The Networking Section

Issa Baisden

Senior Seminar

For Professor Kmir

Networking

Hardware

Router

Cisco Systems Cisco 1811 Integrated Services Router

Price: $763.99

Required Number: 1

Total Cost: $799.00

The 1800 series of Cisco routers integrated services routers intelligently embed data, security, and wireless technology into a single, resilient system for fast, secure, scalable delivery of mission-critical business applications. 

The Cisco 1811 routers are focused on Ethernet access and are designed to be offered as customer premises equipment (CPE) in Metro Ethernet deployments. Because of their high-speed performance and dual Fast Ethernet WAN ports, they can support the high-bandwidth demands of Metro Ethernet and provide failover protection and load balancing if desired.

This is the best selection for the purposes of the plan. It provides a built in firewall, Cisco IOS Advanced IP services, Hardware encryption, load balancing, Stateful Packet Inspection and VLAN support.

It would also be wise to go along with this router from Cisco Systems because most of the other hardware that we will be using for switching and other networking services makes use of Cisco technology as well. Integration will therefore be maximized, minimizing the compatibility issues that may be faced by other manufacturers. 

Switches

Cisco Catalyst 3560-24PS Ethernet Switch

Price: $772

Required number: 4

Total Cost: $3,088

The four switches that will be used will help to analyze network traffic and maximize on the

The Cisco Catalyst 3560 Series is a line of fixed-configuration, enterprise-class switches that include IEEE 802.3af and Cisco pre-standard Power over Ethernet (PoE) functionality in Fast Ethernet and Gigabit Ethernet configurations. These are ideal access layer switches for small enterprise LAN access or branch-office environments. Combining both 10/100/1000 and PoE configurations for maximum productivity and investment protection, they help you deploy new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks.

You can maintain the simplicity of traditional LAN switching and still deploy network wide intelligent services such as:

Advanced quality of service (QoS) Rate limiting

Access control lists (ACLs)

Multicast management

High-performance IP routing

Simplify Network Management

Available for the Catalyst 3560 Series, the Cisco Network Assistant is a centralized management application for switches, routers, and wireless access points. Free of charge, the application provides configuration wizards that greatly simplify the implementation of converged networks and intelligent network services.

Configurations:

Cisco Catalyst 3560-8PC8 Ethernet 10/100 ports with PoE and 1 dual purpose 10/100/1000 and small form-factor pluggable (SFP) port; compact form-factor with no fan

Cisco Catalyst 3560-24TS24 Ethernet 10/100 ports and 2 SFP ports

Cisco Catalyst 3560-48TS48 Ethernet 10/100 ports and 4 SFP ports

Cisco Catalyst 3560-24PS24 Ethernet 10/100 ports with PoE and 2 SFP ports

Cisco Catalyst 3560-48PS48 Ethernet 10/100 ports with PoE and 4 SFP ports

Cisco Catalyst 3560G-24TS24 Ethernet 10/100/1000 ports and 4 SFP ports

Cisco Catalyst 3560G-48TS48 Ethernet 10/100/1000 ports and 4 SFP ports

Cisco Catalyst 3560G-24PS24 Ethernet 10/100/1000 ports with PoE and 4 SFP ports

Cisco Catalyst 3560G-48PS48 Ethernet 10/100/1000 ports with PoE and 4 SFP ports

The Cisco Catalyst 3560 is available with either the IP Base or IP Services software images and can be upgraded to the Advanced IP Services software image. The IP Base software (formerly called the Standard Multilayer Image or SMI) includes advanced QoS, rate-limiting, ACLs, and basic routing and IPv6 functionality. The IP Services software (formerly called the Enhanced Multilayer Image or EMI) provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP Multicast routing as well as policy-based routing (PBR). The Advanced IP Services software includes IPv6 routing and IPv6 ACL support.

Firewall

Cisco ASA 5505 Firewall Edition Bundle

Price: $377.09

Quantity: 1

Total: $390.00

The Cisco ASA 5505 Firewall will provide us with an additional layer of security. It will guard against hacker attacks as well as aid in ensuring that the system stays up and running. It provides a proactive threat defense mechanism that stops attacks before they spread throughout the network. This intrusion alert system will aid significantly in increasing the capacity of the security team.

The Cisco ASA 5505 Firewall can also control network activity and application traffic. These tools make this firewall the best choice for Kelar systems in protecting its data from outside attacks.

