Designing a Network

Required Equipment

In the development of the network capable of meeting the needs defining the presented scenario, various equipments will be required. One gateway, or router, will be required to link the office LAN to the internet. Gateways link two different networks to one another. In the present case, a bridge will be used to link a DMZ to the internet (McCabe, 2007; Rybaczyk, 2004; White & Donohue, 2014). The gateway will as well serve as a firewall, which will translate network addresses to the office LAN and forward ports to the network’s DMZ (Demilitarized Zone). The office LAN will be where different workstations will be placed. Given that the LAN will be a private network, the IP addresses borne by it will not be routed through the gateway or the internet.

There will be the core office LAN on the third floor and a wireless network connected to it on the fifth floor. The LAN will have its caching DNS server. The workstations in each of the offices will point towards the DNS server for the purpose of DNS resolution. The server will hasten the LAN’s access to sites that will be accessed often (McCabe, 2007; White & Donohue, 2014). The server will be caching information about the sites for subsequent use. The LAN will have a DHCP server for providing IP addresses routinely to the corresponding workstations, wireless network, and printer. The DMZ will host three servers, which will be publicly accessible. The servers will be a mail server, a DNS server, and a web server (McCabe, 2007; Rybaczyk, 2004; White & Donohue, 2014).

The DMZ will allow for the separation of the LAN from the three servers, which will highly susceptible to illegal intrusions. The servers will be highly prone to attacks since they will be providing services to the public. The gateway linking the DMZ to the internet will help lessen the possible attacks by directing public access to particular, needed services only. The web server will host the business’ website. The server will have a Mod-security, an application firewall, and will run on PHP to heighten the website’s interactivity (McCabe, 2007; White & Donohue, 2014). The DNS server will be used in backing up the business’ web, as well as mail, service.

A bridge will be allowing the office network to allow in IP addresses given out by the DMZ-hosted DHCP server (White & Donohue, 2014). As well, the bridge will be protecting the office’s workstations from the threats posed by new workstations brought into the shared network. The new stations are likely to infect the existing workstations with viruses if traffic from the former is not blocked from reaching the latter. If then, all the devices that will be set within the network’s bridge will remain accessible. Essentially, the bridge will lessen the additional threats associated with wireless networks. Another bridge will connect a wireless network to the office LAN to serve the fifth floor space.

There will be switches with enough ports in the network. Switches are mechanical tools, or devices, used in separating workstations, or machines, to ensure that particular information flows to specific machines sharing a network (McCabe, 2007; Rybaczyk, 2004; White & Donohue, 2014). That means that switches are essential in the reduction of network utilization. They help secure workstations as it separates the traffic flowing out of, as well as into, them. Even then, the aspect of security associated with switches is not fail-safe.

Addressing the Design Challenge of Linking Multiple Non-Adjacent Floors

From the information given regarding the scenario, it is clear that the business’ office spaces will be on the third floor and the fifth floor of a building. That means that a Wi-Fi connection between the floors will not be effective in the scenario. From the design network representation shown below, it is clear that the challenge will be addressed through the use of cables in linking the spaces on the different floors.

Crossover cables will be used in connecting the workstations on the third floor. A crossover cable will be used in linked a wireless network on the fifth floor to the wired, core LAN on the third floor. Notably, crossover cables are commonly used in linking similar devices. They are commonly used in linking two computers straightforwardly. As well, they are commonly used in linking given routers’ LANs to particular switches or hubs’ normal ports to expand the LANs (McCabe, 2007; Rybaczyk, 2004; White & Donohue, 2014).

Security Concerns

The proposed network will be susceptible to various attacks, some being physical. Individuals will be capable if physically attacking the equipment constituting the network if allowed physical access to them. Notably, if attackers can physically access business’ network devices such as firewalls, switches, routers, and computers, the business’ security choices are rather limited. Attackers can reset the devices’ passwords after linking to the devices’ console ports. It is easy to boot hosts using unique CD-ROMs or floppy disks capable of circumventing a device’s host security. In the present scenario, the business will be capable of enhancing the physical security of its network devices through a number of ways.

Read Also Network Security and Modern Day Computer Network Attacks

The business should regulate, control, the physical entry of persons to the areas hosting the devices (McCabe, 2007; Rybaczyk, 2004). The business should regulate the physical entry of persons to the area hosting own data centers. It should put in place detached identity systems in the locations deemed insecure. It should be awake to the possible cable plant attacks, electromagnetic radiations, and physical computer security risks (McCabe, 2007; Rybaczyk, 2004; White & Donohue, 2014). The business can regulate physical entry into high risk areas as regards the network by using key and lock mechanisms, key card mechanisms, or turnstile mechanisms.

Possibly, there will be L2 (Layer 2) security risks facing the proposed network. Such risks are addressed effectively using particular control protocols. The protocols should be a core consideration in the efforts geared towards securing the network. BPDU (Bridge Protocol Data Unit) Guards are effective in addressing the risks. They are usable on various switches and fast option, or user, ports. The guards disable all user ports that allow in BPDU communications, or messages. Such messages should not get into the ports since they are meant for users. The business can also use root guards in mitigating the risks. Root guards are easy to enable, as well as disable, in all works and ports, through the disabling of ports capable of becoming root bridges owing to BPDU communications, especially advertisements (McCabe, 2007). The guards place rather limited restrictions on users since it permits to plug own devices on their workspace-located switches when there are multiple workstations.

The business will need to institute mechanisms on all L2 switches to document all ports to which particular MAC addresses will be linked. That will make certain that host-to-host unicast communications will happen devoid of having other hosts detect the attendant traffic. The mechanisms include the usage of CAM (Content Addressable Memory) tables in documenting the information (White & Donohue, 2014). As well, the business will need to institute port security capabilities on the switches to restrict the communication of the addresses to the ports borne by the switches.

Download full sample paper on Designing A Network or order a plagiarism free paper at an affordable price. 


Add a Comment