Networking report essay

Networkingreport

Networkingreport

NewtonAd agency is an advertising company with three branches that requiresharing of data amongst themselves and since they are geographicallyseparated, this can be achieved by choosing a good WAN connectivity,IP addressing and wireless access strategies. The report below willlook into these strategies plus the business and technical rationalefor the recommendations on the strategies used.

TheWAN connectivity at Austin’s headquarters and New York branch

WideArea Network (WAN) is a network of computers that are connected overa large geographical area, this network is appropriate when one needsa network to facilitate communication between distributed sites thatneed access to shared data and also allows for remote access of thesystem by remote users. The recommended services to achieve aneffective WAN connectivity strategy would be Multi-ProtocolLabel Switching (MPLS), Ethernet and internet access services.MPLS service guarantees the performance of real time, IP basedapplications for instance video and voice. Furthermore, it eliminatesthe need for a hub in networks and saves money. MPLS prioritizesvarious applications types (voice, video and data) in order tooptimize the performance of the network, this is achieved through theuse of the MPLS class of service (CoS) protocol. Furthermore, MPLSsupports applications such as imaging, video and audio streaming.With this protocol implemented the Austin’s headquarters and NewYork office fast WAN connectivity will have been achieved (ChoosingWAN connectivity and services wisely, 2009).

Diagramsshowing the WAN connectivity&nbsp

BackupWAN connectivity is a critical aspect, the data centers should havetheir data distributed and duplicated among multiple sites so as toreduce the risk of losing data completely in the event of occurrenceof a calamity. Availability for Connection to these distributed sitesis crucial. MPLS services provide the any-to-any site connectivityservice with the class of service (CoS) capability with minimalcosts. With the MPLS service taking care of distributed computing,then this will allow the uptime of resources to be up to 99.999%.Thiswill make it possible for the Austin’s headquarters (the site withthe network bandwidth and data center) to have a very highavailability of its data as it frequently will exchange large fileswith the New York office and the remote workers who will need toaccess the network at Austin’s remotely.

Explanationof why the MPLS WAN technology

MPLSsupports wireless remote access the major factor is to consider thenumber of users estimated to access the network remotely. For thiswireless remote access to be reliable and secure, it has to bemanaged centrally, this will be managed by CISCO centralized wirelesscontrollers which are designed to centralize and manage thousands ofaccess points. This controller will enable the administrator tocreate clusters of groups for various purposes such as security andgeographical management from the Austin headquarters. The Austin’sheadquarters will have numerous access points to allow for wirelessaccess of the network by the users. This, however, will beimplemented using a secure access control authentication process. Thewireless LAN (WLAN) will be enabled with capabilities ranging fromcaptive portals to firewall filters, unique guest login credentialsand traffic shaping that require no configurations from the networkengineers. In this setup, users will request for their accounts to becreated on a splash portal that will only be activated by theadministrator, for users who have not been approved, they can beallowed to access the network at a shallow level, that is, varioususers in the organization are assigned various access rights to thenetwork, the network will have other guest management strategies tomonitor the user activities and resources that they are consuming,these strategies include a unique dynamic pre-shared key(DPSK) perguest, use of web forms to request for a pass and &nbspserviceset identifiers (SSID)(WirelessLAN access control: Managing users and their devices, 2011).

IPaddress strategies at each location

Nowthat we have looked on how to securely access and protect the data inthe New York server, let’s look at how we can ensure that everyuser has the credentials for accessing the system that brings us toIP addressing. An IP address is a unique label that is assigneddevice within the network using the IP for communication. An IPaddress is divided into two parts, the network and host bits. Networkbits are used to identify the class of network (A, B or C) while thehost bits are assigned to individual employees. Each IP address isunique and can therefore be assigned to a single person. The rangespecified from 192.168.100.0 to 192.168.103.255 can accommodate up to765(255*3) employees. This number will be sufficient to serve all the700 users/PCs, the 500 hosts at Austin’s headquarters and 200 atNew York office (IPAddressing and Sub-netting for New Users-Cisco, 2016).The sectionbelow is going to look at the IP assignments of each location indetail. First let us familiarize ourselves with the following terms

• Address&nbsp-&nbspThe unique identifier assigned to a single user/host in a network.

• Subnet&nbsp-&nbspA section of the network that shares the same subnet address.

• Subnet mask&nbsp-&nbspA 32-bit address combination used to show which address section points to the subnet and which one points to the host.

• Network bits&nbsp–&nbspthe part of the IP address that identifies the network type in a subnet.

• Host bits – the part of the IP address that identifies the host/user in a subnet.

SinceNewton Ad Agency has three offices, the network IP address rangegiven (192.168.100.0 to 192.168.103.255) would be best utilized bydividing it into sub networks and interconnecting each subnet using agateway. Each subnet will be assigned a unique IP address and thegateway interconnecting the sub networks must have those Addressesfor each subnet. There are 4 classes of networks namely A, B, C, D.The subnet masks are used to identify the class in which a networkbelong to. For instance:

ClassA: 255.0.0.0

ClassB: 255.255.0.0

ClassC: 255.255.255.0

ClassD: 255.255.255.255

TheAustin’s Headquarters IP addressing

Sincethis office will be having 200 hosts, the network will be sub-nettedinto eight subnets and each subnet will have its unique IP addressand all the eight will be interconnected using a single gateway. TheIP address 192.168.100.0belongs to class C with a subnet mask of 255.255.255.0. Thistherefore requires that some host bits have to be borrowed to form asubnet mask 255.255.255.110(a number between 1 and 254). With thissubnet mask, we can than have then create eight subnets that willserve the entire office (200 hosts).

