IT273 Networking Concepts: Redesign of First National University

e process in the network platform. And in this students can make the problems with the organization rules and can make proxy through this network so we have to provide the security for the network design.

Normally the business goal of some organizations is like have to grow the efficiency and to increase the performance level and services and need to be focus on the development of the company or some organizations. In the scenario it mainly focusing on the college and network settings for that infrastructure.

And the main business goal is to make a network design to reach them to all who the students and other staffs and in that organization they leads that such kind of business in the way of providing opportunities to the students in the way of reduce the complex and make the place in terms of network connect and also the wireless connection for the students.

For the network connection here different kind of networks has been used and the networks is useful for the communication and development of the organization works and also it is used more kind of things related to the network.

The business goal of organization is in the way to provide the secured with feasible opportunities to the students through the network. And the network should be appropriate and usable. And it have a connection with technical goals and it acts as an overview for the technical goals. And the business goals contains the requirements to accomplish the goal useful for the students.

Technical goals

The technical aim of this network to make a perfect design with the network devices and in that network it concerns about the security issues and the data, scalability, Availability and use to analyze the network performance and also usability.

Scalability

In information technology the scalability used to two different usage. First one it has the ability of the computer hardware or software. And also it changes the size and volume of the computer application based on the user. The re scaling process has a big size of volume. It includes lot of resources like a line of computer system, different size if terms, and RAM.

The second usage is the function of the rescaled situation. For instance an application program should be scalable, and then it moves from small operating system to large operating system. Then we need large number of users for control the operating system. Scalability is the best method for downloaders.

Scalability describes the ability of a process, network, software or organizational growth. And also is used for manage the system, business, and also the software. Scalability has an ability to adapt the changes based on the user needs. The organization, network system, or software’s are use the scalability process for handle the demands, increase the productions, and also perform the user needs.

Availability

Availability means percentage of time, in a particular time interval which server is complete designed and built it using cloud service or other machines. Normally the formula is used to calculate the network availability. Availability is the ratio between the uptime and total time.

Availability= uptime/total time

And also,

Total time= down time+ uptime. The total time is calculated by adding the down time and up time. The VPN tunnel is used for calculate the network availability. In VPN tunnel it includes only the internal applications not the external applications.

In this calculation, the availability is calculated by the multiplication of external application weight and internet network availability. Then add the result into multiplication of internal application weight and VPN network availability.

Network performance

The network performance defines the analysis and review of collection of network statistics. The underlying computer networks are used for define the quality of service. It is also known as qualitative and quantitative process. That measures the performance of available network. And also it tells the details about the network administrator review, measures, and also takes some improvements.

The user deliver the quality of network service, using network performance and this service are easily deployed. Normally the network performance is used for measure the end user perspective. The following network components are used for measure the statistics and metrics of the network performance.

• Network bandwidth or capacity
• Network throughput
• Network delay or latency
• Data loses
• Network errors

The network bandwidth is used for check the availability of data transfer. Capacity means shows the entire storage of the system. Second one is network throughput; it means the entire amount of data is successfully transferred over the network in a given time limit. Third one is network delay or latency, the packet transfer is little slow compared to the normal packets. Final one is data loss and network errors, the packets are dropped or lose their quality, and also the transmission and delivery is lost.

Security

Network security means is any activity, used for protect the usability and integrity of the networks and also the data. The computer hardware and software use the network security. The most effective network security is used to manage the accessible network. We are using several threats to stop the network spreading.

Different types of network securities are used, like access control, antivirus, and antimalware software, application security, behavioral analytics, data loss prevention, and email security, firewalls, intrusion prevention system, mobile device security, network segmentation, security information and event management, VPA, web security, and wireless security.

Manageability

Sample diagram

    The manageability functions are classified into four categories:

• Logging, health monitoring, and alerting
• Control and configuration
• Updates and deployment
• Asset discovery and inventory

Usability

The web applications and software consider the usability for achieving their goals effectively and also efficiently. The usability includes the different level of user interface. And also the non-functional requirement is used in this technique. The usability design process consider three different principals, they are

• Iterative focus on the user and the task
• Iterative design
• Empirical measurement

The evaluation of usability is done by the following methods.

