SlideShare a Scribd company logo

NOTES

Download as PPTX, PDF
J
James Colvin
1 of 22
WHAT WE ARE & WHAT WE DO (Slide 3) ABC Worldwide: Leading video editing and advertising Co. 6 Worldwide Design Centers Headquartered in San Francisco, CA. Services we provide: -Corporate videos -Commercials -Movie films and trailers -Web sites
Background and Development (Slide 4) In 2014 our talented team formed as a creative collaboration between long-time friends who decided to start up a multimedia company, with a mission to satisfy our clients and customers’ needs.
Company Information (Slide 5) Name: ABC Worldwide Address: 600 Ruth Ave, San Francisco, CA 94107 Phone: (415) 552-0000, Fax (415) 552- 0001 Annual Sales: $450 Million Employees: 1560 Employees at Headquarters: 300 Primary Business: Video Editing & Advertising
NETWORK CRITERIA (SLIDE 7) Redundancy: If one part of the network goes down its twin will automatically take over. Separation: If one area of the network is compromised than the rest of the network is still sealed off. Speed: We value our client’s time and the productivity of our employees. We strive to provide the tools to use both as efficiently as possible. Scalability: The modular layout of the network will allow easy addition of network equipment to seamlessly facilitate our growth. Testing and Quarantine: Our network will have a safe environment to quarantine and evaluate malware and test new operating systems and drivers for any possible problems before being deployed throughout the network.
WIDE AREA NETWORK (SLIDE 8) What the WAN is: The WAN consists of a Headquarters and Main Design center in a single building in San Francisco. Five other Main Design centers will be located in Detroit, Tampa, Sao Paulo, Paris and Tokyo. Three separate sales branches will be located in Washington, Indianapolis and London. A Data Center will also be located as near to the Headquarters as possible. How the WAN will communicate: The WAN will communicate using two technologies. The Main Design Centers will communicate with the Headquarters using Point To Point connections while the separate sales branches will use VPN (Virtual Private Network) technology to communicate. All the buildings will be located in areas with fiber optic service to the extent possible. This will facilitate communication on a SONET (Synchronous Optical Network) with download speeds of 100 Mb/s to 300 Mb/s depending on Internet Service Provider options. Subnets: All of the Design Centers and branches will be on their own IP sub nets.
FORWARD FACING NETWORK (SLIDE 9) Router: The router will be completely isolated by firewalls on all sides. This will include insulation from both the Internet as well as all network devices. Network Separation: The network devices such as servers and the SAN will be further isolated from the workstations and their switches. The active directory domain controller will also be separated from the SAN. This is due to the fact that the Active directory domain controller will be hosting the VPN. Any security breech will be kept isolated from the rest of the network. Redundancy: All routers, firewalls and servers will be duplicated and linked together in the event that one goes out. Speed: All of the cabling in the network will be 10 BASE-T Cat 6. This will support a bandwidth of 10 Mb/s. The SAN components will be linked together with fiber.
CLIENT FACING NETWORK (SLIDE 10) Network Separation: The client facing switches will be separated from the router and the servers. Redundancy: All switches will be duplicated and linked together in the event that one goes out. Speed: All of the cabling between the switches and the workstations will be 10 BASE-T Cat 6. This will support a bandwidth of 10 Mb/s. VTP: VLAN Trunk Protocol: The client switches will be trunked over to the server switches where data can go either to the servers or out into the internet. Having a VTP will reduce the amount of administration needed to set up, configure and maintain the switches. All of these tasks will be done in the VTP server switches and replicated to all of the client switches. All of the switches will be layer three allowing for independent VLANS for Voice over IP, data and a separate VLAN for clients and vendors who may need access to the network. The IT staff will also have a dedicated VLAN as well. IT will be on VLAN 0 while VoIP will be on VLAN 10, Data on VLAN 20 and Client/ Vendors will use VLAN 30. This will add extra security as well.
NETWORK INFRASTRUCTURE WITH SAN (SLIDE 11)Network Separation: The SAN will be isolated from the rest of the network. The active directory domain controller will also be separated from the SAN. This is due to the fact that the Active directory domain controller will be hosting the VPN. Any security breech will be kept isolated from the rest of the network. Redundancy: All and servers and switches will be duplicated and linked together in the event that one goes out. All serves will be RAID 5 which will stripe data with parity over sets of three hard drives. The SAN servers will be set up on RAID 10, striping and mirroring, and will use sets of 4 hard drives. In addition, a tape server will provide data backup. Speed: All of the cabling between the devices in the SAN and the network will be multi mode fiber. Although multi mode fiber has the same speed as Cat 6, 10 Mb/s, the extra bandwidth in fiber means that more signals can be simultaneously sent at one time. Due to the expense, the rest of the network will not be utilizing the technology at this time.
VIRTUALIZATION (SLIDE 12) Network Separation: The servers carrying Hyper-V will be firewall separated from the reset of the network. In addition to physical separation, logical separation will be done using Microsoft Hyper-V. VM Ware is another popular virtual software, however is made by the same corporation as the server software and will have no compatibility issues. If a virus completely corrupt the virtual server it can just be deleted and another one re-created at the last known good configuration, or mirrored over. Redundancy: The physical servers containing the Hyper-V servers will be duplicated and linked together in the event that one goes out. Testing: Instances of all company used software can be set up and tested on Hyper-V. Operating systems and drivers can be deployed and studied as well as used to quarantine viruses.
DHCP SCOPE (SLIDE 13) Headquarters: IP addresses scope for Headquarters will be 10.60.10.01/16 to 10.60.14.254/16 10.60.10.01 to 10.60.10.10 will be reserved for routers. 10.60.10.11 to 10.60.10.254 will be reserved for servers, switches, firewalls and WAPs. 10.60.11.01 to 10.60.11.254 will be set aside for printers and other peripheral devices. 10.60.12.01 to 10.60.14.254 will be dynamically assigned. Design Centers: IP addresses will go from 10.60.16/16 forward on intervals of 5 in the third octet. 10.60.16.01 to 10.60.16.10 will be reserved for routers. 10.60.16.11 to 10.60.16.254 will be reserved for servers, switches, firewalls and WAPs 10.60.17.01 to 10.60.17.254 will be set aside for printers and other peripheral devices. 10.60.18.01 to 10.60.20.254 will be dynamically assigned Sales Offices: IP addresses will go from 10.60.50/16 forward on intervals of 5 in the third octet. 10.60.50.01 to 10.60.50.100 will be reserved for routers, switches WAPs and printers. 10.60.50.101 to 10.60.50.254 will be dynamically assigned. Initially sales offices will be separated by intervals of 5 on the third octet but new sales offices can be inserted in between those intervals if necessary.
