Project: Network Design and Plan

Purpose

This project provides you an opportunity to solve a comprehensive problem in firewall and virtual private network (VPN) implementation at various levels. You will play the role of an employee participating in network design and planning of a specific business situation.

Required Source Information and Tools

Web References: Links to web references in this Instructor Guide and related materials are subject to change without prior notice. These links were last verified on September 18, 2020.

The following tools and resources are needed to complete this project:

A web browser and access to the Internet to perform research for the project

(Optional) A tool for creating basic network diagrams, such as draw.io or Microsoft PowerPoint

Learning Objectives and Outcomes

Apply core competencies learned throughout the course to a single project.

Analyze and apply knowledge of firewalls, VPNs, and other network defense measures.

Demonstrate logical reasoning and decision-making skills.

Overall Project Scenario

Corporation Techs provides remote and on-site support to small and mid-size businesses. Clients use Corporation Techs’ services to solve problems involving malware removal, to manage data recovery and network issues, and to install hardware and software.

Due to recent developments, most technical representatives will begin working from home within the next six months. Because Corporation Techs provides 24/7 support, its systems and communications pathways must be fully operational at all times. In addition, the company has been experiencing unprecedented growth and is preparing to double its client-facing staff.

You are a junior network architect who is responsible for helping to plan and design network enhancements to create a more secure internal network, and to ensure secure remote access.

Deliverables

The project is divided into several parts. Details for each deliverable can be found in this document. Refer to the course Syllabus for submission dates.

Project Part 1: Network Design

Project Part 2: Firewall Selection and Placement

Project Part 3: Remote Access and VPNs

Project Part 4: Final Network Design Report

Project Part 1: Network Design

Scenario

The Corporation Techs’ current network consists of 1 web server (accessible by the public), 2 application servers, 2 database servers, 2 file and print servers, and 50 workstations. The web server runs Linux/Apache, the other servers run Microsoft Windows Server, and the workstations run Microsoft Windows. The network is connected through a series of switches, is not physically connected to other networks, and runs Internet Protocol version 4 (IPv4). The network is protected by a single border firewall. The senior network architect, whom you work for directly, has verified the company’s business goals and has determined the features and functions required to meet those goals.

The senior network architect has asked you to create a network design that includes the following components:

Current infrastructure elements

A logical topology that separates the Accounting and Sales departments

Redundant communications

Justification for continuing with IPv4 or upgrading to IPv6

Tasks

For this part of the project, perform the following tasks:

1. Conduct research to determine the best network design to ensure security of internal access while retaining public website availability.

2. Design a network configuration with physical and logical topologies. Identify major network elements (e.g., servers, switches, gateways) and their locations within the private and protected network segments.

3. Include a high-level plan that ensures communications are available 24/7.

4. Recommend whether to continue using IPv4 or upgrade to IPv6, and explain why.

5. Create a basic network diagram that illustrates the current network and enhancements. Include a few workstations to represent all workstations on the internal network. The diagram will be very high level at this stage and include only necessary details. You may use a software tool or simply pencil and paper. You will update this design later in the project.

6. Create a draft report detailing all information as supportive documentation.

7. Cite sources, where appropriate.

Required Resources

· Internet access

· Course textbook

Submission Requirements

· Format: Microsoft Word (or compatible)

· Font: Arial, size 12, double-space

· Citation style: Your school’s preferred style guide

· Length of report: 3–4 pages

Self-Assessment Checklist

· I determined the best network design to ensure the security of internal access while retaining public website availability.

· I designed a network configuration with physical and logical topologies, and identified major network elements and their locations within the private and protected network segments.

· I created a plan that ensures communications are available 24/7.

· I recommended whether to continue using IPv4 or upgrade to IPv6, and explained why.

· I created a basic network diagram that illustrates the current network and enhancements.

· I created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.

· I followed the submission guidelines.

Project Part 2: Firewall Selection and Placement

Scenario

The senior network architect at Corporation Techs has informed you that the existing border firewall is old and needs to be replaced. He recommends designing a demilitarized zone (DMZ) to increase network perimeter security. He also wants to increase the security of network authentication, replacing the current username and password approach.

Tasks

For this part of the project, perform the following tasks:

1. Research and select firewalls for the Corporation Techs network.

a. Describe each firewall, why you selected it, and where it should be placed for maximum effectiveness.

b. Address network, server, and workstation firewalls.