• Cognitive modeling
• Inspection
• Inquiry
• Prototyping
• Testing

Adaptability

A good network means they have an ability to adapt any kind of new technologies and also the changes. They have no of features for adapting the new protocols, new business, practical, new goals, and new registration. The availability needs more effects. And the traffic patterns are changed by using the flexible design.

Using adaptability we can achieve three working models

• WG1- GESCANT
• WG2- ADAPNA
• WG3- OR BITS

Affordability

Affordability is also known as cost effectiveness process, the main goal of affordability is reduce the total amount of traffic from the given financial cost. Basically all the campus networks are low cost and also reduce the network traffic. Sometimes we are using the enterprise networks for achieving the low cost.

The campus network design must use the affordability for reduce the financial cost. Quality routing protocol is the best example of affordability.

Sample affordable policy diagram 

Existing network

The network is used her such as LAN and wan. And the LAN network is used to provide the network within the particular area. And the wan network provides the network within one city. In this scenario is mentioned the LAN network is considered inside the class room and the wan network considered in the total areas.

 Many systems are connected together is called network. Advantage of network in conversation and transfer many files or documents into one system to another system.

Existing network called disadvantages of network, if network wires and servers can be hostile. Administration of big network is a very complicated and occur many problems. Mainly drawback virus, it spreader one computer another computer. Hacking is one of the main reason, unwanted person access your files very dangerous. Network Topology classified at two types.

Physical Network Topologies

It is used to build the network. Basically hardware tool is used to configure of many network. Hardware tool used commonly lack that the architecture of web based on given design.

Types

It has five types. And they are Point to point topology, Bus topology, Ring Topology, Star Topology, Hub and Spoke Topology, Point to Multipoint topology.

Point to point topology

Point to point topology is used to communication purpose. This communication link connect to two stations up a lone hardware connection. This topology used for connectivity purpose at serial port of topology. It is called as daisy chaining.

Bus Topology

Topology worked at connect too many computer in single cable. That single cable is type of coaxial cable used.

Ring Topology

Ring topology defines as connecting from one system to many systems. This process in commonly used for both interfaces. Token ring is used for allow to transfer process.

Star Topology

Star typology is the important topology of physical network. Because star topology is used for all network building purpose. To use hub for all network connected to station.

Point to Multi point

It is defined as a single platform network to run a multi-platform network.

Logical Network Topologies

Logical networks manage a number of networks and stations, if run process going a physical network. Internet protocol generate many logical webs. All internet actions are implement a logical topology. Peer to peer and client to server os known as the types of logical network topology.

WAN Map Block Diagram

Wide area network managed many number of rages and distance which is based on computer network oriented. If connect more local area network and spread worldwide a package of switches and routers to use for connected to WAN. This connection flow to inside the network.

LAN Map Block Diagram

This figure mentioned at below to spread internet via LAN. Internet broadcast to modem. Modem is used to delivery purpose. Modem send to signal at firewall. Firewall used for security purpose. Next router connect one port to many systems include workstation. Router connected to firewall and spread to internet from workstation and sub systems.

Interconnection Device

This device grant that single system to communicate at many systems. This communication process flowing an LAN wire or Landline. Is converted to big and difficult switching method to used interconnecting way to build number of networks.

This figure mentioned at single core switch used. Core switch is a high quality switch, is placed in physical part. Core switch is main part of diagram, is broad cast link to firewall and router, number of switches.

Workgroup switch is an approximately low quality switch, it supply the work for smaller group of labors. Floor switch is an electrical cabling and used for control the lights. The workgroup and floor switch is continuously connected at different paths.

Network Segments

Network portion is a part of network that described as actions of network. This machine supported as a repeater, hub, bridge, switch or router. Given segment control at single to many computer.   

Network traffic analysis

Traffic flow

In the network traffic is considered as huge one and for this traffic some of the prevention method is present and in that the main method is quality of service and it done by the parameters.

In this traffic management happened by the hosts. And virtual host take a part based on this scenario the in the university the traffic may be happen because the source send to headquarters and data Centre. So in that online communication the traffic should occur so the above diagram is described about the traffic between the layers.

And in that the traffic has to be analyzed by the host and here virtual host act as server and it used to provide the connection and this connection go through the GPU and this is used to pass the connection and it act as a medium to pass the network over the internet and this traffic management makes the clear way of network to the files using the web servers. And the traffic has to be analyzed in the way of network design and the network finally provided to the host or system and it called as a node and the network has to be reached the end without any traffic.