SALES WORKGROUPS (SLISE 14) Network: All employees will be on WiFi. Two Wireless Access Points will be connected by Ethernet to a central router. In the office all employees will communicate with each other in an “ad-hoc” configuration with the router acting as the hub in a star topology. All DNS, DHCP and NAT functions will be provided by the router. Mobility: Sales employees are constantly on the go. Therefore they will be issued, in addition to a laptop, a smart phone. Their smart phone service will include a hot spot for their laptops so they can access the internet anywhere there is cell service. Security All sales staff will be on a VPN. Hot Spot Device: Employees will be issued the iPhone 6s. We have to throw Apple a bone somewhere. The service provider will be AT&T with the built in hot spot.
NETWORK SECURITY (SLIDE 50) What Network Security IS: Network security is any activity designed to protect the network. These activities protect the usability, reliability, integrity and safety of network and data. What are the threats to a Network? After defining the Network security, our project will focus in the first part of our discussion on the company Policies and procedures that must be followed in order to protect the company, and then we will move to the second paragraph by talking about software security and in the last paragraph, we will talk about company hardware policies. What threats to a Network are: There are varieties of threats that want to enter and spread on the network. In these days the threat on the internet is sophisticated hence, the need for adequate security to stop them. There are different kinds of network security threats. These include: viruses, Trojan horses, spyware, adware, zero-day attack, and hackers attack, denial of service attack, data interception theft and identity theft. We need to be able to detect, protect and respond to these ever-changing threats. Hardware Policies: Hardware policies must be implemented to keep people from gaining access to devices they have no authorization to have access to. These security policies also cover protecting areas of the building where extremely important devices are located and contingencies for device malfunction and catastrophic damage to network components.
Password Policy (Slide 51) -Minimum 10 characters. (Password Length) -A minimum of one number, one letter, one capitol letter and one special character. (Complexity) -Password must be reset every three months. (Life of Password) -After three unsuccessful attempts the login will be locked and a supervisor will have to unlock the account. (Password Lockout Policy) -Properly use privileges and permissions: Every computer or every OS has users with different level of permissions and privileges. The main user is administrator or the root account in UNIX or Linux
Software Deployment Policy: (Slide 52) Deployment of Operating Systems and Applications: All Operating Systems and applications will be deployed from the server rather than on the individual computer. Virtual Servers Testing: Before being put on the server for deployment, all new and upgraded operating systems, applications and antivirus software will be tested on the virtual server beforehand. Where Antivirus Software is Installed: Antivirus software will be installed on all company servers and workstations. Company provided smart phones will not give employees the ability to download applications.
Antivirus Specifications: (Slide 53) Reporting: Software will generate a report of any incidents to the IT manager. IT will have the discretion as to reporting only successful or successful and failed attempts. Types: Install anti Spyware and Malware (software that collect information about user names, passwords etc.) Site Advisor: We will keep a data base of all the known and reported web sites with potential problems. Alerts will be sent out when attempts to access these websites are made. Norton Security: Norton security will be used on all workstations to keep viruses from corrupting files and bringing down the Operating System.
Hardware: (Slide 54) Firewalls: Firewalls must have the ability to block ports as prescribed by the IT department. Firewall separation: Firewalls will be used to separate the forward facing network from the internet, the workstations from the SAN and the SAN from the servers hosting the Hypervisor. WAP: The Wireless Access Points will have their broadcast turned off. WAPs will be on a separate LAN. Once installed any factory WAP credentials will be changed. Routers: Routers will have their broadcast turned off. Routers will have WPA2 encryption using the AES encryption protocol. Only secure ports including Secure Sockets Layer will be used. Switches: Quality of Service will put priority on Voice followed by Data and then Video. This will be accomplished through separate LANs. Any factory set passwords on the switch will be changed. Proxy Server: Proxy servers will be used to filter accessible web sites, obtain credentials from employees before going to the internet, monitor bandwidth usage and have their own antivirus software installed. Install Site Advisor that will prevent from logging to the bad sites.
ACCEPTABLE USE POLICY: (Slide 55) Properly use privileges and permissions: Every computer or every OS has users with different level of permissions and privileges. The main user is administrator or the root account in UNIX or Linux Under the main administrator account create a hierarchy like user account with different level of permissions and authorizations. Web Browsers: Web browser and Internet explorer: Web browsers are programs that we use to access web page such google chrome, Firefox, internet explorer and apple safari. The risk with internet explorer is that it allows you not only to surf the net but also to connect to others computers in the way that other web browsers don’t. Therefore it will be easy for hacker to connect to your computer thru the internet explorer. Secured session: Have time and date security, allow connection to the server only on a précised time and date. For instance only allow connection to the network between 7am -10 am. Also set up a length of the session. For instance, the session will automatically log off after 5 minutes of inactivity. Hardware Policies Only authorized personnel will have access to equipment. All workstations will remain locked when the employee leaves his area. The server room and computer closet shall remain locked at all times. No network devices other than company issued mobile devices shall be taken out of the building without express permission from IT management. They must be first checked in with IT before being put back into the network.
APPROVED WEB BROWSERS: (Slide 56) Internet Explorer Google Chrome Firefox Safari
PRIVILEGES AND PERMISSIONS: (Slide 57) Consumer: Search, view, copy, documents. Contributor: Create documents and folders, Modify documents and VDs. Coordinator: Create cabinets and VD, view hidden documents. System Administrator: Access and Manage content servers, Repository, Users and Groups.
COMPANY: -ITWatchdogs.com WHAT IS MONITORED: -Temperature, Humidity, Leaks, Smoke, Power, 5V Analogue/Sensor Changes. How Anomalies are Logged: -SNMP, Audible Alarms, Output Relays, email alarms, Text messages. Surveillance: -Up to 4 IP cameras can be monitored. Configuration: -Any sensor can be configured to your choice.
CompuCom: -Look for outages -Analyze multiple calls coming in from the facility: -Monitor and alert in case of fiber break. -Monitor when server room doors have been opened. -Issue tickets to log events and monitor trends.
AT&T: -Access & Secure vulnerable files -Respond to suspicious activity -Insure health of device all the way to tier 3 health -Analyze security breaches and send alerts.