Withsub-netting, it is now possible to have create numerous IP addressesfor a given subnet mask. From the table above, we are going to havehost addresses ranging from 1 to 254, the total host addresses willbe 246(254-8 addresses that will be used by the gateway tointerconnect these subnets).246 IP addresses will be sufficient forthis office (IPAddressing and Sub-netting for New Users-Cisco, 2016).

NewYork branch office

TheNew York office appears to be busiest of the three offices as ithosts the server where users can download files from. Due to its busyenvironment, it has a requirement of 500 hosts. To achieve this, thenetwork will need to be subdivided so as to offer better service interms of latency, response time, reliability and performance. Toachieve this number of IP addresses, the network will be subdividedto two address ranges but using the same subnet mask. The table belowis going to show how that will be achieved.

Fromthe table above, we are going to have host addresses ranging from 1to 254, the total host addresses will be 246(254-8 addresses thatwill be used by the gateway to interconnect these subnets) spreadover the range 192.168.100.0 to 192.168.103.30. 522 IP addresses willbe available (246*3), this will be more than sufficient for the twoNew York office.

TheRural satellite office

Thisoffice also expects to host 200 users, to achieve this, the remaining IP address from the 255.255.255.110 subnet mask will besufficient as shown in the table below.

Fromthe table above, we are going to have 202 IP address (210-7 bits forgateway location).

Wirelessaccess strategy at the Austin office

Themain service that will be used to allow for wireless access is theservice set identifier (SSID). This service provides a uniqueidentifier that is added to the header of the packets that are beingtransmitted over the wireless LAN. This identifier then acts as thepassword that a device will need in order to access the basic serviceset (BSS).BSS is the main building block of the IEEE 802.11 WirelessLAN, it is a combination of an individual access point and itsassociated stations. Since we are setting up a wireless network, SSIDwill be a basic service to enable the administrator to change thename of the network so as to distinguish it from the other wirelessnetworks around. The administrator can also adjust the visibility ofthe network to either hidden or broadcast using SSID (WirelessLAN access control: Managing users and their devices, 2011).

Servicesthat will support remote workers

Thecompany also requires that access to the network workstations be doneremotely. This is to allow the employees to work from home full time.For this to be achieved, the remote desktop service (RDS) will be thebest option, this is because it encrypts it’s sessions making itincredibly difficult for an attacker to view your session throughlistening to the network or performing traffic analysis to deduce thepattern of packet transmissions across the network, the session issecured using secure socket layer (SSL) protocol. The virtual networkcomputing is an alternative but it does not encrypt its session hencemaking it susceptible to various attacks such as man-in-the-middleattacks and session attacks (Border,2007).

Servicesthat IT will use to access all workstations on the network&nbsp

Butto ensure a secure RDS, the administrator will be required to set upstrong passwords, this will enhance the password complexity when itis hashed, regularly update the software as new releases/updates always contain the latest security fixes. This is also another majorreason for the use of this service as opposed to other third partysoftware, restricting access to the RDS using both hardware andsoftware firewalls to as to monitor access to RDS listening ports(TCP 3389).The remote desktop gateway will be the firewall of choicefor this restriction, to make the remote desktop (RDP) fully attackproof, it is going to be tunneled through IPsec-a built in windowsservice application. . Network level authentication (NLA) serviceprovides an extra level of security before connecting to the RDS. Itis also best practice for the administrator to on regular intervalschange the listening port for Remote desktop and using remotedesktop gateways as the firewall, servers with highly sensitive datawill involve a two-factor authentication system RDP gateways can beused to achieve this.

Austin’sheadquarters internet options

Austin’sheadquarters will require the T1 line to subscribe to the internet.T1line has a bandwidth of 192 kilobyte per second. This bandwidth wouldbe sufficient for the 200 hosts.The New York office on the other handwould use the fibre optic for internet subscription. This is becausethis office will serve 500 hosts and will host a server where clientscan download files from it and fibre optics capability of deliveringdata at rates of up to 1Gbps, server access would be fast andefficient. These two will amount to $1,000 per month and will fallwithin the company budget.

Explanationof the terms and concepts used in the paper

Remotedesktop connection (RDP)-awindows application that allow users to remotely connect to a remoteserver or workstation

Serviceset identifier (SSID)-aunique identifier used to label a network and provide administrativecapabilities.

Dynamicpre-shared key (DPSK)-aunique dynamically created key by users that allows for a securecommunication between two parties

Multi-protocollabel switching( MPLS)-aWAN connectivity service that save on bandwidth while allowing fortransmission of various type of media including audio, data, video,and imaging.

WirelessLocal Area Network (WLAN)-anetwork technology that allows devices to connect to access pointwithout being physically linked.

Instituteof Electrical and Electronics Engineers (IEEE)–anAmerican based body responsible for setting required standards andpolicies in engineering and technology.

References

Border,C. (2007). The development and deployment of a multi-user, remoteaccess virtualization system for networking, security, and systemadministration classes.&nbspACMSIGCSE Bulletin,&nbsp39(1),576-580.

ChoosingWAN connectivity and services wisely. (2009).&nbspChoosing WANconnectivity and services wisely. Retrieved April, 2016, fromhttp://searchenterprisewan.techtarget.com/Choosing-WAN-connectivity-and-services-wisely.

IPAddressing and Sub-netting for New Users – Cisco. (2016).&nbspIPAddressing and Sub-netting for New Users-Cisco. Retrieved April,2016, fromhttp://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13788-3.html.

WirelessLAN access control: Managing users and their devices.(2011).&nbspWireless LAN access .control: Managing users and theirdevices. Retrieved April, 2016, fromhttp://searchnetworking.techtarget.com/tip/Wireless-LAN-access-control-Managing-users-and-their-devices.