The network infrastructure has been subjected to be the representation of secured organisational network. Every organisation has been developing the security in their network in order to protect the data and crucial information from the attackers[1]. However, despite of strong network security, the number of hacking is continuously seen in the news nowadays. Therefore, this report is focused on designing, explanation of the most reliable, and secured network architecture in the context of the selected organisation (XYZ Ltd. Pty).
Background of the study
The growth of network security features has not been reliable for many organisations and hackers are actively going inside the organisational network and convicting the crucial information of the organisation. In the current study, the XYZ Ltd. Pty has been selected to conduct the study. It has been recently experienced the tremendous growth in the business. Therefore, the organisation is extensively looking for protecting their network. However, the old network infrastructure was not reliable and scalable resulting into disruption in different ways. However, headquarter of the company is located in Sydney. Understanding the tremendous growth of the company, it opened the branch office in Liverpool. Apart from that, the company has also hired M to operate in Melbourne and B to operate in Brisbane concerning the further expansion of the organisation. The HQ having one Edge router (R1) with multiple access layer switches. On the other hand, branch office is having one edge router (R11) and an access layer switch. However, M and B work from their home, so they have to work remotely using the VPN connection to connect with the organisational network.
Problem of the study
Based on the previous network design, the organisational network was noticeably underneath the developing organisational framework. However, Smith designed with huge enthusiasm about networking but it was not scalable and reliable enough to meet with developing and more challenging organisational network requirements. The number of staffs was increasing along with increased requirements of more devices. It was resulting from generating huge traffics in the network as well as pressuring the network that was causing chances of fault in network.
Objective of the study
The objectives of the study are to understand and evaluate the developing and challenging network requirements. The apt changes or amendment in network needs to be understood along with understanding the appropriate use of network security features implementation. Moreover, the structure of the network has to be developed to meet with increasing challenges by the company. The design of network topology has to be aligned with most suitable network security features to be protected from the hackers and attackers. Furthermore, the clientless VPN has to be designed and configured so that M and B would face no interruption while connecting with organisational network.
Network Topology
The new network has been designed considering the previous network design with concern of[1] Jazib Frahim et al, Cisco ASA – All-In-One Firewall, IPS, Anti-X, And VPN Adaptive Security Appliance (Cisco Press, 2010).
Figure 1: New Network Design
The new network has been designed considering the three major areas as Headquarter, Branch office and the Home users (M and B).
The network at Headquarter
The key networking devices set up in the Headquarter is edge router, access layer switches, Servers and the ASA firewall. The edge router is connected with the Internet link through ISP represented with the name of cloud. The IP of the router is set as 10.0.0.1 for the inter-organisational communication. Thereafter, it is connected with the network switch and further connected with the access layer switches responsible to connect with the end user devices.
The router can be called as the key device to be responsible for the travelling of data in the entire network[1]. It uses different routing schemes for the routing of the data such as Static, Default and the dynamic routing. The static routing is used when the user or network administrator itself configures the network and defines the paths to forward the data. Default routing is used when there is only two routers are used in the entire network. On the other hand, Dynamic routing can be called as the most effective routing uses different routing protocols such as RIP, IGRP, IS-IS, EIGRP and the OSPF etc. The dynamic routing is further divided into three segments such as Link state, distance vector and hybrid routing protocol.
Routers configured with distance vector routing protocol exchanges the complete routing tables with the neighbour without including the subnet mask information while updating the route. The examples are RIP (Routing Information Protocol) and IGRP (Interior Gateway routing protocol). However, the link state routing protocol supports the partial update of the routing table with their neighbour and includes the information of subnet mask while updating the route. The examples are OSPF (Open shortest path first) and IS-IS (intermediate system to intermediate system).
On the other hand, hybrid routing protocol is the combination of both link state and distance vector routing table. The example of this type of routing protocol is EIGRP (Enhanced Interior gateway routing protocol). However, the use of these routing protocols are said to be useless without the presence of multiple routers in an organisation or the network[2]. Apart from the, another very significant router feature is the ACL (Access Control List). The ACL is known for their ability to filter traffic as it either comes into or leaves and interface. It can be also used for the purpose of restricting the remote access to an IOS device. In other words, the ACL can be called as the set of commands grouped together by the name and number used to filter traffic entering or leaving an interface[3].