Recommended

ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesAruba, a Hewlett Packard Enterprise company
 
Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)Aruba, a Hewlett Packard Enterprise company
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Etherfast3828
Etherfast3828Etherfast3828
Etherfast3828mark scott
 
Ccna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 AnswersCcna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 Answersccna4discovery
 
Cisco SFPOC48SR
Cisco SFPOC48SRCisco SFPOC48SR
Cisco SFPOC48SRsavomir
 
Networking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training InstituteNetworking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training InstituteNetworking Training
 
Aruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba, a Hewlett Packard Enterprise company
 

Recommended

ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesAruba, a Hewlett Packard Enterprise company
 
Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)Virtual Intranet Access (VIA)
Virtual Intranet Access (VIA)Aruba, a Hewlett Packard Enterprise company
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Etherfast3828
Etherfast3828Etherfast3828
Etherfast3828mark scott
 
Ccna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 AnswersCcna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 Answersccna4discovery
 
Cisco SFPOC48SR
Cisco SFPOC48SRCisco SFPOC48SR
Cisco SFPOC48SRsavomir
 
Networking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training InstituteNetworking Course in bangalore | CCNA training Institute
Networking Course in bangalore | CCNA training InstituteNetworking Training
 
Aruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba, a Hewlett Packard Enterprise company
 
7600 Overview
7600 Overview7600 Overview
7600 OverviewAkkara Wattanayotin
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Cisco XFP-10G-MM-SR
Cisco XFP-10G-MM-SRCisco XFP-10G-MM-SR
Cisco XFP-10G-MM-SRsavomir
 
Simplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with CiscoSimplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with CiscoCisco Canada
 
Providing voice and data services in ‘under serviced’ areas - By Rael Lissoos
Providing voice and data services in ‘under serviced’ areas - By Rael LissoosProviding voice and data services in ‘under serviced’ areas - By Rael Lissoos
Providing voice and data services in ‘under serviced’ areas - By Rael LissoosVoiceSA
 
Wajahat Hussain cv
Wajahat Hussain cvWajahat Hussain cv
Wajahat Hussain cvSyed Wajahat Hussain
 
Brocade/VMware Customer Presentation
Brocade/VMware Customer Presentation Brocade/VMware Customer Presentation
Brocade/VMware Customer Presentation Brocade
 
Alcatel-Lucent 3HE00037AA02
Alcatel-Lucent 3HE00037AA02Alcatel-Lucent 3HE00037AA02
Alcatel-Lucent 3HE00037AA02savomir
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11Irsandi Hasan
 
Kazi B. Alam_v6
Kazi B. Alam_v6Kazi B. Alam_v6
Kazi B. Alam_v6Kazi Alam
 
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportWireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportCisco Mobility
 
Alcatel-Lucent 3HE00038AA02
Alcatel-Lucent 3HE00038AA02Alcatel-Lucent 3HE00038AA02
Alcatel-Lucent 3HE00038AA02savomir
 
Cisco catalyst 2960 series switches overview
Cisco catalyst 2960 series switches overviewCisco catalyst 2960 series switches overview
Cisco catalyst 2960 series switches overview3Anetwork com
 
Aerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive Networks
 
Meraki Datasheet VPN
Meraki Datasheet VPNMeraki Datasheet VPN
Meraki Datasheet VPNCloud Distribution
 
Eng.Abd Elrhman.doc
Eng.Abd Elrhman.docEng.Abd Elrhman.doc
Eng.Abd Elrhman.docINOGHOST
 
Cisco XFP10GEROC192IR
Cisco XFP10GEROC192IRCisco XFP10GEROC192IR
Cisco XFP10GEROC192IRsavomir
 
Cisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallCisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallIT Tech
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Chapter 2 LAN redundancy
Chapter 2 LAN redundancyChapter 2 LAN redundancy
Chapter 2 LAN redundancyJosue Wuezo
 
NT2799 FINAL CAPSTONE PROJECT.DOCX
NT2799 FINAL CAPSTONE PROJECT.DOCXNT2799 FINAL CAPSTONE PROJECT.DOCX
NT2799 FINAL CAPSTONE PROJECT.DOCXFred Abram III
 
Week 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitWeek 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitDavid Nesbit II
 

More Related Content

What's hot

Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Cisco XFP-10G-MM-SR
Cisco XFP-10G-MM-SRCisco XFP-10G-MM-SR
Cisco XFP-10G-MM-SRsavomir
 
Simplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with CiscoSimplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with CiscoCisco Canada
 
Providing voice and data services in ‘under serviced’ areas - By Rael Lissoos
Providing voice and data services in ‘under serviced’ areas - By Rael LissoosProviding voice and data services in ‘under serviced’ areas - By Rael Lissoos
Providing voice and data services in ‘under serviced’ areas - By Rael LissoosVoiceSA
 
Brocade/VMware Customer Presentation
Brocade/VMware Customer Presentation Brocade/VMware Customer Presentation
Brocade/VMware Customer Presentation Brocade
 
Alcatel-Lucent 3HE00037AA02
Alcatel-Lucent 3HE00037AA02Alcatel-Lucent 3HE00037AA02
Alcatel-Lucent 3HE00037AA02savomir
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11Irsandi Hasan
 
Kazi B. Alam_v6
Kazi B. Alam_v6Kazi B. Alam_v6
Kazi B. Alam_v6Kazi Alam
 
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportWireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportCisco Mobility
 
Alcatel-Lucent 3HE00038AA02
Alcatel-Lucent 3HE00038AA02Alcatel-Lucent 3HE00038AA02
Alcatel-Lucent 3HE00038AA02savomir
 
Cisco catalyst 2960 series switches overview
Cisco catalyst 2960 series switches overviewCisco catalyst 2960 series switches overview
Cisco catalyst 2960 series switches overview3Anetwork com
 
Aerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive Networks
 
Eng.Abd Elrhman.doc
Eng.Abd Elrhman.docEng.Abd Elrhman.doc
Eng.Abd Elrhman.docINOGHOST
 
Cisco XFP10GEROC192IR
Cisco XFP10GEROC192IRCisco XFP10GEROC192IR
Cisco XFP10GEROC192IRsavomir
 
Cisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallCisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallIT Tech
 
Chapter 2 LAN redundancy
Chapter 2 LAN redundancyChapter 2 LAN redundancy
Chapter 2 LAN redundancyJosue Wuezo
 