Traffic load

And in the traffic load the workstations as known as system and the servers are has to be analyzed. In the traffic, the load has to be reduced by the usage of traffic analysis. Traffic generally has some count for the load calculation. And the load removed while the traffic has to be analyzed. And in that the traffic is to be configured by the servers and the host details and collect the data about the workstation known as system. And here more system is connected with the server for the network connection with the host and the GPU make a connection between these two as host and system and the host here act as virtual host.

Protocol and Qos

Generally the protocol provides the rules about the network and the connection without this we did not make a connection between the system and server and additionally the service or network need to be checked with the parameters used for the service quality and this Qos has such parameters like jitter and packet loss. These kind of parameters used to get the connection and used to check the quality of the services provided by the network. The Qos parameters lists described below. They are,

• Packet loss
• Jitter
• Bandwidth

Logical network redesign

In the network devices of the network is shown above diagram and the connection between the devices is established with the routers and switches. And in this server provide the network to the network devices such as routers and the switches also has a part in the network devices design and the network finally provided the network to the computers.

In the ip address allocation the system and network devices are mentioned below based on the scaenario the system mentioned in the layers should have the ip address for identifiaction. So we have to allocate the ip for each devices. And in the ip address contains the external and internal ip and their ip address also. And the devices are connected in the internet which has the ip address for the identification of the devices for reduce the traffic. And the also the collection  of ip address is mentioned in the below diagrams. And the internet link provided to the devices for the conection with correct ip address.

In the virtual local area network the configuration is made on before diagram by using the protocol through the internet and this is connected to the servers by the firewall for security in the scenario it needed firewall for network communication in a secured manner.

In the sub netting the traffic has analyzed by the subnet and in that subnet name and the id and the host names are delivered.

In the firewall it was installed through the internet and it also used as perimeter and it is used to protect the surrounding areas from the attack and use the zone to the critical attack and in the same way and it use the internet for the services. In the server and remote the internet has been used. And for the particular services it use these kind of servers. And it is used to protect from the threats.

IDS/IPS

And the IPS device is used in the perimeter and also deployed and the IPS device in the perimeter and the traffic created in the server and also in the internet to provide a security from the threats. And the ip has many functions such as notification to the administrator and the traffic is used to get the decode for the attacker and also it used to disconnect the communication in the universities.

Physical network redesign

In the WAN network it is providing the network in the cities level and based on the scenario the universities have only wide area network such as backup and data center as kind of these areas. Using the wide area network we can analyze the gateways and their place of position. And it has a topology in that it has network components and servers such as host configuration and other common devices. And this topology makes the network as availability and also used to voice. And it has servers and gateways and it use to analyze the servers such as host server and the server has the bandwidth variation. And in the network such as cabling in the wide area network such s standards cabling and the performance of wan described below. It described about the CPU usage and voice and link. And it is used in the universities network performance in the way of providing bandwidth increasing performance. And the quality of service is needed to provide the connection in the universities network to check the traffic between connections.

In the local area network it describes about the bandwidth and the quality of voice and in that the layers may get conflict and the topology shows the devices and servers and gateways. For the LAN it needs the bandwidth increase and scalability and the quality of service and this network is used in the FNU universities inside the campus and the servers of the LAN network is used here in the campus domain name service and the communication between the students. And for that communication the network device such as used here and that is known as bandwidth and link. And the performance of the LAN network of the LAN has the measurements inside the campus like the usage of the CPU and failure rates and also the memory and LAN usage and for the LAN network in the campus addressing is very essential one and this contains the subnets and routes and servers for the network. And the protocol used for the network rules in the network for the universities and that includes the VLAN and IPX.

Conclusion

The conclusion about the project scenario is accomplished through the network redesign and in this redesign part the network design implemented for the use of people in the organization with different kinds. And the implementation of network design is made using the network devices and the analysis of traffic was completed.

Part 2-Security technology implementation

Overview

In this project the scenario is based on the communication using the network between the students in the organization and their details have to keep with a security so we need to implement the technology for the security issues through the network and this security implemented using such kind of software and operating systems. In the way the Linux and Sophos these kinds of techniques is used to list the security issues happened in the network. And the security methods based on the scenario.

