The adoption of a cutting-edge learning platform to keep up with the ongoing advancement of technology is one of the numerous goals outlined in UMUC's strategic plan. The institution will do this, among other things, by putting in a contemporary network infrastructure. As a result, the management aims to build a building that will serve as a sort of technological hub, complete with cutting-edge computer labs, a library, and cutting-edge Wi-Fi. Access to the internet is also implied by a strong network infrastructure. Students will find it simple to conduct research, understand new material, and turn in assignments on time as a result, which will also boost staff productivity. The institution will then gradually experience increased intakes as it will offer online learning capabilities.
A. Network Topology
Business needs. The proposed building at UMUC is meant to increase operational efficacy. Currently, students can hardly access library resources as they are constrained to physical access while the admission process is strenuous and long. The proposed building aims at reducing the issues by having a modern library equipped with computers and internet access so as to provide paperless and online access to its resources.
The admission offices will be shifted to the new building while having their data centrally stored in the organization's servers residing in the same building. More departmental offices will be set to increase staff productivity. However, for data and information security, the network will need to be subdivided such that staff and admission network, computer lab networks, and library networks all fall under different sub-networks.
Proposed topology. In its basic form, a network is a connection that exists between multiple devices either by wired means or wirelessly and is aimed at sharing resources. A network topology is how the connected devices are physically positioned along their connection media and how information is meant to flow from source to destination (FitzGerald & Dennis, 2009).
Since office, computer, Wi-Fi, and the library will be on separate networks, different layouts suitable for each are proposed. An ad hoc topology will be required for devices wirelessly accessing the network since the network formed is temporal and can assume any layout. A bus topology is suitable for the computer and library sub-networks since its cost effective while still easy to configure and add devices. A star topology may work well for departmental and admissions offices' networks since there is centralized control of information and the failure of any of the nodes should not affect other nodes. The figures below graphically show sample topologies.
B. Network Media
Business needs. Even though there is the need for a network, devices utilizing the network need to have the capability while the links connected those devices need to meet the industry standards. A network media is a wireless or physical link that ensures network devices such as computers, Smartphone, and other peripheral devices connect to the network. The choice of such media is highly determined by its bandwidth and approximate speed.
Proposed network media. An Unshielded Twisted Pair (UTP) cable is easy to mount and is a cost effective type of cable compared to other cables such as the Shielded Twisted Pair cable (Institute of Electrical and Electronics Engineers, 1991). UTPs can support speeds as high as 100mbps and hence meeting the organizational requirements and effective to use in the LAN setup. Smartphone and Laptop should have network cards that adhere to the 802.11 IEEE standards.
C. Network Devices
Business needs. The management wants fast computers with the capability to offer fast access. They need a network that can last for the next five years or more and the choice of the correct devices meeting the industry standards is important.
Proposed network devices. Each of the sub-network will have a single manageable Cisco SG100 switch. It is cheap, easy to configure and secure. It also knowledgeable of the addresses connected to its subnet. There will also be the need of a Cisco 2621 router set at the server room that will bridge the internal organization network to the Internet Service Provider's network.
Workstations at the computer labs and library will need to contain a network interface card (NIC) capable of holding an RJ45 jack and having the right network drivers. A NIC identifies a computer on the network. An Ubiquiti Nanostation M3 loco will be used to act as wireless access point. It has a controlled access range of 500 meters and uses a PoE (Power over Ethernet) and will thus be economical.
D. Network Security Devices
Business needs. Network setup is one thing and ensuring network security another aspect. Networks need protection from hackers, trojans, and prying eyes from unauthorized employees. Such Cyber threats need to be averted early enough and loopholes sealed.
Proposed network security devices. A firewall device will be required between the Cisco 2621 router and connection to the ISP so as to protect the internal network from external intrusions (FitzGerald & Dennis, 2009). A Cisco ASA 5506H-X that comes with FirePOWER Services will be the best bet to use for intrusion and prevention. Laying at the DMZ (demilitarized zone) will be a web application firewall intended to offer secure access to the e-learning portal by both students, tutors, and management.
E. Computer Systems
Proposed computer systems. The institution needs an Intel server, two vSpace servers, 125 vSpace clients, and 25 typical desktop PCs. I would recommend using an NComputing approach to setting up computer labs and library workstations since its economical to almost a third of what would be spent on typical computers. One vSpace server will server 25 vSpace thin clients in the library while the other vSpace Server will serve 100 clients present in the proposed four computer labs.