What's hot (20)

7600 Overview
7600 Overview7600 Overview
7600 Overview
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
 
Cisco XFP-10G-MM-SR
Cisco XFP-10G-MM-SRCisco XFP-10G-MM-SR
Cisco XFP-10G-MM-SR
 
Simplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with CiscoSimplifying Cloud Adoption with Cisco
Simplifying Cloud Adoption with Cisco
 
Providing voice and data services in ‘under serviced’ areas - By Rael Lissoos
Providing voice and data services in ‘under serviced’ areas - By Rael LissoosProviding voice and data services in ‘under serviced’ areas - By Rael Lissoos
Providing voice and data services in ‘under serviced’ areas - By Rael Lissoos
 
Wajahat Hussain cv
Wajahat Hussain cvWajahat Hussain cv
Wajahat Hussain cv
 
Brocade/VMware Customer Presentation
Brocade/VMware Customer Presentation Brocade/VMware Customer Presentation
Brocade/VMware Customer Presentation
 
Alcatel-Lucent 3HE00037AA02
Alcatel-Lucent 3HE00037AA02Alcatel-Lucent 3HE00037AA02
Alcatel-Lucent 3HE00037AA02
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11
 
Kazi B. Alam_v6
Kazi B. Alam_v6Kazi B. Alam_v6
Kazi B. Alam_v6
 
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportWireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
 
Alcatel-Lucent 3HE00038AA02
Alcatel-Lucent 3HE00038AA02Alcatel-Lucent 3HE00038AA02
Alcatel-Lucent 3HE00038AA02
 
Cisco catalyst 2960 series switches overview
Cisco catalyst 2960 series switches overviewCisco catalyst 2960 series switches overview
Cisco catalyst 2960 series switches overview
 
Aerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive BR100 Branch Router
Aerohive BR100 Branch Router
 
Meraki Datasheet VPN
Meraki Datasheet VPNMeraki Datasheet VPN
Meraki Datasheet VPN
 
Eng.Abd Elrhman.doc
Eng.Abd Elrhman.docEng.Abd Elrhman.doc
Eng.Abd Elrhman.doc
 
Cisco XFP10GEROC192IR
Cisco XFP10GEROC192IRCisco XFP10GEROC192IR
Cisco XFP10GEROC192IR
 
Cisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewallCisco rv110 w wireless n vpn firewall
Cisco rv110 w wireless n vpn firewall
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
 
Chapter 2 LAN redundancy
Chapter 2 LAN redundancyChapter 2 LAN redundancy
Chapter 2 LAN redundancy
 

Similar to NOTES

NT2799 FINAL CAPSTONE PROJECT.DOCX
NT2799 FINAL CAPSTONE PROJECT.DOCXNT2799 FINAL CAPSTONE PROJECT.DOCX
NT2799 FINAL CAPSTONE PROJECT.DOCXFred Abram III
 
Week 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitWeek 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitDavid Nesbit II
 
Ccnp™ advanced cisco® router
Ccnp™ advanced cisco® routerCcnp™ advanced cisco® router
Ccnp™ advanced cisco® routerchiliconcarne
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPTomar awad
 
Presentation cloud computing and the internet
Presentation cloud computing and the internetPresentation cloud computing and the internet
Presentation cloud computing and the internetxKinAnx
 
Banking and ATM networking reports
Banking and ATM networking reportsBanking and ATM networking reports
Banking and ATM networking reportsShakib Ansaar
 
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco Canada
 
MathWork Network Architecture
MathWork Network ArchitectureMathWork Network Architecture
MathWork Network ArchitectureRobert Muliero
 
1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docx1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docxeugeniadean34240
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionCisco Canada
 
Inter vlan routing plus configuration
Inter vlan routing plus configurationInter vlan routing plus configuration
Inter vlan routing plus configurationMohammedseleim
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 

Similar to NOTES (20)

NT2799 FINAL CAPSTONE PROJECT.DOCX
NT2799 FINAL CAPSTONE PROJECT.DOCXNT2799 FINAL CAPSTONE PROJECT.DOCX
NT2799 FINAL CAPSTONE PROJECT.DOCX
 
Week 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbitWeek 4_Project Part 2_DNesbit
Week 4_Project Part 2_DNesbit
 
Capstone Final Part
Capstone Final PartCapstone Final Part
Capstone Final Part
 
ITE7_Chp5.pptx
ITE7_Chp5.pptxITE7_Chp5.pptx
ITE7_Chp5.pptx
 
Comprehensive AAP
Comprehensive AAPComprehensive AAP
Comprehensive AAP
 
Ccnp™ advanced cisco® router
Ccnp™ advanced cisco® routerCcnp™ advanced cisco® router
Ccnp™ advanced cisco® router
 