Alert System

Cisco Security IntelliShield Alert Manager Service

Price: $0.88

Quantity: 1 year subscription

Total: $0.88

The Cisco Security IntelliSheild Alert Management Service is a customizable, Web-based threat and vulnerability alert service that allows security staff to easily access timely, accurate, and credible information about vulnerabilities that may affect their environments - without time-consuming research.

Personal computers

The dell Optiplex 775

Price: $443

Required Number: 10

Total: $4,430

The dell Optiplex 775 will be used business wide to be able to cater for all of the needs of the organization. Usually for any more than ten computers dell offers a business package deal. It has been the choice for small businesses for a couple of months and is expected to be one of the better choices for some time to come. This package also includes an already installed version of Windows XP Service Pack 4 which significantly reduces the cost of the personal system. Pc will be ideal because it can be used for all of the departments. It is cheap for the performance that it offers.

Printer

Brother HL-5250DNT Laser Printer

Price: $276.28

Quantity: 3

Total: $870.75

The network printer of choice for this environment will be the Brother HL5205 DNT laser Printer. It will provide adequate printing capacities for the volume of work that it will manage and is easy to install.

Networking cable

Cat 5 e 1,000 ft box

Price:$129.99

Quantity: 1

Total Price: $135.00

Cat 5 e is the best standard to use because of the environment that we will be using for the installation of the system. 1000 feet will be able to cover the length of the entire system.

Jacks

Cat. 5E RJ-45 Modular Plug

Price: $33.24

Quantity: 2 packs of 100.

Total Price: $66.48

The jacks that will be used are the Cat. 5E RJ-45 Modular Plug. To cover the entire expanse of the network 200 should be purchased to cater for mistakes.

Server

IBM Blade Center S

Price: $4,499

Required Number: 1

Total: $4,499

Can replace up to 6 servers Can use virtual servers Security and built in redundancy Has dust filter Standard office power Simple Maintenance Up to over 7 terabytes compatible storage

The IBM Blade Center S will take care of all of the server needs for the company. It will also be able to perform the roles of all of the server, storage and services required by the business. This would save a lot of time, energy, space and would increase efficiency of the system. The Blade Center is a perfect platform for further development and will continue to serve Kelar Systems for years to come. This system has also proven to be one of the most fault-tolerant on the market as blades can easily be replaced and the hot swappable drives inserted easily. A tape back-up system will also be used to ensure that data will always be secured.

Software

Divisions

1. Accounting2. Development3. Marketing

Needs

1. Accounting

The accounting department registers every financial transaction that takes place within the organization. Thus, they require a type of software that will be able to take inventory as well as give quotes for specialist services. We have chosen Everest Advanced Edition Version 4.0 for the accounting department because three of the employees are trained to use the software already and our Accounting specialist has highly recommended it. Additionally, reviews of the software found online were especially favorably.

2. Development

The development division will be using a whole host of different programs to aid in its daily routine. Since they will be the division dealing with the aspects of I.T. management and assessment for other companies, they will need programs that deal with technicians, database development, web site development, project management and networking.

The Networking team will use Packet tracer to give a basic design of the networking for customers and give a visual aid of how the network infrastructure will look. Since Packet tracer is a free -software it is easy to acquire and it gives a wide range of services that are used to give an accurate description of how a network will perform.

The web design team will use Dreamweaver and Adobe flash as well as an online programming tool called. These are the two most commonly used types of software for website development and should be good enough for the initialization of the project. If new software is required it will need to be purchased at a later date.

The Project Management team will be using a combination of Microsoft Project and Can Plan (a web-based project management tool) to plan the projects that they will be doing. To plan some of the projects Kelar Systems can use Can Plan as it provides a means to communicate with employees no matter where they are. This allows the company to utilize employees on a contract basis that work for other companies and seek their expert help in matters that permanent employees that are not specialized in.

The database team will be using a combination of Oracle and Microsoft access to do their database programming. Depending upon the needs of the organization that they will be servicing, different software will be required. However, if software is required it will need to be acquired by another means.

The Technicians will require basic technicians’ tools and software. This includes Windows Vista Home Premium, Windows XP and other pieces of software (freeware) which are used to do tasks like data recovery and other mandatory tasks for a business of this size. To save money AVG antivirus version 7.5 which is completely free will be used as a virus protection scheme initially.