The network security pLAN is a step by step process. The information technology is supported by three major facilities namely headquarters, operations, and backup. A proper security pLAN has the formal threat assessment. The IT security pLAN is a document that is produced by management. And also shows how you can secure the system in the industry. Using security pLAN we can easily show the business procedure, and security towers the system and data.  Lot of security pLANs are available, it allow the daily procedures and pLANs. It fully based on the online communication. Such as via email and video call. Different types of security procedures and devices are currently used in place like physical protection, virus protection, spam- filter software, password security, updates, wireless networking, backups, and firewalls.

A security pLAN contains lot of risks such as physical threats, computer security threats, information threats, and natural threats. The physical threats contain theft, damage, and arson. And the next one is computer security threats it includes malware, hardware failures and system crashes, spam and viruses. Third one is information threats it also includes some things like private data, secret of the business, and fraud. Final one is natural threats like tsunami, floods, earthquake, and hurricane. The security measures are calculated by the following sections such as protection, prevention, administration control, and storage on control.

In protection includes backup, encryption, and employees. The removal of data, operating system, firewalls, and antivirus are done by prevention. Administration control means access control, permission control, and webpage restrictions.   

Control 1

Objective of the control

In this recommendation control it described about the backup of the data and explained about how to rescue the data and analyze what are the files inside the network and the functions and technology explained in this control section.

Resources

It has the resources like mail server and database server, web server and other network components.

Developing the control

In this area such as data backup technique we have to use some software and operating system as Linux and Sophos UTM. Kali Linux is used for the penetration testing by using the commands and in the Sophos it also executed by using the virtual box. And these techniques implementation clearly described below in the way of diagrams.

Description of the system

We are using the Kali Linux software, basically the kali Linux software is one of the best open source security package. And it contains set of tools divided by different categories. Using kali Linux the Wi-Fi cracking tools are incorporated. In kali Linux is affected by the wireless attack, one of the most famous attacks is Fern Wi-Fi cracker. The following command is used for start the terminal, “airmon-ng start wLAN-0”,

Next we are using Sophos, is a network security solution. Each and every Sophos network security is used for providing the security modules, and also run it. All the security models are available as total. In this modules include lot of resources like essential firewall, network protection, web protection, email protection, web server protection, wireless protection, and endpoint protection.

Implementation using kali linux

In above figure it shows the installation of kali linux using vmware. And the index page of installation end is showna bove.

Installation of sophos UTM

Configuration of the system

Information gathering and vulnerabilities analysis

Scan reports

 Zenmap tool

 

Test result and analysis

In this part of security technology implementation we need to analyaze the attacks and make a solution in the way of testing such as penetration testing using operating system by the virtual box.

First one is the testing is done by the kali linux through virtual box and second one is testing done by the sophos UTM  through the virtual box.

Scope:

This tehnology includes the backup and recovery pLAN, but it not a limited one. In includes lot of things like recovery of file and print server, mail server, database server, web server, video steaming server, and aslo domain controllers. But this pLAN does not consider the backup and recovery of client work stations, laptop, tablet PCs, or PDAs.

backup pLAN

Every business night must have a server backup, and excluding holidays. Before perform the recycle operation we need to perform backup on Friday. The monthly backup is used for descripe the last backup of every month. And it kept for a year before recycle. The fireproff safe is used for store the monthly backup tapes. Only the last two monthly taps are stored in a fireproof safe.Backup will be performed and also monitored by the full time IT staff members. The verital backup execution is  automatically extracted by the backups. And also use arcserve or similar software product. The tapes are inserted in every night before leaving the network. The director of information technology provide a report about backup failures. Any problems will be occur the director take a action immediately. We need to perform the backup operation before the server modification or updation.

loss of data

Sometimes the datas are losed so we need to discover the data lose and also evaluate it. Mostly the data loses are related to file corruption, virus, security, or human error. The hardware and software related problems are troubleshooted by the IT staffs. The data loss is related to a virus and also  related to the security stystem. And also it quickly solve the related problems. Human error related problems are done by the IT staffs, the IT staffs inform immediately to avoid further loss of data. The bachup media is used for perform the restoration operation and minimize the data loss.

