com/pulse-secure-pulseworkspace/review/4424/ Tech, C. (2015, Oct 23). Acer Aspire ATC-705-UR58 Review. Retrieved Jan 16, 2016, from Chad Technology: http://chadtechnology.com/acer-aspire-atc-705-ur58-review/

More Related Content

DOCX
Week 4_Project Part 2_DNesbit
byDavid Nesbit II
 
PDF
Brkarc 2035-cat-9 k
bynasiapsi
 
PDF
SAP HANA on IBM Power Systems
byMobeen Khan
 
PDF
Atm local 2017 General Session*
byeaze_50
 
PDF
Ap8222 ss
byAdvantec Distribution
 
PPTX
Juniper Corporate Presentation
bymauthay
 
PPTX
Cisco XFP-10G-MM-SR
bysavomir
 
PDF
Reg en-ap8232 ss
byAdvantec Distribution
 
Week 4_Project Part 2_DNesbit
byDavid Nesbit II
 
Brkarc 2035-cat-9 k
bynasiapsi
 
SAP HANA on IBM Power Systems
byMobeen Khan
 
Atm local 2017 General Session*
byeaze_50
 
Ap8222 ss
byAdvantec Distribution
 
Juniper Corporate Presentation
bymauthay
 
Cisco XFP-10G-MM-SR
bysavomir
 
Reg en-ap8232 ss
byAdvantec Distribution
 

What's hot

PDF
Chris Swan's CloudExpo Europe presentation "Waves of adoption for Network Fun...
byCohesive Networks
 
PPTX
Cisco AIRCAB020LLR
bysavomir
 
PDF
TechWiseTV Workshop: Extending Intent-Based Networking to IoT
byRobb Boyd
 
PDF
Simplifying Cloud Adoption with Cisco
byCisco Canada
 
PDF
Gain Insight and Programmability with Cisco DC Networking
byCisco Canada
 
PDF
Cisco Unified Wireless Network and Converged access – Design session
byCisco Russia
 
DOC
Kazi B. Alam_v6
byKazi Alam
 
PDF
Ap5131 ss 0409
byAdvantec Distribution
 
DOC
Sudharsan rangasamy resume
bySudharsan Rangasamy
 
DOCX
Capstone
byicuconsultants
 
DOCX
Capstone
byicuconsultants
 
DOCX
Capstone August 2010
byicuconsultants
 
PDF
TAC Vision & Strategy
byCisco Canada
 
PPTX
Magical meeting experiences
byCisco Canada
 
PDF
D-Link Industrial Networking Brochure
byD-Link (Deutschland) GmbH
 
PDF
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
byCisco Canada
 
PDF
Putting firepower into the next generation firewall
byCisco Canada
 
PDF
Perlman’s pCell: The super-fast future of wireless networking, or too good to...
byrambunctiousrub72
 
PDF
Servers Cisco
bySunmedia Corporation
 
Chris Swan's CloudExpo Europe presentation "Waves of adoption for Network Fun...
byCohesive Networks
 
Cisco AIRCAB020LLR
bysavomir
 
TechWiseTV Workshop: Extending Intent-Based Networking to IoT
byRobb Boyd
 
Simplifying Cloud Adoption with Cisco
byCisco Canada
 
Gain Insight and Programmability with Cisco DC Networking
byCisco Canada
 
Cisco Unified Wireless Network and Converged access – Design session
byCisco Russia
 
Kazi B. Alam_v6
byKazi Alam
 
Ap5131 ss 0409
byAdvantec Distribution
 
Sudharsan rangasamy resume
bySudharsan Rangasamy
 
Capstone
byicuconsultants
 
Capstone
byicuconsultants
 
Capstone August 2010
byicuconsultants
 
TAC Vision & Strategy
byCisco Canada
 
Magical meeting experiences
byCisco Canada
 
D-Link Industrial Networking Brochure
byD-Link (Deutschland) GmbH
 
Cisco Connect Vancouver 2017 - Optimizing your client's wi fi experience
byCisco Canada
 
Putting firepower into the next generation firewall
byCisco Canada
 
Perlman’s pCell: The super-fast future of wireless networking, or too good to...
byrambunctiousrub72
 