The Intel server will be a Xeon E5 that is high in processing and has large storage space. It will run on windows server 2012 that offers user access controls and logging. 25 departmental computers running on windows 10 and set at various offices will be networked to this server so as to access critical organization information such as admission, finance, and student records. The choice of windows 10 is due to its stability, security, and ease of use.
II. Network Addresses Design
A. Subnetting
This is the process of creating multiple small networks called subnets from large networks by borrowing host bits to form newer networks. Our proposed building has been assigned address 199.1.2.0/24. The table below confirms that this address belongs to Class C network. A Class C address can use the Classless Inter-Domain Routing notation of /24 to show that it has three of its octets all on bits and hosts can only fall under the fourth octet. A class subnet mask stipulates the on bit octet implying the number of bits that form the network segment. One octet represents 8 bits and hence the 24 notation to represent 8 by 3. With a Class C network, we can have a maximum of 256 hosts calculated by powering 2 to the number of remaining bits which is 8 (28).
Class
Octet Range
Subnet Mask Address
CIDR
Network-Host Format
A
1-126
255.0.0.0
/8
Network.host.host.host
B
128-191
255.255.0.0
/16
Network.network.host.host
C
192-223
255.255.255.0
/24
Network.network.network.host
Proposed building scenario. The proposed building has two floors. There will be four classroom computer labs, one student study computer lab, a library block, an admissions office, and 5 departmental offices. First floor will have the admissions office, the students' study computer lab, two classroom computer lab, and a few other departmental offices. On the second floor, there will be the library, two classroom computer labs, the server room, and a few offices.
Each classroom computer lab will have 25 vSpace thin clients, One for instructional use and 24 for student use. The students' study computer lab will have 25 vSpace clients all meant for student research and homework. The library will have 22 computer where 18 will be for student and public use while four will be for library staffs all served by a vSpace server meant for the library. 7 computers will be placed in the admissions office while all other offices will have each 2 computers and a printer. All servers will be placed in the server room which will also be adjacent to the IT office.
Methodology
Eight subnets can be developed using our proposed scenario where each will have a maximum of 25 hosts. Our address format will be 192.168.0.0/24.
Sub-networks
Hosts
Classroom Comp. Lab 1
25 Clients
Classroom Comp. Lab 2
25 Clients
Classroom Comp. Lab 3
25 Clients
Classroom Comp. Lab 4
25 Clients
Student study Lab
25 Clients
Library computers
22 Clients
IT office & Server Room
xx Computers/devices
Admissions & other offices
17 computers
The table below is chart completing the ranges of network, host, and broadcast addresses
Subnet
Network Address
Host Address Range
Broadcast Address
Subnet Mask: 255.255.255.0
Classroom Comp. Lab 1
192.168.0.0
192.168.0.1 - 192.168.0.30
192.168.0.31
Classroom Comp. Lab 2
192.168.0.32
192.168.0.33 - 192.168.0.62
192.168.0.63
Classroom Comp. Lab 3
192.168.0.64
192.168.0.65 - 192.168.0.94
192.168.0.95
Classroom Comp. Lab 4
192.168.0.96
192.168.0.97 – 192.168.0.126
192.168.0.127
Student study Lab
192.168.0.128
192.168.0.129 – 192.168.0.158
192.168.0.159
Library computers
192.168.0.160
192.168.0.161- 192.168.0.190
192.168.0.192
IT office & Server Room
192.168.0.193
192.168.0.194 - 192.168.0.223
192.168.0.224
Admissions & other offices
192.168.0.225
192.168.0.226 - 192.168.0.254
192.168.0.255
III. Network Services Design
A. Network Services
Business needs. The administration requires a network that offers security, resource sharing, monitored access to information, and availability of data. Whether a client-server or peer-peer architecture, all devices should have the capability to freely but securely access the data meant for their access.
