Beruflich Dokumente
Kultur Dokumente
WANs in GB
Figure 1 outlines the complex group of WANs Tivoli currently uses to support its operations.
A mesh of three T3 leased lines connects the Headquarters, Operations and Backup buildings. These
lines operate at 44.7 Mbps, providing redundancy between the major facilities.
Branches connect to the major facilities most of the times via Frame Relay links. For each branch,
there are two 56kbps PVCs. One leads to the Operations and the other leads to the Backup facility.
There are ISDN backup lines in case of Frame Relay failure. The two islands are connected to the
Headquarters via 128kbps fractional T1 digital leased lines. By the same token, the 12 vendors are
connected to the GB via a frame relay network of 56kbps each. As shown in the diagram, GB uses
two separate ISPs for Internet connection via T1 leased lines.
LANs in GB
Each branch office (including the two islands) is supported by 10Base-T Ethernet LANs, GB is
expecting to change for more modern Ethernets. Each branch has an average of 20 employees
including the bank tellers, customer service and branch managers. The Headquarters houses 80
administrative, finance, accounting and management staff, supported by 100BaseT Ethernet LANs. In
the Operations facility, there are 20 engineers in charge of the technical support of the data centre,
networking, and maintenance and application development. The organisational and operational
structure of the Backup facility is very similar to Operations.
3
Software
Microsoft outlook installed in all staff workstations to access emails
Accounting, finance software and Microsoft Office suite
Anti-virus and software firewalls
Headquarters
Hardware
Ten ATM Machines
Staff equipped with Desktop PCs running Windows 8
10 networked Laser Printers
10 network flat-bed scanners
Cisco 2600 series Multiservice Platform routers
100BaseT Ethernet (4 subnets: Finance + Accounting + Management + Administrative)
Software
Microsoft outlook installed in all staff workstations to access emails
Specialised software including Accounting, Finance, Decision Support, Executive and
management) and Microsoft Office suite.
Anti-virus and software firewalls
Operations
Cisco 2600 series Multiservice Platform routers
Operating system: Combination of Windows and Linux for servers
Staff equipped with Desktop PCs running Windows 8
All operational servers including FTP, HTTP/HTTPS, SMTP/SMTPS, DHCP, DNS, Authentication,
Telepresence, Domain Controllers, Database, SAN, Load Balancing and video are concentrated in this
facility.
Backup
As mentioned, the Backup is a warm-site facility which can take over within minutes in the event
that the Operations facility fails. Its infrastructure mirrors Operations
Problem Statement
GB business processes rely on a combination of systems including Internet, IPX/SPX, SNA and ICT
related services with a very complex ICT infrastructure in place seen by the GB board of directors as
problematic for the sustainability and further GB business growth. They argue that the organisation
is spending a great deal of money in the maintenance and integration of disparate and cumbersome
systems; and with little room to expand and improve its services. The GB board of directors claim
that there needs to be a change and re-provisioning of its ICT infrastructure to remain competitive.
As part of this change, the transition to interoperability should be achieved in a smooth manner and
leverage in the latest advancements in secure network infrastructure to guarantee zero problems
within the GB business processes. The bank is expected to expand its branch services to 30% in the
Networks and Information Security Case study
Copyright Edilson Arenas
CQUniversity
4
next 3 years. They are also considering embracing the latest Cisco immersive telepresence system
across the organisation, staff remote access and mobile services (staff BYOD and Work-at-home (WAT)
policies) that GB bank currently does not have.
In terms of security, the new system should safeguard the appropriate access and use of ICT
resources; ensure unauthorised and malicious internal and external network attacks are properly
blocked. Network redundancy is currently achieved with the mesh of three T3 leased lines
connecting the Headquarters, Operations and Backup buildings; however, nothing has been done so
far in terms a security plan including a robust disaster recovery and business continuity plan.
Statement of Work
Your task is to design and implement a secured network infrastructure that ensures high availability,
reliability, scalability, performance and security to support GB services. This requires 1) the design of
the network; 2) the delivery of a comprehensive network security plan; and 3) Security technology
implementation - proof of concept.
The following is a description of what is required.
Network Design
1. Network design including LANs, VLANs, WANs and VPNs. In this design, the IP address
allocation should use the CIDR format (x.y.z.t/n). Each group should have different ranges of
IP public and private addresses. Discuss with your mentor the range of addresses you are
planning to use.
2. Each LAN, WAN, VLAN and VPN should be justified in terms of traffic, reliability,
performance, availability, scalability and security. To do this you need to make a number of
assumptions (discuss this with your mentor / facilitator / teacher); however, assume that
ATM machines, Operations and Backup facilities are to operate 24/7. Other facilities are to
operate from 6:00am to 8:00pm daily.
For this design, take into account the following:
a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
k.
l.
m.
n.
Traffic generated by the hosts: ATMs, clients, servers and backup devices
Appropriateness of current WAN links
Appropriateness of current WANs (Frame Relay)
Appropriateness of current LANs
VLANs requirements
All networking devices including routers and switches at each site or location
IP address allocation of each network and main network devices
Sub-netting to separate traffic including IP address allocation
Firewalls positioning and strategy: Dual firewall, Single firewall, stateful packet filter,
Proxies
NAT/PAT
DMZs
Routing tables for all routers
Firewalls Access Control Lists
5
o. Diagram of the network topology and allocation of devices; and IP addresses for the main
network devices
Network Security plan
The network security plan should contain as minimum the following:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
6
For the proof of concept, it is mandatory that you include the documented results (procedures and
screen dumps) of various network security attacks tests (such as Network Penetration Test) as part
of your final project report. You may use your choice of security software/tools and operating
systems (Windows, Linux, or Ubuntu) in a virtualized environment to build and simulate the security
tests. To do this students are suggested to get a second-hand personal computer and give a physical
demonstration at the end of the term.
Final Remark
It is important to note that the final output of your project is to deliver a comprehensive report
documentation comprising network design, network security plan and security technology
implementation.
References
1. Ciampa, M. (2012). Security+ Guide to Network Security Fundamentals, 4th Edition,
Boston, MA. Course Technology, Cengage Learning.
2. Forouzan, B. (2010). TCP/IP Protocol Suite, 4th Edition, Boston, MA. McGraw-Hill Higher
Education.
3. Panko, R. (2003). Business Data Networks and Telecommunications, 4th edition, Upper
Saddle River, N.J. Pearson Education.
4. Weaver, R., Weaver, D., & Farwood, D. (2014) Guide to Network Defense and
Countermeasures, 3rd edition, Boston, MA, Course Technology, Cengage Learning.
5. Whitman, M., Mattord, H., & Green, A. (2012) Guide to Firewalls & VPNs, 3rd edition,
Boston, MA. Course Technology, Cengage Learning.