Innovation continues to outpace many organizations calling for the inclusion of such innovative techniques helped organizations such as Patrician LLC to continue with its operations effectively. This will also help the organizations employees to connect, communicate, and collaborate with each other through a given medium such as a wireless network, given the mobility that the solution presents, hence enabling the organizations remote workers to work from any point regardless of their location.
A topology illustrating various network elements including how they are connected (Deveriya, 2006). In order to implement the same solution, including a disaster recovery site, Patrician LLC needs to adopt a wireless solution to connect its two office locations, integrate its systems, as well as allow its remote workers to be able to work from any location. The network solution will also include security design features to prevent attacks while also considering the logical and physical aspects in safeguarding network resources.
Hardware devices: Computers, network cabinets, switches, wimax gateway devices, network racks, cables, uninterruptible power supply, cable trunks.
The buildings A and B shall have an Ethernet network, capable of supporting 100 network connections. They shall separately have their own local area network forming the wider Wide Area Network (WAN) connects the two buildings through the WiMAX technology. At each building, a similar network will be implemented, each with a data center, corporate servers linking together through the Cat 5e cables.
The cabling aspect is an important attribute that should be considered in the design of the local area network, a collection of computing devices that are used as a transportation medium for transporting data between pieces of computing resources (Miller & Cummins, 2000). This will allow for maximum data throughput across the various devices including servers so as to maintain a considerable network performance.
The organization should implement a Fast Ethernet LAN technology, which will use the standard Cat-5e cable and a mixture of fiber optic cables for use in the data sensitive areas. In this configuration, the Ethernet standard should be used within the normal work environment in connecting computers to switches, printers to the network and linking other computing resources such as the web server, file and corporate web servers into the main network.
On the other side, the cabling for the data center should encompass both standard Cat-5e and the fiber optic cable. The Cat-5e will be used to make standard connections connecting the different devices including switches in the data center while the fiber optic strand will link the core router and switches to an external internet service provider (ISP) network. In addition to the above, the Ethernet cable should be used to connect other wireless devices within the organization, provide redundant links to the servers on the local area network and also to link the various floors to the servers, data center and other wiring closets in place.
The technology in place should be able to provide high data rates across the two buildings and enable remote workers and those that have not moved to the new buildings network access. The organization should consider using the WIMAX wireless network technology, to link the two organizations networks and also to provide a constant network connection between the hot sites other critical areas within the network.
In this configuration, the separate office blocks shall be supplied with two WIMAX capable devices for wireless transmission to the main WIMAX network. This shall also enable other remote employees out of range to be able to gain access to the WIMAX network, and at the same time access high data speeds of up to 70 Mbps hence fulfill the network functionality of being able to support users and data intensive operations from the corporate web servers and the database servers.
Network security principles:
As threats continue to evolve, there will be a need to secure the WIMAX network against potential threats, the data center, and the local area network, where an attacker can use to launch an attack against the organizational critical computing systems. In considering the security design principles, both the external and internal elements should be considered to mitigate chances of internal and external driven attacks.
In order to secure the WIMAX network, there are measures that need to be in place to guarantee the secure transportation of data through the internet protocol. One of the measures is to use authentication, a network access principle that helps networked systems to identify a legitimate access request (Samarati, 2004). In the implementation of the above, the key authentication protocols and other traffic encryption techniques should be implemented in WIMAX transmitting and receiving devices in order to authenticate network devices and users access the wireless network from a remote location.
Apart from the WIMAX, there should be measures to secure the LAN and the network supporting the data center. In the LAN environment, security measures should include the use of intrusion detection systems, security based appliances used for detecting and reporting malicious activities within a network (Fadia & Zacharia, 2007), as well as firewalls. In this, both hardware and software based techniques should be used, while also separating users based on work profiles through the use of VLANS in order to filter and protect employees in the administration, customer support, research and IT, while also maintaining the maximum data throughput according to assigned work as well as maintaining the safety of the organizational servers.
Around and inside the datacenter and the data recovery site, there will be the need to implement both physical and systems security. This will facilitate a controlled access and systems security through the use of a management console in order to monitor and assess threat levels of the data center and the disaster sites so as to minimize instances of network and systems threats. Other than the above, antivirus systems need also to be used in the desktop and server environments to help secure the systems against virus and worms which have the ability to propagate across the entire network.
In as much as the network will be implemented using safe network design principles. It is important to implement logical traps within the network to check and monitor network traffic against potential flaws and suspicious attempts that hackers use frequently to penetrate a network. Apart from monitoring the network condition, the logical traps would also monitor any suspicious traffic using sets of guidelines it has been programmed with, as a network defense strategy.
Some of the logical traps that would be recommended to protect the computer network include an intrusion detection system and a packet filtering firewall. In this case, an intrusion detection system is basically an appliance within the network that monitors the activities occurring inside the network (Pfleeger, 2003). The advantage of installing an intrusion detection system within a network is in its ability to monitor various network variables occurring secretly from their start to the end. This is intelligent in nature, as its configurations would also allow the device to trigger an alarm in the event that a high-risk level has been flagged in the network.
Other than intrusion detection system, the firewall is another logical trap, which can be configured in the network to prevent or allow given traffic, based on some logical rules it has been configured with. The advantage of this is that it can apply intelligent principles that can prevent suspicious or illegitimate traffic from accessing given computing resources based on time, location and access privileges, and also depending on the type of firewalls, such as the packet filtering firewall, application gateway firewall and state-full inspection firewall. In addition to the above, an enterprise security appliance would also be appropriate in such a network environment. This would be vendor based such as the Endpoint security manager, which has the ability to scan for network vulnerabilities based on installed dynamic libraries that update the device on current system threats and how they evolve. The benefit of using this would be to unearth potential flaws, exploits within application and the network as a whole including current vulnerabilities in the IT world. This would therefore give administrators an easy task in managing an enterprise-wide network.
A justification for using the logical traps is that they have additional unique features, which are dynamic in nature, and can very well detect suspicious attempts based on installed signatures within their signature libraries. Additionally, the logical traps use logic that is dynamic in nature in that it can detect a constantly evolving threat compared to other devices that may be static in nature with reduced abilities. The design principle incorporates standard network construction techniques that are efficient and can maximize security in a local to wide area network. The design also incorporates network principles that can sustain high data transfer rates, which would be appropriate in the computing environment with more than one server.
Deveriya, A. (2006). Network administrators survival guide. Indianapolis, Ind: Cisco Press.
European Symposium on Research in Computer Security, & Samarati, P. (2004).Computer Security – ESORICS 2004: 9th European Symposium on Research in Computer Security, Sophia Antipolis, France, September 13-15, 2004 : proceedings. Berlin: Springer.
Fadia, A., & Zacharia, M. (2007). Network intrusion alert: An ethical hacking guide to intrusion detection. Boston, MA: Thomson Course Technology PTR.
Miller, P., & Cummins, M. (2000). LAN technologies explained. Boston: Digital Press.
Pfleeger, C. P., & Pfleeger, S. L. (2003). Security in computing. Upper Saddle River, N.J: Prentice Hall PTR.