Servers Cisco
bySunmedia Corporation
 

Viewers also liked

PPTX
Capstone Project Pt 11
byClarence Ennis
 
PPTX
ITT CNS Capstone Project
byKyle Montoya
 
PPT
Capstone Project Presentation
bylafraz383
 
PPTX
Capstone mid semester presentation
by👨🏽‍💻Javon Davis
 
KEY
Cross platform mobile apps
byZee Spencer
 
PPTX
ITT-Tech Capstone Final for CNS
byvegasgirl1
 
PPTX
NSA Capstone Presentation
byMinh Vu
 
PPTX
Capstone Powerpoint
byDonell Brown
 
PPTX
Data Base Management ! Batra Computer Centre
byjatin batra
 
PPT
Completed+Presentation+Capstone
bycarl1968
 
PPTX
IT 415 - Capstone Project Orientation
bySheryl Satorre
 
PPTX
eBusiness Website Database Design
byMeng (Meg) Wang
 
DOCX
NT2799 FINAL CAPSTONE PROJECT.DOCX
byFred Abram III
 
Capstone Project Pt 11
byClarence Ennis
 
ITT CNS Capstone Project
byKyle Montoya
 
Capstone Project Presentation
bylafraz383
 
Capstone mid semester presentation
by👨🏽‍💻Javon Davis
 
Cross platform mobile apps
byZee Spencer
 
ITT-Tech Capstone Final for CNS
byvegasgirl1
 
NSA Capstone Presentation
byMinh Vu
 
Capstone Powerpoint
byDonell Brown
 
Data Base Management ! Batra Computer Centre
byjatin batra
 
Completed+Presentation+Capstone
bycarl1968
 
IT 415 - Capstone Project Orientation
bySheryl Satorre
 
eBusiness Website Database Design
byMeng (Meg) Wang
 
NT2799 FINAL CAPSTONE PROJECT.DOCX
byFred Abram III
 

Similar to Capstone Final Part

PDF
A Hypothetical Situation Illustrating the Topology of an Enterprise Network U...
byfaydah yahya
 
DOCX
2. Final Project Currency Conversion• Resource Appendix A• D.docx
byeugeniadean34240
 
PPT
Chapter1 rev1.0
byjuliusbangaw
 
DOCX
1Running Head Network Design3Network DesignUn.docx
byeugeniadean34240
 
DOCX
Network System of ASMAA Electronics Company CCNA
byABDIRIZAK ABUKAR
 
DOCX
Cse318,lab report on basis
byFarhadHimel
 
DOCX
Cse318,lab report
byFarhadHimel
 
PDF
CN project 713711699701-5.pdf
byDakshBaveja
 
PDF
G04734450
byIOSR-JEN
 
PPT
CCNA 1
byAsish Verma
 
DOC
76924356 synopsis-network
bylklokesh
 
PDF
NetworkDesign.CommunityPartnership
byJames Bussone
 
DOCX
NETWORKING SYSTEMS .docx
bydohertyjoetta
 
DOCX
Running head NETWORK DESIGN PROPOSALNETWORK DESIGN PROPOSAL.docx
bytoltonkendal
 
PPT
Lan networks
bymrscjrobertson
 
DOCX
Chapter 10 network for PG PAWSN
byDhaya kanthavel
 
DOCX
Riordan Manufacturing SR-rm-00-7 Analysis of WAN.docx
byjoellemurphey
 
PDF
preparing network connections
byaibad ahmed
 
PDF
preparing network connections
byaibad ahmed
 
DOC
Wan Ii Final Project
bycarl1968
 
A Hypothetical Situation Illustrating the Topology of an Enterprise Network U...
byfaydah yahya
 