Restoration of data

The data lose time and date is noticed by the IT staffs. Every bachup media have a appropriate server. The data restoration is monitored by the IT staffs. If the disaster is discovered, the IT staffs are determine the extend of the problem. Basically the disaster is a hardware related. Types of natural disasters are used like fire, tornado, earthquake, or other. The data integrity and validity is check by the IT staffs. The restore is finished by the end user approval.

Control 2

Security groups define the colections of user account, computer account, and also other group account. The single unit in the security perspective is used for manage the account. In windows opearting system we are using aeveral security groups, for complete the specific task. The unique combinations of security requirements are used for craete a group in secure manner. It based on the active directory based or local to the particular computer.

The rights and permissions of the domain resources are managed by the active directive security. Then the local group exit is used for access the SAM database on local computer. The computers are fully windows based but not the domain controller. The local computer resources are managed by the local groups.

Control 3

The web tier in a three tier architecture is typically deployed by the apache server. And also we are using the combined web and application tier. The reverse proxy functionalities are provided by the same apache server, in front of a multi tier architecture. The catching and compression operations are successfully executed using the reverse proxy functionalities. The apache server only provide the web or web pplication functionality. One or more apache system are used in a BIG-IP system. We are using several deployments like

• Web app tier/ apache as web tier
• Apache as reverse proxy
• BIG-IP replacing apache functionalities
• BIG-IP complete the apache functionality
• BIG-IP apache as reverse proxy is replaced.

Control 4

Mod security is a type of security used in network secutiry pLAN. Basically is a open sources web application firewall, used by the apache. Mod security says the generic applications are provided in particular order. In this technique we are using some core rules. They are HTTP protection, real time blacklist lookups, web based malware detection, HTTP denial of service protection, common web application protection, automation detection, integration with AV sacnning for file uploads, tracking sensitive data, trojan protection, identification of application defects, error detection and hiding.  

Control 5

Conclusion

In this section is fully focused on the security technology implementation. The final solution is created the way of penetraion testing using opearting system by the virtual box. The kali Linux is insatlled and executed successfully, and also the generate the result using sophos UTM. The objective of the control is to meet the organizational security, using RADIUS server. Then the system development is done by using commercial hardware and software.

Draw the logical digram, in this diagram includes wireless router, range of IP address, subnets, RADIUS server, and IP address interface. Finally the system configuration contains test pLAN design, test paln implementation, and also analysis. All the connections and reprts are completed successfully.  The organisation permissions and rstriction controls are worked well. The over all contruction of security pLAN was a big and effective improvemevt towards the organization. We are using firewall and some anti virus software, for remove the threats very fastly and effectively. One of the best method of backup is cloud dtorage, using cloud storage the datas are safe and also avoide the phisical damage of the sytem.

References 

Byoung-Jik, P., Sung-Hyuk, K. and Yong-Il, K. (2015). The Effects of Demilitarized Zone's Brand Equity as a Tourist Destination on Place Attachment and Perceived Risk: Targeting Foreign Tourists to the DMZ. Journal of Tourism Sciences, 39(5), pp.101-116.

DAYEZ-BURGEON, P. (2012). La DMZ coréenne, une frontière paradoxale (encadré). Hermès, (63), p., [ p.].

Fu, W. and Lu, A. (2012). VLAN Technology Application Research Based on Campus Network Security. Applied Mechanics and Materials, 220-223, pp.2945-2948.

Haji Nur, A. (2014). Performance Analysis of LAN and VLAN Using Soft Computing Techniques. IOSR Journal of Electronics and Communication Engineering, 9(6), pp.10-16.

Hunter, W. (2013). The Visual Representation of Border Tourism: Demilitarized Zone (DMZ) and Dokdo in South Korea. International Journal of Tourism Research, 17(2), pp.151-160.

Jo, J., Jang, H., Lee, K. and Kong, J. (2015). SDN-Based Intrusion Prevention System for Science DMZ. The Journal of Korean Institute of Communications and Information Sciences, 40(6), pp.1070-1080.

Kim, J. (2014). Jeungsan Thoughts and DMZ World Eco-peace Park - Universal Redesign for the Foremost Leading Country centering on Korea -. The Journal of Daesoon Academy of Sciences, 24(1), pp.97-144.