In order to establish the point-to-point connection two different components can be used such as HDLC and the PPP. HDLC is highly popular encapsulation type used with the lease line connection. There are two types of HDLC such as Cisco’s HDLC and ISO’s HDLC. Cisco’s HDLC is used only between two or more Cisco devices where as ISO’s HDLC is used between two or more non-Cisco devices. On the other hand, PPP is a protocol used between two routers connected using the Dial Up connection such as Dial Up telephone line and ISDN (Integrated service digital network) line. It has the capability of transferring the data between the synchronous and asynchronous link. The PPP can be configured in two different ways such as PAP and CHAP. PAP (Password Authentication Protocol) sends the username and password in plain text format. On the other hand, CHAP (Challenge Handshake Authentication Protocol) sends the username and password in the encrypted format. However, while configuring the PPP, both the routers must be assigned with the similar password.
The NTP (Network Time Protocol) server has been used in the new network topology to capture the clock rate of the router. Apart from the SYSLOG server has also been enabled that is helpful in tracking the logs generated by the server considering the activity of the router[4]. Apart from that, the AAA service has been enabled using the radius server to undergo the authentication process before accessing the network devices of the organisation. The configuration of DHCP in router is responsible to provide the Internet Protocol Addresses to the connected hosts[5]. However, the DHCP feature could also be enabled with the help of ASA Firewall but in that case, network administrator had to rely upon the default IP address provided by the firewall.
The network at Branch office
The most difficult thing of this project is to protect the branch office network. The reason is due to the less investment on the networking devices such as Firewall. The branch office is connected with R1 through the dedicated connection. It is having a single edge router and single access layer switch. However, the network administrator can enable different routing protocols and features in order to protect the branch office network from the attackers. The switch can be enabled with storm control feature that helps in preventing the disruption on the ports of Layer 2 through the broadcast, Unicast as well as multicast. Apart from that, STP (Spanning Tree Protocol) can also be implemented in order to protect from the looping in the switches.
DEC (Digital Equipment Corporation) developed the STP in order to prevent the switching loop associated in the multi switching environment. However, VLANs (Virtual Local Area Network) can be called as the logical port for assigning the IP addresses and segmenting the networks in different parts[6]. VLAN is very helpful in reducing the broadcast traffic in a network along with increasing the total broadcast domain. Moreover, the size of broadcast domain is reduced and it increases the security of a network. Consequently, InterVLAN is used to communicate between the multiple VLANs secured with the help of a router.
The network at home users (M & B)
M (Melbourne) and B (Brisbane) are two home users working for XYZ Ltd. Pty with the help of Clientless VPN. This type of VPN allows the end users to access the corporate network resources securely from the different geographical locations through SSL enables browser[7]. In this context, user has to authenticate with the VPN gateway that further allows the user to get access to network resources of the organisation that is pre-configured.
Discussion of the new network design
The new network has been designed very concisely to meet with upcoming challenges of the organisational requirements. However, the limitations such as using the single router have prevented the author in designing it with the core security features. NAT has been implemented in the new network using the ASA firewall. NAT is used to convert the public IP address into the private IP address. Therefore, the attacker would remain unknown from detecting the original IP addresses used in the organisational network. Apart from that, ASA has been enabled with both inside and outside Vlans. The IP addresses of inside Vlan are very different from the outside IP addresses.
The configuration of SYSLOG server will be helpful in tracking the logs about the activity if the router. Apart from that, with the help of Netflow, the network administrator would be able to collect and analyze the data. NTP server will provide the accurate data about the clock rate of the router. However, the configuration of dynamic routing could not be implemented because of limitation of single edge router; else, it would have been more efficient to forward the data and packets inside the network. Apart from that, implementing the Spanning tree protocol is also helpful in preventing the loops in multi-switching environments[8]. It should also be noted that provided link for upgrading from base license to the security plus license found not working. Therefore, advanced features of the firewall could not be implemented in the network. Due to these limitations, the clientless VPN was also remained to be implemented. It would have enabled both the home users to connect with organisational network securely.
Conclusion and Recommendation
The new network topology is very significant in securing the crucial organisational data and information from the attackers. However, the implementations of different features in the new topology are significant in protecting the further expansion of business and network of the company. Based on the following considerations, it can be suggested that using of multiple routers could have enabled the network administrator to enable dynamic routing protocols. The dynamic routing protocol is helpful in determining the exchange of route information with neighbour routers. Apart from that, implementing more networking devices at the branch office would increase the security as well as fast data forwarding. The fault tolerance is another feature that would help the network to be alive all the times. Moreover, due to these limitations, the stacking could not be implemented in both the router and the switches. This would enable the high availability of the network even during the failure of one particular switch or router during the operational times.