2. Final Project Currency Conversion• Resource Appendix A• D.docx
byeugeniadean34240
 
Chapter1 rev1.0
byjuliusbangaw
 
1Running Head Network Design3Network DesignUn.docx
byeugeniadean34240
 
Network System of ASMAA Electronics Company CCNA
byABDIRIZAK ABUKAR
 
Cse318,lab report on basis
byFarhadHimel
 
Cse318,lab report
byFarhadHimel
 
CN project 713711699701-5.pdf
byDakshBaveja
 
G04734450
byIOSR-JEN
 
CCNA 1
byAsish Verma
 
76924356 synopsis-network
bylklokesh
 
NetworkDesign.CommunityPartnership
byJames Bussone
 
NETWORKING SYSTEMS .docx
bydohertyjoetta
 
Running head NETWORK DESIGN PROPOSALNETWORK DESIGN PROPOSAL.docx
bytoltonkendal
 
Lan networks
bymrscjrobertson
 
Chapter 10 network for PG PAWSN
byDhaya kanthavel
 
Riordan Manufacturing SR-rm-00-7 Analysis of WAN.docx
byjoellemurphey
 
preparing network connections
byaibad ahmed
 
preparing network connections
byaibad ahmed
 
Wan Ii Final Project
bycarl1968
 

Capstone Final Part

  • 1.
    NSA CAPSTONE: FINALPROJECT ITT TECH NSA Capstone Final Project Samuel Ott, Franklin Pieterse, Dustin Leecy, Jeannetta Walker, Jordan Marsh, Elvira Turner, Daniel Stephenson, Andrew Wilson, Filander Valladares,Christopher Miller 2/28/2016
  • 2.
    NSA CAPSTONE: FINALPROJECT Part 1 ABC Company has a total of nine offices. Four of the offices are sales and five are creation offices which will be developing of multimedia. All the offices are going to be able to connect to each other. The company servers in Tokyo, Paris and Detroit will maintain a 24/7 connectivity for the company WAN. For the topology of the company WAN will be in a mesh configuration. The separate offices will be designed into star configurations with switch communication. On all offices we will have fiber telco rooms in the basement and networking closets on each floor. These will have fiber to each floor switch and CAT6E cabling to each hardwired node on every floor. We will also have network routers and firewalls in the telco room for security. There will be individual switches per floor to help manage traffic and avoid latency. This will help keep traffic flowing smoothly and reduce bottlenecking of data flow. We will be using redundant fiber between all offices on leased lines. As described by Derek Rogers in his article “Leased lines are symmetric telecommunications lines that connect two different locations together. In the United Kingdom, lease lines are often referred to as Data Lines or Private Circuits. The United Kingdom does not use a telephone number for the data lines, however each of the sides of the line will be permanently connected to the other.”(Rogers, n.d). We will be carrying the maximum speeds available for each location, with no less than 100Mbps and hopefully a continuous 1Gbps where available. Due to the size of files that we need to transfer we will be able to maintain a response time that will not exceed 20 seconds between workstations. We will be using another form of redundancy by adding satellite connections where available and feasible. Using Satellite for all of our multicast needs will help
  • 3.
    NSA CAPSTONE: FINALPROJECT keep other traffic flowing smoothly and efficiently without compromising our overhead. We will be using ViaSat to host our satellite transmissions. As stated at ViaSat.com “ViaSat is the 1st to introduce “true 100 Gbps Ethernet encryption! Available today, our SEC-1170 single-port high- speed appliance also delivers the industry’s lowest latency, 3x less than competing Layer 2 or 3 encryption”. (ViaSat, n.d.). The star topology will be a very efficient means of keeping our offices up to date and expandable. When using a star topology it has a max of one thousand twenty four nodes. (Naik, 2015). We will be connecting them through our switches on every floor, to keep as few failure points as possible with the max expandability as we can. The switches will help keep data flowing only to required nodes to help keep collisions and bottlenecking to a minimum. We can also support either fiber or coaxial cable as needed with the proper switches. As stated before, we will have our telecommunication room separated from the rest of the building to keep security tighter in this area. Also, we will be expanding per floor needed with a network room. We will be running fiber to the building and to each floor. Then from each network room on the floor we will be expanding fiber or coaxial cable as needed. We will also want two printers per floor and a separate printer for human resources per office. These will also be connected per the switch. Each building will have available and secure wireless connections. We will be using the IEE802.11AD standard. “IEEE 802.11ad, on the other hand, this uses the much higher 60 GHz spectrum. This spectrum has even more room to pack different communication channels side by side. Consequently, it can deliver up 7 Gbps —but only for short distances. It’s easily obstructed by air, water and walls, and other limitations”. (Intel, pg. 5, para 1). With these we will need to take into consideration and plan accordingly as needed to ensure total coverage of our wireless network for each office. This will help keep us current and transmit speeds at a max even though
  • 4.
    NSA CAPSTONE: FINALPROJECT we might need to add extra access points to ensure that there are no low signal areas. We will also have this as a secured area of our business going through our firewalls to keep data theft and loss to a minimum. The sales offices in Washington, Indianapolis, Tampa and Liverpool we will be developing a telephone system with conferencing and speed dialing to any location in the company. Our first choice is to use VOIP phone system because it has the capability of handling multiple phones calls on multiple lines at one time but conferences setting up a Web Ex account would give the flexibility to also add a person using a mobile phone as well as in office instead of using Skype which has been shown to be unreliable a lot of the times. This is one reason using Web Ex would benefit multiple companies around the world “you can add specialized functionality for webinars, training, or remote technical support. You may need global online meetings with integrated audio that can be joined via tele-presence and multiple video systems. Or you might want personal video meeting rooms. Cisco WebEx products are all that.”(WebEx,2015) As far as the phone system VOIP phones are the up and coming technology used in most doctor offices and hospitals and for some small home business. Here is another reason VOIP would be our preferred choice. “All of the premise based VoIP Phone Systems we carry are easy to manage, feature-rich and offer uncompromised functionality, flexibility, cost savings as well as advanced features that substantially improve productivity. Choose from a wide variety of Premise based VoIP Phone Systems from the VoIP Industry's leading VoIP Phone System providers - and don't forget to ask about our configuration and financing offerings.” Using the latest technology will keep us up to date and it will also help our team members in other parts of the world use very simple and basic technology that is growing and expanding daily.