MX Deep Dive PPT
MX Deep Dive PPTMX Deep Dive PPT
MX Deep Dive PPT
 
Corporation Tech
Corporation TechCorporation Tech
Corporation Tech
 
Presentation cloud computing and the internet
Presentation cloud computing and the internetPresentation cloud computing and the internet
Presentation cloud computing and the internet
 
Jvvnl 071108
Jvvnl 071108Jvvnl 071108
Jvvnl 071108
 
ITE7_Chp5.pptx
ITE7_Chp5.pptxITE7_Chp5.pptx
ITE7_Chp5.pptx
 
Banking and ATM networking reports
Banking and ATM networking reportsBanking and ATM networking reports
Banking and ATM networking reports
 
Lecture 1.pptx
Lecture 1.pptxLecture 1.pptx
Lecture 1.pptx
 
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
Cisco connect winnipeg 2018 understanding cisco's next generation sdwan sol...
 
MathWork Network Architecture
MathWork Network ArchitectureMathWork Network Architecture
MathWork Network Architecture
 
1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docx1Running Head Network Design3Network DesignUn.docx
1Running Head Network Design3Network DesignUn.docx
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN Solution
 
Inter vlan routing plus configuration
Inter vlan routing plus configurationInter vlan routing plus configuration
Inter vlan routing plus configuration
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
Allied Telesis x610 Series
Allied Telesis x610 SeriesAllied Telesis x610 Series
Allied Telesis x610 Series
 