Proposed network services. Network services that will run on a successful network setup include the DNS services, DHCP services, ACL services, Email services, File sharing services, Printing services, internet services among others. DNS services are offered by a Dynamic Network Server that converts web address names to their web understandable number formats such 8.8.8.8 for google.com. DHCP services are offered by a Dynamic Host Configuration Protocol (DHCP) server that dynamically gives addresses to network devices (Rooney, 2011). A DHCP server can be a switch or a router
ACL services run on the server machine that acts as an authentication server which has the list of users and user groups and the rights that these groups can perform. For instance, the capability of a guest user is different from that of a standard and that of an administrator. The server machine also acts as the file server availing required information to required user. In the NComputing environment, all data is stored in the vSpace server and the vSpace clients are created as users of a certain group with access to specific files and disks. A file server offers shared disk access and centralized access to organization's databases and information.
Printing services will be offered by printer server. In offices, one machine may installed with the office's printer may act as the printer server spooling information from the two computers before sending to the shared printer. In library and computer labs, a dedicated printer server is required which will offer fast spooling and access to the shared resource, printer.
Internet services will be provided by a reputable Internet Service Provider meant to offer internet access to the internal network. If necessary, the organization will have to get a VPN Server which will offer secure access to organizational data by employees over the internet. As well, an email server will be needed to ensure efficient messaging within the institution. Emails may be locally stored and scanned for any form of malicious programs and features such as spamming. In future, the institution may also plan on having VOIP services implemented.
B. Network Security Measures
Instituting a network infrastructure is one aspect and securing the network another aspect. Networks need to be secured from both external and internal forms of cyber attacks. A cyber attack is the use of computers to compromise a network and its information. UMUC needs to implement proper network security policies and measures. All staffs should be trained on proper network use. Among the issues they should be enlightened on are using strong passwords and never leaving their workstations on. They should log off or shut down their computers whenever they are off their stations.
The network administrator and IT personnel should set user access rights to the system to allow only authentic and authorized users. The servers should also be capable of logging user and system activities for administrators to analyze programs and services running within the system (Roy, Tomar, and Singh, 2010). Hackers are known to sweet talk employees to allow them to plug their flash disks in their systems to copy certain files. Employees should be made aware of the various social engineering techniques. As well, all machines should be locked from plugging USB devices but if they have to use the USB devices, there should be USB disk security programs that scan them before opening for use. Programs like Smadav and USB Disk Security can offer that support.
All computers need to have antivirus and antimalware programs installed and regularly updated with the new virus and malware signatures. I would recommend using Eset Smart Security 8 unlike Kaspersky antivirus since the latter is heavy and resource intensive while the former offers high virus and malware protection. In the event that the antivirus programs are unable to scan email and online downloads, there should be a policy that prohibits opening attachments or downloads from Untrusted sites such as torrents or email sources without performing a scan. Communication security is important and hence I would recommend all employee machines and devices to be installed with open encryption program like Pretty Good Privacy(PGP) to provide cryptographic privacy and verification. Computers can also get infected by worms and viruses as they themselves have vulnerabilities. As such, it is important to always check any new patches from the operating system providers and updating them.
In addition, much work lies with the network administrators. It is their duty to monitor the network traffic and determine any forms of vulnerabilities. The introduction of an active firewall at the DMZ as suggested herein will act as an active intrusion and prevention system. In addition, network administrators may use passive firewalls to detect any doubtful network activities. Moreover, it is recommended to close all open ports to the network and only leave port 80 and 443. This reduces the risk of having multiple intrusion routes by hackers and leaving only two possible ports that can be closely monitored for suspicious activities (Khan 2013).
A long term implementable policy is documenting a business continuity plan (BCP) and/ or a disaster recovery plan. Most networks cripple and halt for long durations since there are no continuity and response recovery plans. I would recommend having a document that lays down the steps that should be followed in case the network is compromised. Such steps would include isolating compromised network devices or shutting down the whole network to deal with the attack.
References
FitzGerald, J., & Dennis, A. (2009). Business Data Communications and Networking. Hoboken, NJ: John Wiley & Sons.
Institute of electrical and electronics engineers. (1991). IEEE standards for local and metropolitan area networks: Recommended practice for use of unshielded twisted pair cable (UTP) for token ring data transmission at 4 Mb/s. New York, NY: The Institute of Electrical and Electronics.
Khan, R. (2013). An Efficient Network Monitoring and Management System. International Journal of Information and Electronics Engineering, 3(1), 122-126
Roy, R., Tomar, D., and Singh, N. (2010). An Approach to Understand the End User Behaviour through Log Analysis. International Journal of Computer Applications, 5(11), pp. 27-34
Rooney, T. (2011). IP address management: Principles and practice. Piscataway, NJ: IEEE Press.