  • 5.
    NSA CAPSTONE: FINALPROJECT Part 2 As a business we will need to set up a network that is functional, reliable, and expandable. For this there was a lot of time and research to put into all aspects of the network. Especially, in the hardware that is needed to keep the business operational now and into the future. To achieve this, we have chosen what we determine to be the best options in what we can acquire to give all users the necessary tools that they will need to do the job required and keep the business secure and operational well into the future. For the server aspect of the business we will be deploying Cisco UCS 5100 Series Blade Server Chassis with Cisco UCS B260 M4 Blade Server blades. This allows us to expand workloads as needed and only have to worry about the cost of what we need without having to reorganize the system later. Should we need more servers it would be just a blade away. Cisco states that its UCS 5108 Blade Server Chassis is the first of its kind with a height of six rack units (6RU) it can mount in an industry-standard 19-inch rack, while using standard front-to- back cooling. The Cisco UCS 5108 Blade Server Chassis uses a revolutionary use of unified fabric and fabric-extender technology. Not only does that let the Cisco Unified Computing System to have fewer physical components, but it allows the systems network to be integrated with up to 20 chassis in a single management domain. This is great for scalability. It requires no independent management as the configuration and hardware management is integrated. Using a Java application known as a CLI it can manage up to 176 blades configuring the hardware and networks as needed, and be more energy efficient than traditional blade-server chassis. This
  • 6.
    NSA CAPSTONE: FINALPROJECT simplicity eliminates the need for dedicated chassis management and blade switches and reduces cabling. (Snyder, 2011) On the servers, our main operating system will be Windows Server 2012 R 2 while using Active Directory management roles. This will enable us to separate operations and keep the business compartmentalized between departments and help shape what is needed inside the company. With this we will also be using VMware to set up virtual servers to help suit individual departmental needs as they shall arise. This will include other operating systems and developmental software needed for project research and development. To connect our offices we will be using Cisco 2921 Router. The 2900 series has very fast internet and intelligent integration for market security. It has hardware for encryption, and a digital signal processor, with an optional firewall. It has many usefully features for security like intrusion prevention, and video capable digital signal processor. It even has voice mail and connections for T1/E1, XDSL, copper and fiber GE. This system has the ability to expand as it offers increased capacity and performance as the network and company grows. Our phones, security cameras and wireless will be using the Cisco Catalyst 3750-48-port 10/100Base-T. It is stackable so you can add more ports and units making it optimal for expansion. When stacked the units use a proprietary multi-pin connector. If creating a ring you will need to of these connectors. This device will automatically balance the load of two or more units and can support 32G bit/sec of throughput. It has full control, full duplex layer 3 switching, IP routing, DHCP support. (Bass, 2003) For our desktops and video conferencing we will be using the Cisco Catalyst 3560x-48t-l managed switch – 48 Ethernet ports on every floor. This switch is for an enterprise class, and is
  • 7.
    NSA CAPSTONE: FINALPROJECT good with security and energy. It is easy to operate and has innovative features; it can provide IP telephony, wireless and video for a great network experience. It boasts gigabit Ethernet speeds, and it has different speed ports for 10/100/1000. This particular one has VLAN capability. The performance has 160gbps. For the individual phone system we will use the Cisco Business Edition 6000 with our handhelds being CISCO - (CP-7962G-RF) UNIFIED IP PHONE 7962G VOIP phone for each desk in the office. The business desktops and laptops are going to need to be a mixture to suit what each department needs. All regular employees will get an Aspire ATC-705-UR58 from ACER. These will come with Windows 7 enterprise edition. We went with this machine because it will give the users the ability to look at and review multimedia that the company creates with its Intel HD 4600 graphics card. And be able to save it with the 1TB HDD. It also comes with 8GB of RAM which allows for multitasking. And it comes standard with USB 3.0 ports. (Tech, 2015) This will be an asset as to being a decent desktop capable of lasting all the while, giving our admins better controls over the individual user through use of software, security, and group settings. For our production and development departments we will be using Apple IMac in group rooms and workspace for the enhanced graphical design properties that are needed for our media content. These systems will be on an intranet with limited content sharing to keep strict regulations on our research and development. All our production and development members will also have an Apple MacBook Air. This will help transition ideas from IMac to their laptop for presentations without sacrificing visual or unsupported data. One other aspect to look at will be our firewalls, proxy servers, and VPN. We are going to use the enterprise hardware based firewall, the reasoning behind this is because the hardware is more robust and allows for better protection, this will accommodate us for larger
  • 8.