NOTES

  • 1. WHAT WE ARE & WHAT WE DO (Slide 3) ABC Worldwide: Leading video editing and advertising Co. 6 Worldwide Design Centers Headquartered in San Francisco, CA. Services we provide: -Corporate videos -Commercials -Movie films and trailers -Web sites
  • 2. Background and Development (Slide 4) In 2014 our talented team formed as a creative collaboration between long-time friends who decided to start up a multimedia company, with a mission to satisfy our clients and customers’ needs.
  • 3. Company Information (Slide 5) Name: ABC Worldwide Address: 600 Ruth Ave, San Francisco, CA 94107 Phone: (415) 552-0000, Fax (415) 552- 0001 Annual Sales: $450 Million Employees: 1560 Employees at Headquarters: 300 Primary Business: Video Editing & Advertising
  • 4. NETWORK CRITERIA (SLIDE 7) Redundancy: If one part of the network goes down its twin will automatically take over. Separation: If one area of the network is compromised than the rest of the network is still sealed off. Speed: We value our client’s time and the productivity of our employees. We strive to provide the tools to use both as efficiently as possible. Scalability: The modular layout of the network will allow easy addition of network equipment to seamlessly facilitate our growth. Testing and Quarantine: Our network will have a safe environment to quarantine and evaluate malware and test new operating systems and drivers for any possible problems before being deployed throughout the network.
  • 5. WIDE AREA NETWORK (SLIDE 8) What the WAN is: The WAN consists of a Headquarters and Main Design center in a single building in San Francisco. Five other Main Design centers will be located in Detroit, Tampa, Sao Paulo, Paris and Tokyo. Three separate sales branches will be located in Washington, Indianapolis and London. A Data Center will also be located as near to the Headquarters as possible. How the WAN will communicate: The WAN will communicate using two technologies. The Main Design Centers will communicate with the Headquarters using Point To Point connections while the separate sales branches will use VPN (Virtual Private Network) technology to communicate. All the buildings will be located in areas with fiber optic service to the extent possible. This will facilitate communication on a SONET (Synchronous Optical Network) with download speeds of 100 Mb/s to 300 Mb/s depending on Internet Service Provider options. Subnets: All of the Design Centers and branches will be on their own IP sub nets.
  • 6. FORWARD FACING NETWORK (SLIDE 9) Router: The router will be completely isolated by firewalls on all sides. This will include insulation from both the Internet as well as all network devices. Network Separation: The network devices such as servers and the SAN will be further isolated from the workstations and their switches. The active directory domain controller will also be separated from the SAN. This is due to the fact that the Active directory domain controller will be hosting the VPN. Any security breech will be kept isolated from the rest of the network. Redundancy: All routers, firewalls and servers will be duplicated and linked together in the event that one goes out. Speed: All of the cabling in the network will be 10 BASE-T Cat 6. This will support a bandwidth of 10 Mb/s. The SAN components will be linked together with fiber.
  • 7. CLIENT FACING NETWORK (SLIDE 10) Network Separation: The client facing switches will be separated from the router and the servers. Redundancy: All switches will be duplicated and linked together in the event that one goes out. Speed: All of the cabling between the switches and the workstations will be 10 BASE-T Cat 6. This will support a bandwidth of 10 Mb/s. VTP: VLAN Trunk Protocol: The client switches will be trunked over to the server switches where data can go either to the servers or out into the internet. Having a VTP will reduce the amount of administration needed to set up, configure and maintain the switches. All of these tasks will be done in the VTP server switches and replicated to all of the client switches. All of the switches will be layer three allowing for independent VLANS for Voice over IP, data and a separate VLAN for clients and vendors who may need access to the network. The IT staff will also have a dedicated VLAN as well. IT will be on VLAN 0 while VoIP will be on VLAN 10, Data on VLAN 20 and Client/ Vendors will use VLAN 30. This will add extra security as well.
  • 8. NETWORK INFRASTRUCTURE WITH SAN (SLIDE 11)Network Separation: The SAN will be isolated from the rest of the network. The active directory domain controller will also be separated from the SAN. This is due to the fact that the Active directory domain controller will be hosting the VPN. Any security breech will be kept isolated from the rest of the network. Redundancy: All and servers and switches will be duplicated and linked together in the event that one goes out. All serves will be RAID 5 which will stripe data with parity over sets of three hard drives. The SAN servers will be set up on RAID 10, striping and mirroring, and will use sets of 4 hard drives. In addition, a tape server will provide data backup. Speed: All of the cabling between the devices in the SAN and the network will be multi mode fiber. Although multi mode fiber has the same speed as Cat 6, 10 Mb/s, the extra bandwidth in fiber means that more signals can be simultaneously sent at one time. Due to the expense, the rest of the network will not be utilizing the technology at this time.
  • 9. VIRTUALIZATION (SLIDE 12) Network Separation: The servers carrying Hyper-V will be firewall separated from the reset of the network. In addition to physical separation, logical separation will be done using Microsoft Hyper-V. VM Ware is another popular virtual software, however is made by the same corporation as the server software and will have no compatibility issues. If a virus completely corrupt the virtual server it can just be deleted and another one re-created at the last known good configuration, or mirrored over. Redundancy: The physical servers containing the Hyper-V servers will be duplicated and linked together in the event that one goes out. Testing: Instances of all company used software can be set up and tested on Hyper-V. Operating systems and drivers can be deployed and studied as well as used to quarantine viruses.
  • 10. DHCP SCOPE (SLIDE 13) Headquarters: IP addresses scope for Headquarters will be 10.60.10.01/16 to 10.60.14.254/16 10.60.10.01 to 10.60.10.10 will be reserved for routers. 10.60.10.11 to 10.60.10.254 will be reserved for servers, switches, firewalls and WAPs. 10.60.11.01 to 10.60.11.254 will be set aside for printers and other peripheral devices. 10.60.12.01 to 10.60.14.254 will be dynamically assigned. Design Centers: IP addresses will go from 10.60.16/16 forward on intervals of 5 in the third octet. 10.60.16.01 to 10.60.16.10 will be reserved for routers. 10.60.16.11 to 10.60.16.254 will be reserved for servers, switches, firewalls and WAPs 10.60.17.01 to 10.60.17.254 will be set aside for printers and other peripheral devices. 10.60.18.01 to 10.60.20.254 will be dynamically assigned Sales Offices: IP addresses will go from 10.60.50/16 forward on intervals of 5 in the third octet. 10.60.50.01 to 10.60.50.100 will be reserved for routers, switches WAPs and printers. 10.60.50.101 to 10.60.50.254 will be dynamically assigned. Initially sales offices will be separated by intervals of 5 on the third octet but new sales offices can be inserted in between those intervals if necessary.
