Download to read offline
Corporation Tech
- 1.
- 2. * *Corporation Techs (IDI)is a distribution company with over 4000 employees in 7 cities throughout 6 countries. IDI is the largest distributor of goods throughout the world and for the past 15 years has been the leader in logistical disbursement. *Our mission is to be able to provide other companies with efficient, safe and reliable shipping and logistics. IDI strives to keep cost down to make our clients profit. We strive to ensure that all logistical support is kept confidential, safe, and accessible to the client.
- 3. * *The purpose ofthis proposal is to establish better network access and control for the company. This will assist in keeping the networks used safe and profitable. *Scope - In this project, we have identified new needs to ensure that corporate has access to all information. That real time communication is possible for our overseas offices. To ensure that support to any new future branches are met. Ensure that the network meets all needs of our 4000 employees. Finally, ensuring that all information is kept confidential, accessible, and that we maintain the integrity of that information as much as possible.
- 4. * *Senior Management *IT Management *ISManagement *Functional Management *IS Security Practitioners *IT Technicians *Security Awareness Trainers
- 5. * *Executive Offices (VLan10): For the executive officers and board members that need access to resources. Located at the corporate office only. *Marketing (VLan 16): All market research, marketing, as well as advertising departments. *Operations (VLan 32): Operations department *Managers (VLan 48): Area, district, and branch managers. *Human Resources (VLan 64): Hiring and training personnel. *Accounting and Finance (VLan 80): All departments that deal with money for the company. *VPN (VLan 96): Remote VPN connection *Network (VLan 128): All core network equipment, routers, firewalls switches. These are statically assigned addresses.
- 6. * *The wireless LANwill be placed separate physically separated from the rest of the network and all access points will carry DCHP. Wireless addresses will not be assigned through the network. We will use the 802.11ac standard at 5GHz for all Wi-Fi needs. This is backwards compatible with all other standards before it. Right now 802.11ac is pushing between 1Gbps to 5Gbps pending the set up. This should allow mobile devices to handle any type of multimedia streaming if needed. Authentication
- 7. * *Switches *We will usetwo types of switches that for the network. The first are the 10 GB bridge switches. These will help with allowing all the VLans with communicating back and for the will little congestion. They will be trunked to ensure that all VLans are properly connected. *The 10/100/1000 Ethernet switches will serve the individual VLans. This helps communication with in the VLan to move with very little congestion to the main network. Trunks will not need to be set up on these switches as they only contain one VLan per switch. For the corporate office we will be using two switches in aggregation to help insure that traffic is flowing and to eliminate any failovers short of a complete device failover. The two will act to load balance traffic to the mission critical center.
- 8. * *Firewalls *Firewalls in usewill be either a unified threat management (UTM) firewall for internet and DMZ traffic, or standard firewalls for internal network filtering. *The UTM firewall will handle traffic coming from, the internet and DMZ. This is the initial point to check for spam, viruses, and other malicious packets coming through. Statefull packet filtering should be used in order to allow trusted traffic to come through with little checks. Nat will be implemented at the UTM so that the main internal network is hidden and to reduce the need for public IP addresses.
- 9. * *Configuration of allrouters will be with the OSPF for both internal and external traffic. This allows us the option to use more than just Cisco equipment. OSPF is able to handle the VLSM better than RIP.