    NSA CAPSTONE: FINALPROJECT amounts of memory usage, installation is more difficult but protection and monitoring is better. Static random access memory refers to a secondary type of memory used in a computer or appliance, for our needs we will be using SRAM instead of DRAM because it does not need to be refreshed, and cycles through memory a lot faster. So with all these factors in mind and understanding how important a firewall is to a company, we have decided to go with the Cisco ASA 5555-X. Software is already installed on appliance and can accessed using a management device like a laptop. We will refer to this source for set-up and usage of this device found at (http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5500X/5500x_quick_start.html). Our company is going to utilize Wingate for our proxy server, which is a software version. The current version of Wingate is version 8.4. These proxy servers will share space on our servers in a virtual environment. This will allow us to utilize what proxy servers allow without having to install physical hardware thus saving cost on equipment and allow us to spend that on the software and management. This will also help when employees need to connect to the office from home for some unexpected work. Lastly, for our VPN we will be using Juno Pulse also known as Pulse Secure. It is mid-priced in relation to other similar products. This is great as the company is moving to bring your own Device (BYOD) and works with iOS and Android systems so you can check your email, access company resources, or do a voice conference on the go. “Pulse Connect Secure delivers seamless and blazing-fast end-user access to corporate networks and resources. Out-of-the-box host-checking and device compliance features ensure connectivity for both trusted and untrusted devices. Pulse Connect Secure supports leading web technologies and technology standards such as HTML5 and IPv6. Plus, its broad Virtual Desktop Infrastructure (VDI) allows for interoperability with leading players such as VMWare, Citrix,
  • 9.
    NSA CAPSTONE: FINALPROJECT and Microsoft. All data is cauterized and can even share data. Easy to use your mobile device and very secure. (Stephenson, 2015) We as a group consider these as viable options for our network that will give us ease of access along with flexibility, reliability, and upgradability for years to come. These will also help us as a business grow our business and provide access even while on trips for business. These tools will bring the business to a new and very optimal high point in the digital age. This base of equipment is truly scalable on an as needed basis. It will let us add any hardware and software as needed for development. The use of these devices together open boundless doorways that we can progress and come together better even at long distance. Part 3 There are a lot of protocols out there for a company to choose from. There are some that are standard operating procedure and a necessity for everyday like TCP/IP. This paper will just encompass a few of the less well known and must have protocols for our VPN, file transfers, media, switches, WAN, VOIP, and some of the firewall protocols that will be a necessity for our business to succeed. The general user, has relatively no idea how much work and time is spent setting up and verifying the process’s that goes in to this step, which it can be a very daunting process. For our VPN we are going to go with L2TP/IPsec. L2tp over IPsec allows a business to transport data over the internet, while maintaining a high level of security to protect the data. To use this type of protocol we have to remember that we must place the VPN server at the internet access point or DMZ for this to function. The VPN server is responsible for enforcing user access and policy decisions. To actually have a connection to occur you will need
  • 10.
    NSA CAPSTONE: FINALPROJECT to install computer certificates of the VPN client and server devices. When, a client attempts to access the VPN the server grants access through a series of actions to check user restrictions and properties to determine that the user has access and creating a link to the company. Thus ensuring the company’s intranet remains uncompromised while, at the same time, granting access to the user from outside the company network. (Hoffman, 2015) For our switches and routers we will be using EIGAP which stands for enhanced interior gateway routing protocol. This is a distance vectoring protocol that has optimizations to reduce routing instability and guarantees loop-free operation and provides us with a fast router convergence. The switches will use IS-IS. This will allow the individual switches to build its own network topology and will allows packet transmission based on the switches determined best topological path.. One of the main protocols that we will be using is XTP or eXpress Transport Protocol. This protocol will be used in the transfer of our media files from our different sites. XTP offers high speed data transfer which is able to run parallel to all other transfer protocols. Using XTP will also be able to control rate flow, burst control and also set a bandwidth limit. This can also be used with satellite data transfer for a second option if grounded services are disrupted. (Andrews, 1997) All of our sites will have MTP or Media Transfer Protocol to be able to transfer data to or from their mobile devices. This is important for developers and media teams to be able to get the files they need at a meeting but didn’t bring the data with them. Most all windows and iOS devices have MTP already implemented into the device which means no additional cost for the company. Most of the developers will also be using the AFP or Apple Filing Protocol, which
  • 11.