2. Describe a plan for creating a DMZ, and explain how it makes the network more secure.

3. Research network authentication and create a high-level plan for secure authentication to internal network resources.

4. Create a draft report detailing all information as supportive documentation.

5. Cite sources, where appropriate.

Required Resources

· Internet access

· Course textbook

Submission Requirements

· Format: Microsoft Word (or compatible)

· Font: Arial, size 12, double-space

· Citation style: Your school’s preferred style guide

· Length of report: 3–4 pages

Self-Assessment Checklist

· I researched and selected firewalls.

· I described each firewall, why I selected it, and where it should be placed for maximum effectiveness.

· I addressed network, server, and workstation firewalls.

· I described a plan for creating a DMZ and explained how it makes the network more secure.

· I created a high-level plan for secure authentication to internal network resources.

· I created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.

· I followed the submission guidelines.

Project Part 3: Remote Access and VPNs

Scenario

As you are aware, many remote users will soon need access to the internal network and services. A remote access and virtual private network (VPN) plan is needed to connect it all together.

The senior network architect has asked you to create the plan that will allow secure remote access to the internal network while preventing unauthorized access. He specifically requested that all information transferred between remote users and the organizational servers be protected against snooping.

Tasks

For this part of the project, perform the following tasks:

1. Research and recommend the most appropriate VPN technology. The most likely solution is either an Internet Protocol Security (IPSec) VPN or SSL/TLS VPN. Describe the VPN technology and explain why it is the best choice for Corporation Techs.

2. Recommend any other forms of remote access that are relevant and describe how they would be used.

3. Create a draft report detailing all information as supportive documentation.

4. Cite sources, where appropriate.

Submission Requirements

· Format: Microsoft Word (or compatible)

· Font: Arial, size 12, double-space

· Citation style: Your school’s preferred style guide

· Length of report: 3–4 pages

Self-Assessment Checklist

· I researched and recommended an appropriate VPN technology.

· I described the VPN technology and explained why it is the best choice.

· I recommended other forms of remote access that are relevant and described how they would be used.

· I created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.

· I followed the submission guidelines.

Project Part 4: Final Network Design Report

Scenario

You are ready to create and submit a final network design and plan to the senior network architect, who will present it to senior management and other decision makers.

Tasks
For this part of the project, perform the following tasks:

1. Create a final network diagram that includes the basic diagram and all relevant network enhancements.

2. Create a professional report that includes content from each draft report. Include details for all relevant information, persuasive justification for your recommendations, and methods to measure the success of each major network enhancement. Include a 1- to 2-page executive summary.

3. Use simple, clear language that primary stakeholders (non-IT) can understand easily.

Submission Requirements

· Format: Microsoft Word (or compatible)

· Font: Arial, size 12, double-space

· Citation style: Your school’s preferred style guide

· Length of final report: 10–16 pages, including executive summary and network diagram

Self-Assessment Checklist for Final Report

· I developed a network design that meets the requirements.

· I created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.

· I described technology recommendations, provided justification for those recommendations, and described methods to measure the success of each major network enhancement.

· I included an executive summary and a final network diagram.

· I included citations for all sources used in the report.

· I followed the submission guidelines.

© 2022 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Page 7

Please refer the ISOL 532 Project document attached in the post for details and then proceed with the answer

Overall Project Scenario

Corporation Techs provides remote and on-site support to small and mid-size businesses. Clients use Corporation Techs’ services to solve problems involving malware removal, to manage data recovery and network issues, and to install hardware and software.

Due to recent developments, most technical representatives will begin working from home within the next six months. Because Corporation Techs provides 24/7 support, its systems and communications pathways must be fully operational at all times. In addition, the company has been experiencing unprecedented growth and is preparing to double its client-facing staff.

You are a junior network architect who is responsible for helping to plan and design network enhancements to create a more secure internal network, and to ensure secure remote access.

Deliverables

The project is divided into several parts. Details for each deliverable can be found in this document. Refer to the Course Syllabus for submission dates.

·
Project Part 1: Network Design (Completed)(please use the answer which u provided last week. Based on the part 1 please provide answer for part 2 for atleast 3-4 pages along with references)

·
Project Part 2: Firewall Selection and Placement

1

Network Design Project

Network design can be defined as how the network infrastructure is planned and structured. A network design serves as the pillar to effectively monitor a network and will directly inform on the ability of a network to maintain quality service. If steps to ensure a good network design are not followed correctly, the maintenance of quality service will be difficult (Molina & Jacob, 2018).