References
Braeken, A. and Abdellah Touhafi, “AAA – Autonomous Anonymous User Authentication And Its Application In V2G” [2017] Concurrency and Computation: Practice and Experience
Chu, Jie and Zhao Li, “Design And Implementation Of The Firewall Policy Audit Based On Improved Policy Tree” (2015) 736 Applied Mechanics and Materials
Du, Rong et al, “Efficient Weakly Secure Network Coding Scheme Against Node Conspiracy Attack Based On Network Segmentation” (2014) 2014(1) EURASIP Journal on Wireless Communications and Networking
Frahim, Jazib et al, Cisco ASA – All-In-One Firewall, IPS, Anti-X, And VPN Adaptive Security Appliance (Cisco Press, 2010)
Frahim, Jazib, Omar Santos and Andrew Ossipov, Cisco ASA (Cisco Press, 2014)
Khadafi, Shah, Budai Dwi Meilani and Samsul Arifin, “sistem keamanan open cloud computing menggunakan ids (intrusion detection system) dan ips (intrusion prevention system)” (2017) 21(2) Jurnal IPTEK
Kolá?, V., J. ?ervenka and M. Endršt, “A Modified Definition Of NTU For Rectification And Its Relation To NTP” (2015) 41(12) Collection of Czechoslovak Chemical Communications
Kumar, Sanjeev and Raja Sekhar Reddy Gade, “Experimental Evaluation Of Cisco ASA-5510 Intrusion Prevention System Against Denial Of Service Attacks” (2012) 03(02) Journal of Information Security
Mahurkar, K K., “A New Improve Intrusion Prevention System Security For Wireless LAN A Review” [2016] International Journal Of Engineering And Computer Science
Nieto, Ana, Rodrigo Roman and Javier Lopez, “Digital Witness: Safeguarding Digital Evidence By Using Secure Architectures In Personal Devices” (2016) 30(6) IEEE Network
Rodrigo Muñoz, L, DM Mora and RH Barriga, “Teachers Cisco Certification And Their Impact In Cisco Networking Academy Program” (2017) 4(1) Revista Científica de la UCSA
Sampath, R. and A. Saradha, “Alzheimer’s Disease Image Segmentation With Self-Organizing Map Network” (2015) 10(6) Journal of Software
TANG, Ye, “Rule Matching Mapping Algorithm For Firewall Based On Rule Decomposition Mapping” (2015) 29(11) Journal of Computer Applications
Wu, Wei-Chen and Horng-Twu Liaw, “An Authentication, Authorization, And Accounting Mechanism For 3G/WLAN Networks” (2013) 9(6) Security and Communication Networks
[1] Jazib Frahim, Omar Santos and Andrew Ossipov, Cisco ASA (Cisco Press, 2014).
[2] L Rodrigo Muñoz, DM Mora and RH Barriga, “Teachers Cisco Certification And Their Impact In Cisco Networking Academy Program” (2017) 4(1) Revista Científica de la UCSA.
[3] Sanjeev Kumar and Raja Sekhar Reddy Gade, “Experimental Evaluation Of Cisco ASA-5510 Intrusion Prevention System Against Denial Of Service Attacks” (2012) 03(02) Journal of Information Security.
[4] Jie Chu and Zhao Li, “Design And Implementation Of The Firewall Policy Audit Based On Improved Policy Tree” (2015) 736 Applied Mechanics and Materials.
[5] V. Kolá?, J. ?ervenka and M. Endršt, “A Modified Definition Of NTU For Rectification And Its Relation To NTP” (2015) 41(12) Collection of Czechoslovak Chemical Communications.
[6] K K. Mahurkar, “A New Improve Intrusion Prevention System Security For Wireless LAN A Review” [2016] International Journal Of Engineering And Computer Science.
[7] Shah Khadafi, Budai Dwi Meilani and Samsul Arifin, “sistem keamanan open cloud computing menggunakan ids (intrusion detection system) dan ips (intrusion prevention system)” (2017) 21(2) Jurnal IPTEK
[8] Ye TANG, “Rule Matching Mapping Algorithm For Firewall Based On Rule Decomposition Mapping” (2015) 29(11) Journal of Computer Applications.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download