    NSA CAPSTONE: FINALPROJECT is the standard for the iOS operating systems. Other protocols within the Apple framework that will allow steaming of media from the desktop to the “iPad” will be, MPMediaPlayback, this protocol helps control playback. MPPlayableContentDataSource lets media to be played from external media devices. And MPPlayableContentDelegate protocol will allow command to be sent from external media devices to the Apple application. (Apple Inc., 2014) The VOIP protocols that we will use are MGCP or Media Gateway Control Protocol, SIP or Session initiation protocol, SDP or Session Description Protocol, RTP or real time protocol, and RTCP or real time control protocol. These will work in unison to make sure that we can stream video conferencing, have voice calls, and all other aspects of telecommunication that we are going to need to use to make sure that we can compete and do all required in the digital age. These will ensure our connections through the use of Codecs to handle the conversion of analog signals to digital form and back again. (SAVVIUS, INC, 2016) The SIP protocol will require some changes with our firewall as well to make sure that we can make the calls work. The SIP protocol involves embedding IP addresses which can be challenged by NAT. The firewall has to take the private IP addresses used and convert them to the public IP addresses. It will require that the private IP addresses have a UDP port filtering protocol in effect so that calls can go both ways with data. To do this we will need to make sure that we have NAPT or Network address and Port translation protocol enabled. It will be the responsibility of the firewall to ensure that NAPT is applied correctly to all VOIP packets. (Allied Telesis, Inc., 2007) These are just an overview of the many different protocols that we will be implementing for our business. As stated before there are many more that are going to be needed
  • 12.
    NSA CAPSTONE: FINALPROJECT to actually set everything in place and make everything work. Some will need to be initiated by us while others will rely on protocols already in place like TCP/IP and UDP that all businesses use. Protocols and the ability to implement and integrate them into a fully functioning network is one of the hardest and longest parts of network setup. Part 4 ABC Company is a worldwide company with offices all across the globe. The company is engaged in the development of audio and video special effects for the entertainment and advertising industry. With the company being so spread out and diverse the logical calling choice is going to be Voice over IP or VoIP for short. Also, we are going to be needing teleconferencing to all major offices across the globe. Due, to the demand our company will need to ensure that we can connect and have meetings across the globe whether with customers or project teams and management. The fact that the company is worldwide it makes a lot of sense for us to make sure we have a way to ensure that we can do all these meetings across the globe when needed for projects and reviews. This is where we have chosen WebEx for all of our teleconferencing needs. As far as the phone system, VOIP phones are the up and coming technology used in most doctor offices and hospitals and for some small home business. The phone system of choice is, of course, our Cisco based switches and phones. Our phones will be using the Cisco Catalyst 3750-48-port 10/100Base-T. This is a stackable unit so you can add more ports and units making it optimal for expansion. When stacked the units, use a proprietary multi-pin connector. If creating a ring you will need two of these connectors. This device will automatically balance the load of two or more units and can support 32G bit/sec of throughput. It has full control, full duplex layer 3 switching, IP routing, DHCP support. (Bass, 2003).
  • 13.
    NSA CAPSTONE: FINALPROJECT For the individual phone system we will use the Cisco Business Edition 6000 with our handhelds being CISCO - (CP-7962G-RF) UNIFIED IP PHONE 7962G VOIP phone for each desk in the office. These are going to be a very universal staple that can easily serve our bigger and smaller offices due to the design of the switch. With it being stackable we will have the needed requirements for it to be added to as our company grows. (Brooks, 2016) The ease of using the same type of system and individual handhelds as a standard means that even when the employees of the company need to travel or relocate they can easily transition to the new environment. By using the same VoIP phone system we also have the means of having easy access to troubleshooting and faster uptimes of down switches if one should crash. We would maintain redundant switches and spares as needed to keep up with repairs and growth. A universal system can truly be a great investment and as for when the products reach end of life it means that you can find a new standard to upgrade and easier time for all involved. The fact that we are going redundant with our network means that even if a switch should go down the backup will kick in with little to no loss of connection. The Cisco phone system that we are implementing also comes with a feature to let us know when a fault arises within the system and helps with the troubleshooting. The company’s regular need for teleconferencing can be made all-inclusive by using WebEx. By using WebEx we make sure that the conferencing is as clear and latency free as possible due to the WebEx Collaboration Cloud which determines which point of presence has the lowest latency and offers the best performance. The WebEx client recognizes the location and routes traffic through the nearest data center for optimal performance. It will even transfer meeting communication through alternate lines of communication if the line or connection becomes degraded or unusable. This feature will help ensure that the company will never miss a
  • 14.
    NSA CAPSTONE: FINALPROJECT second of the conference due to the degradation. If you couple this with the GlobalWatch feature, administrators can set performance thresholds and receive alerts at a designated threshold as well as analyze information for usage trends to better delegate bandwidth and maintain optimal network performance. Another great feature of the WebEx solution is that it will work across multiple platforms. This will make it easier, so we can connect with the employees that will be using different operating systems for their day to day job. Couple, this with the integration ability of WebEx to integrate with applications, can make everyone able to share what they need, when they need to. (Cisco Systems, Inc, 2008) For security and training purposes we will be using Cisco Telepresence Content Server. This server will be able to interconnect to our WebEx and be able to record all of the teleconferences as well as the video conferences. This will also help our company be able to implement training videos, share and store media as well as be able to pull videos to a portable media device if needed giving the company a huge step up on technology that competitive companies might not have. (Cisco Systems, Inc) WebEx can even offer us the option of conferencing on the go by letting us use company based phones or where appropriate personal phones to go to the meeting in case of delayed flights and or being sick. This will truly let us keep on top of those meetings with a certain ease. It also has the ability to have private meetings going on at the same time as the general meeting making a smooth, decisive decision without stepping on anyone’s toes. It is available to use from androids, IPhones, and even Windows phones. This truly opens the door to let our staff get a better deal and ability to use a wider variety of phones to get the best deal possible. With the WebEx Collaboration Cloud offering the connection except for the first and
