Case
1
Network
Design
Abstract
The
company
in
this
case
is
a
small
consulting
firm
whose
specialty
is
providing
their
customers
with
Microsoft
Windows
and
Citrix
networked
business
solutions.
They
believed
their
internal
servers
are
secure
due
to
their
diligence
in
keeping
the
Operating
Systems
up
to
date
with
the
latest
service
packs,
hotfixes
and
patches.
Virus
signatures
and
scanning
software
is
also
kept
current.
Your
security
company
has
been
given
the
task
of
evaluating
the
security
of
the
network
perimeter
and
to
make
recommendations
for
securing
our
network
perimeter
and
Internet
connection.
Examination
of
the
perimeter
infrastructure
showed
the
network
to
be
virtually
defenseless.
There
is
no
Firewall
installed
and
very
little
filtering
of
inbound
or
outbound
Internet
traffic
on
either
the
router
at
the
corporate
office
or
the
router
at
the
branch
office.
The
Linux,
Help
Desk,
Mail
server
and
the
two
Active
Directory
servers
had
direct
network
links
to
both
the
internal
network
and
the
Internet
making
them
prime
targets
for
intruders.
Your
proposal
is
to
completely
redesign
the
network
perimeter
to
provide
a
layered
Defense
in
Depth.
Current
Network
design
The
original
perimeter
network
design
included
two
Cisco
routers
and
five
publicly
addressed
servers,
four
of
which
were
Windows
based
and
the
fifth,
RedHat
Linux.
As
stated,
the
network
did
not
have
a
Firewall
device
and
the
perimeter
routers
performed
extremely
limited
inbound
packet
filtering.
The
corporate
router
is
configured
with
a
serial
interface
for
connection
to
the
Internet,
an
Ethernet
interface
for
the
public
network,
and
an
Ethernet
interface
for
the
internal
(private)
network.
The
branch
office
router
had
a
serial
interface
to
the
Internet
and
an
Ethernet
interface
to
their
internal
network
(diagram
1).
The
branch
and
corporate
routers
were
connected
by
VPN
tunnel
over
the
Internet.
The
various
network
devices
at
the
corporate
office,
both
internal
and
external,
were
connected
via
three
casc ...
37. of Philadelphia. Formed
in 1966, it has grown steadily through the incorporation of
additional colleges and
further education providers, but retains an emphasis on
engineering, science and
technology.
Today, it numbers around 15,000 students and 2,000 staff.
As part of a five-year strategic plan, the university’s “Open
Kingdom” project aims to
create a consistent user experience across the campus, including
the provision of
wireless network access. This last issue became critical in the
summer of 2012, when
the Students body insisted on wireless access for all residential
buildings before starting
negotiations on 2013 rents.
“We’d traditionally viewed wired as good enough for
everybody,” says John Patrick.
network and data center manager for the University. “What
became very clear was that
wired wasn’t good enough for our students. Wired wasn’t their
typical network
experience. They expect the same experience on campus as they
have at home.
Students wanted to do their computing anywhere, anyhow, on
the go, inside the
campus, outside the campus. They didn’t want to be a slave to
the cable.”
Patrick and his team needed a solution in place before the
January 2013 deadline.
The solution needs to provide wireless access coverage in the 7
38. buildings across
campus, four of them residential, and for the solution to provide
a robust remote access
system (VPN) for faculty and staff.
The solution should not discriminate between devices; students
would be free to use
smartphones, games consoles or tablets on the network, for
work or play. However, the
network needed to differentiate between staff, students,
conference visitors and guests,
granting the appropriate access to services. Ultimately, with
thousands of users bringing
their own devices onto the network, it needed to maintain the
security of the university’s
systems.
Sanford University layout
Residential buildings - 6 stories with 25 rooms per floor
Classroom / conference building - 4 stories and 40 classrooms
per floor. Auditorium
and Cafeteria located on ground floor.
Classroom / Admissions / Library building - 7 stories with 20
offices or classrooms per
floor.
Data center on campus - provides IT services to the entire
campus.