- 10. * Core Network Routers 10.7.0.1-9 Firewalls10.7.0.10-19 GB Switches 10.7.0.20-29 Local Switches 10.7.0.30-39 Internal Servers 10.8.0.50-69 DMZ Servers 10.9.0.70-79
- 11. * Office Schema ForDepartmental VLans Multi-function devices 10.X.0.1-5 Printers 10.X.0.6-11 Wireless Access Points 10.X.0.12-20 Workstations Via DHCP Scope VLan 10 10.0.0.40 – 10.0.0.255 Vlan16 10.1.0.40 – 10.1.0.255 VLan 32 10.2.0.40 – 10.2.0.255 VLan 48 10.3.0.40 – 10.3.0.255 VLan 64 10.4.0.40 – 10.4.0.255 VLan 80 10.5.0.40 – 10.5.0.255 VLan 96 10.6.0.40 - .10.6.0.255
- 12. * Office Private Schema Executiveoffice: 10.0.0.1 10.0.0.254 10.x.0.1-254 255.255.255.0 Dynamic addressing unless indicated Marketing: 10.1.0.1 10.1.0.254 Operations: 10.2.0.1 10.2.0.254 Managers: 10.3.0.1 10.3.0.254 HR: 10.4.0.1 10.4.0.254 Accounting / Finance: 10.5.0.1 10.5.0.254 VPN 10.6.0.1 10.6.0.254 Network Equipment (static) 10.7.0.1 10.0.7.254
- 13. * *Management *Monitoring *Ticket System *Network Monitor *HostMonitoring *Protocol Monitoring
- 14. * *Security will bebroken down into seven of the main sections within the network. This will help in ensuring that all precautions and actions are taken. *Users *Workstation *LAN *LAN TO WAN *WAN *Remote Access *Mobile Devices
- 15. * *The new networkis a large undertaking for Corporation Techs. It is one that is needed though. In order to stay head of costs and to show our clients and future clients that we are serious a major reconstruction is needed. Support from at the management level is critical in making the company a success. *As an overview we are looking at the following: *VLans *DMZ implementation *VPN for remote users *Encrypted Wireless
- 16. * ISP INTERNET / SSLVPN 200.200.210.X VoIP Provider PSTN SIP Firewall 10.X.96.10 6 Multi-function device 11 Ethernet 11 Server 1 FTP server 1 Modem 8 Comm-link 3 Cloud 8 Manages switch 1 PBX 5 Firewall 6 ZERO Client 6 Printer 3 FastGB etherswitch 12 Router 1 Wireless access point 1 Relational database Symbol Count Description Legend Vlan 96 10.X.96.6 Voice over IP And Video Conferencing Through Sip and H.323 protocols Corporate Vlan 16 Vlan32 Vlan 48 Firewall 10.X.128.10 Spanning Tree Secondary link Corporate Vlan 10 Analog POTS RJ11 ADDS / ESXI/ 10.X.128.50 10.X.128.51 Intranet 10.0.128.57 Applications 10.X.128.55 DHCP 10.x.128.54 Media 10.X.128.53 Exchange 10.X.128.52 Database 10.0.128.58 Webserver 10.0.128.70 DNS 10.0.128.71 FTP 10.0.128.72 SMTP 10.0.128.73 DMZ ISP Modem ISP assigned Address Mission Critical Center Vlan Assignments Vlan 10: Executive Offices in Corporate office only Vlan 16: Marketing in Corporate office only Vlan 32: Operations in Corporate and Branch offices Vlan 48: Managers in Corporate and Branch Offices Vlan 64: Human resources in Corporate and Branch offices Vlan 80: Accounting in Corporate and Branch Offices Vlan 96: VoIP VLan 112: WLAN Vlan 128: Servers Vlan 64 Vlan 80 VPN configuration Office Schema For Departmental VLans Multi-function devices 10.X.X.1-5 Printers 10.X.X.6-11 Wireless Access Points 10.X.X.11-20 Workstations Via DHCP. Spanning Tree Primary Link Indicates Corporate Office Only Diagram Key Internal FTP 10.X.128.56 Office Managed Switch 10.X.128.34 Office Managed Switch 10.X.128.35 Border Router 10.X.128.1 DMZ Managed Switch 10.0.128.32 Office Managed Switch 10.X.128.33 Managed Switch Aggregated links 10.X.128.31 Managed Switch Aggregated links 10.X.128.30 MCC GB Switch 10.X.128.20 Indicates Aggregated links Office Managed Switch 10.X.128.37 Office Managed Switch 10.X.128.36 Office GB Managed Switch 10.X.128.21 UTM Firewall 10.X.128.11 Vlan 96 SIP GB Switch 10.X.96..20 Firewall 10.X.128.12 Internal Gateway Router 10.X.128.2 Office internal router 10.X.128.3 Firewall 10.X.128.13 Japan 200.200.200.25 Sydney 200.200.200.21 Tanzania 200.200.200.17 Warsaw 200.200.200.9 Sao Paulo 200.200.200.13 Billings 200.200.200.1 Hong Kong 200.200.2005 China 200.200.200.29 Router Hub at ISP VM Back Up SAN
- 17.