  • 15.
    NSA CAPSTONE: FINALPROJECT last mile which is handled by the chosen ISP this means that we don’t have to rely on a certain carrier or provider to ensure a clear crisp connection or uptime. (Kobialka, 2014) Part 5 Security is a huge concern for our company. This will require us to look at both our physical and logical security as a whole and how to integrate them together to make a secure and profitable work environment. Neither physical nor logical security is any less important than the other. If someone has physical access to a server or computer, then they potentially have the ability to bypass the logical security to gain access to privileged software and programs. Also, with a great physical security and lack of a logical setup then a person can gain access without stepping foot inside a building. Physical security is an essential part of information technology security. As a whole, physical security encompasses all parts of the network, from the system hardware to all the wiring and support devices used to connect the network together. To keep our buildings and devices secure we are going to be employing a variety of techniques that, when implemented together will give us a very strong defense from an outside source or a disgruntled employee. The process we are going to use will require security guards, fencing, cameras, key cards, biometric readers, building patrols and scramble pads with levels of access maintained by our security team and network administrators. The security company that we use will be a third party and not an employee of the company with access to all non-secure spaces and the perimeter to help maintain a non-biased yet essential role for our company. By using a third party we can help reduce the abuse of power by an individual, manager or employee at our company. These security personnel will be directly under or security team and CTO (Chief Technical Officer).
  • 16.
    NSA CAPSTONE: FINALPROJECT We will patrol the common areas and the outside perimeter of the fence, with monitored checks along the root. We will verify that all exterior doors are secure and that the secure areas are locked and not left open for any reason. Whilst doing this they will make a report of any and all defects or destruction that they find along the way. The use of cameras will coincide with all doors that open to the exterior and to all restricted access areas. The cameras will use PoxE (power over Ethernet) so that they are easier to install and maintain. Also, the cameras will record to secured servers with special access to only those with clearance and save data for no less than ninety days. This will ensure that if we do have an incident it will be recorded and able to be viewed and kept for criminal charges and or insurance purposes. The cameras will help make sure that no one is bypassing security or trying to go through a door without using the biometric reader, scramble pad, or key card entry designated for that door. If seen, security personnel and guards shall investigate immediately. The scanners will be placed on all doors, each will be different dependent on the access level and nature of the room being accessed. For general areas a key card scanner will be required. The offices and medium security areas will have scramble pads with every person having an unique code for access, and for high security areas like our server room or content development room we will have biometric scanners to scan fingerprints for verification to get into the room that will coincide with the keycard. (Deutsch, 2014) All printers and fax machines and such will all be secured to prevent an individual from walking way with the equipment. Printers store information in there memory and if accessed they could reprint documents that could have sensitive material. (Shinder, 2007)
  • 17.
    NSA CAPSTONE: FINALPROJECT Logical security allows users to access information and systems based on their role and group inside the company. All resources should be restricted to the users that need access to the information contained. The logical security for the company, are robust in their scope however once implemented will be easy to monitor, add or change. We will be using active directory to maintain access rights for groups, firewall protection, along with port and packet filtering, with encryption to keep data sent secure. We will be using AES encryption for our company. AES is already the standard used by our government to secure sensitive unclassified information. With AES encryption the data is encrypted with blocks of data of 128 bits using cryptographic keys of 128-, 192- and 256- bits, respectively. Symmetric or secret-key ciphers use the same key for encrypting and decrypting, so both the sender and the receiver must know and use the same secret key. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys -- a round consists of several processing steps that include substitution, transposition and mixing of the input that many possible keys cracking that encryption will not be possible in the foreseeable future. This was one of the deciding factors in choosing our cisco security appliance for our network throughout the different locations. Ensuring that all data is properly secured during transmission is our greatest priority and with the cisco appliance it will be possible. (Dyke, 2001) Our cisco brand specific firewall offers the protection needed for today’s changing and dangerous network environment. Hackers are always trying to exploit a weakness in an environment, often these attacks are extremely malicious and almost pose as a smoke screen so they can steal data while a company is looking to block the attacks and restore the network. By using the cisco firewall at our home and branch offices we will be a step to prevent
  • 18.