3. Marketing

The Marketing Division of Kelar Systems will be responsible for the running of the advertisements and the coordination of the actual website. It was recommended that website development personnel be hired to maintain the website so that updates can be posted easily. In order to make commercials, the marketing division will require a team to create them using Macromedia.

These software components will be purchased by the staff at Kelar systems.

Server Software

Microsoft Windows Small Business Server (SBS) 2003 R2

Price: $ 599.00

Required number: 1

Total Cost: $599.00

This software would be able to cater for all of the needs of the business including the future expansion of its business.

Fault tolerance

An IDS or an Intrusion Detection System is a system designed to detect an attack from either outside or inside an organization. It recognizes harmful processes or processes that are not authenticated. There are many different types of IDS’s that exist.

The passive System

The passive system recognizes when there is an attack on a system or a threat or breach. It then logs it and sends an alert to a console or the owner.

The reactive system

The reactive IDS referred to as an IPS or an Intrusion Prevention System responds to an actual attack or perceived attack by severing the connection or reprogramming the firewall to block traffic from a suspected source.

The following are other types of detection systems that exist:

A network intrusion detection system is an independent unit which identifies intrusions by examining network traffic and monitoring multiple hosts. Network Intrusion Detection Systems (NIDS) gain access to network traffic by connecting to a hub, network switch (configured for port mirroring), or network tap.

A protocol-based intrusion detection system is made up of some sort of mechanism that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system).

An application protocol-based intrusion detection system is made up of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols.

A host-based intrusion detection system consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state.

A hybrid intrusion detection system combines two or more approaches. Host agent data is combined with network information to form a complete network able to handle all of the challenges presented in a working environment.

I would definitely choose a hybrid detection system made up of a reactive system and an application protocol-based intrusion detection system. This is because it would allow for all the security of a protocol- based detection system and the high maneuverability and added level of

security an IDS would provide. It would also cost less to buy software that can run on a server than to buy one on every PC. It also wouldn’t slow down the network traffic like a network intrusion detection system or a protocol- based detection system.

System Price Security TimeA network intrusion detection system

The hubs and switches and other network devices add another layer of cost and hence may become very substantial.

Very secure because of added levels of security

No impediments

A hybrid intrusion detection system

Uses the strengths of one system to compliment the others weaknesses and make an even stronger system

Uses the strengths of one system to compliment the others weaknesses and make an even stronger system

Uses the strengths of one system to compliment the others weaknesses and make an even stronger system

A host-based intrusion detection system

More expensive because software has to be installed on every computer

Protects server from being attacked from inside and outside.

Costs valuable time and slows down network traffic

An application protocol-based intrusion detection system

Less expensive than putting software on all PC’s but more expensive than other systems

Protects server from being attacked from inside and outside.

No impediments

A protocol-based intrusion detection system

Either a user PC or a server can be used for this system hence for a smaller organization a user PC is cheaper.

Protects server from being attacked inside and outside.

Costs valuable time and slows down network traffic

The passive System Cheaper than most systems

Lowest level of security detects and alerts

No impediments

The reactive system More expensive but worth the price for the functionality

Highest level of security. Detects, isolates and solves threats or perceived threats

Slower because it has to react to threats but makes up for it

A virtual server will be set up in order to act as a protocol- based intrusion detection system. It will also have a software based intrusion detection system that will aid in equipping the system with a high level of quality assurance.

The Physical Cisco Firewall and the software firewall on the Router are the composite parts of the Hybrid system that will manage and cater for intrusion.

Networking concept

The Physical firewall will look like the above system whereby the network is physically separate from the outside network. This firewall will be housed on the server. The Cisco firewall will act as the physical firewall, while the Cisco firewall on the router will act as a secondary buffer.

The standalone firewall will block intrusions that the router can also perform. However, the physical router is not susceptible to many different attacks that can target the Cisco router. The dual system would enable the network management team to put together a comprehensive security plan that can cater for a broad base of attacks. The entire visio presentation was made and the results are below:

The network will be able to access the internet via the router which is protected by the firewall. The main switch will oversee the VLANs and the three servers. Although this may present a problem if the switch fails, the data on the switch has been backed up on the server so that if there is any problem it can be easily fixed.

The three VLANs (Marketing, Development, and Management) are set up to provide different layers of access to the server and to the internet. They each comprise of a switch and a group of Pc’s and a network printer.