Ko, M., Ko, J. and Kim, H. (2015). Appearance Patterns of Freshwater Fish in Western DMZ Adjacent Areas, Gyeonggi-do, Korea. Korean Journal of Ecology and Environment, 48(1), pp.38-50.

Lee, S. and Kim, S. (2015). Proceeding Strategies for Establishing of the DMZ World Peace Park for the Laying of the Foundation for Unification. Journal of Digital Convergence, 13(4), pp.9-24.

Li, F., Yang, J., An, C., Wu, J. and Wang, X. (2014). Towards centralized and semi-automatic VLAN management. International Journal of Network Management, 25(1), pp.52-73.

Patulak, A., Purwadi, J. and Herlina R., T. (2015). IMPLEMENTASI METODE USER CENTERED DESIGN DALAM PERANCANGAN APLIKASI PEMBELAJARAN VLAN & INTER-VLAN ROUTING. Jurnal Informatika, 11(1).

Schoofs, A., Ruzzelli, A. and O’Hare, G. (2011). VLAN auditing for preliminary assessment of after hours networked equipment electricity wastage. Energy, 36(12), pp.6910-6921.

Shin, H., An, J., Kim, S., Heo, T., Kwon, Y., Lee, Y. and Yoon, J. (2015). Vascular PLANts of Hak Reservoir Valley in Korea DMZ Area. Korean Journal of PLANt Resources, 28(4), pp.475-486.

TANIMOTO, S. (2005). A Proposal of Various IP Mobility Services to Apply the Mobile VLAN in the Ubiquitous Environment. IEICE Transactions on Communications, E88-B(7), pp.2743-2755.

Young Song, J. (2016). DMZ Cultural Center: The Role of Shared Space in the Korean Peninsula Crisis Centro Cultural DMZ: El rol del espacio compartido en la crisis de la peni?nsula coreana. Dearq Revista de Arquitectura / Journal of Architecture, (18), pp.56-67.

Barhoom, T. and Elrayyes, E. (2014). Model for Strengthening Accuracy through Detection of Anomalous Firewall Policy Rules. International Journal of Innovative Research in Computer and Communication Engineering, 02(12), pp.7116-7124.

Brucker, A., Brügger, L. and Wolff, B. (2014). Formal firewall conformance testing: an application of test and proof techniques. Software Testing, Verification and Reliability, 25(1), pp.34-71.

Caro, L., Papadimitriou, D. and Marzo, J. (2009). Enhancing label space usage for Ethernet VLAN-label switching. Computer Networks, 53(7), pp.1050-1061.

Chintalapudi, K. and Varma, P. (2016). A Study on Home Office Firewall. IJARCCE, 5(12), pp.13-17.

Hwang, D., Lee, B. and Yeom, D. (2013). Is the firewall consistent? Gedanken experiments on black hole complementarity and firewall proposal. Journal of Cosmology and Astroparticle Physics, 2013(01), pp.005-005.

Joshi, P. (2016). Implementing Firewall using IP Tables in Linux. International journal of Emerging Trends in Science and Technology.

K, A. and B, S. (2014). Auto Finding and Resolving Distributed Firewall Policy. IOSR Journal of Computer Engineering, 16(5), pp.93-97.

Khan (2013). A Quantitative Analysis of Firewall Impact on Critical Data Communication. Journal of Basic & Applied Sciences.

LI, Q. (2008). Design and implementation of network firewall system based on Godson CPU. Journal of Computer Applications, 28(6), pp.1372-1375.

Liao, Q., Li, Z. and Striegel, A. (2011). Could firewall rules be public - a game theoretical perspective. Security and Communication Networks, 5(2), pp.197-210.

Meddeb, A. (2012). On building multiple spanning trees and VLAN assignment in metro ethernet networks. Networks, 61(3), pp.263-280.

SinghArneja, P. and Sachdev, S. (2015). Detailed Analysis of Antivirus based Firewall and Concept of Private Cloud Antivirus based Firewall. International Journal of Computer Applications, 111(4), pp.16-23.

TANG, Y. (2009). Rule matching mapping algorithm for firewall based on rule decomposion mapping. Journal of Computer Applications, 29(11), pp.2969-2971.

WANG, J. and DU, F. (2009). Research of matrix bloom filter in virus filtering firewall. Journal of Computer Applications, 29(11), pp.2939-2941.