    NSA CAPSTONE: FINALPROJECT this from happening. For our company we will be installing the firewalls after the routers in the home and branch offices. For this approach we will be using the router as a first line of defense, doing it this way will allow the company to set a simple rule set in the router that will block all unwanted traffic. For this rule to happen we will set the router to only allow inbound traffic that is HTTPS and VPN. Setting this rule on the router will only allow traffic to come through those ports and block everything else. Doing this allows the firewall to be responsible for granular filtering and determining which specific hosts may receive HTTPs and VPN traffic. This will also allow the firewall to perform advanced analysis for further inspection and blocking of unwanted traffic. (Chapple, 2009) Also, we will be using Active Directory to help control our logical access. By assigning groups we can limit individual access and give users only the access they need to do the job at which they are given. This helps keep users from going beyond the scope of their job and getting data that they can sell or destroy from another department. This ensures that the groups will have separate folders and also separate resources in the system. Active directory is a very robust system that will take time and meetings with the company to decide and determine the true scope of implementation. By using this we can separate as much as the company as a whole wants. There is enough resources that we can have administrator and security roles as needed along with the many different server roles that can be implemented across the company. (Rouse, 2012) These are the outlines of our security protocols. They are a start that is fit for our company and can be elaborated and expounded upon as needed. Also, by doing these steps we can upgrade and keep the company up to date as needed. With using redundant servers we can
  • 19.
    NSA CAPSTONE: FINALPROJECT truly maintain a very high level of security across the company as a whole and prevent theft or intrusion from both inside and outside the company as a whole. Start Mon 5/2/1 Fini sh Fri Ma y 8, May 15, Ma y May 29, Jun 5, Jun 12, Jun 19, Jun 26, Jul 3, Jul 10, Jul 17, Jul 24, Equipment Ordering Fri 5/6/16 - Thu 5/26/16 Pre Project Design Netwo Wiri ng Equip ment Software instalation Equipment Instalation Thu 5/12/16 - Wed 6/8/16 Network Servers Telec omm Verifyin g Testing of Network and connectivity/ software
  • 20.
  • 21.
    NSA CAPSTONE: FINALPROJECT References: Qbik New Zealand Limited. (2016). WinGate. Retrieved Jan 16, 2016, from QBIK: http://www.wingate.com/products/wingate-vpn/index.php Allied Telesis, Inc. (2007). Configure the Firewall VoIP Support Service. Retrieved Jan 30, 2016, from Allied Telesis, Inc.: http://www.alliedtelesis.com/media/fount/how_to_note_alliedware/howto_config_sip_alg .pdf Andrews, M. (1997, Mar 19). 3.3 Multimedia Protocols. Retrieved Jan 30, 2016, from gweep.net: gweep.net//~rocko/mqp/node9.html Apple Inc. (2014, Mar 10). Media Player Framework Referance. Retrieved Jan 30, 2016, from iOS Developer Liberary: https://developer.apple.com/library/ios/documentation/MediaPlayer/Reference/MediaPla yer_Framework/ Bass, J. (2003, Aug 11). Cisco Catalyst 3750 stackable switches. Retrieved Jan 16, 2016, from NetworkWorld: http://www.networkworld.com/article/2335721/lan-wan/cisco-catalyst- 3750-stackable-switches.html Brooks, C. (2016, Jan 04). Best Business Phone Systems 2016. Retrieved Feb 14, 2016, from Business News Daily: http://www.businessnewsdaily.com/6780-best-business-phone- systems.html Chapple, M. (2009, Feb 01). Should a firewall ever be placed before the router? Retrieved Feb 21, 2016, from TechTarget: http://searchmidmarketsecurity.techtarget.com/tip/Should-a- firewall-ever-be-placed-before-the-router Cisco. (n.d.). Cisco UCS 5100 Series Blade Server Chassis. Retrieved Jan 16, 2016, from Cisco: http://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-5100-series-blade- server-chassis/index.html Cisco Systems, Inc. (2008). Cisco WebEx . Retrieved Feb 14, 2016, from Cisco: http://www.cisco.com/c/dam/en_us/solutions/industries/docs/gov/wp_whywebex_1009.p df Cisco Systems, Inc. (n.d.). Cisco TelePresence Content Server Data Sheet. Retrieved Feb 14, 2016, from Cisco: http://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-content- server/data_sheet_c78-626482.html
  • 22.
    NSA CAPSTONE: FINALPROJECT Deutsch, W. (2014, Nov 24). How to Secure Your Building and Property. Retrieved Feb 21, 2016, from About.com: http://bizsecurity.about.com/od/physicalsecurity/a/What_is_physical_security.htm Dyke, J. (2001, Dec 4). Commerce Secretary Announces New Standard for Global Information Security. Retrieved Feb 21, 2016, from NIST: http://www.nist.gov/public_affairs/releases/g01-111.cfm Hoffman, C. (2015, Mar 10). Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP. Retrieved Jan 30, 2015, from How-to-Geek: http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn- vs.-l2tpipsec-vs.-sstp/ Indiana University. (2015, Aug 25). Indiana University Knowledge Base. Retrieved Jan 24, 2016, from Best practices for computer security: kb.iu.edu/d/akin Kobialka, D. (2014, May 20). Cisco Unveils WebEx Collaboration Meeting Room Service. Retrieved Feb 14, 2016, from talkincloud.com: http://talkincloud.com/cloud- companies/052014/cisco-gets-personal-unveils-webex-collaboration-meeting-room- service Peterson, G. (2005, May 12). Principle of Fail-Safe Defaults in Service Oriented Security. Retrieved Jan 24, 2016, from 1 Raindrop: 1raindroptypepad.com/1_raindrop/2005/05/principle_of_fa.html Rouse, M. (2012, Jul 1). Active Directory domain (AD domain). Retrieved Feb 21, 2016, from TechTarget: http://searchwindowsserver.techtarget.com/definition/Active-Directory- domain-AD-domain SAVVIUS, INC. (2016). VoIP. Retrieved Jan 30, 2016, from SAVVIUS Formally WildPackets: http://www.wildpackets.com/resources/compendium/voip Shinder, D. (2007, Jul 16). 10 physical security measures every organization should take. Retrieved Feb 21, 2016, from TechRepublic: http://www.techrepublic.com/blog/10- things/10-physical-security-measures-every-organization-should-take/ Snyder, J. (2011, Dec 19). Cisco UCS review. Retrieved Jan 16, 2016, from TechWorld: http://www.techworld.com/review/hardware/cisco-ucs-review-3326087/ Stephenson, P. (2015, Sep 01). Pulse Secure PulseWorkspace. Retrieved Jan 16, 2016, from SC Magazine: http://www.scmagazine.com/pulse-secure-pulseworkspace/review/4424/ Tech, C. (2015, Oct 23). Acer Aspire ATC-705-UR58 Review. Retrieved Jan 16, 2016, from Chad Technology: http://chadtechnology.com/acer-aspire-atc-705-ur58-review/