Protection

Anti-virus:

AVG antivirus Networking Edition

Price: $159.99

Quantity: 5 licenses

Total cost: $165.00

The AVG antivirus networking Edition would enable the business to manage its security and three servers in a comprehensive and efficient manner. The software boasts of many advantages such as:

Easy to use and manage Protection for workstations and file servers Centralized installation and configuration Free support and service around the clock and across the globe Protection against viruses, spyware, adware and hackers

It may be best to use this software because the system is able to cater well for the small business needs and can cater for all of the security risks at the same time. It can protect all of the servers and workstations at the same time and therefore can guard the entire system.

Security Policy

Only IT staff is allowed to access the server room which is physically locked. Only the IT staff should have access to cards which can be used to open the card reader lock which is used to lock the IT server room. The passwords to each server must also only be assigned to technicians that require them for maintaining and fixing the systems and the network. To be able to disable the Internet Access to the lunchroom on a certain subnet, the subnet can be removed from the access list. To ensure that the company’s physically, removable assets are protected, the policy of locking the computers with a lock and key system with IT having the master keys to the locks (3 or 4 copies). To ensure that the I.T. room is secured, the same card system that is used to lock the server room can be used to lock the I.T. room.

To protect the Pc’s in the office, the use of the user accounts can be instituted. To do this the domain server will contain the passwords for all the computers except those in the lunchroom. The computers in the lunchroom are not on the domain. The other computers require a sign in on the domain. To track the websites freestats.com can be used which would enable the tracking of websites for free. Free web site tracking is available but each page that is tracked must display a large (i.e. 400x60) banner advertisement. www.freestats.com

www.freestats.com Free service Paid service

Maximum pages tracked: No apparent limit No apparent limit

Banner display: 400x60 advertisement No

Limit on page views: No No

Provides log file: Yes Yes

This approach was seen to be redundant as the protocols and services provided by the Router and the switches enable the network traffic and websites visited to be tracked.

Labor

Development teams (Mary Consulting)

Although the members of the team all have their specialties, to complete the project we will need to draw upon the skills of all of the members.

Project development

Elizabeth, Mary, Josanne

Web Site

Giovani, Kelvyn, Issa

Networking

Kelvyn, Issa, Giovani

Database

Giovani, Kelvyn

Maintainence (Kelar Systems)

All of the normal day to day maintenance will be conducted by Kelar Systems. If there are any questions about the system or any training that is required, the members of the team that did this product (Mary Consulting) will be at hand to provide assistance. The owner is adamant that we will be paid for any of our services.

Each employee of Mary Consulting is paid by time served. The employees will be paid an equal amount for the stages of production of the project. A standard fee of $20 an hour will be paid to the six employees of Mary Consulting.

Architecture

The Architecture was initially drafted in the manner that the Packet tracer file is set up in, however it was seen to be much too complicated and much simpler if it was done in visio. The arrangement will be distributed across the five rooms that the business owns. The initial site plan is as follows:

Doors

Computers

Partition

Fire Escape

Waiting Area

Reception

Management

Lunch room

Marketing

Help Desk

Development

Server

The above chart is a network diagram of a proposed business. It gives a detailed site plan of what the network infrastructure should look like. Each room is clearly labeled and identified. The doors are also represented by diagonal lines as the legend indicates, as well as the other exits (fire escapes). The partitions and borders of each of the departments are also clearly depicted. The six rooms that are shown each have their own function. However, the waiting area, marked by the petition, is part of the reception area.

There are twelve computers that will be used by various members of staff. These computers are spread out between the departments as shown above. The Reception area, Lunch Room, I.T. Department, Marketing Department, Help Desk, and Management all have their allotted number of computers. The Reception Area, Lunchroom and the Marketing Department all have one computer assigned to them, whereas the Management and Helpdesk areas are allotted two computers each. The I.T. Development Department houses a total of five user computers and a server.

The team met and discussed how the plan could be better implemented and it was recommended that a second plan be drafted to better understand the structure. The networking manager and the security team recommended the following design:

Cost

Item CostRouter 799.99Switch 3,088

Firewall 390.00Alert system 0.88

Cables 135.00Jacks 66.48

Printers 870.75Pc’s 4,430

Server 4,499

Microsoft Windows Small Business Server (SBS) 2003 R2

599.00

LaborTo be inserted

TOTAL$14,978.10