In this project, the network design involved evaluation and scope of the network to be implemented, and some of the factors that are considered include; how the cabling was to be structured, the map of the network to be implemented, the number of network devices, the types of network devices used, the area of the network devices, the mode of IP addressing and the security of the network structure. The best network design that will serve the purpose is WAN (wide area network) to enable coverage of a wider location (Hadi et al., 2018).

In the physical layer of the network design structure, the network design focused on how the handling of the hardware equipment on the network because the quality of service is often affected by the location of the equipment. This project ensured that the cabling of the devices was done appropriately and avoided too much distance between the devices. The logical structure focuses on the traffic flow across the network, IP addresses, and the domains’ routing, as shown below (Hadi et al., 2018).

To achieve 24/7 running communication in a network and availability of the server does not necessarily mean providing the server and the network components with power. Still, it is important to monitor their status to ensure reliable service provision. In this project, the plan designed to help achieve 24/7 availability for the business includes monitoring the resources. This means knowing what is happening in the network environment. Some of the areas to be monitored are; the usage of memory, the traffic of the network, utilization of the CPU, and the storage capacity.

Also, another plan is to automate everything possible to help handle complex and time-consuming tasks in a much simpler way. This is made possible by using automation tools; that is, incorporating software that will help analyze log files and monitor the network’s traffic flow and trigger an alarm in case of a concern. It is important to have a backup plan, to ensure that a copy of the business data is kept safely, and in case of a loss, important information can be recovered.

Finally, one of the most important steps is to ensure that a strong safety strategy is implemented because, despite the advantage of 24/7 availability of service to attract customers, on the other hand, attackers are also there to exploit the vulnerabilities of the system. To set up strong security, additional security measures are to be incorporated and policies that go in hand with the data to be protected. This requires; efficient antivirus software and a firewall to monitor any unauthorized access of the network also set up restricted access to physical IT equipment in the office to avoid tampering with the network devices (Jara-Olmedo et al. 2018).

Regarding the IP addressing protocol, upgrading to IPV6 will be a much better option than IPV4 due to its advanced and better features. IPV6 can provide an infinite number of addresses. Some of the advantages of IPV6 over IPV4 include simplifying the router’s tasks, more compatibility on mobile networks, and accommodating much bigger payloads is used by a few networks (Hamid et al., 2021).

The network design of the complete structure is shown in the diagram below.

To summarize the draft report, the objective of the network is to provide remote and on-site support to small and medium-sized businesses. Five main goals the network should achieve are providing a secure network, including integration and upgrade, enabling versatility in the processing of information, enhancing collaboration by combining the power and capability of different equipment, and finally, scalability to ensure that expansion of expansion the network is made easier.

In this project, a proposal for a network design involved a few stages; the planning stage involved the process of creating a strategy and analyzing the business requirements that will be needed in the network, and then the second stage involved assessment where the most crucial components of the existing network were listed and the necessary equipment for the upgrade. This will assist when creating the design scope (Ma et al. 2018).

Then in the design stage, the map design topology and the solutions to be implemented were created. Any issue arising was handled to avoid errors in the next phase of the design process. This process is crucial as it involves the extent of what is required in the network design, and hence the current network capacity is to be tested to determine its shortcomings.

References

Hadi, M. S., Lawey, A. Q., El-Gorashi, T. E., & Elmirghani, J. M. (2018). Big data analytics for wireless and wired network design: A survey. Computer Networks, 132, 180-199.

Hamid, Z., Daud, S., Razak, I. S. A., & Razak, N. A. (2021). A Comparative Study between IPv4 and IPv6. ANP Journal of Social Science and Humanities, 2(1), 68-72.

Jara-Olmedo, A., Medina-Pazmino, W., Tozer, T., Aguilar, W. G., & Pardo, J. A. (2018, April). E-services from emergency communication network: aerial platform evaluation. In 2018 International Conference on eDemocracy & eGovernment (ICEDEG) (pp. 251-256). IEEE.

Molina, E., & Jacob, E. (2018). Software-defined networking in cyber-physical systems: A survey. Computers & electrical engineering, 66, 407-419.

Ma, J., Wang, H., Zhang, Z., Zhang, Y., Duan, C., Qi, Z., & Liu, Y. (2018). An efficient routing strategy for traffic dynamics on two-layer complex networks. International Journal of Modern Physics B, 32(13), 1850155.