  • 11. SALES WORKGROUPS (SLISE 14) Network: All employees will be on WiFi. Two Wireless Access Points will be connected by Ethernet to a central router. In the office all employees will communicate with each other in an “ad-hoc” configuration with the router acting as the hub in a star topology. All DNS, DHCP and NAT functions will be provided by the router. Mobility: Sales employees are constantly on the go. Therefore they will be issued, in addition to a laptop, a smart phone. Their smart phone service will include a hot spot for their laptops so they can access the internet anywhere there is cell service. Security All sales staff will be on a VPN. Hot Spot Device: Employees will be issued the iPhone 6s. We have to throw Apple a bone somewhere. The service provider will be AT&T with the built in hot spot.
  • 12. NETWORK SECURITY (SLIDE 50) What Network Security IS: Network security is any activity designed to protect the network. These activities protect the usability, reliability, integrity and safety of network and data. What are the threats to a Network? After defining the Network security, our project will focus in the first part of our discussion on the company Policies and procedures that must be followed in order to protect the company, and then we will move to the second paragraph by talking about software security and in the last paragraph, we will talk about company hardware policies. What threats to a Network are: There are varieties of threats that want to enter and spread on the network. In these days the threat on the internet is sophisticated hence, the need for adequate security to stop them. There are different kinds of network security threats. These include: viruses, Trojan horses, spyware, adware, zero-day attack, and hackers attack, denial of service attack, data interception theft and identity theft. We need to be able to detect, protect and respond to these ever-changing threats. Hardware Policies: Hardware policies must be implemented to keep people from gaining access to devices they have no authorization to have access to. These security policies also cover protecting areas of the building where extremely important devices are located and contingencies for device malfunction and catastrophic damage to network components.
  • 13. Password Policy (Slide 51) -Minimum 10 characters. (Password Length) -A minimum of one number, one letter, one capitol letter and one special character. (Complexity) -Password must be reset every three months. (Life of Password) -After three unsuccessful attempts the login will be locked and a supervisor will have to unlock the account. (Password Lockout Policy) -Properly use privileges and permissions: Every computer or every OS has users with different level of permissions and privileges. The main user is administrator or the root account in UNIX or Linux
  • 14. Software Deployment Policy: (Slide 52) Deployment of Operating Systems and Applications: All Operating Systems and applications will be deployed from the server rather than on the individual computer. Virtual Servers Testing: Before being put on the server for deployment, all new and upgraded operating systems, applications and antivirus software will be tested on the virtual server beforehand. Where Antivirus Software is Installed: Antivirus software will be installed on all company servers and workstations. Company provided smart phones will not give employees the ability to download applications.
  • 15. Antivirus Specifications: (Slide 53) Reporting: Software will generate a report of any incidents to the IT manager. IT will have the discretion as to reporting only successful or successful and failed attempts. Types: Install anti Spyware and Malware (software that collect information about user names, passwords etc.) Site Advisor: We will keep a data base of all the known and reported web sites with potential problems. Alerts will be sent out when attempts to access these websites are made. Norton Security: Norton security will be used on all workstations to keep viruses from corrupting files and bringing down the Operating System.
  • 16. Hardware: (Slide 54) Firewalls: Firewalls must have the ability to block ports as prescribed by the IT department. Firewall separation: Firewalls will be used to separate the forward facing network from the internet, the workstations from the SAN and the SAN from the servers hosting the Hypervisor. WAP: The Wireless Access Points will have their broadcast turned off. WAPs will be on a separate LAN. Once installed any factory WAP credentials will be changed. Routers: Routers will have their broadcast turned off. Routers will have WPA2 encryption using the AES encryption protocol. Only secure ports including Secure Sockets Layer will be used. Switches: Quality of Service will put priority on Voice followed by Data and then Video. This will be accomplished through separate LANs. Any factory set passwords on the switch will be changed. Proxy Server: Proxy servers will be used to filter accessible web sites, obtain credentials from employees before going to the internet, monitor bandwidth usage and have their own antivirus software installed. Install Site Advisor that will prevent from logging to the bad sites.
  • 17. ACCEPTABLE USE POLICY: (Slide 55) Properly use privileges and permissions: Every computer or every OS has users with different level of permissions and privileges. The main user is administrator or the root account in UNIX or Linux Under the main administrator account create a hierarchy like user account with different level of permissions and authorizations. Web Browsers: Web browser and Internet explorer: Web browsers are programs that we use to access web page such google chrome, Firefox, internet explorer and apple safari. The risk with internet explorer is that it allows you not only to surf the net but also to connect to others computers in the way that other web browsers don’t. Therefore it will be easy for hacker to connect to your computer thru the internet explorer. Secured session: Have time and date security, allow connection to the server only on a précised time and date. For instance only allow connection to the network between 7am -10 am. Also set up a length of the session. For instance, the session will automatically log off after 5 minutes of inactivity. Hardware Policies Only authorized personnel will have access to equipment. All workstations will remain locked when the employee leaves his area. The server room and computer closet shall remain locked at all times. No network devices other than company issued mobile devices shall be taken out of the building without express permission from IT management. They must be first checked in with IT before being put back into the network.
  • 18. APPROVED WEB BROWSERS: (Slide 56) Internet Explorer Google Chrome Firefox Safari
  • 19. PRIVILEGES AND PERMISSIONS: (Slide 57) Consumer: Search, view, copy, documents. Contributor: Create documents and folders, Modify documents and VDs. Coordinator: Create cabinets and VD, view hidden documents. System Administrator: Access and Manage content servers, Repository, Users and Groups.
  • 20. COMPANY: -ITWatchdogs.com WHAT IS MONITORED: -Temperature, Humidity, Leaks, Smoke, Power, 5V Analogue/Sensor Changes. How Anomalies are Logged: -SNMP, Audible Alarms, Output Relays, email alarms, Text messages. Surveillance: -Up to 4 IP cameras can be monitored. Configuration: -Any sensor can be configured to your choice.
  • 21. CompuCom: -Look for outages -Analyze multiple calls coming in from the facility: -Monitor and alert in case of fiber break. -Monitor when server room doors have been opened. -Issue tickets to log events and monitor trends.
  • 22. AT&T: -Access & Secure vulnerable files -Respond to suspicious activity -Insure health of device all the way to tier 3 health -Analyze security breaches and send alerts.